Methods for secure restoration of personal identity credentials into electronic devices
First Claim
1. A computer-implemented method, comprising:
- receiving, by a personal identification device, a signature associated with a biometric encryption key from a party, the signature having been decrypted by the party based on a private key associated with the party, wherein the biometric encryption key was previously split into a first section and a second section, the first section and second sections each encrypted using a different key;
verifying, by the personal identification device, a validity of the signature based on a public key associated with a first personal identification device;
decrypting, by the personal identification device, the encrypted first and second sections of the biometric encryption key; and
combining, by the personal identification device, the decrypted first section of the biometric encryption key and the decrypted second section of the biometric encryption key to restore the biometric encryption key when the validity of the signature is verified.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
-
Citations
22 Claims
-
1. A computer-implemented method, comprising:
-
receiving, by a personal identification device, a signature associated with a biometric encryption key from a party, the signature having been decrypted by the party based on a private key associated with the party, wherein the biometric encryption key was previously split into a first section and a second section, the first section and second sections each encrypted using a different key; verifying, by the personal identification device, a validity of the signature based on a public key associated with a first personal identification device; decrypting, by the personal identification device, the encrypted first and second sections of the biometric encryption key; and combining, by the personal identification device, the decrypted first section of the biometric encryption key and the decrypted second section of the biometric encryption key to restore the biometric encryption key when the validity of the signature is verified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium programmed with executable instructions that, when executed by a processing system comprising at least one hardware processor, perform operations comprising:
-
receiving, by a personal identification device, a signature associated with a biometric encryption key from a party, the signature having been decrypted by the party based on a private key associated with the party, wherein the biometric encryption key was previously split into a first section and a second section, the first section and second sections each encrypted using a different key; verifying, by the personal identification device, a validity of the signature based on a public key associated with a first personal identification device; decrypting, by the personal identification device, the encrypted first and second sections of the biometric encryption key; and combining, by the personal identification device, the decrypted first section of the biometric encryption key and the decrypted second section of the biometric encryption key to restore the biometric encryption key when the validity of the signature is verified. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A system comprising a personal identification device having a memory coupled to at least one hardware processor, the memory comprising processor-executable instructions that, when executed by the at least one hardware processor, perform operations comprising:
-
receiving, by the personal identification device, a signature associated with a biometric encryption key from a party, the signature having been decrypted by the party based on a private key associated with the party, wherein the biometric encryption key was previously split into a first section and a second section, the first section and second sections each encrypted using a different key; verifying, by the personal identification device, a validity of the signature based on a public key associated with a first personal identification device; decrypting, by the personal identification device, the encrypted first and second sections of the biometric encryption key; and combining, by the personal identification device, the decrypted first section of the biometric encryption key and the decrypted second section of the biometric encryption key to restore the biometric encryption key when the validity of the signature is verified. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification