Method and apparatus for protecting against side channel attacks against personal identification numbers

US 20030229598A1
Filed: 06/05/2002
Published: 12/11/2003
Est. Priority Date: 06/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method for private personal identification number (PIN) management, the method comprising:

receiving a first PIN;

receiving a first key used to scramble a second PIN that has been validated;

receiving a first scrambled PIN comprising said second PIN scrambled with said first key;

scrambling said first PIN with said first key to create a second scrambled PIN; and

validating said first PIN based at least in part on whether said first scrambled PIN matches said second scrambled PIN.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for private personal identification number (PIN) management includes receiving a first PIN, receiving a first key used to scramble a second PIN that has been validated, receiving a first scrambled PIN comprising the second PIN scrambled with the first key, scrambling the first PIN with the first key to create a second scrambled PIN and validating the first PIN based at least in part on whether the first scrambled PIN matches the second scrambled PIN.

Citations

82 Claims

1. A method for private personal identification number (PIN) management, the method comprising:
- receiving a first PIN;
  
  receiving a first key used to scramble a second PIN that has been validated;
  
  receiving a first scrambled PIN comprising said second PIN scrambled with said first key;
  
  scrambling said first PIN with said first key to create a second scrambled PIN; and
  
  validating said first PIN based at least in part on whether said first scrambled PIN matches said second scrambled PIN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - scrambling said first PIN with a second key to create a third scrambled PIN if said first PIN is valid; and
      
      storing said third scrambled PIN with said second key for use in validating a third PIN.
  - 3. The method of claim 2 wherein said storing further comprises storing said third scrambled PIN and said second key in a persistent mutable memory.
  - 4. The method of claim 3 wherein said persistent mutable memory comprises an EEPROM.
  - 5. The method of claim 1 wherein said first key comprises a session ID.
  - 6. The method of claim 2 wherein at least one of said first key and said second key comprises a session ID.
  - 7. The method of claim 1 wherein said first key comprises a randomized key.
  - 8. The method of claim 2 wherein at least one of said first key and said second key comprise a randomized key.

9. A method for private personal identification number (PIN) management, the method comprising:
- receiving a first PIN;
  
  receiving a first key used to scramble a second PIN that has been validated;
  
  receiving a first scrambled PIN comprising said second PIN scrambled with said first key;
  
  scrambling said first PIN with a second key to create a second scrambled PIN;
  
  marking said second scrambled PIN as untested;
  
  scrambling said first PIN with said first key to create a third scrambled PIN; and
  
  marking said second scrambled PIN based at least in part on comparing said first scrambled PIN with said third scrambled PIN.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising validating said second scrambled PIN based at least in part on said marking.
  - 11. The method of claim 9, further comprising storing said second scrambled PIN for use in validating a subsequent PIN.
  - 12. The method of claim 9 wherein at least one of said first key and said second key comprise a session ID.
  - 13. The method of claim 9 wherein at least one of said first key and said second key comprise a randomized key.
  - 14. The method of claim 9 wherein said storing further comprises storing said second scrambled PIN in a persistent mutable memory.
  - 15. The method of claim 14 wherein said persistent mutable memory comprises an EEPROM.
  - 16. The method of claim 10 wherein said validating further comprises:
    - indicating said stored second scrambled PIN is invalid if said marking indicates said first scrambled PIN does not match said third scrambled PIN; and
      
      indicating said stored second scrambled PIN is valid if said marking indicates said first scrambled PIN matches said third scrambled PIN.

17. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for private personal identification number (PIN) management, the method comprising:
- receiving a first PIN;
  
  receiving a first key used to scramble a second PIN that has been validated;
  
  receiving a first scrambled PIN comprising said second PIN scrambled with said first key;
  
  scrambling said first PIN with said first key to create a second scrambled PIN; and
  
  validating said first PIN based at least in part on whether said first scrambled PIN matches said second scrambled PIN.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The program storage device of claim 17 wherein said method further comprises:
    - scrambling said first PIN with a second key to create a third scrambled PIN if said first PIN is valid; and
      
      storing said third scrambled PIN with said second key for use in validating a third PIN.
  - 19. The program storage device of claim 18 wherein said storing further comprises storing said third scrambled PIN and said second key in a persistent mutable memory.
  - 20. The program storage device of claim 17 wherein said first key comprises a session ID.
  - 21. The program storage device of claim 18 wherein at least one of said first key and said second key comprises a session ID.
  - 22. The program storage device of claim 17 wherein said first key comprises a randomized key.
  - 23. The program storage device of claim 18 wherein at least one of said first key and said second key comprise a randomized key.

24. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for private personal identification number (PIN) management, the method comprising:
- receiving a first PIN;
  
  receiving a first key used to scramble a second PIN that has been validated;
  
  receiving a first scrambled PIN comprising said second PIN scrambled with said first key;
  
  scrambling said first PIN with a second key to create a second scrambled PIN;
  
  marking said second scrambled PIN as untested;
  
  scrambling said first PIN with said first key to create a third scrambled PIN; and
  
  marking said second scrambled PIN based at least in part on comparing said first scrambled PIN with said third scrambled PIN.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The program storage device of claim 24 wherein said method further comprises validating said second scrambled PIN based at least in part on said marking.
  - 26. The program storage device of claim 24 wherein said method further comprises storing said second scrambled PIN for use in validating a subsequent PIN.
  - 27. The program storage device of claim 24 wherein at least one of said first key and said second key comprise a session ID.
  - 28. The program storage device of claim 24 wherein at least one of said first key and said second key comprise a randomized key.
  - 29. The program storage device of claim 24 wherein said storing further comprises storing said second scrambled PIN in a persistent mutable memory.
  - 30. The program storage device of claim 29 wherein said persistent mutable memory comprises an EEPROM.
  - 31. The program storage device of claim 25 wherein said validating further comprises:
    - indicating said stored second scrambled PIN is invalid if said marking indicates said first scrambled PIN does not match said third scrambled PIN; and
      
      indicating said stored second scrambled PIN is valid if said marking indicates said first scrambled PIN matches said third scrambled PIN.

32. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- means for receiving a first PIN;
  
  means for receiving a first key used to scramble a second PIN that has been validated;
  
  means for receiving a first scrambled PIN comprising said second PIN scrambled with said first key;
  
  means for scrambling said first PIN with said first key to create a second scrambled PIN; and
  
  means for validating said first PIN based at least in part on whether said first scrambled PIN matches said second scrambled PIN.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
- - 33. The apparatus of claim 32, further comprising:
    - means for scrambling said first PIN with a second key to create a third scrambled PIN if said first PIN is valid; and
      
      means for storing said third scrambled PIN with said second key for use in validating a third PIN.
  - 34. The apparatus of claim 33 wherein said means for storing further comprises means for storing said third scrambled PIN and said second key in a persistent mutable memory.
  - 35. The apparatus of claim 34 wherein said persistent mutable memory comprises an EEPROM.
  - 36. The apparatus of claim 32 wherein said first key comprises a session ID.
  - 37. The apparatus of claim 34 wherein at least one of said first key and said second key comprises a session ID.
  - 38. The apparatus of claim 32 wherein said first key comprises a randomized key.
  - 39. The apparatus of claim 33 wherein at least one of said first key and said second key comprise a randomized key.

40. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- means for receiving a first PIN;
  
  means for receiving a first key used to scramble a second PIN that has been validated;
  
  means for receiving a first scrambled PIN comprising said second PIN scrambled with said first key;
  
  means for scrambling said first PIN with a second key to create a second scrambled PIN;
  
  means for marking said second scrambled PIN as untested;
  
  means for scrambling said first PIN with said first key to create a third scrambled PIN; and
  
  means for marking said second scrambled PIN based at least in part on comparing said first scrambled PIN with said third scrambled PIN.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
- - 41. The apparatus of claim 40, further comprising means for validating said second scrambled PIN based at least in part on said marking.
  - 42. The apparatus of claim 40, further comprising means for storing said second scrambled PIN for use in validating a subsequent PIN.
  - 43. The apparatus of claim 40 wherein at least one of said first key and said second key comprise a session ID.
  - 44. The apparatus of claim 40 wherein at least one of said first key and said second key comprise a randomized key.
  - 45. The apparatus of claim 40 wherein said storing further comprises storing said second scrambled PIN in a persistent mutable memory.
  - 46. The apparatus of claim 45 wherein said persistent mutable memory comprises an EEPROM.
  - 47. The apparatus of claim 41 wherein said means for validating further comprises:
    - means for indicating said stored second scrambled PIN is invalid if said marking indicates said first scrambled PIN does not match said third scrambled PIN; and
      
      means for indicating said stored second scrambled PIN is valid if said marking indicates said first scrambled PIN matches said third scrambled PIN.

48. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- a memory for storing at least one key, at least one scrambled PIN, and at least one validity indication, said at least one scrambled PIN comprising said at least one PIN scrambled with said at least one key, said at least one validity indication indicating whether said at least one scrambled PIN been tested; and
  
  a PIN comparator coupled to said memory and configured to receive a first PIN;
  
  receive a first key used to scramble a second PIN that has been validated;
  
  receive a first scrambled PIN comprising said second PIN scrambled with said first key;
  
  scramble said first PIN with said first key to create a second scrambled PIN; and
  
  validate said first PIN based at least in part on whether said first scrambled PIN matches said second scrambled PIN.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 49. The apparatus of claim 48 wherein said PIN comparator is further configured to scramble said first PIN with a second key to create a third scrambled PIN if said first PIN is valid;
    - and store said third scrambled PIN with said second key for use in validating a third PIN.
  - 50. The apparatus of claim 49 wherein said PIN comparator is further configured to store said third scrambled PIN and said second key in a persistent mutable memory.
  - 51. The apparatus of claim 50 wherein said persistent mutable memory comprises an EEPROM.
  - 52. The apparatus of claim 48 wherein said first key comprises a session ID.
  - 53. The apparatus of claim 49 wherein at least one of said first key and said second key comprises a session ID.
  - 54. The apparatus of claim 48 wherein said first key comprises a randomized key.
  - 55. The apparatus of claim 49 wherein at least one of said first key and said second key comprise a randomized key.
  - 56. The apparatus of claim 48 wherein said apparatus comprises a smart card.
  - 57. The apparatus of claim 48 wherein said smart card comprises a Java Card™
    - technology-enabled smart card.
  - 58. The apparatus of claim 48 wherein said smart card comprises a CDMA (Code Division Multiple Access) technology-enabled smart card.
  - 59. The apparatus of claim 48 wherein said smart card comprises a SIM (Subscriber Identity Module) card.
  - 60. The apparatus of claim 48 wherein said smart card comprises a WIM (Wireless Interface Module).
  - 61. The apparatus of claim 48 wherein said smart card comprises a USIM (Universal Subscriber Identity Module).
  - 62. The apparatus of claim 48 wherein said smart card comprises a UIM (User Identity Module).
  - 63. The apparatus of claim 48 wherein said smart card comprises a R-UIM (Removable User Identity Module).
  - 64. The apparatus of claim 48 wherein said apparatus comprises a mobile phone.

65. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- a memory for storing at least one key, at least one scrambled PIN, and at least one validity indication, said at least one scrambled PIN comprising said at least one PIN scrambled with said at least one key, said at least one validity indication indicating whether said at least one scrambled PIN been tested; and
  
  a PIN comparator coupled to said memory and configured to receive a first PIN;
  
  receive a first key used to scramble a second PIN that has been validated;
  
  receive a first scrambled PIN comprising said second PIN scrambled with said first key;
  
  scramble said first PIN with a second key to create a second scrambled PIN;
  
  mark said second scrambled PIN as untested;
  
  scramble said first PIN with said first key to create a third scrambled PIN; and
  
  mark said second scrambled PIN based at least in part on comparing said first scrambled PIN with said third scrambled PIN.
- View Dependent Claims (66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81)
- - 66. The apparatus of claim 65 wherein said PIN comparator is further configured to validate said second scrambled PIN based at least in part on said mark.
  - 67. The apparatus of claim 65 wherein said PIN comparator is further configured to store said second scrambled PIN for use in validating a subsequent PIN.
  - 68. The apparatus of claim 65 wherein at least one of said first key and said second key comprise a session ID.
  - 69. The apparatus of claim 65 wherein at least one of said first key and said second key comprise a randomized key.
  - 70. The apparatus of claim 65 wherein said PIN comparator is further configured to store said second scrambled PIN in a persistent mutable memory.
  - 71. The apparatus of claim 70 wherein said persistent mutable memory comprises an EEPROM.
  - 72. The apparatus of claim 66 wherein said PIN comparator is further configured to indicate said stored second scrambled PIN is invalid if said marking indicates said first scrambled PIN does not match said third scrambled PIN;
    - and indicate said stored second scrambled PIN is valid if said marking indicates said first scrambled PIN matches said third scrambled PIN.
  - 73. The apparatus of claim 65 wherein said apparatus comprises a smart card.
  - 74. The apparatus of claim 65 wherein said smart card comprises a Java Card™
    - technology-enabled smart card.
  - 75. The apparatus of claim 65 wherein said smart card comprises a CDMA (Code Division Multiple Access) technology-enabled smart card.
  - 76. The apparatus of claim 65 wherein said smart card comprises a SIM (Subscriber Identity Module) card.
  - 77. The apparatus of claim 65 wherein said smart card comprises a WIM (Wireless Interface Module).
  - 78. The apparatus of claim 65 wherein said smart card comprises a USIM (Universal Subscriber Identity Module).
  - 79. The apparatus of claim 65 wherein said smart card comprises a UIM (User Identity Module).
  - 80. The apparatus of claim 65 wherein said smart card comprises a R-UIM (Removable User Identity Module).
  - 81. The apparatus of claim 65 wherein said apparatus comprises a mobile phone.

82. A memory for storing data for access by an application program being executed on a data processing system, comprising:
- a data structure stored in said memory, said data structure including information used by said program to determine whether a PIN is valid, said data structure comprising at least one key, at least one scrambled PIN, and at least one validity indication, said at least one scrambled PIN comprising said at least one PIN scrambled with said at least one key, said at least one validity indication indicating whether said at least one scrambled PIN has been tested.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
de Jong, Eduard

Granted Patent

US 7,596,531 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/72
CPC Class Codes

G06F 21/31   User authentication

G06F 21/755   with measures against power...

G06Q 20/4012   Verifying personal identifi...

G06Q 30/018   Certifying business or prod...

Method and apparatus for protecting against side channel attacks against personal identification numbers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

82 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for protecting against side channel attacks against personal identification numbers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

82 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links