SECURE ACCESS MODULE FOR INTEGRATED CIRCUIT CARD APPLICATIONS

US 20100230490A1
Filed: 03/15/2010
Published: 09/16/2010
Est. Priority Date: 03/13/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

initiating a transaction between a card-accessing device and a portable card;

determining that a portion of the transaction between the card-accessing device and the portable card involves the use of sensitive data; and

invoking a Secure Access Module contained within the card-accessing device to carry out the portion of the transaction involving the use of sensitive data, wherein the Secure Access Module comprises functionality sufficient to carry out the portion of the transaction involving the use of sensitive data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms are provided for executing security-sensitive applications with a general-purpose computing device. In particular, the general-purpose computing device includes an unsecure computing environment and a secure computing environment. The secure computing environment is established with a secure access module that includes data and functions for executing the security-sensitive application on behalf of the unsecure computing environment.

66 Citations

View as Search Results

26 Claims

1. A method comprising:
- initiating a transaction between a card-accessing device and a portable card;
  
  determining that a portion of the transaction between the card-accessing device and the portable card involves the use of sensitive data; and
  
  invoking a Secure Access Module contained within the card-accessing device to carry out the portion of the transaction involving the use of sensitive data, wherein the Secure Access Module comprises functionality sufficient to carry out the portion of the transaction involving the use of sensitive data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - determining that the portion of the transaction involving the use of sensitive data is completed; and
      
      after the portion of the transaction involving the use of sensitive data is determined to be completed, relinquishing control of the transaction from the Secure Access Module to an unsecure environment of the card-accessing device such that the transaction can be completed by a processor residing within the unsecure environment.
  - 3. The method of claim 2, wherein the processor residing within the unsecure environment performs additional steps in the transaction after obtaining control of the transaction from the Secure Access Module, wherein the additional steps include one or more of physically printing an image on the portable card, physically printing one or more characters on the portable card, verifying that data has been accurately written to the portable card, writing non-sensitive data to the portable card, and reading non-sensitive data from the portable card.
  - 4. The method of claim 1, wherein the Secure Access Module comprises an Integrated Circuit card having at least one application programmed thereon, wherein the application comprises the functionality sufficient to carry out the portion of the transaction involving the use of sensitive data and wherein the Secure Access Module functionality carries out the portion of the transaction in a secure manner.
  - 5. The method of claim 4, wherein the sensitive data is also contained within the Integrated Circuit card.
  - 6. The method of claim 1, wherein the Secure Access Module comprises an Application Specific Integrated Circuit containing instructions which, when executed, provide the functionality sufficient to carry out the portion of the transaction involving the use of sensitive data.
  - 7. The method of claim 1, wherein physical and logical security capabilities of the Secure Access Module operating within the card-accessing device are at least as secure as physical and logical security capabilities of the portable card.
  - 8. The method of claim 7, wherein the portable card comprises an Integrated Circuit card and wherein the Secure Access Module comprises an Integrated Circuit card.
  - 9. The method of claim 8, wherein a card interface of the card-accessing device is utilized by the Secure Access Module to communicate with the portable card and wherein a secure communication channel is established between the Secure Access Module and the portable card through the card interface of the card-accessing device.
  - 10. The method of claim 9, wherein communications between the Secure Access Module and the portable card used to carry out the portion of the transaction involving the use of sensitive data bypass a processor residing in an unsecure environment of the card-accessing device.
  - 11. The method of claim 1, wherein the portion of the transaction involving the use of sensitive data includes one or more of writing sensitive data from the Secure Access Module to the portable card and reading sensitive data from the portable card onto the Secure Access Module.
  - 12. The method of claim 11, wherein the sensitive data comprises one or more of a cryptographic algorithm, a cryptographic key, a personal identification number, a social security number, an account number, and a password.
  - 13. The method of claim 1, further comprising:
    - authenticating the Secure Access Module with the portable card;
      
      after the authenticating step, establishing a secure communication channel between the Secure Access Module and the portable card; and
      
      utilizing the secure communication channel to share the sensitive data between the Secure Access Module and the portable card.

14. A card-accessing device, comprising:
- an unsecure environment including memory and a processor, the memory including instructions for executing one or more applications and instructions for executing an operating system, wherein the processor is configured to execute the instructions stored in memory;
  
  a card interface configured to provide a communication channel between the processor and a portable card thereby facilitating a data transaction between the card-accessing device and the portable card; and
  
  a Secure Access Module configured carry out a portion of the data transaction involving the use of sensitive data and during the portion of the data transaction involving the use of sensitive data utilize the card interface to communicate with the portable card.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The device of claim 14, wherein the Secure Access Module comprises an Integrated Circuit card having at least one application programmed thereon, wherein the application comprises the functionality sufficient to carry out the portion of the transaction involving the use of sensitive data.
  - 16. The device of claim 15, wherein the sensitive data is also contained within the Integrated Circuit card.
  - 17. The device of claim 14, wherein the Secure Access Module comprises an Application Specific Integrated Circuit containing instructions which, when executed, provide the functionality sufficient to carry out the portion of the transaction involving the use of sensitive data.
  - 18. The device of claim 14, wherein physical and logical security capabilities of the Secure Access Module operating within the card-accessing device are at least as secure as physical and logical security capabilities of the portable card.
  - 19. The device of claim 18, wherein the portable card comprises an Integrated Circuit card and wherein the Secure Access Module comprises an Integrated Circuit card.
  - 20. The device of claim 19, wherein a secure communication channel is established between the Secure Access Module and the portable card through the card interface of the card-accessing device.
  - 21. The device of claim 20, wherein communications between the Secure Access Module and the portable card used to carry out the portion of the transaction involving the use of sensitive data bypass the processor residing in the unsecure environment of the card-accessing device.
  - 22. The device of claim 14, wherein the portion of the transaction involving the use of sensitive data includes one or more of writing sensitive data from the Secure Access Module to the portable card and reading sensitive data from the portable card onto the Secure Access Module.
  - 23. The device of claim 22, wherein the sensitive data comprises one or more of a cryptographic algorithm, a cryptographic key, a personal identification number, a social security number, an account number, and a password.

24. A system, comprising:
- a portable card; and
  
  a card-accessing device configured to execute a data exchange transaction with the portable card, wherein a first portion of the data exchange transaction involving the use of sensitive data is executed by a Secure Access Module contained within the card-accessing device and wherein a second portion of the data exchange transaction not involving the use of sensitive data is executed by a processor residing in an unsecure environment of the card-accessing device.
- View Dependent Claims (25, 26)
- - 25. The system of claim 24, wherein the processor also executes an operating system for the card-accessing device.
  - 26. The system of claim 24, wherein the Secure Access Module comprises an Integrated Circuit card and wherein the portable card also comprises an Integrated Circuit card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Guthery, Scott B.

Granted Patent

US 8,322,610 B2
Time in Patent Office

Days
Field of Search
US Class Current

235/382
CPC Class Codes

G06F 21/606 by securing the transmissio...

G06F 21/74 operating in dual or compar...

SECURE ACCESS MODULE FOR INTEGRATED CIRCUIT CARD APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE ACCESS MODULE FOR INTEGRATED CIRCUIT CARD APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links