INTEGRITY PROTECTED SMART CARD TRANSACTION
First Claim
1. At least one computer storage media storing instructions that, when executed by a computer, cause the computer to perform a method for authorization using a smart card, the method comprising:
- receiving, by the computer from the smart card, an encrypted modifier based on a random modifier that was previously encrypted using a randomly-generated data key;
decrypting, by the computer, the received encrypted modifier based on an integrity key that includes a previous system code that uniquely identifies a previous configuration state of the computer held tamperproof by the computer, and that is further based on a storage root key held secret by the computer, the integrity key securely stored on the computer;
receiving, by the computer from a user, a personal identification number;
calculating, by the computer, a prime personal identification number based on the received personal identification number and the decrypted modifier; and
unlocking, by the computer, the smart card in response to the calculated prime personal identification number matching a previously-set prime personal identification number stored on the smart card, the unlocking resulting in the authorization succeeding.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
-
Citations
20 Claims
-
1. At least one computer storage media storing instructions that, when executed by a computer, cause the computer to perform a method for authorization using a smart card, the method comprising:
-
receiving, by the computer from the smart card, an encrypted modifier based on a random modifier that was previously encrypted using a randomly-generated data key; decrypting, by the computer, the received encrypted modifier based on an integrity key that includes a previous system code that uniquely identifies a previous configuration state of the computer held tamperproof by the computer, and that is further based on a storage root key held secret by the computer, the integrity key securely stored on the computer; receiving, by the computer from a user, a personal identification number; calculating, by the computer, a prime personal identification number based on the received personal identification number and the decrypted modifier; and unlocking, by the computer, the smart card in response to the calculated prime personal identification number matching a previously-set prime personal identification number stored on the smart card, the unlocking resulting in the authorization succeeding. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system configured for authorization using a smart card, the system comprising:
-
a computer configured for receiving, from the smart card, an encrypted modifier based on a modifier that was previously encrypted using a randomly-generated data key; the computer further configured for decrypting the received encrypted modifier based on the securely stored integrity key that includes a previous system code that uniquely identifies a previous configuration state of the computer held tamperproof by the computer, and that is further based on a storage root key held secret by the computer, the integrity key securely stored on the computer; the computer further configured for receiving, from a user, a personal identification number; the computer further configured for calculating a prime personal identification number based on the received personal identification number and the decrypted modifier; and the computer further configured for unlocking the smart card in response to the calculated prime personal identification number matching a previously-set prime personal identification number stored on the smart card, the unlocking resulting in the authorization succeeding. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification