System and method of using smart cards to perform security-critical operations requiring user authorization
First Claim
1. A user security system for use in conjunction with an operator terminal, the user security system comprising:
- an intelligent security token that is used for performing security-critical operations requiring user authorization;
a reader device providing communications between the intelligent security token and the operator terminal;
the reader device having a security actuator that requires physical operation by a person, the reader device being configured to detect such physical operation of the security actuator after a request by the operator terminal for the intelligent security token to perform a security-critical operation, wherein the security actuator does not require user identity verification;
the intelligent security token being configured to perform the security-critical operation only after the reader device detects physical operation of the security actuator.
2 Assignments
0 Petitions
Accused Products
Abstract
The specification describes a user security system for use in conjunction with an operator terminal such as a personal computer. The user security system utilizes an intelligent security token, commonly referred to as a Smart Card, for security-critical operations. A peripheral reader device provides communications between the Smart Card and the operator terminal. The Smart Card is programmed to signal the reader device prior to performing a security-critical operation and to wait for a counter-signal before performing any such security-critical operation. The reader device has a security key that is physically operable by a person. The reader device is configured to supply the counter-signal to the Smart Card only in response to operation of the security key, and to prevent the operator terminal from supplying the counter-signal.
-
Citations
45 Claims
-
1. A user security system for use in conjunction with an operator terminal, the user security system comprising:
-
an intelligent security token that is used for performing security-critical operations requiring user authorization; a reader device providing communications between the intelligent security token and the operator terminal; the reader device having a security actuator that requires physical operation by a person, the reader device being configured to detect such physical operation of the security actuator after a request by the operator terminal for the intelligent security token to perform a security-critical operation, wherein the security actuator does not require user identity verification; the intelligent security token being configured to perform the security-critical operation only after the reader device detects physical operation of the security actuator. - View Dependent Claims (2, 3)
-
-
4. A user security system for use in conjunction with an operator terminal, the user security system comprising:
-
an intelligent security token that is used for performing security-critical operations requiring user authorization; a reader device providing communications between the intelligent security token and the operator terminal; the intelligent security token being configured to signal the reader device prior to performing a security-critical operation and to wait for a counter-signal before performing said security-critical operation; the reader device having a security actuator that requires physical operation by a person, the reader device being configured to supply the counter-signal to the intelligent security token only in response to operation of the security actuator, wherein the security actuator does not require user identity verification. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
11. A user security system comprising:
-
an operator terminal; an intelligent security token that is used for performing security-critical operations requiring user authorization; a reader device providing communications between the intelligent security token and the operator terminal; the intelligent security token being configured to wait for a presence-indicating signal before performing said security-critical operation; the reader device having a security actuator that requires physical operation by a person, the reader device being configured to supply the presence-indicating signal to the intelligent security token only in response to physical operation of the security actuator, wherein the security actuator does not require user identity verification. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A reader device for use in conjunction with an operator terminal and with an intelligent security token that performs security-critical operations requiring user authorization, the reader device comprising:
-
a communications interface between the operator terminal and the intelligent security token; a security actuator that requires physical operation by a person, wherein the security actuator does not require user identity verification; security logic configured to detect operation of the security actuator in response to a request for the intelligent security token to perform a security-critical operation; the security logic being further configured to supply a signal to the intelligent security token upon detecting said operation of the security actuator. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A reader device for use in conjunction with an operator terminal and with an intelligent security token that performs security-critical operations requiring user authorization, the reader device comprising:
-
a communications interface between the operator terminal and the intelligent security token; a security actuator that is physically operable by a person; security logic configured to receive a predetermined signal from the intelligent security token and in response to detect operation of the security actuator; the security logic being further configured to at least partially block communications from the operator terminal to the intelligent security token upon receiving the predetermined signal from the intelligent security token, and to unblock communications from the operator terminal to the intelligent security token upon detecting said operation of the security actuator. - View Dependent Claims (27, 28, 29)
-
-
30. An intelligent security token for use in conjunction with a reader device, the security token comprising:
-
at least one communications line for communicating with the reader device; user security logic that performs security-critical operations requiring user authorization in response to commands received over said at least one communications line; the user security logic being further configured to perform said security-critical operation only after receiving a user presence confirmation from the reader device, wherein the user security logic does not require user identity verification. - View Dependent Claims (31, 32)
-
-
33. A method of using an intelligent security token to authenticate a user, comprising the following steps:
-
sending a request for a security-critical operation requiring user authorization from an operator terminal to the intelligent security token through a reader device; in response to sending the request to the intelligent security token, the reader device detecting physical operation of a security actuator by a person, said detecting step being performed independently of the operator terminal, wherein physical operation of the security actuator does not require user identity verification; the intelligent security token performing the security-critical operation only after the reader device detects physical operation of the security actuator. - View Dependent Claims (34, 35)
-
-
36. A method of using an intelligent security token to authenticate a user, comprising the following steps:
-
sending a request for a security-critical operation requiring user authorization from an operator terminal to the intelligent security token through a reader device; the intelligent security token sending a presence inquiry to the reader device in response to receiving the request; in response to receiving the presence inquiry, the reader device detecting physical operation of a security actuator by a person, wherein physical operation of the security actuator does not require user identity verification; upon detecting operation of the security actuator, the reader device supplying a user presence confirmation to the intelligent security token; the intelligent security token performing the security-critical operation only after receiving the user presence confirmation from the reader device. - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
-
43. A method of operating a reader device in conjunction with an intelligent security token to authenticate a user, comprising the following steps:
-
receiving communications from an operator terminal; sending said communications to the intelligent security token; receiving a presence inquiry from the intelligent security token; in response to receiving the presence inquiry, detecting physical operation of a security actuator by a person without requiring identification verification; upon detecting operation of the security actuator, supplying a user presence confirmation to the intelligent security token. - View Dependent Claims (44, 45)
-
Specification