Establishing initial PuK-linked account database

US 6,957,336 B2
Filed: 02/01/2003
Issued: 10/18/2005
Est. Priority Date: 08/04/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of establishing an initial PuK-linked account database, the PuK-linked account database associated with a plurality of devices used to generate digital signatures, comprising the steps of,(a) maintaining the database in a secure environment, the secure environment existing outside of the plurality of devices and having a security rating, (b) for each one of the plurality of devices, which are manufactured in a secure manufacturing environment, (i) recording in the database (A) a public key of a public-private key pair of the manufactured device, and in association therewith, (B) a Security Profile of the manufactured device, wherein the Security Profile defines a security level of the manufactured device relative to other devices used to generate digital signature, the public key and Security Profile thereby being linked together, and wherein the security rating of the secure environment of the database is at least comparable to the security level of the manufactured device, and (ii) storing a private key of the public-private key pair within the manufactured device while the manufactured device is still within the secure manufacturing environment, the manufactured device using the private key to generate digital signatures, (c) distributing the manufactured devices from the secure manufacturing environment to a plurality of users, and (d) identifying the database records of said distributed devices as the initial PuK-linked account database of the users.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An initial Puk-linked account database is established by (a) maintaining the database in a secure environment, (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being linked together, (c) distributing the manufactured devices from the secure environment to a plurality of users, and (d) identifying the database records of said distributed devices as the initial PuK-linked account database of the users. An initial Puk-linked account database record of a user is established with each one of a plurality of third-parties in similar manner.

184 Citations

23 Claims

1. A method of establishing an initial PuK-linked account database, the PuK-linked account database associated with a plurality of devices used to generate digital signatures, comprising the steps of,(a) maintaining the database in a secure environment, the secure environment existing outside of the plurality of devices and having a security rating, (b) for each one of the plurality of devices, which are manufactured in a secure manufacturing environment, (i) recording in the database (A) a public key of a public-private key pair of the manufactured device, and in association therewith, (B) a Security Profile of the manufactured device, wherein the Security Profile defines a security level of the manufactured device relative to other devices used to generate digital signature, the public key and Security Profile thereby being linked together, and wherein the security rating of the secure environment of the database is at least comparable to the security level of the manufactured device, and (ii) storing a private key of the public-private key pair within the manufactured device while the manufactured device is still within the secure manufacturing environment, the manufactured device using the private key to generate digital signatures, (c) distributing the manufactured devices from the secure manufacturing environment to a plurality of users, and (d) identifying the database records of said distributed devices as the initial PuK-linked account database of the users.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 21)
- - 2. The method of claim 1, wherein the manufactured device are distributed to potential customers and existing customers.
  - 3. The method of claim 1, wherein said step of identifying comprises communication from the secure environment in a secure manner the database records of said distributed manufactured devices to a third-party as the initial PuK-linked account database of the third-party.
  - 4. The method of claim 3, wherein said step of communicating the database records from the secure environment in a manner to the third-party comprises communicating the database records in a manner that is at least comparable to the security level of each manufactured device to which the database records pertain.
  - 6. The method of claim 3, further comprising the step of updating the initial PuK-linked account database with customer-specific information.
  - 7. The method of claim 3, further comprising merging the initial PuK-linked account with a preexisting account database of the third-party.
  - 8. The method of claim 1, further comprising activating an account of the PuK-linked account database by,(a) originating a digital signature for an electronic message utilizing a private key of one of the manufactured devices, (b) authenticating the message using a public key, (c) comparing the public key used to authenticate the message with the keys recorded in the initial PuK-linked account database, and (d) when the public key matches a key recorded in a record of the initial PuK-linked account database, activating the account corresponding to that record.
  - 9. The method of claim 8, wherein the public key used to authenticate the electronic message is sent with the digital signature for the electronic message.
  - 10. The method of claim 1 wherein the Security Profile includes security features and manufacturing history of the manufactured device.
  - 11. The method of claim 1 wherein the secure environment and the secure manufacturing environment are the same.
  - 12. The method of claim 1 wherein the secure environment and the secure manufacturing environment are different.
  - 21. The method of claim 8, further comprising merging the initial PuK-linked account database record of the user received by one of the third-parties with a preexisting account database record.

5. The method of clan 3, wherein said step of communicating the database records from the secure environment in a secure manner to the third-party comprises originating a digital signature for the database records and communicating the database records and digital signature to the third-party.

13. A method of establishing an initial public key-linked (PuK-linked) account database record of a user with each one of a plurality of third-parties, comprising the steps of,(a) manufacturing devices in a secure environment, the secure environment external to the manufactured devices, (b) for each manufactured device and before each manufactured device is released from the secure environment, (i) generating a pair of keys used in asymmetric cryptography, (ii) storing one of the keys within the manufactured device for utilization in generating a digital signature for an electronic message, (iii) recording the other key and other information in a secure database maintained within the secure environment, (c) distributing one of the manufactured devices from the secure environment to the user, and (d) identifying the database record of said distributed manufactured device to each one of the plurality of third-parties as the initial PuK-linked account database record of the user.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 22, 23)
- - 14. The method of claim 13, wherein said step of identifying the database record comprises communicating the database record from the secure database to each of the third-parties in a secure manner.
  - 15. The method of claim 13, wherein the user is a potential customer of one of the third-parties.
  - 16. The method of claim 13, wherein the user is an existing customer of one of the third-parties.
  - 17. The method of claim 13, wherein said step of identifying comprises communicating from the secure environment in a secure manner the database record of said distributed manufactured device to each of the third-parties as the initial PuK-linked account database record for the user.
  - 18. The method of claim 17, wherein said step of communicating the database record from the secure environment in a secure manner comprises communicating the database record in a manner having a defined security level greater than a comparable security level of the manufactured device to which the database record pertains.
  - 19. The method of claim 17, wherein said step of communicating the database record from the secure environment in a secure manner comprises originating a digital signature for the database record and communicating the database record and digital signature to each of the thirdparties.
  - 20. The method of claim 17, further comprising the step of updating the initial PuK-linked account database record of the user received by one of the third-parties with user-specific information.
  - 22. The method of claim 13, further comprising activating an account of a PuK-linked account database of one of the third-parties by,(a) generating a digital signature for an electronic message utilizing a private key of the manufactured device distributed to the customer, (b) sending the electronic message and digital signature to the third-party, (c) authenticating the message using a public key, (d) comparing the public key used to authenticate the message with keys recorded in a PuK-linked account database of the third-party, and (e) when the public key matches a key recorded in a record of the PuK-linked account database, activating the account corresponding to that record.
  - 23. The method of claim 22, wherein the public key used to authenticate the electronic message is sent with the digital signature for the electronic message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne M.
Primary Examiner(s)
Zand, Kambiz

Application Number

US10/248,628
Publication Number

US 20030101344A1
Time in Patent Office

990 Days
Field of Search

713155-157, 713/166, 713/171, 713/176, 713/177, 713/200, 713/172, 713/175, 380/282, 380/285, 380/229, 380/277, 705/64, 705/67, 705/71, 708/135, 710/36, 711/150, 711/163, 709/229
US Class Current

713/176
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3558   Preliminary personalisation...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/388   using mutual authentication...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/403 : Solvency checks

G06Q 20/40975 : using encryption therefor

G06Q 50/188 : Electronic negotiation

G07F 7/0886 : the card reader being porta...

G07F 7/1008 : Active credit-cards provide...

G07F 7/1016 : Devices or methods for secu...

H04L 2209/42 : Anonymization, e.g. involvi...

H04L 2209/56 : Financial cryptography, e.g...

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/062 : for key distribution, e.g. ...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/12 : Applying verification of th...

H04L 9/321 : involving a third party or ...

H04L 9/3247 : involving digital signatures

View All

Establishing initial PuK-linked account database

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

184 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing initial PuK-linked account database

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

184 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links