Generation of communication device signatures for use in securing nomadic electronic transactions
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/08
H04L-009/32
G06F-015/16
출원번호
US-0643225
(2009-12-21)
등록번호
US-8553888
(2013-10-08)
발명자
/ 주소
Yeap, Tet Hin
O'Brien, William G.
Murray, Sean Maclean
출원인 / 주소
BCE Inc.
인용정보
피인용 횟수 :
0인용 특허 :
29
초록▼
A method for execution in a communication device, which comprises accessing an identifier stored in a memory; receiving a first data set and a second data set over a first communication path; generating a first signature from the identifier and the first data set; generating a second signature from
A method for execution in a communication device, which comprises accessing an identifier stored in a memory; receiving a first data set and a second data set over a first communication path; generating a first signature from the identifier and the first data set; generating a second signature from the identifier and the second data set; responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and responding to a subsequent request by releasing a second response including the second signature over the local communication path.
대표청구항▼
1. A method for execution in a communication device, comprising: accessing an identifier stored in a memory;receiving a first data set and a second data set over a first communication path, wherein the first data set and the second data set are distributed by a control server, wherein upon receipt,
1. A method for execution in a communication device, comprising: accessing an identifier stored in a memory;receiving a first data set and a second data set over a first communication path, wherein the first data set and the second data set are distributed by a control server, wherein upon receipt, the first data set is included within first encrypted data obtained by encrypting the first data set using a first key and the second data set is included within second encrypted data obtained by encrypting the second data set using the first key;decrypting the first data set from the first encrypted data using a second key that is complementary to the first key;decrypting the second data set from the second encrypted data using the second key;generating a first signature from the identifier and the decrypted first data set;generating a second signature from the identifier and the decrypted second data set;responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; andresponding to a subsequent request by releasing a second response including the second signature over the local communication path. 2. The method defined in claim 1, wherein generating the first signature from the identifier and the first data set comprises encrypting the identifier and the first data set using an encryption key. 3. The method defined in claim 2, wherein generating the second signature from the identifier and the second data set comprises encrypting the identifier and the second data set using the encryption key. 4. The method defined in claim 3, wherein the encryption key is a private key associated with the communication device. 5. The method defined in claim 4, the first response further including a key index allowing a recipient of the first response to identify, from a set of potential decryption keys, a particular decryption key usable to decrypt the identifier and the first data set from the first signature. 6. The method defined in claim 5, wherein the second response includes the key index. 7. The method defined in claim 1, wherein the first communication path supports a communication session established between the communication device and the control server. 8. The method defined in claim 1, wherein the second data set is related to the first data set by a function of time implemented by the control server, the function of time being unknown to the communication device. 9. The method defined in claim 8, wherein the function of time is deterministic. 10. The method defined in claim 8, wherein the function of time is stochastic. 11. The method defined in claim 1, wherein the first communication path includes a wireless portion. 12. The method defined in claim 1, wherein the local communication path includes a contactless portion. 13. The method defined in claim 1, wherein the first request and the subsequent request are received over the local communication path. 14. The method defined in claim 13, wherein the first request and the subsequent request are received via a radio frequency receiver at the communication device. 15. The method defined in claim 14, wherein the radio frequency receiver operates in a frequency range that supports low-power short-range communication. 16. The method defined in claim 14, wherein the radio frequency receiver operates in a frequency range that supports RFID communication. 17. The method defined in claim 14, wherein the radio frequency receiver operates in a frequency range that supports mobile wireless telephony. 18. The method defined in claim 14, wherein the first data set and the second data set are also received via the radio frequency receiver. 19. The method defined in claim 1, wherein the second data set is received before the first signature is generated. 20. The method defined in claim 1, wherein the second data set is received after the first signature is generated. 21. The method defined in claim 20, wherein the second data set is received before the first response is released. 22. The method defined in claim 20, wherein the second data set is received after the first response is released. 23. The method defined in claim 1, further comprising responding to all requests received between the first request and the subsequent request by releasing respective responses including the first signature over the local communication path. 24. The method defined in claim 23, wherein the subsequent request occurs exactly N requests after the first request, wherein N is an integer. 25. The method defined in claim 24, wherein N is fixed and known to the communication device. 26. The method defined in claim 24, wherein N is dynamic and varies in accordance with a pattern known to the communication device. 27. The method defined in claim 1, wherein the second signature is generated after a pre-determined amount of time has elapsed following generation of the first signature. 28. The method defined in claim 1, wherein the second signature is generated after an amount of time has elapsed following generation of the first signature, wherein the amount of time varies in accordance with a pattern known to the communication device. 29. The method defined in claim 1, wherein the first key is a private key maintained by the control server, and wherein the second key is a public key, knowledge of which is available to the communication device. 30. The method defined in claim 1, wherein the first communication path is established between the control server and the communication device over the Internet. 31. The method defined in claim 30, wherein the local communication path is established over a short-range radio-frequency channel between the communication device and a system-side receiver at a point of sale or a point of wireless access. 32. A non-transitory computer-readable storage medium comprising a set of instructions for execution by a processing entity of a communication device, wherein execution of the set of instructions by the processing entity causes the processing entity to execute a method that includes: accessing an identifier stored in a memory;receiving a first data set and a second data set over a first communication path, wherein the first data set and the second data set are distributed by a control server, wherein upon receipt, the first data set is included within first encrypted data obtained by encrypting the first data set using an encryption key and the second data set is included within second encrypted data obtained by encrypting the second data set using the encryption key;decrypting the first data set from the first encrypted data using a decryption key that is complementary to the encryption key;decrypting the second data set from the second encrypted data using the decryption key;generating a first signature from the identifier and the decrypted first data set;generating a second signature from the identifier and the decrypted second data set;responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; andresponding to a subsequent request by releasing a second response including the second signature over the local communication path. 33. A communication device, comprising: a memory storing an identifier;an interface configured to communicate with a control server over a first communication path and with a local entity over a local communication path different from the first communication path, the local entity comprising a system-side receiver and a system-side transmitter; anda processing entity configured to: receive via the interface a first data set and a second data set distributed by the control server over the first communication path, wherein upon receipt, the first data set is included within first encrypted data obtained by encrypting the first data set using an encryption key and the second data set is included within second encrypted data obtained by encrypting the second data set using the encryption key;receive via the interface a first request and a subsequent request sent by the system-side transmitter over the local communication path;decrypt the first data set from the first encrypted data using a decryption key that is complementary to the encryption key;decrypt the second data set from the second encrypted data using the decryption key;generate a first signature from the identifier and the decrypted first data set;generate a second signature from the identifier and the decrypted second data set;respond to the first request by releasing a first response to the system-side receiver via the interface over the local communication path, the first response including the first signature; andrespond to the second request by releasing a second response to the system-side receiver via the interface over the local communication path, the second response including the second signature.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (29)
Hasebe,Takayuki; Kotani,Seigo; Akiyama,Ryota; Sasaki,Takaoki, Apparatus to create and/or verify digital signatures having a secure time element and an identifier of the apparatus.
Ganesan, Ravi; Sandhu, Ravi Singh; Cottrell, Andrew Paul; Austin, Kyle, Augmented single factor split key asymmetric cryptography-key generation and distributor.
Groeneveld, Bennett J.; Austad, Wayne E.; Walsh, Stuart C.; Herring, Catherine A., Digital data storage systems, computers, and data verification methods.
Barrett Steven T. (Plantation FL) Laird Kevin M. (Haltom City TX) Murray Richard E. (Coral Springs FL) O\Connor James M. (N. Richland Hills TX), Dynamic encryption key selection for encrypted radio transmissions.
Sekiguchi Kenzou,JPX ; Maeda Toru,JPX, Email system converts email data to a different format according to processing mode information set in memory in correspondence with post office information.
Bellare Mihir M. (New York NY) Rogaway Phillip W. (Austin TX), Method and apparatus for three-party entity authentication and key distribution using message authentication codes.
Citta Richard W. (Oak Park IL) Gosc Paul M. (Buffalo Grove IL) Mutzabaugh Dennis M. (Mount Prospect IL) Sgrignoli Gary J. (Mount Prospect IL), Secure data packet transmission system and method.
Beenau, Blayn W; Bonalle, David S; Fields, Seth W; Gray, William J; Larkin, Carl; Montgomery, Joshua L; Saunders, Peter D, System for biometric security using a fob.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.