Device for creating reliable trusted signatures

US 9,866,393 B1
Filed: 12/22/2014
Issued: 01/09/2018
Est. Priority Date: 12/22/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method, comprising:

under the control of one or more computer systems configured with executable instructions,obtaining, at an identity verification token of a signatory, a document identifier for identifying a document, wherein the identity verification token is a device registered with an identity registrar and authorized by the identity registrar to generate a signature, and wherein the document identifier was previously generated in response to a requesting party requesting the document identifier based at least in part on a transaction being performed between the requesting party and a user of the identity verification token;

receiving, at the identity verification token of the signatory, a password and biometric input of a signatory, wherein one or more of the password or the biometric input indicate that the signatory is signing under duress, wherein indications of duress include one or more of use of a duress password, use of a fingerprint predetermined to indicated duress, physiological biometric data indicating that the signatory is under duress, or behavioral biometric data indicating that the signatory is under duress;

obtaining, at the identity verification token of the signatory, an identity verification identifier for identifying the identity verification token;

obtaining, at the identity verification token of the signatory, a timestamp;

generating a signature based at least in part on the document identifier, the password and biometric input, and the identity verification identifier; and

providing at least the signature to one or more of an identity registrar, a merchant, or another identity verification token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for generating a signature for a document using an identity verification token. The identity verification token receives a request that includes a set of credential data from a signatory, obtains a document identifier that identifies the document to a service provider, and obtains a token identifier that identifies the identity verification token to the service provider. The identity verification token generates the signature based at least in part on the obtained document identifier, the received set of credential data, and obtained the token identifier, and provides the signature.

55 Citations

View as Search Results

21 Claims

1. A computer-implemented method, comprising:
- under the control of one or more computer systems configured with executable instructions,obtaining, at an identity verification token of a signatory, a document identifier for identifying a document, wherein the identity verification token is a device registered with an identity registrar and authorized by the identity registrar to generate a signature, and wherein the document identifier was previously generated in response to a requesting party requesting the document identifier based at least in part on a transaction being performed between the requesting party and a user of the identity verification token;
  
  receiving, at the identity verification token of the signatory, a password and biometric input of a signatory, wherein one or more of the password or the biometric input indicate that the signatory is signing under duress, wherein indications of duress include one or more of use of a duress password, use of a fingerprint predetermined to indicated duress, physiological biometric data indicating that the signatory is under duress, or behavioral biometric data indicating that the signatory is under duress;
  
  obtaining, at the identity verification token of the signatory, an identity verification identifier for identifying the identity verification token;
  
  obtaining, at the identity verification token of the signatory, a timestamp;
  
  generating a signature based at least in part on the document identifier, the password and biometric input, and the identity verification identifier; and
  
  providing at least the signature to one or more of an identity registrar, a merchant, or another identity verification token.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, wherein generating the signature comprises at least passing the document identifier, the password and biometric input through one or more cryptographic hash algorithms.
  - 3. The computer-implemented method of claim 1, wherein the signatory is a first signatory, the credentials are a first credentials, the signature is a first signature, and the method further comprises:
    - receiving second password and biometric input of a second signatory, wherein the second credentials indicate a presence of the second signatory;
      
      generating a second signature based at least in part on the document identifier, the second password and biometric input of the second signatory, and the identity verification identifier; and
      
      providing at least the second signature.
  - 4. The computer-implemented method of claim 3, wherein the first signatory is an individual and the second signatory is a set of software instructions executing on a computer system.

5. A system, comprising:
- at least one computing device having one or more processors that execute instructions to implement one or more services, wherein the one or more services are configured to;
  
  receive a request from a requestor to verify a signatory to a document;
  
  obtain;
  
  a document identifier for the document;
  
  a signatory identifier, wherein the signatory identifier identifies the signatory to an identity registrar;
  
  a set of credential data corresponding to the signatory identifier, wherein the set of credential data comprises a password and biometric input of a signatory, wherein one or more of the password or the biometric input indicate that the signatory is signing under duress, wherein indications of duress include one or more of use of a duress password, use of a fingerprint predetermined to indicated duress, physiological biometric data indicating that the signatory is under duress, or behavioral biometric data indicating that the signatory is under duress;
  
  a token identifier; and
  
  a first signature corresponding to the document identifier;
  
  generate a second signature based at least in part on the document identifier, a subset of the set of the credential data, and the token identifier;
  
  determine a result based at least in part on a match between the first signature and the second signature; and
  
  provide the result to the requestor.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The system of claim 5, wherein the subset of the set of credential data is a first subset of the set of credential data and wherein the one or more services that are configured to determine the result are further configured to:
    - determine that the first signature does not match the second signature;
      
      generate a third signature based at least in part on the document identifier, a second subset of the set of credential data, and the token identifier, wherein the second subset of the set of credential data is different than the first subset and is indicative of signing under duress; and
      
      determine the result based at least in part on a comparison of the first signature with the third signature.
  - 7. The system of claim 5, wherein the request is a second request and the one or more services are further configured to:
    - receive a first request to generate the document identifier, wherein the first request includes a copy of the document; and
      
      in response to receiving the first request;
      
      generate the document identifier based at least in part on the copy of the document; and
      
      provide the document identifier.
  - 8. The system of claim 5, wherein the subset of the set of credential data is a first subset of the set of credential data and wherein the one or more services that are configured to determine the result are further configured to:
    - determine that the first signature does not match the second signature;
      
      generate a third signature based at least in part on the document identifier, a second subset of the set of credential data different than the first subset, and the token identifier; and
      
      determine the result based at least in part on a comparison of the first signature with the third signature.
  - 9. The system of claim 5, wherein the one or more services execute within a hardware-secured execution environment.
  - 10. The system of claim 5, wherein the request is a second request and the one or more services are further configured to:
    - receive a first request from an identity verification token to verify the document, wherein the first request includes the document identifier; and
      
      in response to receiving the first request;
      
      based at least in part on the document identifier, obtain a copy of the document from a data store of the identity registrar; and
      
      provide the copy of the document to the identity verification token.
  - 11. The system of claim 5, wherein the request is a second request, the document identifier is a first document identifier, and the one or more services are further configured to:
    - receive a first request from an identity verification token to verify the document identifier, wherein the first request includes a copy of the document; and
      
      in response to receiving the first request;
      
      based at least in part on the copy of the document, generate a second document identifier; and
      
      provide the second document identifier to the identity verification token.
  - 12. The system of claim 5, wherein the request is received through an application programming interface provided by the identity registrar.

13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
- receive a request to generate a signature for a document in response to a requestor requesting generation of the signature, wherein the request includes an indication of acceptable credentials for signing;
  
  obtain a document identifier, wherein the document identifier identifies the document to a service provider;
  
  obtain a token identifier, wherein the token identifier identifies a token to the service provider;
  
  generate the signature based at least in part on the document identifier, a set of credentials selected by a signatory, wherein the set of credentials comprises a password and biometric input of a signatory, wherein one or more of the password or the biometric input indicate that the signatory is signing under duress, wherein indications of duress include one or more of use of a duress password, use of a fingerprint predetermined to indicated duress, physiological biometric data indicating that the signatory is under duress, or behavioral biometric data indicating that the signatory is under duress, and the token identifier; and
  
  provide the signature to the requestor.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the set of credentials selected by the signatory are indicative of the signature signing under duress.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the set of credentials selected by the signatory is a first set of credentials selected by a first signatory;
    - the token identifier is a first token identifier, the token is a first token, the signature is a first signature, the instructions that cause the computer system to provide the signature to the requestor further cause the computer system to provide the first signature to a second token, and the instructions further include instructions that, when executed by the one or more processors, cause the computer system to;
      
      receive a second set of credentials from a second signatory;
      
      obtain a second token identifier, wherein the second token identifier identifies the second token to the service provider;
      
      generate, at the second token;
      
      a second signature based at least in part on the document identifier, the first signature, the second set of credentials, and the second token identifier; and
      
      provide the second signature to the service provider.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein a copy of the document is provided to the service provider and the document identifier is generated by the service provider from contents of the copy of the document and a seed.
  - 17. The non-transitory computer-readable storage medium of claim 13, wherein the token identifier is held within a hardware-secured execution environment of the token.
  - 18. The non-transitory computer-readable storage medium of claim 13, wherein the instructions that cause the computer system to generate the signature include instructions that cause the computer system to generate the signature based at least in part on a cryptographic hash result of the document identifier, the set of credentials, and the token identifier.
  - 19. The non-transitory computer-readable storage medium of claim 13, wherein the token identifier is a private key of a public-private key scheme and the instructions that cause the computer system to generate the signature include instructions that, when executed by one or more processors of a computer system, cause the computer system to generate the signature based at least in part on encrypting the document identifier using the token identifier.
  - 20. The non-transitory computer-readable storage medium of claim 13, wherein the document identifier is obtained by scanning an optically scannable code.
  - 21. The non-transitory computer-readable storage medium of claim 13, wherein the signature is provided by imprinting the signature onto a physical object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Rush, Dylan Harris, Canavor, Darren Ernest, Hitchcock, Daniel Wade, Johansson, Jesper Mikael, McClintock, Jon Arron
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Naghdali, Khalil

Application Number

US14/580,111
Time in Patent Office

1,114 Days
Field of Search

713178
US Class Current
CPC Class Codes

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Device for creating reliable trusted signatures

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

55 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Device for creating reliable trusted signatures

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links