Methods for secure enrollment and backup of personal identity credentials into electronic devices
First Claim
1. A method, comprising:
- receiving at a personal identification device a public key associated with a party before biometric data associated with enrollment is received;
sending a personal identification device public key from the personal identification device to the party before biometric data associated with enrollment is received, the personal identification device public key being associated with the personal identification device;
receiving at the personal identification device a digital certificate from the party based, at least in part, on the personal identification device public key before biometric data associated with enrollment is received; and
disabling functionality within the personal identification device before biometric data associated with enrollment is received except that the personal identification device is in a wait state associated with future enrollment.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
-
Citations
22 Claims
-
1. A method, comprising:
-
receiving at a personal identification device a public key associated with a party before biometric data associated with enrollment is received; sending a personal identification device public key from the personal identification device to the party before biometric data associated with enrollment is received, the personal identification device public key being associated with the personal identification device; receiving at the personal identification device a digital certificate from the party based, at least in part, on the personal identification device public key before biometric data associated with enrollment is received; and disabling functionality within the personal identification device before biometric data associated with enrollment is received except that the personal identification device is in a wait state associated with future enrollment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
sending a public key associated with a party to a personal identification device; receiving a personal identification device public key from the personal identification device, the personal identification device public key being produced by the personal identification device; producing a digital certificate based on the personal identification device public key and an identifier, the producing being before enrollment of biometric data, the identifier being uniquely associated with the personal identification device; and sending the digital certificate to the personal identification device such that functionality of the personal identification device is disabled before enrollment of biometric data except that the personal identification device is configured to send the digital certificate to an enrollment party during future enrollment. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A method, comprising:
-
sending an encryption identifier associated with a party to a personal identification device during pre-enrollment; producing a digital signature based, at least in part, on the encryption identifier, the encryption identifier and the digital signature collectively configured to enable verification of the party by the personal identification device when the encryption identifier and digital signature is received at the personal identification device; and sending the digital signature to the personal identification device during pre-enrollment such that functionality of the personal identification device is disabled before enrollment of biometric data except that the personal identification device is in a wait state associated with future enrollment. - View Dependent Claims (20, 21, 22)
-
Specification