SECURE USE OF EXTERNALLY STORED DATA

US 20100133342A1
Filed: 12/01/2008
Published: 06/03/2010
Est. Priority Date: 12/01/2008
Status: Active Grant

First Claim

Patent Images

1. At a smart card reader, a method of making secure use of authentication data stored on a smart card read by said smart card reader, said method comprising:

receiving a response Application Protocol Data Unit (APDU) from said smart card, said response APDU including authentication data from said smart card, said response APDU indicating a destination;

extracting said authentication data from said smart card from said response APDU;

storing said authentication data from said smart card;

generating a filtered response APDU, wherein said filtered response APDU does not include said authentication data from said smart card; and

transmitting said filtered response APDU toward said destination.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart card reader is adapted to extract and store authentication data from a response APDU received from a smart card before generating a filtered response APDU, wherein the filtered response APDU does not include the authentication data. Beneficially, when the smart card reader transmits the filtered response APDU toward a destination, the biometric template data is less susceptible to interception, thereby providing a more secure solution.

21 Citations

View as Search Results

21 Claims

1. At a smart card reader, a method of making secure use of authentication data stored on a smart card read by said smart card reader, said method comprising:
- receiving a response Application Protocol Data Unit (APDU) from said smart card, said response APDU including authentication data from said smart card, said response APDU indicating a destination;
  
  extracting said authentication data from said smart card from said response APDU;
  
  storing said authentication data from said smart card;
  
  generating a filtered response APDU, wherein said filtered response APDU does not include said authentication data from said smart card; and
  
  transmitting said filtered response APDU toward said destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein said filtered response APDU comprises a header and wherein said header indicates a zero payload length.
  - 3. The method of claim 1 wherein said filtered response APDU comprises a payload and wherein said payload carries only zeros.
  - 4. The method of claim 1 wherein said authentication data from said smart card comprises data related to a biometric template.
  - 5. The method of claim 4 wherein said data related to said biometric template comprises data related to a fingerprint template.
  - 6. The method of claim 5 wherein said data related to said biometric template comprises data related to a primary biometric template;
    - wherein said filtered response APDU comprises a payload;
      
      wherein said payload carries data related to a secondary biometric template; and
      
      wherein said data related to said secondary biometric template is distinct from said data related to said primary biometric template.
  - 7. The method of claim 1 further comprising:
    - receiving a command APDU from said destination; and
      
      generating a filtered command APDU based on said command APDU.

8. A smart card reader comprising:
- a storage component interface adapted to communicate with a smart card to receive a response Application Protocol Data Unit (APDU) from said smart card, said response APDU including authentication data from said smart card, said response APDU indicating a destination;
  
  a processor for executing a filter to extract said authentication data from said smart card from said response APDU and generate a filtered response APDU, wherein said filtered response APDU does not include said authentication data from said smart card;
  
  a memory adapted to store said authentication data from said smart card; and
  
  a short range communication subsystem adapted to transmit said filtered response APDU toward said destination.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The smart card reader of claim 8 wherein said filtered response APDU comprises a header and wherein said header indicates a zero payload length.
  - 10. The smart card reader of claim 8 wherein said filtered response APDU comprises a payload and wherein said payload carries only zeros.
  - 11. The smart card reader of claim 8 wherein said authentication data from said smart card comprises data related to a biometric template.
  - 12. The smart card reader of claim 11 where said data related to said biometric template comprises data related to a fingerprint template.
  - 13. The smart card reader of claim 12 wherein said data related to said biometric template comprises data related to a primary biometric template;
    - wherein said filtered response APDU comprises a payload;
      
      wherein said payload carries data related to a secondary biometric template; and
      
      wherein said data related to said secondary biometric template is distinct from said data related to said primary biometric template.
  - 14. The smart card reader of claim 8 wherein:
    - said short range communication subsystem is further adapted to receive a command APDU from said destination; and
      
      said processor is adapted to execute a further filter to generate a filtered command APDU based on said command APDU.

15. A computer-readable medium containing computer-executable instructions that, when performed by processor in a smart card reader, cause said processor to:
- receive a response Application Protocol Data Unit (APDU) from a smart card, said response APDU including authentication data from said smart card, said response APDU indicating a destination;
  
  extract said authentication data from said smart card from said response APDU;
  
  store said authentication data from said smart card;
  
  generate a filtered response APDU, wherein said filtered response APDU does not include said authentication data from said smart card; and
  
  transmit said filtered response APDU toward said destination.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer-readable medium of claim 15 wherein said filtered response APDU comprises a header and wherein said header indicates a zero payload length.
  - 17. The computer-readable medium of claim 15 wherein said filtered response APDU comprises a payload and wherein said payload carries only zeros.
  - 18. The computer-readable medium of claim 15 wherein said authentication data from said smart card comprises data related to a biometric template.
  - 19. The computer-readable medium of claim 18 wherein said data related to said biometric template comprises data related to a fingerprint template.
  - 20. The computer-readable medium of claim 15 wherein said data related to said biometric template comprises data related to a primary biometric template;
    - wherein said filtered response APDU comprises a payload, wherein said payload carries data related to a secondary biometric template; and
      
      wherein said data related to said secondary biometric template is distinct from said data related to said primary biometric template.
  - 21. The computer-readable medium of claim 15 wherein said computer-executable instructions further cause said processor to:
    - receive a command APDU from said destination; and
      
      generate a filtered command APDU based on said command APDU.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Sibley, Richard Paul, Adams, Neil Patrick, Singh, Ravi

Granted Patent

US 7,896,247 B2
Time in Patent Office

Days
Field of Search
US Class Current

235/439
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

G06F 21/34 involving the use of extern...

SECURE USE OF EXTERNALLY STORED DATA

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE USE OF EXTERNALLY STORED DATA

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links