Account-based digital signature (ABDS) system
First Claim
1. A method of authenticating an account holder by an account authority, comprising the steps of:
- as part of setup of an account of the account holder;
(a) recording information pertaining to the account in a database of the account authority, the information not including any third party digital certificates;
(b) assigning a respective unique identifier to the account, such that the recorded information pertaining to the account is retrievable from the database based on its unique identifier;
(c) associating a public key of a public-private key pair of the account holder with the unique identifier such that the public key is retrievable based on the unique identifier, wherein the private key is not stored in the database of the account authority but rather stored securely within a device of the account holder, the device being adapted to generate digital signatures using the private key stored therein; and
thereafter;
(d) receiving, by the account authority, an electronic communication containing the unique identifier, a message regarding the account, and a digital signature of the message;
(e) retrieving from the database the associated public key based on the received unique identifier;
(f) authenticating the digital signature using the associated public key to confirm that the digital signature was generated using the private key stored in the device and to confirm the integrity of the message; and
(g) if the digital signature and message successfully authenticate using the associated public key, acting upon the message regarding the account without also requiring any third party digital certificate to authenticate the link between the public key and the account holder.
8 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating an entity by a receiving party with respect to an electronic communication that is received by the receiving party and that includes both a unique identifier associated with an account maintained by the receiving party and a digital signature for a message regarding the account, consists of the steps of, before receipt of the electronic communication, first associating by the receiving party a public key of a public-private key pair with the unique identifier and, thereafter, only conducting message authentication using the digital signature received by the receiving party in the electronic communication and the public key associated with the account identifier.
166 Citations
59 Claims
-
1. A method of authenticating an account holder by an account authority, comprising the steps of:
-
as part of setup of an account of the account holder; (a) recording information pertaining to the account in a database of the account authority, the information not including any third party digital certificates; (b) assigning a respective unique identifier to the account, such that the recorded information pertaining to the account is retrievable from the database based on its unique identifier; (c) associating a public key of a public-private key pair of the account holder with the unique identifier such that the public key is retrievable based on the unique identifier, wherein the private key is not stored in the database of the account authority but rather stored securely within a device of the account holder, the device being adapted to generate digital signatures using the private key stored therein; and thereafter; (d) receiving, by the account authority, an electronic communication containing the unique identifier, a message regarding the account, and a digital signature of the message; (e) retrieving from the database the associated public key based on the received unique identifier; (f) authenticating the digital signature using the associated public key to confirm that the digital signature was generated using the private key stored in the device and to confirm the integrity of the message; and (g) if the digital signature and message successfully authenticate using the associated public key, acting upon the message regarding the account without also requiring any third party digital certificate to authenticate the link between the public key and the account holder. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
-
Specification