System and method for encrypted smart card pin entry
First Claim
1. A method for authenticating a user device using a smart card, comprising the steps of:
- providing a smart card comprising a microprocessor and a memory for storing a private key and a public key, the memory comprising secure memory for storing the private key, a decryption algorithm, and predetermined authentication information;
transmitting a challenge to a user device, the challenge comprising the public key;
receiving from the user device a response comprising received authentication information encrypted using the challenge;
decrypting the received authentication information using the private key;
comparing the received authentication information against the predetermined authentication information;
if the received authentication information matches the predetermined authentication information, transmitting a verification signal to the user device.
5 Assignments
0 Petitions
Accused Products
Abstract
A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.
79 Citations
19 Claims
-
1. A method for authenticating a user device using a smart card, comprising the steps of:
-
providing a smart card comprising a microprocessor and a memory for storing a private key and a public key, the memory comprising secure memory for storing the private key, a decryption algorithm, and predetermined authentication information;
transmitting a challenge to a user device, the challenge comprising the public key;
receiving from the user device a response comprising received authentication information encrypted using the challenge;
decrypting the received authentication information using the private key;
comparing the received authentication information against the predetermined authentication information;
if the received authentication information matches the predetermined authentication information, transmitting a verification signal to the user device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A smart card for authenticating a user device, the smart card comprising:
-
a memory for storing a private key, a public key, and predetermined authentication information, at least the private key being stored in a secure portion of memory;
an interface for communicating with a smart card reader, transmitting a challenge comprising at least the public key to a user device via the smart card reader, receiving encrypted authentication information from the user device via the smart card reader, the encrypted authentication information being encrypted by the public key;
a processor for executing a decryption algorithm on the received encrypted authentication information using the private key to obtain decrypted authentication information, comparing the decrypted authentication information with the predetermined authentication information, and generating a verification signal if the decrypted authentication information and the predetermined authentication information match. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system for authenticating a user device using a smart card, comprising:
-
a smart card comprising a microprocessor and a memory for storing a private key, a public key, and predetermined authentication information, the memory comprising secure memory for storing at least the private key, and the microprocessor being configured to execute a decryption algorithm using the private key and to perform a comparison of the predetermined authentication information against received authentication information;
a user device for receiving input from a user, the user device being configured to encrypt input; and
a smart card reader for providing communication means between the smart card and the user device;
wherein when the smart card is in communication with the user device via the smart card reader, the smart card is configured to transmit to the user device the public key, the user device is configured to encrypt input authentication information from a user using the public key and transmit the encrypted authentication information to the smart card, and the smart card is further configured to decrypt the received encrypted authentication information using the decryption algorithm and the private key such that the microprocessor may perform a comparison of the predetermined authentication information against the received authentication information, and such that the smart card reader never receives or communicates unencrypted authentication information. - View Dependent Claims (19)
-
Specification