Methods for secure enrollment and backup of personal identity credentials into electronic devices
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/30
H04L-009/32
G06F-021/32
G06K-009/00
H04L-029/06
G06Q-020/40
출원번호
US-0445853
(2014-07-29)
등록번호
US-9270464
(2016-02-23)
발명자
/ 주소
Abdallah, David S.
Johnson, Barry W.
출원인 / 주소
Apple Inc.
대리인 / 주소
Blakely, Sokoloff, Taylor & Zafman LLP
인용정보
피인용 횟수 :
1인용 특허 :
133
초록▼
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier f
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
대표청구항▼
1. A method, comprising: receiving at a personal identification device a public key before biometric data associated with enrollment is received;sending an identifier from the personal identification device to a party based on the public key before biometric data associated with enrollment is receiv
1. A method, comprising: receiving at a personal identification device a public key before biometric data associated with enrollment is received;sending an identifier from the personal identification device to a party based on the public key before biometric data associated with enrollment is received, the identifier being uniquely associated with the personal identification device;receiving at the personal identification device a digital certificate from the party based on the identifier before biometric data associated with enrollment is received; anddisabling functionality within the personal identification device except that the personal identification device is in a wait state associated with future enrollment. 2. The method of claim 1, further comprising sending the public key from the personal identification device to the party after the receiving the public key. 3. The method of claim 1, wherein the receiving the digital certificate from the party is based on the public key and the identifier. 4. The method of claim 1, wherein the identifier is associated with an asymmetric key pair including a personal identification device public key and a personal identification device private key. 5. The method of claim 1, further comprising producing the identifier at the personal identification device. 6. The method of claim 1, further comprising receiving at the personal identification device the identifier from the party. 7. The method of claim 1, wherein the digital certificate includes the public key. 8. The method of claim 1, wherein the party is a manufacturer of the personal identification device and separate from an enrollment party authorized to enable enrollment of the biometric data at the personal identification device. 9. The method of claim 1, wherein the party is a first party, the personal identification device being configured to enroll the biometric data from a second party different from the first party after the receiving at the personal identification device the digital certificate. 10. The method of claim 1, wherein the digital certificate includes data associated with the personal identification device. 11. A method, comprising: sending a public key to a personal identification device;receiving an identifier from the personal identification device, the identifier being uniquely associated with the personal identification device;producing a digital certificate based on the identifier and before enrollment of biometric data; andsending the digital certificate to the personal identification device such that functionality of the personal identification device is disabled except that the personal identification device is configured to send the digital certificate to an enrollment party during future enrollment. 12. The method of claim 11, wherein the producing of the digital certificate is based, at least in part, on the public key. 13. The method of claim 11, wherein the receiving and the producing is performed by a first party, the method further comprising: receiving at the first party a digital certificate uniquely associated with a second party different from the first party; adding a public key of the first party to the digital certificate associated with the second party; and sending the digital certificate associated with the second party from the first party to the second party. 14. The method of claim 11, wherein the digital certificate includes the public key. 15. The method of claim 11, further comprising producing at the party an asymmetric key pair uniquely associated with the party. 16. The method of claim 11, wherein the public key is associated with a manufacturer of the personal identification device and separate from the enrollment party authorized to enable enrollment of the biometric data at the personal identification device. 17. The method of claim 11, wherein the personal identification device is configured to enroll biometric data from the enrollment party after the sending the digital certificate. 18. The method of claim 11, wherein the producing the digital certificate is based on data associated with the personal identification device. 19. A method, comprising: receiving an encryption identifier at a personal identification device from a party during pre-enrollment;receiving a digital signature at the personal identification device from the party during pre-enrollment;the encryption identifier and the digital signature collectively configured to enable verification of the party by the personal identification device; anddisabling functionality within the personal identification device except for functionality associated with future enrollment. 20. The method of claim 19, wherein: the encryption identifier is a public key; andthe receiving the digital signature including receiving a digital certificate including the digital signature. 21. A non-transitory computer-readable medium programmed with executable instructions that, when executed by a processing system, perform a method comprising: receiving at a personal identification device a public key before biometric data associated with enrollment is received;sending an identifier from the personal identification device to a party based on the public key before biometric data associated with enrollment is received, the identifier being uniquely associated with the personal identification device;receiving at the personal identification device a digital certificate from the party based on the identifier before biometric data associated with enrollment is received; anddisabling functionality within the personal identification device except that the personal identification device is in a wait state associated with future enrollment. 22. The medium of claim 21, further comprising sending the public key from the personal identification device to the party after the receiving the public key. 23. The medium of claim 21, wherein the receiving the digital certificate from the party is based on the public key and the identifier. 24. The medium of claim 21, wherein the identifier is associated with an asymmetric key pair including a personal identification device public key and a personal identification device private key. 25. The medium of claim 21, further comprising producing the identifier at the personal identification device. 26. The medium of claim 21, further comprising receiving at the personal identification device the identifier from the party. 27. The medium of claim 21, wherein the digital certificate includes the public key. 28. The medium of claim 21, wherein the party is a manufacturer of the personal identification device and separate from an enrollment party authorized to enable enrollment of the biometric data at the personal identification device. 29. The medium of claim 21, wherein the party is a first party, the personal identification device being configured to enroll the biometric data from a second party different from the first party after the receiving at the personal identification device the digital certificate. 30. The medium of claim 21, wherein the digital certificate includes data associated with the personal identification device. 31. A non-transitory computer-readable medium programmed with executable instructions that, when executed by a processing system, perform a method comprising: sending a public key to a personal identification device;receiving an identifier from the personal identification device, the identifier being uniquely associated with the personal identification device;producing a digital certificate based on the identifier and before enrollment of biometric data; andsending the digital certificate to the personal identification device such that functionality of the personal identification device is disabled except that the personal identification device is configured to send the digital certificate to an enrollment party during future enrollment. 32. The medium of claim 31, wherein the producing of the digital certificate is based, at least in part, on the public key. 33. The medium of claim 31, wherein the receiving and the producing is performed by a first party, the method further comprising: receiving at the first party a digital certificate uniquely associated with a second party different from the first party; adding a public key of the first party to the digital certificate associated with the second party; and sending the digital certificate associated with the second party from the first party to the second party. 34. The medium of claim 31, wherein the digital certificate includes the public key. 35. The medium of claim 31, further comprising producing at the party an asymmetric key pair uniquely associated with the party. 36. The medium of claim 31, wherein the public key is associated with a manufacturer of the personal identification device and separate from the enrollment party authorized to enable enrollment of the biometric data at the personal identification device. 37. The medium of claim 31, wherein the personal identification device is configured to enroll biometric data from the enrollment party after the sending the digital certificate. 38. The medium of claim 31, wherein the producing the digital certificate is based on data associated with the personal identification device. 39. A non-transitory computer-readable medium programmed with executable instructions that, when executed by a processing system, perform a method comprising: receiving an encryption identifier at a personal identification device from a party during pre-enrollment;receiving a digital signature at the personal identification device from the party during pre-enrollment;the encryption identifier and the digital signature collectively configured to enable verification of the party by the personal identification device; anddisabling functionality within the personal identification device except for functionality associated with future enrollment. 40. The medium of claim 39, wherein: the encryption identifier is a public key; andthe receiving the digital signature including receiving a digital certificate including the digital signature.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (133)
Edward M. Scheidt ; Ersin L. Domangue, Access control and authorization system.
Berson William (Westport CT) Zemlok Kenneth C. (Shelton CT), Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic.
Richards, Bruce G.; Drummond, Jay Paul; Blackson, Dale; Cichon, Bob A.; Ess, Joseph C.; Moales, Mark A.; Weis, David W.; Smith, Mark D.; Church, James, Automated banking machine and system.
Green, Patrick C.; Smith, Mark; Ramachandran, Natarajan; Delaney, Daniel J.; Barker, David A.; Theriault, Franklin M.; Herrera, Elizabeth; Hill, Jeffrey A.; Douglas, Mark, Automated transaction system and method.
Bernstein Robert J. (First Options ; One Financial Plz. 440 S. LaSalle St. Chicago IL 60605), Automatic portable account controller for remotely arranging for payment of debt to a vendor.
Dickinson, Alexander G.; Rohrbach, Mark D.; Clayton, Richard F.; Stark, Gregory H.; Ferrante, Michelle, Cryptographic server with provisions for interoperability between cryptographic systems.
Booth, Kevin E.; Popolow, Harry N.; Ford, Richard R.; Johnson, Edward E.; Loftin, Jon S.; Osborne, Lance C.; Johnson, David W., Electronically-controlled locker system.
Wood, David L.; Weschler, Paul; Norton, Derk; Ferris, Chris; Wilson, Yvonne; Soley, William R., Log-on service providing credential level change without loss of session continuity.
Chainer, Timothy Joseph; Kitchens, Bruce P.; Maes, Stephane Herman; Martens, Marco; Rutledge, Joseph Dela; Tresser, Charles Philippe, Method and apparatus for secure authorization and identification using biometrics without privacy invasion.
Campbell, Bruce S.; Strauss, III, Burton M.; Dolecki, Myron C., Method and system for partitioned service-enablement gateway with utility and consumer services.
Boate,Alan; Reed,Brian, Method and system for securing a computer network and personal identification device used therein for controlling access to network components.
Bolle, Rudolf Maarten; Nunes, Sharon Louise; Pankanti, Sharathchandra; Ratha, Nalini Kanta; Smith, Barton Allen; Zimmerman, Thomas Guthrie, Method for biometric-based authentication in wireless communication for access control.
Lambert Howard Shelton,GBX ; Orchard James Ronald Lewis,GBX, Method for controlling access to electronically provided services and system for implementing such method.
Stephen J. Borza CA, Method for securing communication by selecting an encoding process using a first computer based upon ability of a second computer and deleting the process thereafter.
Drummond, Jay Paul; Blackson, Dale; Cichon, Bob A.; Ess, Joseph C.; Moales, Mark A.; Weis, David W.; Smith, Mark D.; Church, James, Method of using an automated banking machine.
Gopalakrishnan, Ponani S.; Kanevsky, Dimitri; Maes, Stephane Herman, Methods and apparatus for restricting access of a user using random partial biometrics.
Johnson, Richard C., Methods and systems for carrying out directory-authenticated electronic transactions including contingency-dependent payments via secure electronic bank drafts.
Johnson, Richard C., Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts.
Futamura,Ichiro; Ishibashi,Yoshihito; Matsuyama,Shinako; Kon,Masashi; Watanabe,Hideaki, Person authentication system, person authentication method, information processing apparatus, and program providing medium.
Puhl Larry C. (Sleepy Hollow IL) Comroe Richard A. (Dundee IL) Furtaw Robert W. (Arlington Heights IL) Cantarutti Tracey L. (Barrington IL), Portable authentification system.
Kennedy Paul Roy ; Hall Timothy Gerard ; Yip William Chunhung, Radio telecommunication device and method of authenticating a user with a voice authentication token.
McClurg, George William; Brunell, David; Scott, Walter Guy, Rechargeable mobile hand-held fingerprint scanner with a data and power communication interface.
Morgan, Stephen P.; Russell, Lance W.; Reed, Benjamin Clay, Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same.
Stephen F. Bisbee ; Jack J. Moskowitz ; Michael W. White, System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents.
Hoffman, Ned; Lapsley, Philip Dean, System and method for processing tokenless biometric electronic transmissions using an electronic rule module clearinghouse.
Bianco Peter Garrett ; Boon William Taylor ; Sterling Robert Brewster ; Ware Karl Roger, System, method and computer program product for allowing access to enterprise resources using biometric devices.
Chen James F. ; Wang Jieh-Shan, Token distribution, registration, and dynamic configuration of user entitlement for an application level security system.
Lapsley, Philip Dean; Lee, Jonathan Alexander; Pare, Jr., David Ferrin; Hoffman, Ned, Tokenless biometric electronic financial transactions via a third party identicator.
Ned Hoffman ; David Ferrin Pare, Jr. ; Jonathan Alexander Lee ; Philip Dean Lapsley, Tokenless biometric electronic transactions using an audio signature to identify the transaction processor.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.