Methods for secure enrollment and backup of personal identity credentials into electronic devices
First Claim
1. A method, comprising:
- sending from a personal identification device to a party at least one of (1) an identifier uniquely associated with the personal identification device or (2) a portion of an asymmetric key pair generated by the personal identification device;
receiving from the party a digital certificate based, at least in part, on the at least one of the identifier or the portion of the asymmetric key pair sent from the personal identification device to the party, the sending and the receiving being before biometric data associated with enrollment is received at the personal identification device; and
disabling functionality within the personal identification device before biometric data associated with enrollment is received except that the personal identification device is in a wait state associated with future enrollment.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
164 Citations
20 Claims
-
1. A method, comprising:
-
sending from a personal identification device to a party at least one of (1) an identifier uniquely associated with the personal identification device or (2) a portion of an asymmetric key pair generated by the personal identification device; receiving from the party a digital certificate based, at least in part, on the at least one of the identifier or the portion of the asymmetric key pair sent from the personal identification device to the party, the sending and the receiving being before biometric data associated with enrollment is received at the personal identification device; and disabling functionality within the personal identification device before biometric data associated with enrollment is received except that the personal identification device is in a wait state associated with future enrollment. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus, comprising:
-
a housing; a memory coupled to the housing and configured to store biometric data associated with enrollment; a biometric sensor coupled to the memory and configured to receive biometric data associated with enrollment; a receiver coupled to the housing, the receiver configured to receive a public key associated with a party before biometric data associated with enrollment is received, the receiver configured to receive a digital certificate from the party before biometric data associated with enrollment is received, the digital certificate being based, at least in part, on an identifier; a transmitter coupled to the housing, the transmitter configured to send the identifier from the apparatus to the party based on the public key before biometric data associated with enrollment is received; and a processor coupled to the receiver and the transmitter, the processor configured to disable functionality within the apparatus before biometric data associated with enrollment is received except that the apparatus is in a wait state associated with future enrollment. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus, comprising:
-
a housing; a memory coupled to the housing and configured to store biometric data associated with enrollment; a biometric sensor coupled to the memory and configured to receive biometric data associated with enrollment; a receiver coupled to the housing, the receiver configured to receive a public key associated with a party before biometric data associated with enrollment is received, the receiver configured to receive a digital certificate from the party before biometric data associated with enrollment is received, the digital certificate being based, at least in part, on the public key; a transmitter coupled to the housing, the transmitter configured to send a personal identification device public key from the apparatus to the party before biometric data associated with enrollment is received, the personal identification device public key being associated with the apparatus; and a processor coupled to the receiver and the transmitter, the processor configured to disable functionality within the apparatus before biometric data associated with enrollment is received except that the apparatus is in a wait state associated with future enrollment. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification