INTEGRITY PROTECTED SMART CARD TRANSACTION
First Claim
1. A method of authentication using a configured smart card with a configured client, the configured client including a trusted platform module, the method comprising:
- providing an integrity key to the trusted platform module;
decrypting a modifier using the integrity key;
receiving a personal identification number;
calculating a prime personal identification number based on the personal identification number and the modifier; and
unlocking the configured smart card using the prime personal identification number.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
45 Citations
20 Claims
-
1. A method of authentication using a configured smart card with a configured client, the configured client including a trusted platform module, the method comprising:
-
providing an integrity key to the trusted platform module; decrypting a modifier using the integrity key; receiving a personal identification number; calculating a prime personal identification number based on the personal identification number and the modifier; and unlocking the configured smart card using the prime personal identification number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for configuring a smart card for use with an enrolled client, the method comprising:
-
specifying a personal identification number; specifying a token; generating a modifier; calculating a prime personal identification number based on the personal identification number and the modifier; encrypting the modifier and the token using a data key; and encrypting the data key with a group key resulting in an encrypted data key. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method for enrolling a client including a trusted platform module for use with a configured smart card, the method comprising:
-
generating an integrity key including a system code representing a current system configuration of the client; storing the integrity key on the client; inspecting the system code to verify that it represents an authorized system configuration; encrypting a group key using the integrity key resulting in a group blob; and storing the group blob on the client. - View Dependent Claims (18, 19, 20)
-
Specification