There has been a growing need for stronger identity verification to protect personal property, both physical and electronic. For example, it is important to control access to premises, vehicles, and personal property so that only authorized users are allowed access. In a traditional example, a user may carry and use a key, which is designed to fit a lock to allow the user of the key to open the lock and gain entry. A loss or damage to the key, however, can render access impossible. In another example, a user may use a key fob to remotely lock or unlock the doors of a vehicle by, e.g., pressing a button on the fob to generate an infrared (“IR”) or radio frequency (“RF”) signal, which is detected by a sensor in the vehicle, which controls the doors. Such vehicle keyless access systems have been known for years, and a key is still required by the user in order to operate the ignition system. Other similar keyless access implementations may involve inserting and presenting a magnetic card or the like in a slot or a card reader/detector, or enabling an authorized user to key in a numeric or alphanumeric code on a provided keypad. In each of these conventional techniques, however, it is very difficult to determine if the person holding the key/card is the actual authorized user. Instead, these systems, only verify whether the key—not the user—is authorized. Thus, an unauthorized user may gain control of an authorized key to access the property.
Additionally, when valuable assets are in digital form, such as financial records, personal information, media content, and other exploitable targets of many sorts, the duplication and theft of those assets has historically been a constant threat. Further, it is often difficult to determine when a theft or duplication has occurred. Accordingly, various encryption techniques have been developed in an attempt to prevent theft and duplication of digital assets.
The following provides a brief description of conventional digital rights management (“DRM”) functionality. DRM tools encrypt a digital object and only allow decryption (provided the key is presented) when a set of rules has been satisfied. Rules might be related to proof of payment, user authorization, or the authentication of a connected device.
A second, more significant opportunity for protection of digital assets, however, is in the area of encryption itself. There are two primary forms of encryption—symmetric encryption and asymmetric encryption. With symmetric encryption, encryption and decryption can be performed by the same key (or with a second key that is computable from the first key). Asymmetric encryption involves the use of two keys—a private key and a public key. The public key may be known to anyone and can be used to encrypt messages and/or verify digital signatures. The private key, on the other hand, can be known to only the owner and can be used to decrypt messages encrypted by the matching public key and/or create digital signatures. Specifically, the public key used to encrypt messages or verify digital signatures cannot decrypt messages or create digital signatures. Instead, a matching pair is needed to perform both encryption and decryption and/or signature creation and verification. Asymmetrical encryption is a clever application of number theory concepts instead of merely substitution and permutation, thus providing increased security over symmetric encryption.
There are multiple applications for asymmetrical encryption techniques. For example, a sender can encrypt a data message with the receiver's public key. The receiver can then use its private key to decrypt the message. Additionally, a sender can “sign” a message with its private key. The receiver can then very the sender's signature with the sender's public key. Moreover, two sides can exchange a session key.
Unfortunately, security of the encryption keys, themselves, has become an issue. For example, with conventional encryption techniques, it can be difficult to determine whether a person decrypting a message—even though that person might have the correct private key—was the person the message was intended, i.e., the private key could have been stolen.
Therefore, there is a desire for improved user identification systems. Various embodiments of the present invention address this desire.