Abstract: A system for communicating electronically over a communications medium regarding an account includes (a) maintaining information pertaining to the account in a database such that the information is retrievable by a unique identifier, the information including security features of a device that generates digital signatures using a private key of a public-private key pair, (b) associating the public key of the device with the unique identifier in the database, (c) receiving an electronic communication including the unique identifier and a digital signature for a message generated by a suspect device (d) authenticating the message using the public key associated with the unique, (e) upon successful authentication of the message, identifying the security features retrievable by the unique identifier as being the security features of the genuine device, and (f) gauging the risk that said generated digital signature was fraudulently sent based on said identified security features of the genuine device.

Abstract: A method of providing for reliably identifying a Security Profile of a device that generates digital signatures includes (a) for each of a plurality of devices manufactured in a secure environment, recording together the public key with a Security Profile of the manufactured device and generating a digital signature therefor to collectively define a Security Certificate, the public key and Security Profile thereby being securely linked together, and (b) before each manufactured device is released from the secure environment, incorporating its respective Security Certificate into the manufactured device such that the Security Certificate is sent with a digital signature that is generated by the manufactured device using the private key.

Abstract: Information of a device that generates digital signatures is reliably identified by (a) for each of a plurality of devices manufactured in an environment, (i) creating a public-private key pair within the environment, (ii) linking within the environment in a secure manner the public key with other information associated with the device, and (iii) before release of the device from the environment, storing the private key within the device for generating a digital signature for an electronic message, and (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message. Manufacturing the devices includes creating a public-private key pair within the secure environment, and storing the private key within the device against the possibility of divulgement thereof by the device.

Abstract: Managing a database of a central key authority for a plurality of account holders, each account holder having at least one account associated with a public key of a public-private key pair of that account holder, includes maintaining for each account holder a record of information pertaining to the accounts of that account holder associated with the public keys of the account holder. The information pertaining to the accounts of an account holder includes (a) a public key of a user device that generates digital signatures, and (b) third-party account identifiers each of which identifies to a third-party an account of the user that is maintained with the third-party and that has been associated with the user's public key by the third-party.

Abstract: Managing a database for identification of security features of a device that generates digital signatures includes (a) recording in the database for each of a plurality of devices, (i) a public key of a pair of public-private keys of the device, and (ii) information including security features of the device, the security features being associated with the public key in the database, and (b) identifying security features from the database to a recipient of an electronic message for which a digital signature was originated utilizing a private key of the public-private key pair of a particular one of the devices, the security features being for the particular device.

Abstract: A database for reliably identifying a Security Profile of a device that generates digital signatures is managed by (a) maintaining the database in a secure environment, (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together, and (c) thereafter, when a linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with the linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message. Furthermore, a reference is communicated in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices.

Abstract: Trusted entity authentication includes creating a public-private pair in a secure environment; storing the private key within a device during its manufacture in the secure environment; linking the public key with other information in the secure environment, receiving input within the device comprising verification data of an entity, identifying within the device a verification status based on the verification data and data prestored within the device; independent of the verification status identified, generating a digital signature for a message including an indication of the identified verification status using the private key; outputting the digital signature for transmission with an EC; identifying upon receipt of the EC the information linked with the public key by authenticating the message with the public key, and considering the identified information and the indicated verification status.

Abstract: A method of authenticating an entity by a receiving party with respect to an electronic communication that is received by the receiving party and that includes both a unique identifier associated with an account maintained by the receiving party and a digital signature for a message regarding the account, consists of the steps of, before receipt of the electronic communication, first associating by the receiving party a public key of a public-private key pair with the unique identifier and, thereafter, only conducting message authentication using the digital signature received by the receiving party in the electronic communication and the public key associated with the account identifier.

Abstract: A system for making a purchase by a customer from a merchant, wherein an electronic message represents an instruction for payment from an account with a financial institution, includes a method of: associating a public key with identity information regarding the account; receiving by the merchant both encoding information for the electronic message and the identity information; forwarding by the merchant the electronic message, encoding information, and identity information; upon receipt of the electronic message, the encoding information, and identity information, retrieving the public key associated with the identity information; and determining a validation result as a function of the electronic message, the encoding information, and the retrieved public key. Upon successful validation, an account authorization is performed or payment from the account is made.

Abstract: A method of managing accounts by an account authority for the same account holder includes associating identity information for each account with the same public key. A method for establishing a new account for the same account holder with each one of a plurality of account authorities includes associating respective identity information for each account with the same public key of the account holder. A method of setting up an account with account authorities for the later process of validating the identity of a sender of electronic communications representing requests for performance of actions regarding the accounts, each electronic communication including a digital signature and respective sender identity information, includes associating a public key with the account such that the public key later is retrievable following receipt of a communication based on the respective sender identity information in the communication, the public key being the same for each account authority.

Abstract: The reliability of electronic encoding, e.g., digital signatures, are incorporated into current business processes to identify the sender of an electronic message as well as the accuracy of the electronic message. An institution records an encoding key and associates it with account information from the sender. This initial recording may be performed using any of the validation procedures utilized today by a business institution. After the initial validation of the encoding key, validating future electronic transactions occurs by including encoding information that can be deciphered using the encoding key initially stored. To validate an electronic transaction, the sender sends the electronic transaction message, the encoding information and sender identity information to the person or institution where the sender desires validation.

Abstract: A method of authenticating an entity by a receiving party with respect to an electronic communication that is received by the receiving party and that includes both a unique identifier associated with an account maintained by the receiving party and a digital signature for a message regarding the account, consists of the steps of, before receipt of the electronic communication, first associating by the receiving party a public key of a public-private key pair with the unique identifier and, thereafter, only conducting message authentication using the digital signature received by the receiving party in the electronic communication and the public key associated with the account identifier.

Abstract: A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified includes creating a public-private key pair within each device during manufacture; exporting only the public key from the device; retaining the private key within the device against the possibility of divulgement thereof by the device; and securely linking said exported public key with other information within the environment of the manufacture of the device, whereby each device is securely bound with its respective public key. A database of PuK-linked account information of users is maintained. The PuK-linked account information for each user includes a public key of such a device; information securely linked with the public key during manufacture; and third-party account identifiers, each of which identifies an account to a third-party of the user maintained with the third-party that has been associated with the user's public key by the third-party.

Abstract: A method of generating a digital signature within a computer chip includes receiving data representing a message, and generating a digital signature for the message by modifying the message data with additional data, calculating a hash value of the modified message, and encrypting the hash value using a private key of a public-private key pair. The additional data includes data prestored within content searchable memory of the computer chip and a verification status of the computer chip. The verification status is identified out of a plurality of predefined verification statuses as a function of verification data input into the computer chip and data prestored within the computer chip. An identified verification status is used by one entity in determining risk regarding an electronic communication from another entity, especially where the electronic communication comprises a request and a digital signature generated by the computer chip.