System and method for encrypted smart card pin entry

US 20130019102A1
Filed: 09/13/2012
Published: 01/17/2013
Est. Priority Date: 07/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method implemented at a mobile device, the method comprising:

receiving, over a wireless link, a challenge comprising a public key stored by an authentication device;

receiving user-entered authentication information;

encrypting the user-entered authentication information using the public key;

transmitting, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and

receiving a verification signal over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.

41 Citations

View as Search Results

17 Claims

1. A method implemented at a mobile device, the method comprising:
- receiving, over a wireless link, a challenge comprising a public key stored by an authentication device;
  
  receiving user-entered authentication information;
  
  encrypting the user-entered authentication information using the public key;
  
  transmitting, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and
  
  receiving a verification signal over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the mobile device receives the challenge from a reader device in communication with the authentication device, the reader device being configured to communicate with the mobile device over the wireless link.
  - 3. The method of claim 1, wherein the challenge further comprises a value generated by the authentication device, and the generated value is used for encrypting the user-entered authentication information and decrypting the encrypted user-entered authentication information.
  - 4. The method of claim 3, wherein the generated value is a nonce.
  - 5. The method of claim 1, wherein the authentication device is a smart card.
  - 6. The method of claim 1, wherein the user-entered authentication information comprises a password.
  - 7. The method of claim 1, wherein the user-entered authentication information is received after the challenge is received.
  - 8. The method of claim 7, wherein the user-entered authentication information is received in response to a request, the request being triggered by receipt of the challenge.
  - 9. The method of claim 1, further comprising the authentication device:
    - receiving the encrypted user-entered authentication information;
      
      decrypting the encrypted user-entered authentication information; and
      
      determining that the user-entered authentication information obtained by decryption matches the previously stored authentication information.

10. A mobile device, including:
- an input device;
  
  a processor configured to;
  
  receive, over a wireless link, a challenge comprising a public key stored by an authentication device;
  
  receive user-entered authentication information via the input device;
  
  encrypt the user-entered authentication information using the public key;
  
  transmit, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and
  
  receive a verification signal over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The mobile device of claim 10, wherein the mobile device receives the challenge from a reader device in communication with the authentication device, the reader device being configured to communicate with the mobile device over the wireless link.
  - 12. The mobile device of claim 10, wherein the challenge further comprises a value generated by the authentication device, and the generated value is used for encrypting the user-entered authentication information and decrypting the encrypted user-entered authentication information.
  - 13. The mobile device of claim 12, wherein the generated value is a nonce.
  - 14. The mobile device of claim 10, wherein the user-entered authentication information comprises a password.
  - 15. The mobile device of claim 10, wherein the user-entered authentication information is received after the challenge is received.
  - 16. The mobile device of claim 15, wherein the user-entered authentication information is received in response to a request, the request being triggered by receipt of the challenge.

17. A non-transitory computer-readable medium bearing code which, when executed by a processor of a device, causes the device to implement the method of:
- receiving, over a wireless link, a challenge comprising a public key stored by an authentication device;
  
  receiving user-entered authentication information;
  
  encrypting the user-entered authentication information using the public key;
  
  transmitting, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and
  
  receiving a verification signal over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
BROWN, Michael K., ADAMS, Neil P., LITTLE, Herbert A.

Granted Patent

US 9,003,516 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

System and method for encrypted smart card pin entry

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for encrypted smart card pin entry

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links