Methods for secure restoration of personal identity credentials into electronic devices
First Claim
1. A method, comprising:
- receiving a signature associated with a biometric encryption key from a party, the signature associated with the biometric encryption key having been decrypted by the party based on a private key associated with the party;
verifying a validity of a signature associated with a biometric encryption key based on a public key associated with a personal identification device;
sending a first section of the biometric encryption key in encrypted form to the party such that the party decrypts the first section of the biometric encryption key in encrypted form based on the private key associated with the party to produce the first section of the biometric encryption key when the first section of the biometric encryption key in encrypted form is received by the party; and
combining the first section of the biometric encryption key and a second section of the biometric encryption key to restore the biometric encryption key when the validity of the signature is verified.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
-
Citations
17 Claims
-
1. A method, comprising:
-
receiving a signature associated with a biometric encryption key from a party, the signature associated with the biometric encryption key having been decrypted by the party based on a private key associated with the party; verifying a validity of a signature associated with a biometric encryption key based on a public key associated with a personal identification device; sending a first section of the biometric encryption key in encrypted form to the party such that the party decrypts the first section of the biometric encryption key in encrypted form based on the private key associated with the party to produce the first section of the biometric encryption key when the first section of the biometric encryption key in encrypted form is received by the party; and combining the first section of the biometric encryption key and a second section of the biometric encryption key to restore the biometric encryption key when the validity of the signature is verified. - View Dependent Claims (2, 3)
-
-
4. A method, comprising:
-
decrypting a signature in encrypted form associated with a first section of a symmetric key based on a private key to produce the signature associated with the first section of the symmetric key, the private key being associated with a party, the first section of the symmetric key being less than an entirety of the symmetric key; decrypting the first section of the symmetric key in encrypted form based on the private key to produce the first section of the symmetric key; sending the signature in decrypted form and the first section of the symmetric key in decrypted form to a personal identification device such that the personal identification device combines the first section of the symmetric key with a second section of the symmetric key to restore the symmetric key associated with biometric data for the personal identification device. - View Dependent Claims (5, 6, 7, 8)
-
-
9. A method, comprising:
-
decrypting a section of a first symmetric key in encrypted form based on a private key to produce the section of the first symmetric key in decrypted form, the section of the first symmetric key in decrypted form being less than an entirety of the first symmetric key, the private key being associated with a party; after the decrypting the section of the first symmetric key in encrypted form, sending the section of the first symmetric key in decrypted form to a first personal identification device, the first symmetric key associated with biometric data for the first personal identification device; decrypting a section of a second symmetric key in encrypted form based on the private key to produce the section of the second symmetric key in decrypted form, the section of the second symmetric key in decrypted form being less than an entirety of the second symmetric key; and after the decrypting the section of the second symmetric key in encrypted form, sending the section of the second symmetric key to the first personal identification device; and decrypting a signature in encrypted form associated with the section of the second symmetric key based on the private key to produce the signature associated with the section of the second symmetric key, the signature being encrypted at a second personal identification device, the sending the section of the second symmetric key in decrypted form to the first personal identification device including sending the signature in decrypted form to the first personal identification device such that the first personal identification device verifies a validity of the party and the second personal identification device when the signature is received by the first personal identification device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification