Anytime validation for verification tokens
First Claim
1. A method for validating a verification token is from a trusted verification token manufacturer, the method comprising:
- receiving, at a server computer having one or more microprocessors, a validation request from the verification token, the verification token including a memory storing a verification token specific key pair received from a verification token manufacturer of the verification token;
determining a verification token serial number based on the validation request using the server computer;
determining a registration status of the verification token serial number;
determining a component of the verification token specific key pair associated with the verification token serial number;
signing a challenge message with the component of the verification token specific key pair;
sending the signed challenge message to the verification token;
receiving, from the verification token, a response to the signed challenge message; and
validating the verification token manufacturer of the verification token is the trusted verification token manufacturer based on the response to the signed challenge message.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and method for producing, validating, and registering authentic verification tokens are disclosed. Such systems and methods include generating verification token specific key pairs. The key pairs can be signed by a verification token manufacturer master key or public key certificate for an additional level of authenticity. Related methods and systems for authenticating and registering authorized verification token manufacturers are also disclosed. Once a verification token manufacturer is authenticated, it can be assigned a manufacturer-specific key pair or certificate and in some cases, a predetermined set of serial numbers to assign to the verification tokens it produces. Each serial number can be used to generate a verification token specific key pair specific to the associated verification token. One component of the verification token key pair can be stored to the verification token. Optionally, the component of the verification token key pair stored to the verification token can be signed by the manufacturer specific master key or certificate and stored a verification token public certificate.
84 Citations
16 Claims
-
1. A method for validating a verification token is from a trusted verification token manufacturer, the method comprising:
-
receiving, at a server computer having one or more microprocessors, a validation request from the verification token, the verification token including a memory storing a verification token specific key pair received from a verification token manufacturer of the verification token; determining a verification token serial number based on the validation request using the server computer; determining a registration status of the verification token serial number; determining a component of the verification token specific key pair associated with the verification token serial number; signing a challenge message with the component of the verification token specific key pair; sending the signed challenge message to the verification token; receiving, from the verification token, a response to the signed challenge message; and validating the verification token manufacturer of the verification token is the trusted verification token manufacturer based on the response to the signed challenge message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for producing a verification token, the method comprising:
-
sending a verification token manufacturer registration request to a validation server; receiving a manufacturer specific master key from the validation server in response to the validation server validating the verification token manufacturer as a trusted verification token manufacturer; generating a serial number for the verification token; generating a key pair including a public component and a private component; signing the public component of the key pair to generate a verification token public certificate with the manufacturer specific master key received from the validation server; storing the private component of the key pair and the verification token public certificate signed with the manufacturer specific master key to a memory in the verification token; associating the serial number with the key pair and the private component of the key pair. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification