Manufacturing unique devices that generate digital signatures

US 7,784,106 B2
Filed: 01/16/2009
Issued: 08/24/2010
Est. Priority Date: 08/04/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of maintaining a Central Key Authority (CKA) database in a secure environment, comprising:

storing, in the CKA database, a public key of a public key-private key pair, wherein the public key is associated with a user device of a user, wherein the user device is configured to generate digital signatures using a private key of the public-private key pair, wherein the private key is maintained securely within the user device;

securely linking, in the CKA database, the public key associated with the user device with other information during manufacturing of the user device in the secure environment; and

associating, in the CKA database, one or more third-party account identifiers with the public key, wherein each third-party account identifier identifies to a third-party an account of a respective user that is maintained with the third-party, wherein the third-party uses the public key and other information to authenticate a message.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified includes creating a public-private key pair within each device during manufacture; exporting only the public key from the device; retaining the private key within the device against the possibility of divulgement thereof by the device; and securely linking said exported public key with other information within the environment of the manufacture of the device, whereby each device is securely bound with its respective public key. A database of PuK-linked account information of users is maintained. The PuK-linked account information for each user includes a public key of such a device; information securely linked with the public key during manufacture; and third-party account identifiers, each of which identifies an account to a third-party of the user maintained with the third-party that has been associated with the user'"'"'s public key by the third-party.

188 Citations

16 Claims

1. A method of maintaining a Central Key Authority (CKA) database in a secure environment, comprising:
- storing, in the CKA database, a public key of a public key-private key pair, wherein the public key is associated with a user device of a user, wherein the user device is configured to generate digital signatures using a private key of the public-private key pair, wherein the private key is maintained securely within the user device;
  
  securely linking, in the CKA database, the public key associated with the user device with other information during manufacturing of the user device in the secure environment; and
  
  associating, in the CKA database, one or more third-party account identifiers with the public key, wherein each third-party account identifier identifies to a third-party an account of a respective user that is maintained with the third-party, wherein the third-party uses the public key and other information to authenticate a message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the other information linked with the public key comprises security features and a manufacturing history of the device.
  - 3. The method of claim 1, wherein the public key and the other information linked therewith is obtained from a Secure Entity.
  - 4. The method of claim 1, wherein the public key, other information, and third party account identifier are stored in the CKA database as PuK linked account information of a user.
  - 5. The method of claim 4, wherein the PuK-linked account information maintained in the CKA database of the user further includes the identity of each third-party with which a third-party account is maintained that is identified by one of the third-party account identifiers.
  - 6. The method of claim 4, wherein the PuK-linked account information of the user is indexed in the CKA database by a unique CKA account identifier such that the PuK-linked account information for the user is retrievable from the CKA database based on the unique CKA account identifier.
  - 7. The method of claim 6, wherein the public key is the unique account identifier.
  - 8. The method of claim 4, wherein the PuK-linked account information maintained in the CKA database of the user further includes user-specific information, and further comprising the step of verifying the user-specific information.
  - 9. The method of claim 8, wherein the PuK-linked account information maintained in the CKA database of the user further includes a record of the techniques that were employed in verifying the user-specific information.
  - 10. The method of claim 8, wherein the user-specific information includes the name and address of the user.
  - 11. The method of claim 8, wherein the user-specific information includes the age and gender of the user.
  - 12. The method of claim 4, further comprising updating the PuK-linked account of a user with a new public key of the user, comprising the steps of:
    - receiving an EC, the EC including a message including the new public key and a digital signature therefor,authenticating the message of the EC using the public key associated with the PuK-linked account in the CKA database, andupon successful authentication thereof, sending an EC to the third-party, the EC including the new public key and the third-party account identifier for the respective third-party maintained in the CKA database and associated with the PuK-linked account.
  - 13. The method of claim 12, further comprising digitally signing the new public key of the user and third-party account identifier.
  - 14. The method of claim 12, further comprising sending the EC received from the user to each of the third-parties.
  - 15. The method of claim 1, further comprising establishing an account on behalf of a user with a third-party by communicating the public key of the user and information linked with the public key from the CKA database to the third-party.
  - 16. The method of claim 15, wherein the public key of the user and information linked with the public key is communicated upon the request of the third-party to which it is communicated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Anne M., Wheeler, Lynn Henry
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US12/355,712
Publication Number

US 20090158029A1
Time in Patent Office

585 Days
Field of Search

726/34, 726/4, 713/171
US Class Current

726/34
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3558   Preliminary personalisation...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/388   using mutual authentication...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/403 : Solvency checks

G06Q 20/40975 : using encryption therefor

G06Q 50/188 : Electronic negotiation

G07F 7/0886 : the card reader being porta...

G07F 7/1008 : Active credit-cards provide...

G07F 7/1016 : Devices or methods for secu...

H04L 2209/42 : Anonymization, e.g. involvi...

H04L 2209/56 : Financial cryptography, e.g...

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/062 : for key distribution, e.g. ...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/12 : Applying verification of th...

H04L 9/321 : involving a third party or ...

H04L 9/3247 : involving digital signatures

View All

Manufacturing unique devices that generate digital signatures

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

188 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Manufacturing unique devices that generate digital signatures

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

188 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links