Server authentication in non-secure channel card pin reset methods and computer implemented processes
First Claim
1. A method for resetting a pin on an access card, comprising:
- (a) generating a server authentication (SA) public key and an SA private key;
(b) attempting a write of the SA public key to the access card over a non-secure channel;
(c) determining if the access card currently contains an existing SA public key; and
handling the attempted write of the SA public key in one of;
(i) completing the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the access card did not contain an existing public key;
(ii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and
(iii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for resetting a pin on an access card is disclosed. The method includes generating a server authentication (SA) public key and an SA private key and attempting a write of the SA public key to the access card over a non-secure channel. The method further includes determining if the access card currently contains an existing SA public key. The attempted write of the SA public key is handled by one of: (i) completing the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the access card did not contain an existing public key; (ii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and (iii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write.
-
Citations
23 Claims
-
1. A method for resetting a pin on an access card, comprising:
-
(a) generating a server authentication (SA) public key and an SA private key;
(b) attempting a write of the SA public key to the access card over a non-secure channel;
(c) determining if the access card currently contains an existing SA public key; and
handling the attempted write of the SA public key in one of;
(i) completing the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the access card did not contain an existing public key;
(ii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and
(iii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write. - View Dependent Claims (2, 3, 4, 5, 8)
-
- 6. A method for resetting a pin on an access card as recited in claim 6, wherein allowing the reset of the pin on the access card when the decrypted challenge matches the challenge initiated to the server authenticates the server.
-
9. A method for authenticating a server for resetting a pin of an access card, comprising:
-
(a) negotiating an out-of-band reset request to enable initiation of a pin reset process;
(b) receiving login data of a user to identify the user as having preliminary access to reset the pin;
(c) obtaining a card unique ID (CUID) from the access card and enabling verification of the CUID against data present in a user/card identification database, the access card having a previously stored sever authentication (SA) public key and the server maintaining an SA private key;
(d) sending a challenge to the server;
(e) receiving the challenge in an encrypted state;
(f) decrypting the received challenge using the SA public key; and
(g) enabling resetting of the pin of the access card if a decrypted challenge is the same as the challenge sent to the server. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer readable media containing program instructions for resetting a pin on an access card, the computer readable media comprising:
-
(a) program instructions for generating a server authentication (SA) public key and an SA private key;
(b) program instructions for attempting a write of the SA public key to the access card over a non-secure channel;
(c) program instructions for determining if the access card currently contains an existing SA public key; and
handling the attempted write of the SA public key in one of;
(i) program instructions for completing the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the access card did not contain an existing public key;
(ii) program instructions for denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and
(iii) program instructions for denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A system for resetting a pin on a card, comprising:
-
means for generating a server authentication (SA) public key and an SA private key;
means for attempting a write of the SA public key to the card over a non-secure channel;
means for determining if the card currently contains an existing SA public key; and
means for handling the attempted write of the SA public key in one of;
(i) completing the attempted write of the SA public key to the card over the non-secure channel if it is determined that the card did not contain an existing public key;
(ii) denying the attempted write of the SA public key to the card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and
(iii) denying the attempted write of the SA public key to the card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write.
-
Specification