System and method for encrypted smart card pin entry

US 20070028118A1
Filed: 08/04/2005
Published: 02/01/2007
Est. Priority Date: 07/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user device using a smart card, comprising the steps of:

providing a smart card comprising a microprocessor and a memory for storing a private key and a public key, the memory comprising secure memory for storing the private key, a decryption algorithm, and predetermined authentication information;

transmitting a challenge to a user device, the challenge comprising the public key;

receiving from the user device a response comprising received authentication information encrypted using the challenge;

decrypting the received authentication information using the private key;

comparing the received authentication information against the predetermined authentication information;

if the received authentication information matches the predetermined authentication information, transmitting a verification signal to the user device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.

79 Citations

View as Search Results

19 Claims

1. A method for authenticating a user device using a smart card, comprising the steps of:
- providing a smart card comprising a microprocessor and a memory for storing a private key and a public key, the memory comprising secure memory for storing the private key, a decryption algorithm, and predetermined authentication information;
  
  transmitting a challenge to a user device, the challenge comprising the public key;
  
  receiving from the user device a response comprising received authentication information encrypted using the challenge;
  
  decrypting the received authentication information using the private key;
  
  comparing the received authentication information against the predetermined authentication information;
  
  if the received authentication information matches the predetermined authentication information, transmitting a verification signal to the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the memory of the smart card is further provided with a nonce generation function, the method further comprising the step of generating and storing a nonce, such that the step of transmitting a challenge to the user device comprises transmitting a challenge comprising the public key and the nonce, and the step of comparing the received authentication information further comprises a comparison of the stored nonce as well as the predetermined authentication information with the received authentication information.
  - 3. The method of claim 1, wherein the step of transmitting a challenge to a user device occurs after a request for authentication is received.
  - 4. The method of claim 2, wherein the step of transmitting a challenge to a user device occurs after a request for authentication is received.
  - 5. The method of claim 1, further comprising the steps of:
    - transmitting a request for authentication to the smart card before the step of transmitting a challenge to a user device;
      
      prompting a user of the user device to enter authentication information;
      
      encrypting, at the user device, the received authentication information using the challenge;
      
      transmitting to the smart card the encrypted received authentication information; and
      
      receiving a verification signal from the smart card.
  - 6. The method of claim 2, further comprising the steps of:
    - transmitting a request for authentication to the smart card before the step of transmitting a challenge to a user device;
      
      prompting a user of the user device to enter authentication information;
      
      encrypting, at the user device, the received authentication information using the challenge;
      
      transmitting to the smart card the encrypted received authentication information; and
      
      receiving a verification signal from the smart card.
  - 7. The method of claim 2, wherein the user device comprises a mobile communication device.
  - 8. The method of claim 5, wherein the user device comprises a mobile communication device, the method further comprising the step of decrypting or digitally signing an electronic message upon receipt of the verification signal from the smart card.
  - 9. The method of claim 6, wherein the user device comprises a mobile communication device, the method further comprising the step of decrypting or digitally signing an electronic message upon receipt of the verification signal from the smart card.
  - 10. The method of claim 8, wherein the step of decrypting or digitally signing an electronic message comprises the step of accessing a further private key for carrying out the decryption or digital signature.
  - 11. The method of claim 9, wherein the step of decrypting or digitally signing an electronic message comprises the step of accessing a further private key for carrying out the decryption or digital signature.

12. A smart card for authenticating a user device, the smart card comprising:
- a memory for storing a private key, a public key, and predetermined authentication information, at least the private key being stored in a secure portion of memory;
  
  an interface for communicating with a smart card reader, transmitting a challenge comprising at least the public key to a user device via the smart card reader, receiving encrypted authentication information from the user device via the smart card reader, the encrypted authentication information being encrypted by the public key;
  
  a processor for executing a decryption algorithm on the received encrypted authentication information using the private key to obtain decrypted authentication information, comparing the decrypted authentication information with the predetermined authentication information, and generating a verification signal if the decrypted authentication information and the predetermined authentication information match.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The smart card of claim 12, further comprising a processor and memory for generating and storing a nonce, and wherein the interface is adapted to transmit a challenge comprising at least the public key and the nonce and receive encrypted authentication information wherein the information encrypted comprises the nonce, and the processor for comparing the decrypted authentication information is configured to compare the decrypted information with both the predetermined authentication information and a stored nonce.
  - 14. The smart card of either of claim 12, wherein the interface is configured to receive, via a smart card reader, a request for authentication from the user device.
  - 15. The smart card of either of claim 12, wherein the interface is configured to receive, via a smart card reader, a request for authentication from the user device.
  - 16. The smart card of claim 13, wherein the private key is used by the user device in digitally signing or decrypting electronic messages.
  - 17. The smart card of claim 13, further comprising a memory for storing a further private key and a further public key, the further private key being usable by the user device in digitally signing or decrypting electronic messages.

18. A system for authenticating a user device using a smart card, comprising:
- a smart card comprising a microprocessor and a memory for storing a private key, a public key, and predetermined authentication information, the memory comprising secure memory for storing at least the private key, and the microprocessor being configured to execute a decryption algorithm using the private key and to perform a comparison of the predetermined authentication information against received authentication information;
  
  a user device for receiving input from a user, the user device being configured to encrypt input; and
  
  a smart card reader for providing communication means between the smart card and the user device;
  
  wherein when the smart card is in communication with the user device via the smart card reader, the smart card is configured to transmit to the user device the public key, the user device is configured to encrypt input authentication information from a user using the public key and transmit the encrypted authentication information to the smart card, and the smart card is further configured to decrypt the received encrypted authentication information using the decryption algorithm and the private key such that the microprocessor may perform a comparison of the predetermined authentication information against the received authentication information, and such that the smart card reader never receives or communicates unencrypted authentication information.
- View Dependent Claims (19)
- - 19. The system of claim 18, wherein the microprocessor is further configured to generate a nonce and store the nonce in memory, such that when the smart card is in communication with the user device via the smart card reader, the smart card is configured to transmit the public key and the nonce, and the user device is configured to encrypt a concatenation of the nonce and input authentication information from a user using the public key and transmit the information thus encrypted to the smart card, and the smart card is further configured to decrypt the received encrypted information using the decryption algorithm and the private key such that the microprocessor may perform a comparison of the predetermined authentication information and the received nonce against the received authentication information and the stored nonce.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Adams, Neil, Little, Herbert, Brown, Michael

Granted Patent

US 7,735,132 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

System and method for encrypted smart card pin entry

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

System and method for encrypted smart card pin entry

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others