System for securely exchanging data with smart cards

US 5,923,759 A
Filed: 10/15/1997
Issued: 07/13/1999
Est. Priority Date: 04/20/1995
Status: Expired due to Term

First Claim

Patent Images

1. A system for controlling requests from portable electronic cards of differing in-card electronic processing capabilities, and including a central processing module, associated memory, and an operating system, comprising:

a plurality of card units into which data cards and cards having internal data processing may be inserted;

security module means, directly connected to said plurality of card units, for authenticating cards inserted into the plurality of card units and for securely exchanging data with the authenticated cards; and

means, separate from the security module means, for processing data received from the security module in accordance with an application program.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A card-enabled processing system comprises a security module for securely exchanging data with cards, such as smart cards, and an application module for processing data from the smart cards. The security module encrypts and decrypts data using keys, which are securely stored in a secure memory. The security module also validates the cards before processing by the application module occurs and assists the card in validating the system. The application module provides a common platform in which different types of smart cards can be processed.

Citations

16 Claims

1. A system for controlling requests from portable electronic cards of differing in-card electronic processing capabilities, and including a central processing module, associated memory, and an operating system, comprising:
- a plurality of card units into which data cards and cards having internal data processing may be inserted;
  
  security module means, directly connected to said plurality of card units, for authenticating cards inserted into the plurality of card units and for securely exchanging data with the authenticated cards; and
  
  means, separate from the security module means, for processing data received from the security module in accordance with an application program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system according to claim 1, wherein said security module comprises means for providing data security for multiple applications.
  - 3. The system according to claim 1, wherein the data processing means comprises an application module, the application module including:
    - means for interfacing a plurality of differing data carrying cards with the application module.
  - 4. The system according to claim 1, wherein the data processing means comprises:
    - means for transferring data to and from files that relate to an application program of a particular card through the security module.
  - 5. The system according to claim 1, wherein the security module comprises:
    - means for validating a plurality of properties of the cards, including validating an internal key.
  - 6. The system according to claim 1, wherein the security module includes a secure microprocessor means for encrypting and decrypting data.
  - 7. The system according to claim 6, wherein the security module includes a first secure memory means for securely storing encryption keys.
  - 8. The system according to claim 6, wherein the security module includes a secure memory for securely storing a security program.

9. A method of securely exchanging data between a data-carrying card and a processing system, comprising the steps of:
- validating the authenticity of a data-carrying card at a security module of the processing system;
  
  securely providing data from the authenticated data-carrying card to the security module of the processing system;
  
  processing the data at the security module;
  
  providing the processed data from the security module to an application module; and
  
  processing the data at the application module.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method according to claim 9, wherein the step of validating the authenticity of the data-carrying card includes the steps of:
    - providing a random number in the processing system;
      
      transmitting the random number from the processing system to the data-carrying card;
      
      encrypting the random number at the data-carrying card using a first internal key stored in the card;
      
      providing the encrypted number from the card to the processing system;
      
      decrypting the encrypted number at the processing system using a second internal key stored in the processing system;
      
      comparing the decrypted number with the random number in the processing system; and
      
      determining that the data-carrying card is authentic if the decrypted number and the random number in the processing system match.
  - 11. The method according to claim 9, further comprising the step of validating the authenticity of the processing system at the data-carrying card.
  - 12. The method according to claim 11, wherein the step of validating the authenticity of the processing system includes the steps of:
    - providing a random number in the data-carrying card;
      
      transmitting the random number from the card to the processing system;
      
      encrypting the random number at the processing system using a first internal key stored in the card;
      
      providing the encrypted number from the processing system to the card;
      
      decrypting the encrypted number at the card using a second internal key stored in the card;
      
      comparing the decrypted number with the random number in the card; and
      
      determining that the processing system is authentic if the decrypted number and the random number in the card match.
  - 13. The method according to claim 9, further comprising the steps of:
    - verifying that a user is authorized to use the card.
  - 14. The method according to claim 9, wherein the step of processing the data at the security module includes the step of decrypting the data using decryption keys.
  - 15. The method according to claim 9, further comprising the steps of:
    - providing the processed data from the application module to the security module;
      
      processing the provided data at the security module; and
      
      storing the processed data from the security module on the data card.
  - 16. The method according to claim 15, wherein the step of processing the data at the security module includes the step of encrypting the data using encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
De la Rue Card Systems Inc (Advent International Corporation)
Original Assignee
Philip S. Lee
Inventors
Lee, Philip S.
Primary Examiner(s)
Hayes, Gail O.
Assistant Examiner(s)
Laufer, Pinchus M.

Application Number

US08/950,790
Time in Patent Office

636 Days
Field of Search

380/24, 380/25, 380/23, 235/382, 235/382.5, 235/379, 235/380, 340/825.31, 705/17, 705/18
US Class Current

713/159
CPC Class Codes

G06Q 20/204   comprising interface for re...

G06Q 20/3674   involving authentication

H04L 9/3234   involving additional secure...

System for securely exchanging data with smart cards

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System for securely exchanging data with smart cards

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links