Establishing initial PuK-linked account database
First Claim
1. A method of establishing an initial PuK-linked account database, the PuK-linked account database associated with a plurality of devices used to generate digital signatures, comprising the steps of,(a) maintaining the database in a secure environment, the secure environment existing outside of the plurality of devices and having a security rating, (b) for each one of the plurality of devices, which are manufactured in a secure manufacturing environment, (i) recording in the database (A) a public key of a public-private key pair of the manufactured device, and in association therewith, (B) a Security Profile of the manufactured device, wherein the Security Profile defines a security level of the manufactured device relative to other devices used to generate digital signature, the public key and Security Profile thereby being linked together, and wherein the security rating of the secure environment of the database is at least comparable to the security level of the manufactured device, and (ii) storing a private key of the public-private key pair within the manufactured device while the manufactured device is still within the secure manufacturing environment, the manufactured device using the private key to generate digital signatures, (c) distributing the manufactured devices from the secure manufacturing environment to a plurality of users, and (d) identifying the database records of said distributed devices as the initial PuK-linked account database of the users.
7 Assignments
0 Petitions
Accused Products
Abstract
An initial Puk-linked account database is established by (a) maintaining the database in a secure environment, (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being linked together, (c) distributing the manufactured devices from the secure environment to a plurality of users, and (d) identifying the database records of said distributed devices as the initial PuK-linked account database of the users. An initial Puk-linked account database record of a user is established with each one of a plurality of third-parties in similar manner.
184 Citations
23 Claims
-
1. A method of establishing an initial PuK-linked account database, the PuK-linked account database associated with a plurality of devices used to generate digital signatures, comprising the steps of,
(a) maintaining the database in a secure environment, the secure environment existing outside of the plurality of devices and having a security rating, (b) for each one of the plurality of devices, which are manufactured in a secure manufacturing environment, (i) recording in the database (A) a public key of a public-private key pair of the manufactured device, and in association therewith, (B) a Security Profile of the manufactured device, wherein the Security Profile defines a security level of the manufactured device relative to other devices used to generate digital signature, the public key and Security Profile thereby being linked together, and wherein the security rating of the secure environment of the database is at least comparable to the security level of the manufactured device, and (ii) storing a private key of the public-private key pair within the manufactured device while the manufactured device is still within the secure manufacturing environment, the manufactured device using the private key to generate digital signatures, (c) distributing the manufactured devices from the secure manufacturing environment to a plurality of users, and (d) identifying the database records of said distributed devices as the initial PuK-linked account database of the users.
-
5. The method of clan 3, wherein said step of communicating the database records from the secure environment in a secure manner to the third-party comprises originating a digital signature for the database records and communicating the database records and digital signature to the third-party.
-
13. A method of establishing an initial public key-linked (PuK-linked) account database record of a user with each one of a plurality of third-parties, comprising the steps of,
(a) manufacturing devices in a secure environment, the secure environment external to the manufactured devices, (b) for each manufactured device and before each manufactured device is released from the secure environment, (i) generating a pair of keys used in asymmetric cryptography, (ii) storing one of the keys within the manufactured device for utilization in generating a digital signature for an electronic message, (iii) recording the other key and other information in a secure database maintained within the secure environment, (c) distributing one of the manufactured devices from the secure environment to the user, and (d) identifying the database record of said distributed manufactured device to each one of the plurality of third-parties as the initial PuK-linked account database record of the user.
Specification