Invented by Ernie F. Brickell, Wesley Deklotz, Intel Corp
The Intel Corp invention works as follows
An credential verification service (CVS), authenticates digital credentials such as digital certificates at the request of online providers. The central activity log contains transaction information and authentication results. Transaction information may include the size of the transaction, the online service that requested the authentication, and an internet protocol address (IP) of the computing device that originated the transaction. It also includes the goods or services involved in it. From the activity log, the CVS generates an Activity Report that lists both the transaction information and the authentication results. The CVS has a fraud detection module that analyzes the log in order to detect unusual patterns and identify fraudulent activities.Background for Digital credential usage reporting
Cryptography is the foundation for many privacy and authentication mechanisms in computer-based system. A digital signature is one such mechanism. It is used to authenticate the sender in electronic messages. First, the sender must create a private and public signature keys. The sender uses a computation to sign a message or another document. This takes the message as input and creates a digital signature. A receiver uses a computation to verify a digital signature. This takes the message, digital signature and public verification key as input and outputs either “signature verified?” “Signature verified” or “signature failed to verify?
To facilitate authentication of digitally signed documents, the receiver must be sure that the public verify key used to verify signature is the same public verification key as the sender. The digital certificate contains the identity of sender and the public verification key. It also includes other information. This digital certificate is typically digitally signed by an authority. Another mechanism can be used to establish the correspondence between an individual’s identity and a public verifiable key, such as an entry into a database.
DESCRIPTION of Drawings
FIG. “FIG.
FIG. “FIG.
FIG. “FIG.3.23 is an example activity journal.
FIG. “FIG.
DESCRIPTION
As used herein, “A user’s digital credential” refers to security mechanisms that are associated with their identity. A user’s digital credentials can contain one or more digital signature keys that relate to one or several digital certificates. A user’s digital credential could also include any other cryptographic security mechanism suitable for use, such as a mechanism to be used in a proprietary cryptographic system.
One or more tasks can be required to validate a user’s digital credential. One example is to verify that the user’s signature is valid using the public keys in the user?s digital certificates. Another example is to validate the digital cert, which may include using a key from the certification authority to verify that the digital cert is valid.
FIG. “FIG. System 2 is able to detect fraudulent activity and general misuse of digital credentials quickly, as we will explain in more detail.
Web browser 12, like Internet Explorer?” From Microsoft Corporation of Redmond (Wash.) executes in an operating system provided by computing device 4A. This allows an owner of digital credentials 16 to remotely access online service 6 via network 28. Online services 6 are generally web-based sites that allow secure electronic transactions. Online services 6 could be used to sell consumer products like books, movies and software. Online services 6 could also be used to connect businesses, such as online markets for medical supplies and other supplies. Online banking institutions, brokerage companies, and health services are just a few examples. Web browsers (not illustrated) are used by authorized delegates of users to access online services 6, and to conduct secure transactions using digital credentials that have been authorized to the user to act for the user for specific uses.
Computing devices4″ refers to general-purpose computing systems that can interact with network 28. A personal computer is an example of a suitable computing gadget 4. Each computing device 4 may also be a tablet computer, a handheld or a personal digital assistant (PDA) such as a Palm. An organizer can be purchased from Palm Inc. in Santa Clara, Calif. or a network-enabled cell phone. Network 28 can be described as any communication network such as a packet-based network like the Internet.
Credential service provider 8 (CSP8) 8 is a central service that allows users to manage their digital credentials. CSP 8 is a central service that allows users to request digital credentials, revoke digital credentials, and designate one or more delegate(s) who can use their digital credential to perform specified functions.
To obtain digital credential 16, the user opens web browser 12 and navigates to CSP 8. There, he generates a private key and public verification key and requests a digital certifiable certificate. The public verification key is submitted by the user along with a range of information such as address and name.
CSP 8 transmits the information to credential issuing services (CIS) 22 which, as a certificate authority issues a corresponding 16 digital credential, including a signature key, and records owner information in the owner database 24. The user is now the “owner?” Digital credential 16: The user becomes the?owner? The digital credential 16 issued by CIS 22 can be accessed by the owner to access CSP 8 and designate one of their authorized delegates.
The digital credential 16 is used by the owner to secure access online services 6, sign digital documents, and conduct secure transactions. One configuration of web browser 12 creates a secure communication connection with a web server at an online service 6 by using a secure communications protocol such as Secure Socket Layer. The web server issues a “challenge” when accessed. To web browser 12. Web browser 12 replies by signing the challenge using his private signature key, communicating digital credential 16, and submitting the signed challenge to an online service 6. Another configuration is that web browser 12 uses his private key to digitally sign documents presented to online servers 6, such as when an owner or delegate submits a confidential medical diagnosis, or requests for prescriptions to a web-based healthcare service.
Online services 6 have the option to validate digital credential 16. This can be done by using the public keys to verify digital signatures and checking local databases to confirm the association between the public and user keys. Online services 6 can communicate digital credential 16 to credential validation service 10 (CVS), for verification. Online services 6 can validate low-value transactions locally, while CVS 10 can validate high-value transactions.
CVS 10 obtains the digital credential (16, including the digital signature, and digital certificate) from online services 6. Then, it interacts with CIS 22. CVS 10 connects to CIS 22 as a certificate authority and obtains the public key for CIS 22. CVS 20 then accesses CIS 22, to verify that digital credential 16 was revoked as indicated by certificate repository 26, CVS 20 saves the results of verification in activity log 20, regardless of whether they were successful.
CSP 8 allows users to create a variety of digital signature keys that are associated with their identity, and then assign a friendly name. Each key. The user can assign names like: Office Key, Home Key or Portable Key. This allows users to track digital signature keys usage more easily, as described below.
System 2 includes many features that enable an owner or delegate detect unauthorized digital signature key use in the event of digital signature key misappropriation or misuse. CVS 10, for example, can send an activity report automatically to web browser 12 when digital signatures are verified during secure transactions. The activity report can be displayed to the user. This allows the user to quickly identify if the digital signature key has been misused.
Click here to view the patent on Google Patents.