System and method for encrypted smart card pin entry
First Claim
1. A method implemented at a mobile device, the method comprising:
- receiving, over a wireless link, a challenge comprising a public key stored by an authentication device;
receiving user-entered authentication information;
encrypting the user-entered authentication information using the public key;
transmitting, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and
receiving a verification signal over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device.
4 Assignments
0 Petitions
Accused Products
Abstract
A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.
-
Citations
17 Claims
-
1. A method implemented at a mobile device, the method comprising:
-
receiving, over a wireless link, a challenge comprising a public key stored by an authentication device; receiving user-entered authentication information; encrypting the user-entered authentication information using the public key; transmitting, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and receiving a verification signal over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile device, including:
-
an input device; a processor configured to; receive, over a wireless link, a challenge comprising a public key stored by an authentication device; receive user-entered authentication information via the input device; encrypt the user-entered authentication information using the public key; transmit, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and receive a verification signal over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium bearing code which, when executed by a processor of a device, causes the device to implement the method of:
-
receiving, over a wireless link, a challenge comprising a public key stored by an authentication device; receiving user-entered authentication information; encrypting the user-entered authentication information using the public key; transmitting, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and receiving a verification signal over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device.
-
Specification