Methods for secure restoration of personal identity credentials into electronic devices
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G06F-021/00
G06K-009/00
G05B-019/00
출원번호
US-0287471
(2011-11-02)
등록번호
US-8478992
(2013-07-02)
발명자
/ 주소
Abdallah, David S.
Johnson, Barry W.
출원인 / 주소
Privaris, Inc.
인용정보
피인용 횟수 :
2인용 특허 :
132
초록▼
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier f
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
대표청구항▼
1. A method, comprising: receiving a signature associated with a biometric encryption key from a party, the signature associated with the biometric encryption key having been decrypted by the party based on a private key associated with the party;verifying a validity of a signature associated with a
1. A method, comprising: receiving a signature associated with a biometric encryption key from a party, the signature associated with the biometric encryption key having been decrypted by the party based on a private key associated with the party;verifying a validity of a signature associated with a biometric encryption key based on a public key associated with a personal identification device;sending a first section of the biometric encryption key in encrypted form to the party such that the party decrypts the first section of the biometric encryption key in encrypted form based on the private key associated with the party to produce the first section of the biometric encryption key when the first section of the biometric encryption key in encrypted form is received by the party; andcombining the first section of the biometric encryption key and a second section of the biometric encryption key to restore the biometric encryption key when the validity of the signature is verified. 2. The method of claim 1, further comprising: before the receiving, sending the signature in encrypted form to the party. 3. The method of claim 1, wherein the biometric encryption key is a symmetric key. 4. A method, comprising: decrypting a signature in encrypted form associated with a first section of a symmetric key based on a private key to produce the signature associated with the first section of the symmetric key, the private key being associated with a party, the first section of the symmetric key being less than an entirety of the symmetric key;decrypting the first section of the symmetric key in encrypted form based on the private key to produce the first section of the symmetric key;sending the signature in decrypted form and the first section of the symmetric key in decrypted form to a personal identification device such that the personal identification device combines the first section of the symmetric key with a second section of the symmetric key to restore the symmetric key associated with biometric data for the personal identification device. 5. The method of claim 4, further comprising: before the decrypting the signature in encrypted form, receiving the signature in encrypted form from the personal identification device. 6. The method of claim 4, further comprising: before the decrypting the first section of the symmetric key in encrypted form, receiving the first section of the symmetric key in encrypted form from the personal identification device. 7. The method of claim 4, wherein the symmetric key is configured to decrypt biometric data in encrypted form. 8. The method of claim 4, wherein the sending the signature is performed such that the personal identification device verifies a validity of the party when the signature in decrypted form is received by the personal identification device. 9. A method, comprising: decrypting a section of a first symmetric key in encrypted form based on a private key to produce the section of the first symmetric key in decrypted form, the section of the first symmetric key in decrypted form being less than an entirety of the first symmetric key, the private key being associated with a party;after the decrypting the section of the first symmetric key in encrypted form, sending the section of the first symmetric key in decrypted form to a first personal identification device, the first symmetric key associated with biometric data for the first personal identification device;decrypting a section of a second symmetric key in encrypted form based on the private key to produce the section of the second symmetric key in decrypted form, the section of the second symmetric key in decrypted form being less than an entirety of the second symmetric key; andafter the decrypting the section of the second symmetric key in encrypted form, sending the section of the second symmetric key to the first personal identification device; anddecrypting a signature in encrypted form associated with the section of the second symmetric key based on the private key to produce the signature associated with the section of the second symmetric key, the signature being encrypted at a second personal identification device,the sending the section of the second symmetric key in decrypted form to the first personal identification device including sending the signature in decrypted form to the first personal identification device such that the first personal identification device verifies a validity of the party and the second personal identification device when the signature is received by the first personal identification device. 10. The method of claim 9, further comprising: before the decrypting the section of the first symmetric key in encrypted form, receiving the section of the first symmetric key in encrypted form from the first personal identification device. 11. The method of claim 9, further comprising: before the decrypting the section of the second symmetric key in encrypted form, receiving the section of the second symmetric key in encrypted form from the first personal identification device. 12. The method of claim 9, further comprising: decrypting a signature in encrypted form associated with the section of the first symmetric key based on the private key to produce the signature in decrypted form associated with the section of the first symmetric key,the sending the section of the first symmetric key in decrypted form to the first personal identification device including sending the signature in decrypted form to the first personal identification device such that the first personal identification device verifies a validity of the party when the signature is received by the first personal identification device. 13. The method of claim 9, wherein the first symmetric key is configured to decrypt the biometric data in encrypted form. 14. The method of claim 9, wherein the second symmetric key is configured to decrypt personal identity credential in encrypted form for the first personal identification device. 15. The method of claim 9, wherein the biometric data previously is stored on the second personal identification device. 16. The method of claim 9, wherein the decrypting the section of the first symmetric key in encrypted form is performed before the decrypting the section of the second symmetric key in encrypted form. 17. The method of claim 9, wherein the section of the second symmetric key is a first section of the second symmetric key, the sending the first section of the second symmetric key is performed such that the first personal identification device combines the first section of the second symmetric key with a second section of the second symmetric key to restore the second symmetric key associated with a personal identity credential for the first personal identification device.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (132)
Edward M. Scheidt ; Ersin L. Domangue, Access control and authorization system.
Villa, Emilio; Zidaritz, Adrian; Varga, Michael David; Eschelbeck, Gerhard; Jones, Michael Kevin; McArdle, Mark James, Active firewall system and methodology.
Berson William (Westport CT) Zemlok Kenneth C. (Shelton CT), Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic.
Richards, Bruce G.; Drummond, Jay Paul; Blackson, Dale; Cichon, Bob A.; Ess, Joseph C.; Moales, Mark A.; Weis, David W.; Smith, Mark D.; Church, James, Automated banking machine and system.
Green, Patrick C.; Smith, Mark; Ramachandran, Natarajan; Delaney, Daniel J.; Barker, David A.; Theriault, Franklin M.; Herrera, Elizabeth; Hill, Jeffrey A.; Douglas, Mark, Automated transaction system and method.
Bernstein Robert J. (First Options ; One Financial Plz. 440 S. LaSalle St. Chicago IL 60605), Automatic portable account controller for remotely arranging for payment of debt to a vendor.
Dickinson, Alexander G.; Rohrbach, Mark D.; Clayton, Richard F.; Stark, Gregory H.; Ferrante, Michelle, Cryptographic server with provisions for interoperability between cryptographic systems.
Booth, Kevin E.; Popolow, Harry N.; Ford, Richard R.; Johnson, Edward E.; Loftin, Jon S.; Osborne, Lance C.; Johnson, David W., Electronically-controlled locker system.
Wood, David L.; Weschler, Paul; Norton, Derk; Ferris, Chris; Wilson, Yvonne; Soley, William R., Log-on service providing credential level change without loss of session continuity.
Chainer, Timothy Joseph; Kitchens, Bruce P.; Maes, Stephane Herman; Martens, Marco; Rutledge, Joseph Dela; Tresser, Charles Philippe, Method and apparatus for secure authorization and identification using biometrics without privacy invasion.
Campbell, Bruce S.; Strauss, III, Burton M.; Dolecki, Myron C., Method and system for partitioned service-enablement gateway with utility and consumer services.
Boate,Alan; Reed,Brian, Method and system for securing a computer network and personal identification device used therein for controlling access to network components.
Bolle, Rudolf Maarten; Nunes, Sharon Louise; Pankanti, Sharathchandra; Ratha, Nalini Kanta; Smith, Barton Allen; Zimmerman, Thomas Guthrie, Method for biometric-based authentication in wireless communication for access control.
Lambert Howard Shelton,GBX ; Orchard James Ronald Lewis,GBX, Method for controlling access to electronically provided services and system for implementing such method.
Stephen J. Borza CA, Method for securing communication by selecting an encoding process using a first computer based upon ability of a second computer and deleting the process thereafter.
Drummond, Jay Paul; Blackson, Dale; Cichon, Bob A.; Ess, Joseph C.; Moales, Mark A.; Weis, David W.; Smith, Mark D.; Church, James, Method of using an automated banking machine.
Gopalakrishnan, Ponani S.; Kanevsky, Dimitri; Maes, Stephane Herman, Methods and apparatus for restricting access of a user using random partial biometrics.
Johnson, Richard C., Methods and systems for carrying out directory-authenticated electronic transactions including contingency-dependent payments via secure electronic bank drafts.
Johnson, Richard C., Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts.
Futamura,Ichiro; Ishibashi,Yoshihito; Matsuyama,Shinako; Kon,Masashi; Watanabe,Hideaki, Person authentication system, person authentication method, information processing apparatus, and program providing medium.
Puhl Larry C. (Sleepy Hollow IL) Comroe Richard A. (Dundee IL) Furtaw Robert W. (Arlington Heights IL) Cantarutti Tracey L. (Barrington IL), Portable authentification system.
McClurg, George William; Brunell, David; Scott, Walter Guy, Rechargeable mobile hand-held fingerprint scanner with a data and power communication interface.
Morgan, Stephen P.; Russell, Lance W.; Reed, Benjamin Clay, Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same.
Hoffman, Ned; Lapsley, Philip Dean, System and method for processing tokenless biometric electronic transmissions using an electronic rule module clearinghouse.
Bianco Peter Garrett ; Boon William Taylor ; Sterling Robert Brewster ; Ware Karl Roger, System, method and computer program product for allowing access to enterprise resources using biometric devices.
Chen James F. ; Wang Jieh-Shan, Token distribution, registration, and dynamic configuration of user entitlement for an application level security system.
Lapsley, Philip Dean; Lee, Jonathan Alexander; Pare, Jr., David Ferrin; Hoffman, Ned, Tokenless biometric electronic financial transactions via a third party identicator.
Ned Hoffman ; David Ferrin Pare, Jr. ; Jonathan Alexander Lee ; Philip Dean Lapsley, Tokenless biometric electronic transactions using an audio signature to identify the transaction processor.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.