CREDENTIAL AUTHENTICATION METHODS AND SYSTEMS

US 20140101734A1
Filed: 05/29/2012
Published: 04/10/2014
Est. Priority Date: 06/10/2011
Status: Active Grant

First Claim

Patent Images

1. A method of performing a secure transaction between an application module and a credential, the method comprising:

a) determining, using a processor, a preliminary command to be sent to the credential;

b) transmitting the preliminary command from the application module to a broker module;

c) generating a transformed command based on the preliminary command;

d) transmitting the transformed command to the credential;

e) receiving a preliminary response from the credential;

f) at the broker module, generating a transformed response; and

g) transmitting the transformed response to the application module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.

Citations

24 Claims

1. A method of performing a secure transaction between an application module and a credential, the method comprising:
- a) determining, using a processor, a preliminary command to be sent to the credential;
  
  b) transmitting the preliminary command from the application module to a broker module;
  
  c) generating a transformed command based on the preliminary command;
  
  d) transmitting the transformed command to the credential;
  
  e) receiving a preliminary response from the credential;
  
  f) at the broker module, generating a transformed response; and
  
  g) transmitting the transformed response to the application module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein the transformed command is generated by the application module.
  - 3. The method of claim 1, wherein the transformed command is generated by the broker module and transmitted securely to the application module.
  - 4. The method of claim 1, wherein the transformed command is transmitted securely from the application module.
  - 5. The method of claim 1, wherein the preliminary response is transmitted securely to the application module.
  - 6. The method of claim 1, wherein the broker module has access to at least one sensitive data item to which the application module does not have access.
  - 7. The method of claim 6, further comprising, prior to generating the transformed command, transmitting the at least one sensitive data item from a verification server to the broker module via a secure session.
  - 8. The method of claim 6, further comprising, prior to generating the transformed command, generating the at least one sensitive data item at the broker module.
  - 9. The method of claim 6, wherein the at least one sensitive data item comprises predetermined data stored at the broker module.
  - 10. The method of claim 6, wherein the preliminary command comprises a command template.
  - 11. The method of claim 10, wherein the command template comprises a command tag associated with at least one sensitive data item, and wherein the broker module inserts the at least one sensitive data item when the transformed command is generated.
  - 12. The method of claim 10, wherein the preliminary command further comprises a response template.
  - 13. The method of claim 12, wherein the transformed response is based on the response template.
  - 14. The method of claim 12, wherein the response template comprises a whitelist that identifies at least one non-sensitive data item, and wherein the at least one non-sensitive data item is to be revealed to the application module.
  - 15. The method of claim 12, wherein the response template comprises at least one response tag associated with at least one sensitive data item, and wherein the broker module extracts and obscures the at least one sensitive data item when the transformed response is generated based on the at least one response tag.
  - 16. The method of claim 15, further comprising verifying the secure transaction at a verification server.
  - 17. The method of claim 16, wherein the verifying comprises:
    - a) transmitting an audit log to the verification server via the secure session;
      
      b) transmitting the preliminary command and the transformed response from the application module to the verification server;
      
      c) at the verification server, reconstructing a reconstructed transformed command and a reconstructed preliminary response based on the preliminary command, the transformed response and the audit log;
      
      d) extracting at least one hash digest from the audit log; and
      
      e) comparing the at least one hash digest extracted from the audit log to a newly-generated at least one hash digest of the reconstructed transformed command and the reconstructed preliminary response.
  - 18. The method of claim 17, further comprising, simulating the reconstructed transformed command to obtain a simulated preliminary response, and comparing the simulated preliminary response to the reconstructed preliminary response.
  - 19. The method of claim 17, further comprising transmitting the command template and the response template from the application module to the verification server, wherein the reconstructing is also based on the command template and the response template.
  - 20. The method of claim 1, wherein the application module and the broker module are provided on a single computing device.
  - 21. The method of claim 1, wherein the application module and the broker module are provided on one or more separate devices, and wherein the application module and the broker module communicate via a data network.

22. A method of verifying a secure transaction between an application module that is untrusted and a credential that is trusted, the method comprising:
- a) performing the secure transaction between the application module and the credential via the broker module to generate transaction data, the transaction data comprising one or more commands and one or more responses;
  
  b) filtering the transaction data that is transmitted to the application module to remove at least one sensitive data item;
  
  c) transmitting the filtered transaction data from the application module to the verification server;
  
  d) transmitting verification data corresponding to the transaction data from the broker module to the verification server via a secure session, the verification data comprising an audit log based on the transaction data;
  
  e) at the verification server, generating reconstructed transaction data based on the at least one sensitive data item and the filtered transaction data; and
  
  f) determining if the reconstructed transaction data corresponds to the transaction data.
- View Dependent Claims (23)
- - 23. The method of claim 22, wherein the filtered transaction data further comprises at least one template used in the secure transaction and the verification data comprises a first hash digest of the at least one template, further comprising generating a second hash digest of the at least one template at the verification server, and comparing the second hash digest to the first hash digest of the at least one template transmitted by the broker module.

24. A system for performing a secure transaction, the system comprising:
- a credential;
  
  a broker module; and
  
  an application module,wherein the application module is configured to;
  
  determine a preliminary command to be sent to the credential; and
  
  transmit the preliminary command to a broker module,and wherein the broker module is configured to;
  
  generate a transformed command based on the preliminary command;
  
  transmit the transformed command to the credential;
  
  receive a preliminary response from the credential;
  
  generate a transformed response; and
  
  transmit the transformed response to the application module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureKey Technologies, Inc. (Gen Digital Inc.)
Original Assignee
SecureKey Technologies, Inc. (Gen Digital Inc.)
Inventors
Ronda, Troy Jacob, Boysen, Andre, Rezayee, Afshin, Smith, Malcolm Ronald, Khaymov, Mikhael, Vadera, Kshitiz, Cat, Murat

Granted Patent

US 9,300,665 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/6227   where protection concerns t...

G06F 21/74   operating in dual or compar...

G06F 2221/2101   Auditing as a secondary aspect

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3821   Electronic credentials

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0884   by delegation of authentica...

H04L 9/3234   involving additional secure...

CREDENTIAL AUTHENTICATION METHODS AND SYSTEMS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

CREDENTIAL AUTHENTICATION METHODS AND SYSTEMS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links