Join
today

Boliven PRO is more than just patent search

  • Build and save lists using the powerful Lists feature
  • Analyze and download your search results
  • Share patent search results with your clients

Patents »

US7788501: Methods for secure backup of personal identity credentials into electronic devices

Share

Filing Information

Inventor(s) David S. Abdallah · Barry W. Johnson ·
Assignee(s) Privaris, Inc. ·
Primary Examiner Techane J Gergiso ·
Application Number US12190061
Filing date 08/12/2008
Issue date 08/31/2010
Prior Publication Data
Predicted expiration date 08/06/2023
U.S. Classifications 713/186  · 380/259  · 340/582  · 382/115  ·
International Classifications G05B1900  · G06F2100  · G06K900  · H04L900  ·
Kind CodeB2
Related U.S. Application DataRELATED U.S. APPLICATION DATA
This application claims priority to and is a divisional of U.S. patent application Ser. No. 10/635,762, filed Aug. 6, 2003 now U.S. Pat. No. 7,590,861, entitled “Methods for Secure Enrollment and Backup of Personal Identity Credentials into Electronic Devices,” which claims priority to U.S. Patent Application No. 60/401,399 filed on Aug. 6, 2002 entitled, “A Secure Enrollment Process for a Biometric Personal Identification Device,” each of which is herein incorporated by reference in their entireties.
This application is related to U.S. patent application Ser. No. 12/190,058, entitled “Methods for Secure Enrollment of Personal Identity Credentials into Electronic Devices” and U.S. patent application Ser. No. 12/190,064, entitled “Methods for Secure Restoration of Personal Identity Credentials for Electronic Devices,” each filed on Aug. 12, 2008, and each of which is incorporated herein by reference their entirety.
12 Claims, 6 Drawings


Abstract

A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.

Independent Claims | See all claims (12)

  1. 1. A method for secure backup of biometric encryption keys associated with a first biometric personal identification device for future restoration of an encrypted digital signature, the method comprising: dividing, at the first biometric personal identification device, a first symmetric key to produce a first portion of the first symmetric key and a second portion of the first symmetric key different from the first portion of the first symmetric key; encrypting a digital signature associated with the first portion of the first symmetric key based on a party public key associated with a party to produce the encrypted digital signature, the encrypted digital signature being associated with the first portion of the first symmetric key; sending the encrypted digital signature associated with the first portion of the first symmetric key to a backup storage repository separate from the first biometric personal identification device such that the encrypted digital signature associated with the first portion of the first symmetric key is retrievable during a first symmetric key restoration by a second personal identification device, the encrypted digital signature associated with the first portion of the first symmetric key configured to be decrypted during the first symmetric key restoration based on a party private key associated with the party; dividing, at the first biometric personal identification device, a second symmetric key to produce a first portion of the second symmetric key and a second portion of the second symmetric key different from the first portion of the second symmetric key; generating, at the first biometric personal identification device, a digital signature associated with the first portion of the second symmetric key based on a device private key associated with the first biometric personal identification device; encrypting the first portion of the second symmetric key and the digital signature associated with the first portion of the second symmetric key based on the party public key associated with the party to produce an encrypted first portion of the second symmetric key and an encrypted digital signature associated with the first portion of the second symmetric key; and encrypting the second portion of the second symmetric key based on a user-selected identifier to produce an encrypted second portion of the second symmetric key.
  2. 5. A method for secure backup of biometric encryption keys associated with a first biometric personal identification device for future restoration of an encrypted digital signature, the method comprising: generating a digital signature associated with a first section of a first symmetric key based on a device private key associated with the first biometric personal identification device, the digital signature configured to be verified based on a device public key associated with the first biometric personal identification device; encrypting the digital signature associated with the first section of the first symmetric key based on a party public key associated with a party to produce the encrypted digital signature, the encrypted digital signature being associated with the first section of the first symmetric key, the encrypted digital signature configured to be decrypted based on a party private key associated with the party; encrypting the second section of the first symmetric key based on a user-selected identifier to produce an encrypted second section of the first symmetric key, the encrypted second section of the first symmetric key configured to be decrypted based on the user-selected identifier; sending from the first biometric personal identification device to a backup storage repository the encrypted digital signature and the encrypted second section such that the encrypted digital signature and the encrypted second section can be retrieved by a second personal identification device during a symmetric key restoration process; dividing, at the first biometric personal identification device, a second symmetric key to produce a first section of the second symmetric key and a second section of the second symmetric key; and sending to the party an encrypted digital signature associated with the first section of the second symmetric key, an encrypted first section of the second symmetric key and an encrypted second section of the second symmetric key.
  3. 9. A biometric apparatus, comprising: a memory configured to store a biometric data of a user, a device private key and a party public key associated with a party; a processor coupled to the memory, the processor configured to divide a first symmetric key into a first section and a second section different from the first section, the processor configured to generate a digital signature associated with the first section of the first symmetric key based on the device private key, the processor configured to encrypt the digital signature associated with the first section of the first symmetric key based on the party public key to produce an encrypted digital signature associated with the first section of the first symmetric key, the processor configured to encrypt the second section of the first symmetric key based on a first user-selected identifier to produce an encrypted second section of the first symmetric key, the processor configured to divide a second symmetric key into a first section and a second section different from the first section, the processor configured to generate a digital signature associated with the first section of the second symmetric key based on the device private key, the processor configured to encrypt the digital signature associated with the first section of the second symmetric key based on the party public key to produce an encrypted digital signature, the processor configured to encrypt the second section of the second symmetric key based on a second user-selected identifier to produce an encrypted second section of the second symmetric key; and a transmitter coupled to the processor, the processor configured to send at least one of the encrypted digital signature associated with the first section and the encrypted second section using the transmitter to a backup storage repository separate from the biometric apparatus such that the encrypted digital signature is retrievable in a first symmetric key restoration process by a device separate from the biometric apparatus.

References Cited

U.S. Patent Documents

Document NumberAssigneesInventorsIssue/Pub Date
US4993068 Motorola, Inc. Piosenka et al. Feb 1991
US5053608 SENANAYAKE DAYA R Senanayake Oct 1991
US5131038 Motorola, Inc. Puhl et al. Jul 1992
US5280527 Kamahira Safe Co., Inc. Gullman et al. Jan 1994
US5469506 Pitney Bowes Inc. Berson et al. Nov 1995
US5473692 Intel Corporation Davis Dec 1995
US5481265 Russell Jan 1996
US5526428 International Business Machines Corporation Arnold Jun 1996
US5591949 Bernstein Jan 1997
US5613012 Smarttouch, LLC. Hoffman et al. Mar 1997
US5615277 Hoffman Mar 1997
US5659616 Certco, LLC Sudia Aug 1997
US5729220 Russell Mar 1998
US5805719 SmartTouch Pare, Jr. et al. Sep 1998
US5838812 SmartTouch, LLC Pare, Jr. et al. Nov 1998
US5870723 Pare, Jr. et al. Feb 1999
US5872848 Arcanvs Romney et al. Feb 1999
US5920640 Harris Corporation Salatino et al. Jul 1999
US5930804 Philips Electronics North America Corporation Yu et al. Jul 1999
US5952641 C-SAM S.A. Korshun Sep 1999
US5991408 Veridicom, Inc. Pearson et al. Nov 1999
US6038666* TRW Inc. Hsu et al. Mar 2000
US6041410 TRW Inc. Hsu et al. Mar 2000
US6076167 DEW Engineering and Development Limited Borza Jun 2000
US6084968 Motorola, Inc. Kennedy et al. Jul 2000
US6154879 SmartTouch, Inc. Pare, Jr. et al. Nov 2000
US6167517 Oracle Corporation Gilchrist et al. Dec 2000
US6181803 Intel Corporation Davis Jan 2001
US6182221 TRW Inc. Hsu et al. Jan 2001
US6185316 Unisys Corporation Buffam Feb 2001
US6201484 Transforming Technologies, LLC Russell Mar 2001
US6202151 GTE Service Corporation Musgrave et al. Mar 2001
US6219793 Hush, Inc. Li et al. Apr 2001
US6256737* BioNetrix Systems Corporation Bianco et al. Jul 2001
US6268788 Litronic Inc. Gray Jul 2001
US6282649 International Business Machines Corporation Lambert et al. Aug 2001
US6317834* International Business Machines Corporation Gennaro et al. Nov 2001
US6353889 Mytec Technologies Inc. Hollingshead Mar 2002
US6366682 Indivos Corporation Hoffman et al. Apr 2002
US6367017 Litronic Inc. Gray Apr 2002
US6397198 Indivos Corporation Hoffman et al. May 2002
US6446210 Activcard Ireland Limited Borza Sep 2002
US6466781 Siemens Aktiengesellschaft Bromba et al. Oct 2002
US6484260* Identix, Inc. Scott et al. Nov 2002
US6487662 Kharon et al. Nov 2002
US6490680 TecSec Incorporated Scheidt et al. Dec 2002
US6505193 Iridian Technologies, Inc. Musgrave et al. Jan 2003
US6529885 Oracle Corporation Johnson Mar 2003
US6532298 Iridian Technologies, Inc. Cambier et al. Mar 2003
US6581161 International Business Machines Corporation Byford Jun 2003
US6609198 Sun Microsystems, Inc. Wood et al. Aug 2003
US6615264 Sun Microsystems, Inc. Stoltz et al. Sep 2003
US6618806 Saflink Corporation Brown et al. Sep 2003
US6636973 Hewlett-Packard Development Company, L.P. Novoa et al. Oct 2003
US6657538 Swisscom Mobile AG Ritter Dec 2003
US6662166 Indivos Corporation Pare, Jr. et al. Dec 2003
US6668332 International Business Machines Corporation McNeil Dec 2003
US6671808 Rainbow Technologies, Inc. Abbott et al. Dec 2003
US6681034 Precise Biometrics Russo Jan 2004
US6719200 Precise Biometrics AB Wiebe Apr 2004
US6728881 The United States of America as represented by the Secretary of the Army Karamchetty Apr 2004
US6735695 International Business Machines Corporation Gopalakrishnan et al. May 2004
US6751734 NEC Corporation Uchida Jun 2004
US6757411 Liska Biometry Inc. Chau Jun 2004
US6765470 Fujitsu Limited Shinzaki Jul 2004
US6766040 Biometric Solutions, LLC Catalano et al. Jul 2004
US6775776 Intel Corporation Vogt et al. Aug 2004
US6786397 Silverbrook Research Pty Ltd Silverbrook et al. Sep 2004
US6819219* International Business Machines Corporation Bolle et al. Nov 2004
US6832317 Advanced Micro Devices, Inc. Strongin et al. Dec 2004
US6836843 Hewlett-Packard Development Company, L.P. Seroussi et al. Dec 2004
US6839688 Diebold, Incorporated Drummond et al. Jan 2005
US6844660 Cross Match Technologies, Inc. Scott Jan 2005
US6848052 Activcard Ireland Limited Hamid et al. Jan 2005
US6850147 Mikos, Ltd. Prokoski et al. Feb 2005
US6850252 Hoffberg Feb 2005
US6853739 Bio Com, LLC Kyle Feb 2005
US6853988 Security First Corporation Dickinson et al. Feb 2005
US6857073 Equifax Inc. French et al. Feb 2005
US6862443 Ford Global Technologies, LLC Witte Mar 2005
US6870946 SecuGen Corporation Teng et al. Mar 2005
US6870966 Silverbrook Research PTY LTD Silverbrook et al. Mar 2005
US6871193 Verizon Corporate Services Group Campbell et al. Mar 2005
US6871287 Ellingson Mar 2005
US6871784 Trijay Technologies International Corporation Jayaratne Mar 2005
US6876757 Geometric Informatics, Inc. Yau et al. Apr 2005
US6877097 ActivCard, Inc. Hamid et al. Apr 2005
US6879243 Penco Products, Inc. Booth et al. Apr 2005
US6879966 Indivos Corporation Lapsley et al. Apr 2005
US6880749 Diebold, Incorporated Green et al. Apr 2005
US6880750 Pentel Apr 2005
US6883709 Famous Horse, Inc. Joseph Apr 2005
US6886096 Voltage Security, Inc. Appenzeller et al. Apr 2005
US6886101 American Express Travel Related Services Company, Inc. Glazer et al. Apr 2005
US6886104 Cross Match Technologies McClurg et al. Apr 2005
US6888445 Gotfried et al. May 2005
US6898577 Oracle International Corporation Johnson May 2005
US6901154 ActivCard Ireland Limited Dunn May 2005
US6901155 National University of Singapore Xia et al. May 2005
US6901266 Henderson May 2005
US6901382 Diebold, Incorporated Richards et al. May 2005
US6957337 International Business Machines Corporation Chainer et al. Oct 2005
US6963659 FaceKey Corp. Tumey et al. Nov 2005
US6985502 Hewlett-Packard Development Company, L.P. Bunton Jan 2006
US7024562* OptiSec Technologies Ltd. Flink et al. Apr 2006
US7028191* MICHENER JOHN R Michener et al. Apr 2006
US7035442 Secugen Corporation Ha et al. Apr 2006
US7069444 Brent A. Lowensohn Lowensohn et al. Jun 2006
US20020003892 Casio Computer Co., Ltd. Iwanaga Jan 2002
US20020023217 Wheeler et al. Feb 2002
US20020026427 Sony Corporation Kon et al. Feb 2002
US20020056043 Sensar, Inc. Glass May 2002
US20020087857 Tsao et al. Jul 2002
US20020104006* Boate et al. Aug 2002
US20020129251 Itakura et al. Sep 2002
US20020174344 Imprivata, Inc. Ting Nov 2002
US20020186838* Brandys Dec 2002
US20030101349 Wang May 2003
US20030115475* Russo et al. Jun 2003
US20030115490 Russo et al. Jun 2003
US20030200257 Milgramm et al. Oct 2003
US20040044627 Russell et al. Mar 2004

Foreign Patent Documents

Document NumberAssigneesInventorsIssue/Pub Date
WO199908238Feb 1999
WO199908238*Feb 1999
WO200065770*VERIDICOM, INC.Nov 2000
* cited by examiner

Other Publications

International Search Report for PCT/US03/24472 dated Nov. 20, 2003; 2 pages.
Schneier, Bruce, “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” Second Edition, 1996, John Wiley & Sons, Inc., pp. 31-34.
Office action for Canadian Patent Application No. 2,494,299, mailed on Jul. 31, 2008; 3 pages.
Fumiko Komatsu, PKI Handbook, Japan, Soft Research Center Inc., Nov. 25, 2000, pp. 105-108.
Office Action for U.S. Appl. No. 12/190,058, mailed on Sep. 2, 2009; 5 pages.
Office Action for U.S. Appl. No. 12/190,064, mailed on Sep. 2, 2009; 5 pages.
Office Action for U.S. Appl. No. 10/635,762, mailed on Jul. 11, 2007; 10 pages.
Office Action for U.S. Appl. No. 10/635,762, mailed on Jan. 8, 2008; 18 pages.
Office Action for U.S. Appl. No. 10/635,762, mailed on Aug. 20, 2008; 19 pages.

Referenced By

Patent Family

The current document is not in a family.