Abstract: A system for making a purchase by a customer from a merchant, wherein an electronic message represents an instruction for payment from an account with a financial institution, includes a method of: associating a public key with identity information regarding the account; receiving by the merchant both encoding information for the electronic message and the identity information; forwarding by the merchant the electronic message, encoding information, and identity information; upon receipt of the electronic message, the encoding information, and identity information, retrieving the public key associated with the identity information; and determining a validation result as a function of the electronic message, the encoding information, and the retrieved public key. Upon successful validation, an account authorization is performed or payment from the account is made.

Abstract: A method of authenticating a message that is purportedly sent from an account holder having a device that digitally signs messages using a unique private key includes receiving the message, a unique identifier associated with an account of the account holder maintained by an account authority, and a digital signature of the message, the message including a verification status generated by the device based on a comparison of biometric verification data provided to the device with biometric verification data of the account holder prestored within the device, verifying that the message was digitally signed using the private key, and if the digital signature successfully decrypts, acting upon the message as a function of the verification status included in the message and wherein the biometric verification data is a digital representation of a finger print, a retina scan, a facial scan, DNA, or a voice print of the account holder.

Abstract: A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified includes creating a public-private key pair within each device during manufacture; exporting only the public key from the device; retaining the private key within the device against the possibility of divulgement thereof by the device; and securely linking said exported public key with other information within the environment of the manufacture of the device, whereby each device is securely bound with its respective public key. A database of PuK-linked account information of users is maintained. The PuK-linked account information for each user includes a public key of such a device; information securely linked with the public key during manufacture; and third-party account identifiers, each of which identifies an account to a third-party of the user maintained with the third-party that has been associated with the user's public key by the third-party.

Abstract: A current verification status of a device (256) is identified out of a plurality of predefined verification data input (250) into the device (256) and data prestored within the device.(254) The indicator (272) reveals neither the prestored data nor the verification data. One of the predefined verification statuses is representative of the verification data being the same as the prestored data, and another verification status is representative of the verification data being different from the prestored data. An identified verification status is used by one entity in determining risk regarding an electronic communication from another entity, especially where the electronic communication comprises a request. The prestored data is for a Secret or a biometric characteristic of the first entity.

Abstract: Trusted entity authentication includes creating a public-private pair in a secure environment; storing the private key within a device during its manufacture in the secure environment; linking the public key with other information in the secure environment, receiving input within the device comprising verification data of an entity, identifying within the device a verification status based on the verification data and data prestored within the device; independent of the verification status identified, generating a digital signature for a message including an indication of the identified verification status using the private key; outputting the digital signature for transmission with an EC; identifying upon receipt of the EC the information linked with the public key by authenticating the message with the public key, and considering the identified information and the indicated verification status.

Abstract: A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified includes creating a public-private key pair within each device during manufacture; exporting only the public key from the device; retaining the private key within the device against the possibility of divulgement thereof by the device; and securely linking said exported public key with other information within the environment of the manufacture of the device, whereby each device is securely bound with its respective public key. A database of PuK-linked account information of users is maintained. The PuK-linked account information for each user includes a public key of such a device; information securely linked with the public key during manufacture; and third-party account identifiers, each of which identifies an account to a third-party of the user maintained with the third-party that has been associated with the user's public key by the third-party.

Abstract: In a system for performing an action regarding an account comprising entity information in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and a digital signature derived using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the digital signature with a function of the electronic message. The digital signature is derived from an electronic message possessed first by the sender before the receiver. The sender identity information may be different from the electronic message.

Abstract: In a system for performing an action regarding an account comprising entity information in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and a digital signature derived from an electronic message using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the digital signature with a function of the electronic message. Neither a PIN nor a password is required to be transmitted to the receiver for validating the identity of the sender.

Abstract: A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified includes creating a public-private key pair within each device during manufacture; exporting only the public key from the device; retaining the private key within the device against the possibility of divulgement thereof by the device; and securely linking said exported public key with other information within the environment of the manufacture of the device, whereby each device is securely bound with its respective public key. A database of PuK-linked account information of users is maintained. The PuK-linked account information for each user includes a public key of such a device; information securely linked with the public key during manufacture; and third-party account identifiers, each of which identifies an account to a third-party of the user maintained with the third-party that has been associated with the user's public key by the third-party.

Abstract: In a system for performing an action regarding an account in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and predetermined encoded information derived using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the predetermined encoded information with a function of the electronic message. Neither a PIN nor a password is required to be transmitted to the receiver for validating the identity of the sender.

Abstract: A method and system for digitally signing an electronic contract document. An electronic communication contains an identifier, a message, which includes the document, and a digital signature generated with a private key of an asymmetric key pair (247). The identifier may be used to retrieve a corresponding public key (287) and account information pertaining to the sender of the message. The public key may be used to authenticate the sender and the message. A device containing the private key may be used to protect the privacy thereof. The device may also generate a verification status indicator corresponding to verification data input into the device. The indicator may also be used as evidence that the sender of a contract document performed an overt act in causing the electronic communication to be digitally signed. A security profile linked to the public key in a secure database indicates security characteristics of the device.

Abstract: A method of authenticating an entity by a receiving party with respect to an electronic communication that is received by the receiving party and that includes both a unique identifier associated with an account maintained by the receiving party and a digital signature for a message regarding the account, consists of the steps of, before receipt of the electronic communication, first associating by the receiving party a public key of a public-private key pair with the unique identifier and, thereafter, only conducting message authentication using the digital signature received by the receiving party in the electronic communication and the public key associated with the account identifier.

Abstract: Managing a database of a central key authority for a plurality of account holders, each account holder having at least one account associated with a public key of a public-private key pair of that account holder, includes maintaining for each account holder a record of information pertaining to the accounts of that account holder associated with the public keys of the account holder. The information pertaining to the accounts of an account holder includes (a) a public key of a user device that generates digital signatures, and (b) third-party account identifiers each of which identifies to a third-party an account of the user that is maintained with the third-party and that has been associated with the user's public key by the third-party.

Abstract: In a system for performing an action regarding an account in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and a digital signature derived using a private key of a public-private key pair, and wherein the public key of the pair has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the digital signature with a function of the electronic message. The digital signature is derived from an electronic message possessed first by the sender before the receiver. The sender identity information may be different from the electronic message.

Abstract: A system for communicating electronically over a communications medium regarding an account includes (a) maintaining information pertaining to the account in a database such that the information is retrievable by a unique identifier, the information including security features of a device that generates digital signatures using a private key of a public-private key pair, (b) associating the public key of the device with the unique identifier in the database, (c) receiving an electronic communication including the unique identifier and a digital signature for a message generated by a suspect device (d) authenticating the message using the public key associated with the unique, (e) upon successful authentication of the message, identifying the security features retrievable by the unique identifier as being the security features of the genuine device, and (f) gauging the risk that said generated digital signature was fraudulently sent based on said identified security features of the genuine device.

Abstract: A method of authenticating an entity by a receiving party with respect to an electronic communication that is received by the receiving party and that includes both a unique identifier associated with an account maintained by the receiving party and a digital signature for a message regarding the account, consists of the steps of, before receipt of the electronic communication, first associating by the receiving party a public key of a public-private key pair with the unique identifier and, thereafter, only conducting message authentication using the digital signature received by the receiving party in the electronic communication and the public key associated with the account identifier.

Abstract: A database for reliably identifying a Security Profile of a device that generates digital signatures is managed by (a) maintaining the database in a secure environment, (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together, and (c) thereafter, when a linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with the linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message. Furthermore, a reference is communicated in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices.

Abstract: Managing a database for identification of security features of a device that generates digital signatures includes (a) recording in the database for each of a plurality of devices, (i) a public key of a pair of public-private keys of the device, and (ii) information including security features of the device, the security features being associated with the public key in the database, and (b) identifying security features from the database to a recipient of an electronic message for which a digital signature was originated utilizing a private key of the public-private key pair of a particular one of the devices, the security features being for the particular device.

Abstract: AA system in which a requesting entity seeking access to a controlled resource is authenticated by an access authentication component includes the requesting entity initially opening a security account with the access authentication component, the access authentication component establishing and maintaining a record including information pertaining to the account and being retrievable based on a unique identifier for the requesting entity, and associating a public key of a public-private key pair with the record; the requesting entity originating an electronic message and generating a digital signature using a private key of the key pair, and sending the digitally signed electronic message to the access authentication component with the unique identifier; authenticating the electronic message using the public key associated with the record identified by the unique identifier; and upon successful authentication, authenticating access to the controlled resource.

Abstract: A method in which information pertaining to a device (104) generating digital signatures (122) is reliably identified includes manufacturing (102) devices in a secure environment (114) and for each device (104) before it is released from the secure environment: creating a public-private key pair (116, 118); storing the private key (116) within the device (104) for utilization in generating a digital signature (122) for a message (122); and linking the public key (118) to a Security Profile (120) of the device (104). The devices (104) then are released from the secure environment (114) and a digital signature (122) is received from somewhere (108) in the world (106). The message (122) is authenticated using a suspect public key (124) and the suspect public key (124) is compared with the linked public keys (118).