INTEGRITY PROTECTED SMART CARD TRANSACTION

US 20090031408A1
Filed: 07/27/2007
Published: 01/29/2009
Est. Priority Date: 07/27/2007
Status: Active Grant

First Claim

Patent Images

1. A method of authentication using a configured smart card with a configured client, the configured client including a trusted platform module, the method comprising:

providing an integrity key to the trusted platform module;

decrypting a modifier using the integrity key;

receiving a personal identification number;

calculating a prime personal identification number based on the personal identification number and the modifier; and

unlocking the configured smart card using the prime personal identification number.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.

45 Citations

View as Search Results

20 Claims

1. A method of authentication using a configured smart card with a configured client, the configured client including a trusted platform module, the method comprising:
- providing an integrity key to the trusted platform module;
  
  decrypting a modifier using the integrity key;
  
  receiving a personal identification number;
  
  calculating a prime personal identification number based on the personal identification number and the modifier; and
  
  unlocking the configured smart card using the prime personal identification number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising verifying that a system configuration of the configured client matches a system code of the integrity key.
  - 3. The method of claim 2 wherein the trusted platform module performs the verifying.
  - 4. The method of claim 1 further comprising:
    - decrypting a key (instead of the modifier) using the integrity key; and
      
      decrypting the modifier using the key.
  - 5. The method of claim 1 wherein the calculating is based on an equation of the form PIN′
    - =f(PIN,D) where PIN is the personal identification number, D is the modifier, and PIN′
      
      is the prime personal identification number.
  - 6. The method of claim 5 wherein the equation generates PIN′
    - to conform to a format requirement of the configured smart card.
  - 7. The method of claim 1 wherein the modifier is a high-entropy number.
  - 8. The method of claim 1 wherein the configured smart card is a conventional smart card.
  - 9. The method of claim 1 embodied as computer-executable instructions stored on a computer-readable medium.

10. A method for configuring a smart card for use with an enrolled client, the method comprising:
- specifying a personal identification number;
  
  specifying a token;
  
  generating a modifier;
  
  calculating a prime personal identification number based on the personal identification number and the modifier;
  
  encrypting the modifier and the token using a data key; and
  
  encrypting the data key with a group key resulting in an encrypted data key.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10 further comprising:
    - configuring the smart card to be unlocked by the prime personal identification number;
      
      storing the encrypted modifier on the smart card;
      
      storing the encrypted token on the smart card; and
      
      storing the encrypted data key on the smart card.
  - 12. The method of claim 10 wherein the calculating is based on an equation of the form PIN′
    - =f(PIN,D) where PIN is the personal identification number, D is the modifier, and PIN′
      
      is the prime personal identification number.
  - 13. The method of claim 12 wherein the equation generates PIN′
    - to conform to a format requirement of the smart card.
  - 14. The method of claim 10 wherein the modifier is a high-entropy number.
  - 15. The method of claim 10 wherein the smart card is a conventional smart card.
  - 16. The method of claim 10 embodied as computer-readable instructions stored on a computer-readable medium.

17. A method for enrolling a client including a trusted platform module for use with a configured smart card, the method comprising:
- generating an integrity key including a system code representing a current system configuration of the client;
  
  storing the integrity key on the client;
  
  inspecting the system code to verify that it represents an authorized system configuration;
  
  encrypting a group key using the integrity key resulting in a group blob; and
  
  storing the group blob on the client.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17 wherein the generating the integrity key is performed by the trusted platform module.
  - 19. The method of claim 17 wherein the group key represents a group to which the client is allowed to authenticate.
  - 20. The method of claim 17 embodied as computer-executable instructions stored on a computer-readable medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Mysore, Shivaram H., Ellison, Carl M., Thom, Stefan, Bays, Valerie Kathleen, Holt, Erik Lee

Granted Patent

US 7,934,096 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/388   using mutual authentication...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 9/0897   involving additional device...

INTEGRITY PROTECTED SMART CARD TRANSACTION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

INTEGRITY PROTECTED SMART CARD TRANSACTION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links