Methods for secure enrollment and backup of personal identity credentials into electronic devices
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/32
H04L-009/32
출원번호
US-0849985
(2013-03-25)
등록번호
US-8826031
(2014-09-02)
발명자
/ 주소
Abdallah, David S.
Johnson, Barry W.
출원인 / 주소
Privaris, Inc.
인용정보
피인용 횟수 :
1인용 특허 :
130
초록▼
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier f
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
대표청구항▼
1. A method, comprising: sending from a personal identification device to a party at least one of (1) an identifier uniquely associated with the personal identification device or (2) a portion of an asymmetric key pair generated by the personal identification device;receiving from the party a digita
1. A method, comprising: sending from a personal identification device to a party at least one of (1) an identifier uniquely associated with the personal identification device or (2) a portion of an asymmetric key pair generated by the personal identification device;receiving from the party a digital certificate based, at least in part, on the at least one of the identifier or the portion of the asymmetric key pair sent from the personal identification device to the party, the sending and the receiving being before biometric data associated with enrollment is received at the personal identification device; anddisabling functionality within the personal identification device before biometric data associated with enrollment is received except that the personal identification device is in a wait state associated with future enrollment. 2. The method of claim 1, further comprising: receiving at the personal identification device a party digital certificate from the party, the party digital certificate including a public key associated with the party. 3. The method of claim 1, wherein the asymmetric key pair includes a personal identification device public key and a personal identification device private key, the portion of the asymmetric key pair sent from the personal identification device to the party includes the personal identification device public key. 4. The method of claim 1, wherein the sending includes sending a personal identification device public key and the identifier to the party. 5. The method of claim 1, wherein the identifier is generated at the personal identification device. 6. An apparatus, comprising: a housing;a memory coupled to the housing and configured to store biometric data associated with enrollment;a biometric sensor coupled to the memory and configured to receive biometric data associated with enrollment;a receiver coupled to the housing, the receiver configured to receive a public key associated with a party before biometric data associated with enrollment is received, the receiver configured to receive a digital certificate from the party before biometric data associated with enrollment is received, the digital certificate being based, at least in part, on an identifier;a transmitter coupled to the housing, the transmitter configured to send the identifier from the apparatus to the party based on the public key before biometric data associated with enrollment is received; anda processor coupled to the receiver and the transmitter, the processor configured to disable functionality within the apparatus before biometric data associated with enrollment is received except that the apparatus is in a wait state associated with future enrollment. 7. The apparatus of claim 6, wherein the biometric sensor is a fingerprint sensor. 8. The apparatus of claim 6, wherein the transmitter includes a radio frequency transmitter. 9. The apparatus of claim 6, wherein the identifier is uniquely associated with the apparatus. 10. The apparatus of claim 6, wherein the identifier is associated with an asymmetric key pair including a personal identification device public key and a personal identification device private key. 11. The apparatus of claim 6, wherein the digital certificate includes data associated with the apparatus. 12. The apparatus of claim 6, wherein the processor is configured to disable functionality within the apparatus after the receiver receives the public key associated with the party and the digital certificate from the party. 13. The apparatus of claim 6, wherein the processor is configured to disable functionality within the apparatus after the transmitter sends the identifier. 14. An apparatus, comprising: a housing;a memory coupled to the housing and configured to store biometric data associated with enrollment;a biometric sensor coupled to the memory and configured to receive biometric data associated with enrollment;a receiver coupled to the housing, the receiver configured to receive a public key associated with a party before biometric data associated with enrollment is received, the receiver configured to receive a digital certificate from the party before biometric data associated with enrollment is received, the digital certificate being based, at least in part, on the public key;a transmitter coupled to the housing, the transmitter configured to send a personal identification device public key from the apparatus to the party before biometric data associated with enrollment is received, the personal identification device public key being associated with the apparatus; anda processor coupled to the receiver and the transmitter, the processor configured to disable functionality within the apparatus before biometric data associated with enrollment is received except that the apparatus is in a wait state associated with future enrollment. 15. The apparatus of claim 14, wherein the biometric sensor is a fingerprint sensor. 16. The apparatus of claim 14, wherein the transmitter includes a radio frequency transmitter. 17. The apparatus of claim 14, wherein the personal identification device public key is associated with an asymmetric key pair including the personal identification device public key and a personal identification device private key. 18. The apparatus of claim 14, wherein the digital certificate includes data associated with the apparatus. 19. The apparatus of claim 14, wherein the processor is configured to disable functionality within the apparatus after the receiver receives the public key associated with the party and the digital certificate from the party. 20. The apparatus of claim 14, wherein the processor is configured to disable functionality within the apparatus after the transmitter sends the personal identification device public key.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (130)
Edward M. Scheidt ; Ersin L. Domangue, Access control and authorization system.
Berson William (Westport CT) Zemlok Kenneth C. (Shelton CT), Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic.
Richards, Bruce G.; Drummond, Jay Paul; Blackson, Dale; Cichon, Bob A.; Ess, Joseph C.; Moales, Mark A.; Weis, David W.; Smith, Mark D.; Church, James, Automated banking machine and system.
Green, Patrick C.; Smith, Mark; Ramachandran, Natarajan; Delaney, Daniel J.; Barker, David A.; Theriault, Franklin M.; Herrera, Elizabeth; Hill, Jeffrey A.; Douglas, Mark, Automated transaction system and method.
Bernstein Robert J. (First Options ; One Financial Plz. 440 S. LaSalle St. Chicago IL 60605), Automatic portable account controller for remotely arranging for payment of debt to a vendor.
Dickinson, Alexander G.; Rohrbach, Mark D.; Clayton, Richard F.; Stark, Gregory H.; Ferrante, Michelle, Cryptographic server with provisions for interoperability between cryptographic systems.
Booth, Kevin E.; Popolow, Harry N.; Ford, Richard R.; Johnson, Edward E.; Loftin, Jon S.; Osborne, Lance C.; Johnson, David W., Electronically-controlled locker system.
Wood, David L.; Weschler, Paul; Norton, Derk; Ferris, Chris; Wilson, Yvonne; Soley, William R., Log-on service providing credential level change without loss of session continuity.
Chainer, Timothy Joseph; Kitchens, Bruce P.; Maes, Stephane Herman; Martens, Marco; Rutledge, Joseph Dela; Tresser, Charles Philippe, Method and apparatus for secure authorization and identification using biometrics without privacy invasion.
Campbell, Bruce S.; Strauss, III, Burton M.; Dolecki, Myron C., Method and system for partitioned service-enablement gateway with utility and consumer services.
Boate,Alan; Reed,Brian, Method and system for securing a computer network and personal identification device used therein for controlling access to network components.
Bolle, Rudolf Maarten; Nunes, Sharon Louise; Pankanti, Sharathchandra; Ratha, Nalini Kanta; Smith, Barton Allen; Zimmerman, Thomas Guthrie, Method for biometric-based authentication in wireless communication for access control.
Lambert Howard Shelton,GBX ; Orchard James Ronald Lewis,GBX, Method for controlling access to electronically provided services and system for implementing such method.
Stephen J. Borza CA, Method for securing communication by selecting an encoding process using a first computer based upon ability of a second computer and deleting the process thereafter.
Drummond, Jay Paul; Blackson, Dale; Cichon, Bob A.; Ess, Joseph C.; Moales, Mark A.; Weis, David W.; Smith, Mark D.; Church, James, Method of using an automated banking machine.
Gopalakrishnan, Ponani S.; Kanevsky, Dimitri; Maes, Stephane Herman, Methods and apparatus for restricting access of a user using random partial biometrics.
Johnson, Richard C., Methods and systems for carrying out directory-authenticated electronic transactions including contingency-dependent payments via secure electronic bank drafts.
Johnson, Richard C., Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts.
Futamura,Ichiro; Ishibashi,Yoshihito; Matsuyama,Shinako; Kon,Masashi; Watanabe,Hideaki, Person authentication system, person authentication method, information processing apparatus, and program providing medium.
Puhl Larry C. (Sleepy Hollow IL) Comroe Richard A. (Dundee IL) Furtaw Robert W. (Arlington Heights IL) Cantarutti Tracey L. (Barrington IL), Portable authentification system.
McClurg, George William; Brunell, David; Scott, Walter Guy, Rechargeable mobile hand-held fingerprint scanner with a data and power communication interface.
Morgan, Stephen P.; Russell, Lance W.; Reed, Benjamin Clay, Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same.
Stephen F. Bisbee ; Jack J. Moskowitz ; Michael W. White, System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents.
Hoffman, Ned; Lapsley, Philip Dean, System and method for processing tokenless biometric electronic transmissions using an electronic rule module clearinghouse.
Bianco Peter Garrett ; Boon William Taylor ; Sterling Robert Brewster ; Ware Karl Roger, System, method and computer program product for allowing access to enterprise resources using biometric devices.
Chen James F. ; Wang Jieh-Shan, Token distribution, registration, and dynamic configuration of user entitlement for an application level security system.
Lapsley, Philip Dean; Lee, Jonathan Alexander; Pare, Jr., David Ferrin; Hoffman, Ned, Tokenless biometric electronic financial transactions via a third party identicator.
Ned Hoffman ; David Ferrin Pare, Jr. ; Jonathan Alexander Lee ; Philip Dean Lapsley, Tokenless biometric electronic transactions using an audio signature to identify the transaction processor.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.