Generation of communication device signatures for use in securing nomadic electronic transactions

US 8,553,888 B2
Filed: 12/21/2009
Issued: 10/08/2013
Est. Priority Date: 12/20/2007
Status: Active Grant

First Claim

Patent Images

1. A method for execution in a communication device, comprising:

accessing an identifier stored in a memory;

receiving a first data set and a second data set over a first communication path, wherein the first data set and the second data set are distributed by a control server, wherein upon receipt, the first data set is included within first encrypted data obtained by encrypting the first data set using a first key and the second data set is included within second encrypted data obtained by encrypting the second data set using the first key;

decrypting the first data set from the first encrypted data using a second key that is complementary to the first key;

decrypting the second data set from the second encrypted data using the second key;

generating a first signature from the identifier and the decrypted first data set;

generating a second signature from the identifier and the decrypted second data set;

responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and

responding to a subsequent request by releasing a second response including the second signature over the local communication path.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for execution in a communication device, which comprises accessing an identifier stored in a memory; receiving a first data set and a second data set over a first communication path; generating a first signature from the identifier and the first data set; generating a second signature from the identifier and the second data set; responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and responding to a subsequent request by releasing a second response including the second signature over the local communication path.

82 Citations

View as Search Results

33 Claims

1. A method for execution in a communication device, comprising:
- accessing an identifier stored in a memory;
  
  receiving a first data set and a second data set over a first communication path, wherein the first data set and the second data set are distributed by a control server, wherein upon receipt, the first data set is included within first encrypted data obtained by encrypting the first data set using a first key and the second data set is included within second encrypted data obtained by encrypting the second data set using the first key;
  
  decrypting the first data set from the first encrypted data using a second key that is complementary to the first key;
  
  decrypting the second data set from the second encrypted data using the second key;
  
  generating a first signature from the identifier and the decrypted first data set;
  
  generating a second signature from the identifier and the decrypted second data set;
  
  responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and
  
  responding to a subsequent request by releasing a second response including the second signature over the local communication path.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 2. The method defined in claim 1, wherein generating the first signature from the identifier and the first data set comprises encrypting the identifier and the first data set using an encryption key.
  - 3. The method defined in claim 2, wherein generating the second signature from the identifier and the second data set comprises encrypting the identifier and the second data set using the encryption key.
  - 4. The method defined in claim 3, wherein the encryption key is a private key associated with the communication device.
  - 5. The method defined in claim 4, the first response further including a key index allowing a recipient of the first response to identify, from a set of potential decryption keys, a particular decryption key usable to decrypt the identifier and the first data set from the first signature.
  - 6. The method defined in claim 5, wherein the second response includes the key index.
  - 7. The method defined in claim 1, wherein the first communication path supports a communication session established between the communication device and the control server.
  - 8. The method defined in claim 1, wherein the second data set is related to the first data set by a function of time implemented by the control server, the function of time being unknown to the communication device.
  - 9. The method defined in claim 8, wherein the function of time is deterministic.
  - 10. The method defined in claim 8, wherein the function of time is stochastic.
  - 11. The method defined in claim 1, wherein the first communication path includes a wireless portion.
  - 12. The method defined in claim 1, wherein the local communication path includes a contactless portion.
  - 13. The method defined in claim 1, wherein the first request and the subsequent request are received over the local communication path.
  - 14. The method defined in claim 13, wherein the first request and the subsequent request are received via a radio frequency receiver at the communication device.
  - 15. The method defined in claim 14, wherein the radio frequency receiver operates in a frequency range that supports low-power short-range communication.
  - 16. The method defined in claim 14, wherein the radio frequency receiver operates in a frequency range that supports RFID communication.
  - 17. The method defined in claim 14, wherein the radio frequency receiver operates in a frequency range that supports mobile wireless telephony.
  - 18. The method defined in claim 14, wherein the first data set and the second data set are also received via the radio frequency receiver.
  - 19. The method defined in claim 1, wherein the second data set is received before the first signature is generated.
  - 20. The method defined in claim 1, wherein the second data set is received after the first signature is generated.
  - 21. The method defined in claim 20, wherein the second data set is received before the first response is released.
  - 22. The method defined in claim 20, wherein the second data set is received after the first response is released.
  - 23. The method defined in claim 1, further comprising responding to all requests received between the first request and the subsequent request by releasing respective responses including the first signature over the local communication path.
  - 24. The method defined in claim 23, wherein the subsequent request occurs exactly N requests after the first request, wherein N is an integer.
  - 25. The method defined in claim 24, wherein N is fixed and known to the communication device.
  - 26. The method defined in claim 24, wherein N is dynamic and varies in accordance with a pattern known to the communication device.
  - 27. The method defined in claim 1, wherein the second signature is generated after a pre-determined amount of time has elapsed following generation of the first signature.
  - 28. The method defined in claim 1, wherein the second signature is generated after an amount of time has elapsed following generation of the first signature, wherein the amount of time varies in accordance with a pattern known to the communication device.
  - 29. The method defined in claim 1, wherein the first key is a private key maintained by the control server, and wherein the second key is a public key, knowledge of which is available to the communication device.
  - 30. The method defined in claim 1, wherein the first communication path is established between the control server and the communication device over the Internet.
  - 31. The method defined in claim 30, wherein the local communication path is established over a short-range radio-frequency channel between the communication device and a system-side receiver at a point of sale or a point of wireless access.

32. A non-transitory computer-readable storage medium comprising a set of instructions for execution by a processing entity of a communication device, wherein execution of the set of instructions by the processing entity causes the processing entity to execute a method that includes:
- accessing an identifier stored in a memory;
  
  receiving a first data set and a second data set over a first communication path, wherein the first data set and the second data set are distributed by a control server, wherein upon receipt, the first data set is included within first encrypted data obtained by encrypting the first data set using an encryption key and the second data set is included within second encrypted data obtained by encrypting the second data set using the encryption key;
  
  decrypting the first data set from the first encrypted data using a decryption key that is complementary to the encryption key;
  
  decrypting the second data set from the second encrypted data using the decryption key;
  
  generating a first signature from the identifier and the decrypted first data set;
  
  generating a second signature from the identifier and the decrypted second data set;
  
  responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and
  
  responding to a subsequent request by releasing a second response including the second signature over the local communication path.

33. A communication device, comprising:
- a memory storing an identifier;
  
  an interface configured to communicate with a control server over a first communication path and with a local entity over a local communication path different from the first communication path, the local entity comprising a system-side receiver and a system-side transmitter; and
  
  a processing entity configured to;
  
  receive via the interface a first data set and a second data set distributed by the control server over the first communication path, wherein upon receipt, the first data set is included within first encrypted data obtained by encrypting the first data set using an encryption key and the second data set is included within second encrypted data obtained by encrypting the second data set using the encryption key;
  
  receive via the interface a first request and a subsequent request sent by the system-side transmitter over the local communication path;
  
  decrypt the first data set from the first encrypted data using a decryption key that is complementary to the encryption key;
  
  decrypt the second data set from the second encrypted data using the decryption key;
  
  generate a first signature from the identifier and the decrypted first data set;
  
  generate a second signature from the identifier and the decrypted second data set;
  
  respond to the first request by releasing a first response to the system-side receiver via the interface over the local communication path, the first response including the first signature; and
  
  respond to the second request by releasing a second response to the system-side receiver via the interface over the local communication path, the second response including the second signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BCE Incorporated
Original Assignee
BCE Incorporated
Inventors
Yeap, Tet Hin, O'Brien, William G., Murray, Sean Maclean
Primary Examiner(s)
Desrosiers, Evans

Application Number

US12/643,225
Publication Number

US 20100185865A1
Time in Patent Office

1,387 Days
Field of Search

713168-174, 713182-186, 713/202, 709/225, 709/229, 726 2- 8
US Class Current

380/278
CPC Class Codes

G06F 21/43   wireless channels

G06F 21/79   in semiconductor storage me...

G06F 9/445   Program loading or initiati...

G06Q 10/087   Inventory or stock manageme...

G06Q 20/02   involving a neutral party, ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/40975   using encryption therefor

G06Q 20/425   using two different network...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2209/84   Vehicles

H04L 63/0823   using certificates cryptogr...

H04L 63/0846   using time-dependent-passwo...

H04L 63/126   the source of the received ...

H04L 9/3247 : involving digital signatures

H04W 12/08 : Access security

H04W 12/10 : Integrity

H04W 12/47 : using near field communicat...

View All

Generation of communication device signatures for use in securing nomadic electronic transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Generation of communication device signatures for use in securing nomadic electronic transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others