Server authentication in non-secure channel card pin reset methods and computer implemented processes

US 20050289652A1
Filed: 06/25/2004
Published: 12/29/2005
Est. Priority Date: 06/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method for resetting a pin on an access card, comprising:

(a) generating a server authentication (SA) public key and an SA private key;

(b) attempting a write of the SA public key to the access card over a non-secure channel;

(c) determining if the access card currently contains an existing SA public key; and

handling the attempted write of the SA public key in one of;

(i) completing the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the access card did not contain an existing public key;

(ii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and

(iii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for resetting a pin on an access card is disclosed. The method includes generating a server authentication (SA) public key and an SA private key and attempting a write of the SA public key to the access card over a non-secure channel. The method further includes determining if the access card currently contains an existing SA public key. The attempted write of the SA public key is handled by one of: (i) completing the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the access card did not contain an existing public key; (ii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and (iii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write.

Citations

23 Claims

1. A method for resetting a pin on an access card, comprising:
- (a) generating a server authentication (SA) public key and an SA private key;
  
  (b) attempting a write of the SA public key to the access card over a non-secure channel;
  
  (c) determining if the access card currently contains an existing SA public key; and
  
  handling the attempted write of the SA public key in one of;
  
  (i) completing the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the access card did not contain an existing public key;
  
  (ii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and
  
  (iii) denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write.
- View Dependent Claims (2, 3, 4, 5, 8)
- - 2. A method for resetting a pin on an access card as recited in claim 1, wherein the denying of (ii) signals an exception to an applet of the access card, the exception defining a code that prevents the write of the SA public key and allows continuation with an enrollment process to setup the access card for an individual.
  - 3. A method for resetting a pin on an access card as recited in claim 1, wherein when the non-secure channel is converted into a secure channel, the attempt to write the SA public key is allowed whether or not the existing SA public key is present on the access card.
  - 4. A method for resetting a pin on an access card as recited in claim 1, further comprising:
    - (d) attempting a reset of the pin on the access card from a server, the attempted reset including, initiating a challenge to the server, the challenge being encrypted at the server using the SA private key;
      
      decrypting the encrypted challenge using the SA public key of the access card; and
      
      allowing reset of the pin on the access card when the decrypted challenge matches the challenge initiated to the server.
  - 5. A method for resetting a pin on an access card as recited in claim 4, further comprising, receiving an out-of-band reset request indicating an intent to attempt the reset of the pin in operation (d);
    - and setting a temporary flag to indicate an approval of the out-of-band reset request; and
      
      unsetting the flag when the challenge is encrypted, the reset process attempt is aborted, or a timer associated with the temporary flag has run out.
  - 8. A method for resetting a pin on an access card as recited in claim 4, wherein an authenticate server method enables:
    - (I) generation of the challenge and (II) decryption of the challenge, and setting/not-setting of the pin.

6. A method for resetting a pin on an access card as recited in claim 6, wherein allowing the reset of the pin on the access card when the decrypted challenge matches the challenge initiated to the server authenticates the server.
- View Dependent Claims (7)
- - 7. A method for resetting a pin on an access card as recited in claim 6, wherein the server being authenticated ensures that the server is a trusted server containing the SA private key pair that matches the SA public key.

9. A method for authenticating a server for resetting a pin of an access card, comprising:
- (a) negotiating an out-of-band reset request to enable initiation of a pin reset process;
  
  (b) receiving login data of a user to identify the user as having preliminary access to reset the pin;
  
  (c) obtaining a card unique ID (CUID) from the access card and enabling verification of the CUID against data present in a user/card identification database, the access card having a previously stored sever authentication (SA) public key and the server maintaining an SA private key;
  
  (d) sending a challenge to the server;
  
  (e) receiving the challenge in an encrypted state;
  
  (f) decrypting the received challenge using the SA public key; and
  
  (g) enabling resetting of the pin of the access card if a decrypted challenge is the same as the challenge sent to the server.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. A method for authenticating a server for resetting a pin of an access card as recited in claim 9, wherein the encrypted challenge and a new pin are provided together when the resetting of the pin is attempted, wherein providing the encrypted challenge and the new pin together ensures that the encrypted challenge was a result of the request to reset the pin.
  - 11. A method for authenticating a server for resetting a pin of an access card as recited in claim 9, wherein negotiating the out-of-band reset request to enable initiation of the pin reset process includes communicating with an administrator of the access card who has access to the user/card identification database.
  - 12. A method for authenticating a server for resetting a pin of an access card as recited in claim 9, wherein when initiation of the pin reset process is approved, a temporary flag is set;
    - and unsetting the flag when the challenge is decrypted, the reset process attempt is aborted, or a timer associated with the temporary flag has run out.
  - 13. A method for authenticating a server for resetting a pin of an access card as recited in claim 9, wherein reset of the pin on the access card is allowed when the decrypted challenge matches the challenge initiated to the server, the match authenticates the server.
  - 14. A method for authenticating a server for resetting a pin of an access card as recited in claim 13, wherein the server being authenticated ensures that the server is a trusted server containing the SA private key that matches the SA public key to define a matching asymmetric key pair.
  - 15. A method for authenticating a server for resetting a pin of an access card as recited in claim 14, wherein an authenticate server method enables:
    - (I) generation of the challenge and (II) decryption of the challenge, and setting/not-setting of the pin.

16. A computer readable media containing program instructions for resetting a pin on an access card, the computer readable media comprising:
- (a) program instructions for generating a server authentication (SA) public key and an SA private key;
  
  (b) program instructions for attempting a write of the SA public key to the access card over a non-secure channel;
  
  (c) program instructions for determining if the access card currently contains an existing SA public key; and
  
  handling the attempted write of the SA public key in one of;
  
  (i) program instructions for completing the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the access card did not contain an existing public key;
  
  (ii) program instructions for denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and
  
  (iii) program instructions for denying the attempted write of the SA public key to the access card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. A computer readable media containing program instructions for resetting a pin on an access card as recited in claim 16, wherein the program instruction for denying (ii) signals an exception, the exception defining a code that denies the write of the SA public key and continuation with an enrollment process to setup the access card for an individual.
  - 18. A computer readable media containing program instructions for resetting a pin on an access card as recited in claim 16, wherein when the non-secure channel is converted into a secure channel, the attempt to write the SA public key is allowed whether or not the existing SA public key is present on the access card.
  - 19. A computer readable media containing program instructions for resetting a pin on an access card as recited in claim 16, further comprising:
    - (d) program instructions for attempting a reset of the pin on the access card from a server, the attempted reset including, program instructions for initiating a challenge to the server, the challenge being encrypted at the server using the SA private key;
      
      program instructions for decrypting the encrypted challenge using the SA public key of the access card; and
      
      program instructions for allowing reset of the pin on the access card when the decrypted challenge matches the challenge initiated to the server.
  - 20. A computer readable media containing program instructions for resetting a pin on an access card as recited in claim 19, further comprising, program instructions for receiving an out-of-band reset request indicating an intent to attempt the reset of the pin in operation (d);
    - and program instructions for setting a temporary flag to indicate an approval of the out-of-band reset request; and
      
      program instructions for unsetting the flag upon completing the encryption of the challenge, the reset process attempt is aborted, or a timer associated with the temporary flag has run out.
  - 21. A computer readable media containing program instructions for resetting a pin on an access card as recited in claim 20, wherein allowing the reset of the pin on the access card when the decrypted challenge matches the challenge initiated to the server authenticates the server.
  - 22. A computer readable media containing program instructions for resetting a pin on an access card as recited in claim 21, wherein the server being authenticated ensures that the server is a trusted server containing the SA private key that matches the SA public key, to define a matching asymmetric key pair.

23. A system for resetting a pin on a card, comprising:
- means for generating a server authentication (SA) public key and an SA private key;
  
  means for attempting a write of the SA public key to the card over a non-secure channel;
  
  means for determining if the card currently contains an existing SA public key; and
  
  means for handling the attempted write of the SA public key in one of;
  
  (i) completing the attempted write of the SA public key to the card over the non-secure channel if it is determined that the card did not contain an existing public key;
  
  (ii) denying the attempted write of the SA public key to the card over the non-secure channel if it is determined that the existing SA public key matches the SA public key that is attempted by the write; and
  
  (iii) denying the attempted write of the SA public key to the card over the non-secure channel if it is determined that the existing SA public key does not match the SA public key that is attempted by the write.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Ravishankar, Tanjore S., Sharma, Aseem, Siegel, Ellen H., Wei, Joe

Granted Patent

US 7,617,390 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/388   using mutual authentication...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Server authentication in non-secure channel card pin reset methods and computer implemented processes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Server authentication in non-secure channel card pin reset methods and computer implemented processes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links