CREDENTIAL AUTHENTICATION METHODS AND SYSTEMS
First Claim
1. A method of performing a secure transaction between an application module and a credential, the method comprising:
- a) determining, using a processor, a preliminary command to be sent to the credential;
b) transmitting the preliminary command from the application module to a broker module;
c) generating a transformed command based on the preliminary command;
d) transmitting the transformed command to the credential;
e) receiving a preliminary response from the credential;
f) at the broker module, generating a transformed response; and
g) transmitting the transformed response to the application module.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.
-
Citations
24 Claims
-
1. A method of performing a secure transaction between an application module and a credential, the method comprising:
-
a) determining, using a processor, a preliminary command to be sent to the credential; b) transmitting the preliminary command from the application module to a broker module; c) generating a transformed command based on the preliminary command; d) transmitting the transformed command to the credential; e) receiving a preliminary response from the credential; f) at the broker module, generating a transformed response; and g) transmitting the transformed response to the application module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of verifying a secure transaction between an application module that is untrusted and a credential that is trusted, the method comprising:
-
a) performing the secure transaction between the application module and the credential via the broker module to generate transaction data, the transaction data comprising one or more commands and one or more responses; b) filtering the transaction data that is transmitted to the application module to remove at least one sensitive data item; c) transmitting the filtered transaction data from the application module to the verification server; d) transmitting verification data corresponding to the transaction data from the broker module to the verification server via a secure session, the verification data comprising an audit log based on the transaction data; e) at the verification server, generating reconstructed transaction data based on the at least one sensitive data item and the filtered transaction data; and f) determining if the reconstructed transaction data corresponds to the transaction data. - View Dependent Claims (23)
-
-
24. A system for performing a secure transaction, the system comprising:
-
a credential; a broker module; and an application module, wherein the application module is configured to; determine a preliminary command to be sent to the credential; and transmit the preliminary command to a broker module, and wherein the broker module is configured to; generate a transformed command based on the preliminary command; transmit the transformed command to the credential; receive a preliminary response from the credential; generate a transformed response; and transmit the transformed response to the application module.
-
Specification