Secure identity binding (SIB)

US 9,135,424 B2
Filed: 03/05/2010
Issued: 09/15/2015
Est. Priority Date: 05/29/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and

a device identified by the tag via the machine readable Tag ID of the tag, wherein;

the device is configured to communicate with the reader;

the device has access to a secure Tag ID;

the device receives a reported Tag ID communicated from the reader when the reader reads the tag; and

the device communicates a verification to the reader in response to a request from the reader for a Tag ID if the reported Tag ID communicated to the device from the reader matches the secure Tag ID.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and a device to be identified by the tag, in which: the device is configured to communicate with the reader; the device has access to a secure Tag ID; and the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID. A method includes: reading a Tag ID from a tag attached to a device; communicating the Tag ID read from the tag to the device; comparing a secure Tag ID of the device to the Tag ID read from the tag; and responding with a “match” or “no-match” message from the device, according to which the device is either trusted or not trusted as being identified by the Tag ID. A method of verifying a trusted agent (TA) on a device includes: storing a digital signature of the TA in a secure vault of the device; and verifying the TA by verifying the digital signature of the TA each time the TA is used.

Citations

20 Claims

1. A system comprising:
- a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and
  
  a device identified by the tag via the machine readable Tag ID of the tag, wherein;
  
  the device is configured to communicate with the reader;
  
  the device has access to a secure Tag ID;
  
  the device receives a reported Tag ID communicated from the reader when the reader reads the tag; and
  
  the device communicates a verification to the reader in response to a request from the reader for a Tag ID if the reported Tag ID communicated to the device from the reader matches the secure Tag ID.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein:
    - the device further comprises a secure vault, andthe secure Tag ID is the machine readable Tag ID which has been read and stored in the secure vault of the device.
  - 3. The system of claim 1, wherein:
    - the secure Tag ID is the machine readable Tag ID which has been read and stored in a financial service provider (FSP) infrastructure; and
      
      the FSP communicates identifying information about the device to the reader if the reported Tag ID communicated to the device from the reader matches the secure Tag ID.
  - 4. The system of claim 1, further comprising:
    - a secure vault included in the device;
      
      a trusted agent (TA) included in the device;
      
      a digital signature of the TA, wherein;
      
      the digital signature is stored in the secure vault; and
      
      a hash of a public key is stored in the secure vault, wherein;
      
      the hash is used to verify the public key; and
      
      the public key is used for verifying the digital signature; and
      
      a software component V for verifying the digital signature, wherein the V is stored in the secure vault.
  - 5. The system of claim 1, further comprising:
    - a trusted agent (TA) included in the device; and
      
      a trusted entity, wherein;
      
      the trusted entity has a public key; and
      
      the trusted entity provides a digital signature for the TA, the digital signature verifiable using the public key of the trusted entity.
  - 6. The system of claim 1, further comprising:
    - a secure vault included in the device, wherein;
      
      the secure Tag ID is protected by the secure vault;
      
      a trusted agent (TA) included in the device;
      
      a digital signature of the TA provided by a trusted entity, wherein;
      
      the digital signature of the TA is stored in the secure vault;
      
      the trusted entity has a public key; and
      
      the digital signature is verifiable using the public key of the trusted entity;
      
      a hash of the public key, wherein;
      
      the hash of the public key is stored in the secure vault;
      
      the hash is used to verify the public key; and
      
      the public key is used for verifying the digital signature; and
      
      a software component V for verifying the digital signature, wherein;
      
      the V is stored in the secure vault; and
      
      the TA has access to the secure Tag ID if and only if V verifies the digital signature of the TA.
  - 7. The system of claim 1, wherein the tag is incorporated in the device.

8. A method comprising:
- providing a machine-readable Tag ID in a tag that identifies a device via the machine readable Tag ID of the tag;
  
  receiving, by the device, a communication including a reported Tag ID that was read from the tag;
  
  comparing a secure Tag ID belonging to the device to the reported Tag ID that was read from the tag; and
  
  responding to the communication;
  
  with a “
  
  match”
  
  message from the device if the comparison finds a match between the reported Tag ID and the secure Tag ID, wherein the device is trusted as being identified by the Tag ID that was read from the tag; and
  
  with a “
  
  no-match”
  
  message from the device if the comparison does not find a match between the reported Tag ID and the secure Tag ID, wherein the device is not trusted as being identified by the Tag ID that was read from the tag.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - verifying the integrity of a trusted agent (TA); and
      
      using the TA to store the machine-readable Tag ID in a secure vault of the device.
  - 10. The method of claim 8, further comprising:
    - storing the machine-readable Tag ID in a financial service provider (FSP) infrastructure; and
      
      wherein responding to the communication further comprises;
      
      communicating, from the FSP to a reader, identifying information about the device if the Tag ID that was read from the tag and communicated to the device matches the machine-readable Tag ID stored in the FSP infrastructure.
  - 11. The method of claim 8, further comprising:
    - putting a trusted agent (TA) on the device;
      
      storing a digital signature of the TA in a secure vault of the device, wherein the digital signature is verifiable using a public key;
      
      storing a software component V in the secure vault; and
      
      verifying the TA by executing V to verify the digital signature using the public key.
  - 12. The method of claim 8, further comprising:
    - putting a trusted agent (TA) on the device;
      
      storing a digital signature of the TA in a secure vault of the device, wherein the digital signature is verifiable using a public key;
      
      storing a hash of the public key in the secure vault,storing a software component V in the secure vault; and
      
      verifying the TA by;
      
      verifying the public key by calculating the hash of the public key and comparing the calculated hash of the public key to the hash of the public key stored in the secure vault; and
      
      executing V to verify the digital signature using the verified public key.
  - 13. The method of claim 8, further comprising:
    - putting a trusted agent (TA) on the device; and
      
      wherein;
      
      receiving a communication further comprises receiving, by the TA, the Tag ID that was read from the tag; and
      
      comparing further comprises verifying the TA before comparing the secure Tag ID of the device to the Tag ID read from the tag.
  - 14. The method of claim 8, further comprising:
    - if the comparison does not find a match, responding by putting the device on hold.
  - 15. The method of claim 8, further comprising:
    - associating the tag having the machine-readable Tag ID to the device so that the tag remains in physical proximity to the device.

16. A method of verifying a trusted agent (TA) on a device, the method comprising:
- storing a digital signature of the TA in a secure vault of the device; and
  
  verifying the TA by verifying the digital signature of the TA each time the TA is used to verify that the device is identified by a tag in response to a request from a reader device, the request being subsequent to the reader device reading a Tag ID from the tag and wherein;
  
  the reader device communicates, in the request, a reported Tag ID to the TA; and
  
  the TA verifies that the device is identified by the tag if the reported Tag ID matches a secure Tag ID.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising:
    - calculating a first hash function of the TA; and
      
      wherein;
      
      the digital signature of the TA comprises a digital signature of the first hash function of the TA.
  - 18. The method of claim 16, wherein:
    - the digital signature of the TA is provided by a trusted entity having a public key;
      
      a second hash function of the public key is calculated and stored in the secure vault of the device; and
      
      verifying the TA comprises verifying the public key by calculating the second hash function of the public key and comparing the calculated second hash function of the public key to the second hash function of the public key stored in the secure vault.
  - 19. The method of claim 16, further comprising:
    - storing a software component V in the secure vault of the device, and wherein;
      
      verifying the TA comprises executing V on the digital signature of a first hash function of the TA using a public key provided from a trusted entity, wherein a second hash function of the public key stored in the secure vault is used to verify the public key.
  - 20. The method of claim 19, wherein:
    - V returns an indication whether or not the TA is to be trusted, andTA is executed if and only if V has indicated that the TA is to be trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Taveau, Sebastien, Nahari, Hadi
Primary Examiner(s)
Davis, Zachary A

Application Number

US12/718,912
Publication Number

US 20100303230A1
Time in Patent Office

2,020 Days
Field of Search

726/9, 726 5- 7, 726 18- 20, 713/168, 713/172, 713/176, 713/182, 713/185
US Class Current

1/1
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/02   involving a neutral party, ...

G06Q 20/32   using wireless devices

G06Q 20/3552   Downloading or loading of p...

G06Q 20/382   insuring higher security of...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/405   Establishing or using trans...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Secure identity binding (SIB)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure identity binding (SIB)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links