Authentication and authorization in proximity based service communication using a group key
US-2024314112-A1 · Sep 19, 2024 · US
Methods for secure enrollment and backup of personal identity credentials into electronic devices
US9270464B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9270464-B2 |
| Application number | US-201414445853-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 29, 2014 |
| Priority date | Aug 6, 2002 |
| Publication date | Feb 23, 2016 |
| Grant date | Feb 23, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
First claim
Opening claim text (preview).
We claim: 1. A method, comprising: receiving at a personal identification device a public key before biometric data associated with enrollment is received; sending an identifier from the personal identification device to a party based on the public key before biometric data associated with enrollment is received, the identifier being uniquely associated with the personal identification device; receiving at the personal identification device a digital certificate from the party based on the identifier before biometric data associated with enrollment is received; and disabling functionality within the personal identification device except that the personal identification device is in a wait state associated with future enrollment. 2. The method of claim 1 , further comprising sending the public key from the personal identification device to the party after the receiving the public key. 3. The method of claim 1 , wherein the receiving the digital certificate from the party is based on the public key and the identifier. 4. The method of claim 1 , wherein the identifier is associated with an asymmetric key pair including a personal identification device public key and a personal identification device private key. 5. The method of claim 1 , further comprising producing the identifier at the personal identification device. 6. The method of claim 1 , further comprising receiving at the personal identification device the identifier from the party. 7. The method of claim 1 , wherein the digital certificate includes the public key. 8. The method of claim 1 , wherein the party is a manufacturer of the personal identification device and separate from an enrollment party authorized to enable enrollment of the biometric data at the personal identification device. 9. The method of claim 1 , wherein the party is a first party, the personal identification device being configured to enroll the biometric data from a second party different from the first party after the receiving at the personal identification device the digital certificate. 10. The method of claim 1 , wherein the digital certificate includes data associated with the personal identification device. 11. A method, comprising: sending a public key to a personal identification device; receiving an identifier from the personal identification device, the identifier being uniquely associated with the personal identification device; producing a digital certificate based on the identifier and before enrollment of biometric data; and sending the digital certificate to the personal identification device such that functionality of the personal identification device is disabled except that the personal identification device is configured to send the digital certificate to an enrollment party during future enrollment. 12. The method of claim 11 , wherein the producing of the digital certificate is based, at least in part, on the public key. 13. The method of claim 11 , wherein the receiving and the producing is performed by a first party, the method further comprising: receiving at the first party a digital certificate uniquely associated with a second party different from the first party; adding a public key of the first party to the digital certificate associated with the second party; and sending the digital certificate associated with the second party from the first party to the second party. 14. The method of claim 11 , wherein the digital certificate includes the public key. 15. The method of claim 11 , further comprising producing at the party an asymmetric key pair uniquely associated with the party. 16. The method of claim 11 , wherein the public key is associated with a manufacturer of the personal identification device and separate from the enrollment party authorized to enable enrollment of the biometric data at the personal identification device. 17. The method of claim 11 , wherein the personal identification device is configured to enroll biometric data from the enrollment party after the sending the digital certificate. 18. The method of claim 11 , wherein the producing the digital certificate is based on data associated with the personal identification device. 19. A method, comprising: receiving an encryption identifier at a personal identification device from a party during pre-enrollment; receiving a digital signature at the personal identification device from the party during pre-enrollment; the encryption identifier and the digital signature collectively configured to enable verification of the party by the personal identification device; and disabling functionality within the personal identification device except for functionality associated with future enrollment. 20. The method of claim 19 , wherein: the encryption identifier is a public key; and the receiving the digital signature including receiving a digital certificate including the digital signature. 21. A non-transitory computer-readable medium programmed with executable instructions that, when executed by a processing system, perform a method comprising: receiving at a personal identification device a public key before biometric data associated with enrollment is received; sending an identifier from the personal identification device to a party based on the public key before biometric data associated with enrollment is received, the identifier being uniquely associated with the personal identification device; receiving at the personal identification device a digital certificate from the party based on the identifier before biometric data associated with enrollment is received; and disabling functionality within the personal identification device except that the personal identification device is in a wait state associated with future enrollment. 22. The medium of claim 21 , further comprising sending the public key from the personal identification device to the party after the receiving the public key. 23. The medium of claim 21 , wherein the receiving the digital certificate from the party is based on the public key and the identifier. 24. The medium of claim 21 , wherein the identifier is associated with an asymmetric key pair including a personal identification device public key and a personal identification device private key. 25. The medium of claim 21 , further comprising producing the identifier at the personal identification device. 26. The medium of claim 21 , further comprising receiving at the personal identification device the identifier from the party. 27. The medium of claim 21 , wherein the digital certificate includes the public key. 28. The medium of claim 21 , wherein the party is a manufacturer of the personal identification device and separate from an enrollment party authorized to enable enrollment of the biometric data at the personal identification device. 29. The medium of claim 21 , wherein the party is a first party, the personal identification device being configured to enroll the biometric data from a second party different from the first party after the receiving at the personal identification device the digital certificate. 30. The medium of claim 21 , wherein the digital certificate includes data associated with the personal identification device. 31. A non-transitory computer-readable medium programmed with executable inst
Assignees
Inventors
Classifications
using biometric data, e.g. fingerprints, iris scans or voiceprints · CPC title
Biometric identity checks · CPC title
- H04L63/06Primary
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
- H04L9/3247Primary
involving digital signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9270464B2 cover?
- A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enro…
- Who is the assignee on this patent?
- Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/06. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 23 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).