System and method for binding a smartcard and a smartcard reader

US 20070241182A1
Filed: 01/03/2007
Published: 10/18/2007
Est. Priority Date: 12/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method for binding a smartcard having a plurality of credentials to a smartcard reader associated with a secure processor, comprising:

(a) registering the smartcard reader with a smartcard issuer server, wherein the registration includes cryptographically authenticating the secure processor to the smartcard issuer server;

(b) receiving a first set of private keys associated with a set of credentials stored on the smartcard, one private key per credential, stored on the smartcard if the authentication of the secure processor was successful;

(c) requesting access to a service provided via a service provider server;

(d) receiving a request for authentication, wherein the authentication request includes a request for a first credential in the set of credentials;

(e) cryptographically authenticating the smartcard reader to the smartcard using the private key associated with the first credential; and

(f) receiving the first credential from the smartcard if the authentication of the smartcard reader is successful.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user'"'"'s smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction.

Citations

20 Claims

1. A method for binding a smartcard having a plurality of credentials to a smartcard reader associated with a secure processor, comprising:
- (a) registering the smartcard reader with a smartcard issuer server, wherein the registration includes cryptographically authenticating the secure processor to the smartcard issuer server;
  
  (b) receiving a first set of private keys associated with a set of credentials stored on the smartcard, one private key per credential, stored on the smartcard if the authentication of the secure processor was successful;
  
  (c) requesting access to a service provided via a service provider server;
  
  (d) receiving a request for authentication, wherein the authentication request includes a request for a first credential in the set of credentials;
  
  (e) cryptographically authenticating the smartcard reader to the smartcard using the private key associated with the first credential; and
  
  (f) receiving the first credential from the smartcard if the authentication of the smartcard reader is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) comprises:
    - (i) establishing a secure connection between the secure processor and the smartcard issuer server; and
      
      (ii) transmitting a message to the smartcard issuer server, wherein the message includes a request for the first set of private keys.
  - 3. The method of claim 1, further comprising:
    - after step (b), storing the first set of private keys in a memory within a security boundary established by the secure processor.
  - 4. The method of claim 2, wherein step (a)(i) comprises:
    - (A) transmitting a message to the smartcard issuer server including a digital certificate for the secure processor;
      
      (B) receiving a message from the smartcard issuer server including an encrypted symmetric key if the smartcard issuer server successfully validated the digital certificate for the secure processor, wherein the symmetric key is encrypted with the public key of the secure processor;
      
      (C) decrypting the encrypted symmetric key with private key of the secure processor; and
      
      (D) engaging in secure communications using the symmetric key to encrypt and decrypt communications.
  - 5. The method of claim 1, wherein the authentication request includes a request for authentication data associated with an additional authentication factor.
  - 6. The method of claim 5, wherein the authentication data includes a user log-in and password.
  - 7. The method of claim 1, wherein step (e) includes:
    - (i) receiving a random value as a challenge from the smartcard;
      
      (ii) forming hash value from an identifier for the smartcard reader and the received random value;
      
      (iii) encrypting hash value with the private key associated with the first credential to form a digital signature; and
      
      (iv) transmitting the identifier and the digital signature to the smartcard as a response to the challenge.
  - 8. The method of claim 1, wherein the smartcard includes a first set of credentials and a second set of credentials, wherein the first set of credentials is not accessible by the smartcard reader.
  - 9. The method of claim 1, wherein the smartcard reader is a smartcard reader coupled to a computing device of a user.
  - 10. The method of claim 1, further comprising:
    - (g) transmitting the first credential to the service provider server.

11. A secure processor for binding a smartcard reader to a smartcard, the secure processor comprising:
- means for registering the smartcard reader with a smartcard issuer server to obtain a first set of private keys associated with a set of credentials stored on the smartcard, one private, key per credential, wherein the means for registering includes means for cryptographically authenticating the secure processor to the smartcard issuer server; and
  
  means for cryptographically authenticating the smartcard reader to the smartcard using a private key associated with a credential in the set of credentials.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The secure processor of claim 11, further comprising:
    - a memory for storing the first set of private keys associated with a set of credentials stored on the smartcard.
  - 13. The secure processor of claim 12, wherein the memory is within a security boundary established by the secure processor.
  - 14. The secure processor of claim 11, wherein the smartcard reader is within a security boundary established by the secure processor.
  - 15. The secure processor of claim 11, wherein the smartcard reader is coupled to the secure processor via a secure data connection.
  - 16. The secure processor of claim 11, wherein means for cryptographically authenticating the secure processor to the smartcard issuer server includes:
    - means for establishing a secure connection between the secure processor and the smartcard issuer server.
  - 17. The secure processor of claim 11, wherein the secure processor is configured to receive the credential from the smartcard if authentication of the smartcard reader to the smartcard was successful.
  - 18. The secure processor of claim 17, further comprising:
    - a one-time password generator configured to generate a one-time password using the credential as an input.
  - 19. The secure processor of claim 11, wherein the secure processor is included in a secure processing device external to a computing device.
  - 20. The secure processor of claim 11, wherein the secure processor is integrated in a computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark

Granted Patent

US 7,775,427 B2
Time in Patent Office

Days
Field of Search
US Class Current

235/380
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

System and method for binding a smartcard and a smartcard reader

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for binding a smartcard and a smartcard reader

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links