Abstract: A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified includes creating a public-private key pair within each device during manufacture; exporting only the public key from the device; retaining the private key within the device against the possibility of divulgement thereof by the device; and securely linking said exported public key with other information within the environment of the manufacture of the device, whereby each device is securely bound with its respective public key. A database of PuK-linked account information of users is maintained. The PuK-linked account information for each user includes a public key of such a device; information securely linked with the public key during manufacture; and third-party account identifiers, each of which identifies an account to a third-party of the user maintained with the third-party that has been associated with the user's public key by the third-party.

Abstract: A current verification status of a device (256) is identified out of a plurality of predefined verification data input (250) into the device (256) and data prestored within the device.(254) The indicator (272) reveals neither the prestored data nor the verification data. One of the predefined verification statuses is representative of the verification data being the same as the prestored data, and another verification status is representative of the verification data being different from the prestored data. An identified verification status is used by one entity in determining risk regarding an electronic communication from another entity, especially where the electronic communication comprises a request. The prestored data is for a Secret or a biometric characteristic of the first entity.

Abstract: Trusted entity authentication includes creating a public-private pair in a secure environment; storing the private key within a device during its manufacture in the secure environment; linking the public key with other information in the secure environment, receiving input within the device comprising verification data of an entity, identifying within the device a verification status based on the verification data and data prestored within the device; independent of the verification status identified, generating a digital signature for a message including an indication of the identified verification status using the private key; outputting the digital signature for transmission with an EC; identifying upon receipt of the EC the information linked with the public key by authenticating the message with the public key, and considering the identified information and the indicated verification status.

Abstract: A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified includes creating a public-private key pair within each device during manufacture; exporting only the public key from the device; retaining the private key within the device against the possibility of divulgement thereof by the device; and securely linking said exported public key with other information within the environment of the manufacture of the device, whereby each device is securely bound with its respective public key. A database of PuK-linked account information of users is maintained. The PuK-linked account information for each user includes a public key of such a device; information securely linked with the public key during manufacture; and third-party account identifiers, each of which identifies an account to a third-party of the user maintained with the third-party that has been associated with the user's public key by the third-party.

Abstract: In a system for performing an action regarding an account comprising entity information in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and a digital signature derived using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the digital signature with a function of the electronic message. The digital signature is derived from an electronic message possessed first by the sender before the receiver. The sender identity information may be different from the electronic message.

Abstract: In a system for performing an action regarding an account comprising entity information in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and a digital signature derived from an electronic message using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the digital signature with a function of the electronic message. Neither a PIN nor a password is required to be transmitted to the receiver for validating the identity of the sender.

Abstract: A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified includes creating a public-private key pair within each device during manufacture; exporting only the public key from the device; retaining the private key within the device against the possibility of divulgement thereof by the device; and securely linking said exported public key with other information within the environment of the manufacture of the device, whereby each device is securely bound with its respective public key. A database of PuK-linked account information of users is maintained. The PuK-linked account information for each user includes a public key of such a device; information securely linked with the public key during manufacture; and third-party account identifiers, each of which identifies an account to a third-party of the user maintained with the third-party that has been associated with the user's public key by the third-party.

Abstract: In a system for performing an action regarding an account in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and predetermined encoded information derived using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the predetermined encoded information with a function of the electronic message. Neither a PIN nor a password is required to be transmitted to the receiver for validating the identity of the sender.

Abstract: Authenticating an entity for access to a controlled resource by an access authentication component for the controlled resource includes the steps of: the requesting entity initially opening a security account with the access authentication component, with the access authentication component establishing and maintaining a record including information pertaining to the account and being retrievable based on a unique identifier for the requesting entity, and associating a public key of a public-private key pair with the record; the requesting entity originating an electronic message and generating a digital signature using a private key of the key pair, and sending the digitally signed electronic message to the access authentication component with the unique identifier; authenticating the electronic message using the public key associated with the record identified by the unique identifier; and upon successful authentication, authenticating access to the controlled resource.

Abstract: A method of authenticating an entity by a receiving party with respect to an electronic communication that is received by the receiving party and that includes both a unique identifier associated with an account maintained by the receiving party and a digital signature for a message regarding the account, consists of the steps of, before receipt of the electronic communication, first associating by the receiving party a public key of a public-private key pair with the unique identifier and, thereafter, only conducting message authentication using the digital signature received by the receiving party in the electronic communication and the public key associated with the account identifier.

Abstract: Managing a database of a central key authority for a plurality of account holders, each account holder having at least one account associated with a public key of a public-private key pair of that account holder, includes maintaining for each account holder a record of information pertaining to the accounts of that account holder associated with the public keys of the account holder. The information pertaining to the accounts of an account holder includes (a) a public key of a user device that generates digital signatures, and (b) third-party account identifiers each of which identifies to a third-party an account of the user that is maintained with the third-party and that has been associated with the user's public key by the third-party.

Abstract: In a system for performing an action regarding an account in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and a digital signature derived using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the digital signature with a function of the electronic message. The digital signature is derived from an electronic message possessed first by the sender before the receiver. The sender identity information may be different from the electronic message.

Abstract: A system for communicating electronically over a communications medium regarding an account includes (a) maintaining information pertaining to the account in a database such that the information is retrievable by a unique identifier, the information including security features of a device that generates digital signatures using a private key of a public-private key pair, (b) associating the public key of the device with the unique identifier in the database, (c) receiving an electronic communication including the unique identifier and a digital signature for a message generated by a suspect device (d) authenticating the message using the public key associated with the unique, (e) upon successful authentication of the message, identifying the security features retrievable by the unique identifier as being the security features of the genuine device, and (f) gauging the risk that said generated digital signature was fraudulently sent based on said identified security features of the genuine device.

Abstract: A database for reliably identifying a Security Profile of a device that generates digital signatures is managed by (a) maintaining the database in a secure environment, (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together, and (c) thereafter, when a linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with the linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message. Furthermore, a reference is communicated in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices.

Abstract: A method of authenticating an entity by a receiving party with respect to an electronic communication that is received by the receiving party and that includes both a unique identifier associated with an account maintained by the receiving party and a digital signature for a message regarding the account, consists of the steps of, before receipt of the electronic communication, first associating by the receiving party a public key of a public-private key pair with the unique identifier and, thereafter, only conducting message authentication using the digital signature received by the receiving party in the electronic communication and the public key associated with the account identifier.

Abstract: In a system for performing an action regarding an account in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and a digital signature derived from an electronic message using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the digital signature with a function of the electronic message. Neither a PIN nor a password is required to be transmitted to the receiver for validating the identity of the sender.

Abstract: Managing a database for identification of security features of a device that generates digital signatures includes (a) recording in the database for each of a plurality of devices, (i) a public key of a pair of public-private keys of the device, and (ii) information including security features of the device, the security features being associated with the public key in the database, and (b) identifying security features from the database to a recipient of an electronic message for which a digital signature was originated utilizing a private key of the public-private key pair of a particular one of the devices, the security features being for the particular device.

Abstract: AA system in which a requesting entity seeking access to a controlled resource is authenticated by an access authentication component includes the requesting entity initially opening a security account with the access authentication component, the access authentication component establishing and maintaining a record including information pertaining to the account and being retrievable based on a unique identifier for the requesting entity, and associating a public key of a public-private key pair with the record; the requesting entity originating an electronic message and generating a digital signature using a private key of the key pair, and sending the digitally signed electronic message to the access authentication component with the unique identifier; authenticating the electronic message using the public key associated with the record identified by the unique identifier; and upon successful authentication, authenticating access to the controlled resource.

Abstract: A method in which information pertaining to a device (104) generating digital signatures (122) is reliably identified includes manufacturing (102) devices in a secure environment (114) and for each device (104) before it is released from the secure environment: creating a public-private key pair (116, 118); storing the private key (116) within the device (104) for utilization in generating a digital signature (122) for a message (122); and linking the public key (118) to a Security Profile (120) of the device (104). The devices (104) then are released from the secure environment (114) and a digital signature (122) is received from somewhere (108) in the world (106). The message (122) is authenticated using a suspect public key (124) and the suspect public key (124) is compared with the linked public keys (118).

Abstract: In a method of managing a database of existing accounts (214) for account holders (202), each account holder (202) has multiple accounts with one or more account authorities (212) for use of a single device with multiple accounts, with each account of each account holder being associated with a public key of a public-private key pair of that account holder. A record of information pertaining to all accounts of a particular account holder is maintained in a central location by a central key authority. The information for that account includes the public keys of that account holder. The central key authority transfers information from the record for an account holder to a new account authority for which that account holder desires to establish a new account; the central key authority also receives information from account authorities for inclusion in the record centrally maintained for that account holder.