Account-based digital signature (ABDS) system

US 7,047,416 B2
Filed: 08/06/2001
Issued: 05/16/2006
Est. Priority Date: 11/09/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating an account holder by an account authority, comprising the steps of:

as part of setup of an account of the account holder;

(a) recording information pertaining to the account in a database of the account authority, the information not including any third party digital certificates;

(b) assigning a respective unique identifier to the account, such that the recorded information pertaining to the account is retrievable from the database based on its unique identifier;

(c) associating a public key of a public-private key pair of the account holder with the unique identifier such that the public key is retrievable based on the unique identifier, wherein the private key is not stored in the database of the account authority but rather stored securely within a device of the account holder, the device being adapted to generate digital signatures using the private key stored therein; and

thereafter;

(d) receiving, by the account authority, an electronic communication containing the unique identifier, a message regarding the account, and a digital signature of the message;

(e) retrieving from the database the associated public key based on the received unique identifier;

(f) authenticating the digital signature using the associated public key to confirm that the digital signature was generated using the private key stored in the device and to confirm the integrity of the message; and

(g) if the digital signature and message successfully authenticate using the associated public key, acting upon the message regarding the account without also requiring any third party digital certificate to authenticate the link between the public key and the account holder.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating an entity by a receiving party with respect to an electronic communication that is received by the receiving party and that includes both a unique identifier associated with an account maintained by the receiving party and a digital signature for a message regarding the account, consists of the steps of, before receipt of the electronic communication, first associating by the receiving party a public key of a public-private key pair with the unique identifier and, thereafter, only conducting message authentication using the digital signature received by the receiving party in the electronic communication and the public key associated with the account identifier.

166 Citations

59 Claims

1. A method of authenticating an account holder by an account authority, comprising the steps of:
- as part of setup of an account of the account holder;
  
  (a) recording information pertaining to the account in a database of the account authority, the information not including any third party digital certificates;
  
  (b) assigning a respective unique identifier to the account, such that the recorded information pertaining to the account is retrievable from the database based on its unique identifier;
  
  (c) associating a public key of a public-private key pair of the account holder with the unique identifier such that the public key is retrievable based on the unique identifier, wherein the private key is not stored in the database of the account authority but rather stored securely within a device of the account holder, the device being adapted to generate digital signatures using the private key stored therein; and
  
  thereafter;
  
  (d) receiving, by the account authority, an electronic communication containing the unique identifier, a message regarding the account, and a digital signature of the message;
  
  (e) retrieving from the database the associated public key based on the received unique identifier;
  
  (f) authenticating the digital signature using the associated public key to confirm that the digital signature was generated using the private key stored in the device and to confirm the integrity of the message; and
  
  (g) if the digital signature and message successfully authenticate using the associated public key, acting upon the message regarding the account without also requiring any third party digital certificate to authenticate the link between the public key and the account holder.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
- - 2. The method of claim 1, wherein the account authority is a financial institution.
  - 3. The method of claim 1, wherein the account authority is a financial transaction processor.
  - 4. The method of claim 1, wherein the public key is obtained from the account holder.
  - 5. The method of claim 1, wherein the public key is obtained directly from the device of the account holder.
  - 6. The method of claim 1, wherein the public key is obtained from a manufacturer of the device of the account holder.
  - 7. The method of claim 1, wherein the public key is obtained from a distributor of the device.
  - 8. The method of claim 1, wherein the step of associating the public key of the account holder with the unique identifier comprises recording the public key in a record of the account in the database of the account authority.
  - 9. The method of claim 1, wherein the step of associating the public key of the account holder with the unique identifier comprises indexing a record of the account in the database by the public key.
  - 10. The method of claim 1, wherein the information includes an account number.
  - 11. The method of claim 1, wherein the information includes a entreat balance.
  - 12. The method of claim 1, wherein the information includes an available credit.
  - 13. The method of claim 1, wherein the information includes a list of associated accounts.
  - 14. The method of claim 1, wherein the information includes a name of the account holder.
  - 15. The method of claim 1, wherein the information includes an address of the account holder.
  - 16. The method of claim 1, wherein the information includes a social security number of the account holder.
  - 17. The method of claim 1, wherein the information includes a tax identification number of the account holder.
  - 18. The method of claim 1, wherein the information regards the device of the account holder.
  - 19. The method of claim 1, wherein the information includes security features of the device.
  - 20. The method of claim 1, wherein the device comprises a personal computer.
  - 21. The method of claim 1, wherein the device comprises a cell phone.
  - 22. The method of claim 1, wherein the device comprises a PDA.
  - 23. The method of claim 1, wherein the device comprises an electronic key.
  - 24. The method of claim 1, wherein the device comprises a dongle.
  - 25. The method of claim 1, wherein the device comprises a subcutaneous device.
  - 26. The method of claim 1, wherein the device comprises a secure chip.
  - 27. The method of claim 1, wherein the device comprises jewelry.
  - 28. The method of claim 1, wherein the device comprises a smart card.
  - 29. The method of claim 1, wherein the device comprises a credit card.
  - 30. The method of claim 1, wherein the device comprises a debit card.
  - 31. The method of claim 1, wherein the device comprises a security card.
  - 32. The method of claim 1, wherein the device comprises an ID badge.
  - 33. The method of claim 1, wherein, prior to generating the digital signature, the device requires the current possessor of the device to input verification data into the device, a comparison of said verification data with data pre-stored within the device resulting in a verification status that is appended to the message that is digitally signed.
  - 34. The method of claim 33, wherein the verification data comprises information known to the account holder.
  - 35. The method of claim 33, wherein the verification data comprises biometric information of the account holder.
  - 36. The method of claim 1, wherein, prior to generating the digital signature, the device requires the current possessor of the device to input verification data into the device, and wherein an unsuccessful match between said verification data with data pre-stored within the device prevents the device from generating the digital signature.
  - 37. The method of claim 1, wherein identification of the account holder is verified by the account authority as part of setup of the account and before associating the public key with the account.
  - 38. The method of claim 1, wherein the electronic communication is transmitted by the possessor of the device.
  - 39. The method of claim 1, wherein the electronic communication is transmitted by an intermediate party between the possessor of the device and the account authority.
  - 40. The method of claim 1, wherein the account is a financial, bank, or credit account.
  - 41. The method of claim 40, wherein the message requests a balance of the account.
  - 42. The method of claim 40, wherein the message requests debiting of the account by a specified amount.
  - 43. The method of claim 40, wherein the message requests crediting of the account by a specified amount.
  - 44. The method of claim 40, wherein the message requests transferring funds to another account.
  - 45. The method of claim 40, wherein the message requests making a monetary payment from the account.
  - 46. The method of claim 40, wherein the message requests transferring something of monetary value from the account.
  - 47. The method of claim 40, wherein the message requests transferring a security from the account.
  - 48. The method of claim 40, wherein the message requests authorizing a charge to the account.
  - 49. The method of claim 1, wherein the message requests access to a specified database.
  - 50. The method of claim 1, wherein the message requests access to a physical location such as a room, building, parking deck, and web site.
  - 51. The method of claim 1, wherein the message requests access to a data transmission such as pay per view, multimedia download, or broadcast.
  - 52. The method of claim 1, wherein the message requests purchase of a product or service.
  - 53. The method of claim 1, wherein the message requests access to a product or a service.
  - 54. The method of claim 1, wherein the message requests transferring information from the account.
  - 55. The method of claim 1, wherein the electronic communication is transmitted over an open and insecure communications medium.
  - 56. The method of claim 55, wherein the communications medium comprises the Internet.
  - 57. The method of claim 55, wherein the electronic communication is not encrypted.
  - 58. The method of claim 55, wherein the electronic communication includes no personal information regarding the account holder.
  - 59. The method of claim 55, wherein the electronic communication includes no account-identifying information other tan the unique identifier of the account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne M.
Primary Examiner(s)
Zand, Kambiz

Application Number

US09/923,179
Publication Number

US 20020026575A1
Time in Patent Office

1,744 Days
Field of Search

713/175, 713/156, 713/176, 713/182
US Class Current

713/182
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/388   using mutual authentication...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/403   Solvency checks

G06Q 20/40975   using encryption therefor

G06Q 40/02   Banking, e.g. interest calc...

G06Q 40/08   Insurance

G07F 7/1008   Active credit-cards provide...

G07F 7/1016 : Devices or methods for secu...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/88 : Medical equipments

H04L 63/0823 : using certificates cryptogr...

H04L 63/0861 : using biometrical features,...

H04L 63/12 : Applying verification of th...

H04L 63/126 : the source of the received ...

H04L 9/321 : involving a third party or ...

H04L 9/3247 : involving digital signatures

View All

Account-based digital signature (ABDS) system

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

166 Citations

59 Claims

Specification

Solutions

Use Cases

Quick Links

Account-based digital signature (ABDS) system

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

166 Citations

59 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links