Method and system for secure, decentralized personalization of smart cards
First Claim
1. A method for securely writing confidential data from issuer'"'"'s secure computer to a customer smart card presented to a secure terminal device with smart card reader/writer connected to a retailer'"'"'s data terminal device at a remote location, including the steps of:
- (a) establishing a communications link between the data terminal device and the secure computer;
(b) authenticating the retailer to the issuer by;
(i) presenting a retailer smart card to the secure terminal device reader/writer and establishing access to information stored in the smart card by entering a retailer secret code into the secure terminal device to unlock the retailer smart card(ii) reading data from the unlocked retailer smart card and sending only information pertaining to the identity of the retailer smart card to the secure computer;
(iii) generating and sending from the secure computer a first random number to the secure terminal device;
(iv) enciphering the first random number at the secure terminal device using a cipher key read from the unlocked retailer smart card, the cipher key having a value unrelated to the retailer secret code, and sending the enciphered first random number back to the secure computer;
(v) comparing the retailer smart card identification data with data stored in the secure computer to identify the retailer smart card, then retrieving a cipher key stored in the secure computer associated with the identification data and enciphering the first random number with the cipher key; and
(vi) comparing the enciphered first random number received from the secure terminal device with the enciphered first random number generated in the secure computer to authenticate the retailer when the values of the enciphered first random numbers are identical;
(c) establishing a mutual session key for enciphering data transfer between the secure terminal and the secure computer after authentication of the retailer to the issuer has been effected, the mutual session key being generated by using a common key stored in the secure computer and the retailer smart card;
(d) retrieving the retailer smart card and subsequently presenting the customer smart card to the secure terminal device;
(e) enciphering at the secure computer, the confidential data to be written to the customer smart card using the mutual session key and sending the enciphered confidential data to the secure terminal device; and
(f) deciphering at the secure terminal device, the enciphered confidential data using the mutual session key and writing the confidential data on to the customer smart card.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for securely writing confidential data from an issuerer to a customer smart card at a remote location includes, establishing a communication link between a retailer data terminal device at the remote location and the issuer'"'"'s secure computer. A communication link is established between a secure terminal device, which includes a smart card reader/writer, and the data terminal device. The retailer is authenticated to the issuer and the issuer to the retailer by means of a retailer smart card presented to the secure terminal device. A session key is established for enciphering data traffic between the secure terminal device and the issuer'"'"'s computer using the retailer smart card. The customer smart card is presented to the secure terminal device. Confidential customer data is enciphered using the session key and it is written from the issuer'"'"'s computer to the customer smart card.
-
Citations
10 Claims
-
1. A method for securely writing confidential data from issuer'"'"'s secure computer to a customer smart card presented to a secure terminal device with smart card reader/writer connected to a retailer'"'"'s data terminal device at a remote location, including the steps of:
-
(a) establishing a communications link between the data terminal device and the secure computer; (b) authenticating the retailer to the issuer by; (i) presenting a retailer smart card to the secure terminal device reader/writer and establishing access to information stored in the smart card by entering a retailer secret code into the secure terminal device to unlock the retailer smart card (ii) reading data from the unlocked retailer smart card and sending only information pertaining to the identity of the retailer smart card to the secure computer; (iii) generating and sending from the secure computer a first random number to the secure terminal device; (iv) enciphering the first random number at the secure terminal device using a cipher key read from the unlocked retailer smart card, the cipher key having a value unrelated to the retailer secret code, and sending the enciphered first random number back to the secure computer; (v) comparing the retailer smart card identification data with data stored in the secure computer to identify the retailer smart card, then retrieving a cipher key stored in the secure computer associated with the identification data and enciphering the first random number with the cipher key; and (vi) comparing the enciphered first random number received from the secure terminal device with the enciphered first random number generated in the secure computer to authenticate the retailer when the values of the enciphered first random numbers are identical; (c) establishing a mutual session key for enciphering data transfer between the secure terminal and the secure computer after authentication of the retailer to the issuer has been effected, the mutual session key being generated by using a common key stored in the secure computer and the retailer smart card; (d) retrieving the retailer smart card and subsequently presenting the customer smart card to the secure terminal device; (e) enciphering at the secure computer, the confidential data to be written to the customer smart card using the mutual session key and sending the enciphered confidential data to the secure terminal device; and (f) deciphering at the secure terminal device, the enciphered confidential data using the mutual session key and writing the confidential data on to the customer smart card. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for securely writing confidential data from an issuer to a customer smart card in a remote location comprising:
-
an issuer'"'"'s secure computer containing data pertaining to the identification of a plurality of retailer smart cards and respective associated cipher keys; a retailer data terminal device at the remote location selectively in communication with the secure computer by means of a communications link; a secure terminal device at the remote locating including a smart card reader/writer, selectively in communication with the secure computer via the data terminal device; a retailer smart card containing data required to authenticate the retailer to the issuer including a retailer secret code to enable unlocking of the smart card upon positive comparison, with a secret code inputted into the secure terminal device, data pertaining to the identity of the smart card, a cipher key to encipher an authentication challenge generated by the secure computer and sent to the secure terminal device, and data required to establish a session key for enciphering traffic between the secure terminal device and the secure computer including a common cipher key stored in the retailer smart card and the secure computer; and a customer smart card able to accept the confidential data, when presented to the secure terminal device, sent from the computer to the secure data terminal after being deciphered using the session key.
-
-
8. A secure terminal which can be coupled to a remote computer, and a data link, intended for use with first and second, different, authorization cards comprising:
-
a programmed processor; an input device coupled to said processor; and a card reader/write coupled to said processor wherein said processor includes means for reading a first indicium from a first card and a second indicium entered via said input device and for comparing same, said processor including means, responsive to said comparing for reading a third, identifying, indicium from said first card and for transmitting same to the remote computer and for receiving a random number response from the remote computer, associated with said identifying indicium, and for reading a fourth, key indicium from the first card for combining said random numeric response with said key indicium thereby producing an enciphered random numeric response sent to the remote computer for authentication, wherein said processor includes means for establishing a different transaction enciphering key in response to said authentication and wherein said processor includes means for reading a second card and for authorizing transactions using said transaction key and an identifying indicium carried by said second card and not entered by said input device. - View Dependent Claims (9, 10)
-
Specification