AUTHENTICATING A CHIP CARD INTERFACE DEVICE

US 20110179290A1
Filed: 07/30/2010
Published: 07/21/2011
Est. Priority Date: 01/15/2010
Status: Active Grant

First Claim

Patent Images

1. A chip card interface device (CCID) configured for authenticating with a backend system during a transaction with the backend system, the CCID comprising:

a network communication device configured for communicating with the backend system over a network;

a processing device coupled with the network communication device, the processing device configured for;

instructing the network communication device to communicate a transaction initiation communication to the backend system,receiving a request for authentication information from the backend system,and instructing the network communication device to communicate an authentication communication to the backend system, the authentication communication including information configured to indicate an identity of the processing device such that the backend system can authenticate the identity of the processing device and complete the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is configured for authenticating a chip card interface device (CCID) during a transaction with the CCID. The system has a communication device configured for communicating with the CCID over a network and a processing device coupled with the communication device. The processing device is configured for receiving a transaction initiation communication from the CCID and instructing the communication device to communicate a request for authentication information including a random number to the CCID. The CCID encrypts the random number with a unique chip key (UCK) previously created with a master chip key (MCK). Then, the CCID communicates the encrypted random number to the system along with a serial number. The system recalculates the UCK using the serial number, encrypts a copy of the random number using the recalculated UCK and compares the encrypted copy with the encrypted random number received from the CCID to authenticate the CCID.

17 Citations

View as Search Results

51 Claims

1. A chip card interface device (CCID) configured for authenticating with a backend system during a transaction with the backend system, the CCID comprising:
- a network communication device configured for communicating with the backend system over a network;
  
  a processing device coupled with the network communication device, the processing device configured for;
  
  instructing the network communication device to communicate a transaction initiation communication to the backend system,receiving a request for authentication information from the backend system,and instructing the network communication device to communicate an authentication communication to the backend system, the authentication communication including information configured to indicate an identity of the processing device such that the backend system can authenticate the identity of the processing device and complete the transaction.
- View Dependent Claims (2, 3, 4)
- - 2. The CCID of claim 1, wherein:
    - the request for authentication information from the backend system comprises a random number;
      
      wherein;
      
      the CCID further comprises a memory device configured for storing a unique chip key created by the backend system based at least in part on a master chip key of the backend system and based at least in part on a serial number of the processing device of the CCID; and
      
      wherein;
      
      the processing device is further configured for symmetrically encrypting the random number based at least in part on the unique chip key stored in the memory device.
  - 3. The CCID of claim 2 wherein the authentication communication comprises the encrypted random number and the serial number of the processing device, and wherein:
    - the serial number is to be used by the backend system to recalculate the unique chip key using the master chip key, the recalculated unique chip key is to be used by the backend system to encrypt a copy of the random number previously received at the CCID from the backend system, and the encrypted copy of the random number is to be compared to the encrypted random number, thereby indicating whether the identity of the processing device is authenticated.
  - 4. The CCID of claim 2 wherein the processing device is further configured for receiving a successful authentication communication from the backend system, the CCID further configured for completing the transaction.

5. A method for authenticating a chip card interface device (CCID) with a backend system during a transaction with the backend system, the method comprising:
- instructing, by a processing device of the CCID, the network communication device to communicate a transaction initiation communication to the backend system;
  
  receiving, at the processing device, a request for authentication information from the backend system; and
  
  instructing, by the processing device, the network communication device to communicate an authentication communication to the backend system, the authentication communication including information corresponding to an identity of the processing device such that the backend system can authenticate the identity of the processing device and complete the transaction.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein:
    - the request for authentication information from the backend system comprises a random number;
      
      wherein the method further comprises;
      
      storing, by a memory device of the CCID, a unique chip key created by the backend system based at least in part on a master chip key of the backend system and based at least in part on a serial number of the processing device of the CCID; and
      
      symmetrically encrypting, by the processing device, the random number based at least in part on the unique chip key stored in the memory device.
  - 7. The method of claim 6, wherein instructing the network communication device to communicate an authentication communication to the backend system comprises instructing the network communication device to communicate an encrypted random number and a serial number of the processing device to the backend system, and wherein:
    - the serial number is to be used by the backend system to recalculate the unique chip key using the master chip key, the recalculated unique chip key is to be used by the backend system to encrypt a copy of the random number previously received at the CCID from the backend system, and the encrypted copy of the random number is to be compared to the encrypted random number, thereby indicating whether the identity of the processing device is authenticated such that the transaction can be completed.
  - 8. The method of claim 6, further comprising:
    - receiving, at the processing device, a successful authentication communication from the backend system, andcompleting, by the processing device, the transaction with the backend system.

9. A computer program product comprising a non-transitory computer-readable medium comprising computer-readable instructions for execution by a chip card interface device (CCID), the instructions configured for authenticating the CCID with a backend system during a transaction with the backend system, the instructions comprising:
- instructions for instructing, by a processing device of the CCID, a network communication device to communicate a transaction initiation communication to the backend system;
  
  instructions for receiving, at the processing device, a request for authentication information from the backend system; and
  
  instructions for instructing, by the processing device, the network communication device to communicate an authentication communication to the backend system, the authentication communication including information corresponding to an identity of the processing device such that the backend system can authenticate the identity of the processing device and complete the transaction.
- View Dependent Claims (10, 11, 12)
- - 10. The computer program product of claim 9, wherein:
    - the request for authentication information from the backend system comprises a random number;
      
      wherein the instructions further comprise;
      
      instructions for storing, by a memory device of the CCID, a unique chip key created by the backend system based at least in part on a master chip key of the backend system and based at least in part on a serial number of the processing device of the CCID; and
      
      instructions for symmetrically encrypting, by the processing device, the random number based at least in part on the unique chip key stored in the memory device.
  - 11. The computer program product of claim 10, wherein the instructions for instructing the network communication device to communicate an authentication communication to the backend system comprise instructions for instructing the network communication device to communicate an encrypted random number and a serial number of the processing device to the backend system, and wherein:
    - the serial number is to be used by the backend system to recalculate the unique chip key using the master chip key, the recalculated unique chip key is to be used by the backend system to encrypt a copy of the random number previously received at the CCID from the backend system, and the encrypted copy of the random number is to be compared to the encrypted random number, thereby indicating whether the identity of the processing device is authenticated such that the transaction can be completed.
  - 12. The computer program product of claim 11, the instructions further comprising:
    - instructions for receiving, at the processing device, a successful authentication communication from the backend system, andinstructions for completing, by the processing device, the transaction with the backend system.

13. A system configured for authenticating a chip card interface device (CCID) during a transaction with the CCID, the system comprising:
- a communication device configured for communicating with the CCID over a network;
  
  a processing device coupled with the communication device, the processing device configured for;
  
  receiving a transaction initiation communication from the CCID;
  
  instructing the communication device to communicate a request for authentication information to the CCID;
  
  receiving an authentication communication from the CCID in response to the request for authentication information, the authentication communication including information configured to indicate an identity of a processing device of the CCID; and
  
  determining whether the identity of the processing device corresponds with a processing device allowed to conduct the transaction.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The system of claim 13 further comprising a memory device coupled with the processing device, the memory device configured for storing a master chip key.
  - 15. The system of claim 14, wherein the processing device is further configured for creating a unique chip key based at least in part on a serial number of the processing device of the CCID and based at least in part on the master chip key, the unique chip key configured for storage at a memory device of the CCID and configured for assisting authentication of the CCID with the backend system.
  - 16. The system of claim 15, wherein the processing device is configured for instructing the communication device to communicate the unique chip key to the CCID and instructing the communication device to communicate instructions to store the unique chip key in the memory device of the CCID to the CCID.
  - 17. The system of claim 14, wherein the processing device is further configured for instructing the communication device to communicate a random number to the CCID as part of the request for authentication information.
  - 18. The system of claim 17, wherein the processing device is further configured for receiving, via the communication device, an encrypted random number, the encrypted random number being an encryption of the random number based at least in part on a unique chip key based at least in part on a serial number of the processing device of the CCID and based at least in part on the master chip key.
  - 19. The system of claim 18, wherein the processing device is further configured for receiving, via the communication device, a serial number of a processing device of the CCID.
  - 20. The system of claim 19, wherein the processing device is configured for re-calculating the unique chip key by encrypting the received serial number and the stored master chip key.
  - 21. The system of claim 20, wherein the processing device is configured for encrypting a copy of the random number communicated to the CCID based at least in part on the recalculated unique chip key.
  - 22. The system of claim 21, wherein the processing device is further configured for comparing the encrypted copy of the random number with the encrypted random number received from the CCID.
  - 23. The system of claim 22, wherein the processing device is further configured for logging the serial number of the CCID as a potentially fraudulent device when the encrypted copy of the random number does not match the encrypted random number received from the CCID.
  - 24. The system of claim 22, wherein the processing device is further configured for terminating the transaction.
  - 25. The system of claim 22, wherein the processing device is further configured for proceeding with the transaction when the encrypted copy of the random number matches the encrypted random number received from the CCID.

26. A method for authenticating a chip card interface device (CCID) during a transaction with the CCID, the method comprising:
- communicating, by a communication device of a system, with the CCID over a network;
  
  receiving, at a processing device of the system coupled with the communication device of the system, a transaction initiation communication from the CCID;
  
  instructing, by the processing device, the communication device to communicate a request for authentication information to the CCID;
  
  receiving, at the processing device, an authentication communication from the CCID in response to the request for authentication information, the authentication communication including information configured to indicate an identity of a processing device of the CCID; and
  
  determining, by the processing device of the system, whether the identity of the processing device of the CCID corresponds with a processing device allowed to conduct the transaction.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 27. The method of claim 26 further comprising:
    - storing, at a memory device coupled with the processing device, a master chip key.
  - 28. The method of claim 27, further comprising:
    - creating a unique chip key based at least in part on a serial number of the processing device of the CCID and based at least in part on the master chip key, the unique chip key configured for storage at a memory device of the CCID and configured for assisting authentication of the CCID with the backend system.
  - 29. The method of claim 28, further comprising:
    - instructing, by the processing device, the communication device to communicate the unique chip key to the CCID; and
      
      instructing the communication device to communicate instructions to store the unique chip key in the memory device of the CCID to the CCID.
  - 30. The method of claim 26, further comprising:
    - instructing, by the processing device, the communication device to communicate a random number to the CCID as part of the request for authentication information.
  - 31. The method of claim 30, further comprising:
    - receiving, at the processing device, via the communication device, an encrypted random number, the encrypted random number being an encryption of the random number based at least in part on a unique chip key based at least in part on a serial number of the processing device of the CCID and based at least in part on the master chip key.
  - 32. The method of claim 31, further comprising:
    - receiving, at the processing device, via the communication device, a serial number of a processing device of the CCID.
  - 33. The method of claim 32, further comprising:
    - re-calculating, by the processing device, the unique chip key by encrypting the received serial number and the stored master chip key.
  - 34. The method of claim 33, further comprising:
    - encrypting, by the processing device, a copy of the random number communicated to the CCID based at least in part on the recalculated unique chip key.
  - 35. The method of claim 34, further comprising:
    - comparing, by the processing device, the encrypted copy of the random number with the encrypted random number received from the CCID.
  - 36. The method of claim 35, further comprising:
    - logging the serial number of the CCID as a potentially fraudulent device when the encrypted copy of the random number does not match the encrypted random number received from the CCID.
  - 37. The method of claim 35, further comprising:
    - terminating, by the processing device, the transaction.
  - 38. The method of claim 35, further comprising:
    - proceeding, by the processing device, with the transaction when the encrypted copy of the random number matches the encrypted random number received from the CCID.

39. A computer program product comprising a non-transitory computer-readable medium comprising computer-readable instructions for execution by a chip card interface device (CCID), the instructions configured for authenticating a chip card interface device (CCID) during a transaction with the CCID, the instructions comprising:
- instructions for communicating, by a communication device of a system, with the CCID over a network;
  
  instructions for receiving, at a processing device of the system coupled with the communication device of the system, a transaction initiation communication from the CCID;
  
  instructions for instructing, by the processing device, the communication device to communicate a request for authentication information to the CCID;
  
  instructions for receiving, at the processing device, an authentication communication from the CCID in response to the request for authentication information, the authentication communication including information configured to indicate an identity of a processing device of the CCID; and
  
  instructions for determining, by the processing device of the system, whether the identity of the processing device of the CCID corresponds with a processing device allowed to conduct the transaction.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 40. The computer program product of claim 39, wherein the instructions further comprise:
    - instructions for storing, at a memory device coupled with the processing device, a master chip key.
  - 41. The computer program product of claim 40, wherein the instructions further comprise:
    - instructions for creating a unique chip key based at least in part on a serial number of the processing device of the CCID and based at least in part on the master chip key, the unique chip key configured for storage at a memory device of the CCID and configured for assisting authentication of the CCID with the backend system.
  - 42. The computer program product of claim 41, wherein the instructions further comprise:
    - instructions for instructing, by the processing device, the communication device to communicate the unique chip key to the CCID; and
      
      instructions for instructing the communication device to communicate instructions to store the unique chip key in the memory device of the CCID to the CCID.
  - 43. The computer program product of claim 39, wherein the instructions further comprise:
    - instructions for instructing, by the processing device, the communication device to communicate a random number to the CCID as part of the request for authentication information.
  - 44. The computer program product of claim 43, wherein the instructions further comprise:
    - instructions for receiving, at the processing device, via the communication device, an encrypted random number, the encrypted random number being an encryption of the random number based at least in part on a unique chip key based at least in part on a serial number of the processing device of the CCID and based at least in part on the master chip key.
  - 45. The computer program product of claim 44, wherein the instructions further comprise:
    - instructions for receiving, at the processing device, via the communication device, a serial number of a processing device of the CCID.
  - 46. The computer program product of claim 45, wherein the instructions further comprise:
    - instructions for re-calculating, by the processing device, the unique chip key by encrypting the received serial number and the stored master chip key.
  - 47. The computer program product of claim 46, wherein the instructions further comprise:
    - instructions for encrypting, by the processing device, a copy of the random number communicated to the CCID based at least in part on the recalculated unique chip key.
  - 48. The computer program product of claim 47, wherein the instructions further comprise:
    - instructions for comparing, by the processing device, the encrypted copy of the random number with the encrypted random number received from the CCID.
  - 49. The computer program product of claim 48, wherein the instructions further comprise:
    - instructions for logging the serial number of the CCID as a potentially fraudulent device when the encrypted copy of the random number does not match the encrypted random number received from the CCID.
  - 50. The computer program product of claim 48, wherein the instructions further comprise:
    - instructions for terminating, by the processing device, the transaction.
  - 51. The computer program product of claim 48, wherein the instructions further comprise:
    - instructions for proceeding, by the processing device, with the transaction when the encrypted copy of the random number matches the encrypted random number received from the CCID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Adams, Amanda Jane, Woodward, Richard John

Granted Patent

US 8,707,413 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G07F 7/00 Mechanisms actuated by obje...

AUTHENTICATING A CHIP CARD INTERFACE DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATING A CHIP CARD INTERFACE DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links