System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer
First Claim
1. A system for supporting at least one computer-implemented application to access and manage a multi-purpose integrated circuit (IC) card, the system comprising:
- a multi-purpose integrated circuit (IC) card having a plurality of resources for different uses;
a card reader which interfaces with the IC card to transfer information to and from the IC card;
a computers coupled to the card reader, to implement at least one application to enable a user to access and manage select resources of the plurality of resources of the IC card; and
an application-independent application interface executing on the computer to implement services utilized by the computer-implemented application to facilitate user access to certain of the plurality of resources provided by the IC card.
2 Assignments
0 Petitions
Accused Products
Abstract
A computerized system offers a uniform platform for conducting electronic transactions in multiple different environments. The system includes a portable, multi-purpose, integrated circuit (IC) card and complimentary computer software which enables access and management of resources maintained on the IC card. The software runs on a user'"'"'s personal computer, empowering the user to initialize the IC card, configure the card with the resources that the user wants to maintain on the card, and to manage those resources. The software enables the user to generate private/public key pairs and establish or change passcodes for access to the card resources. The IC card itself provides the electronic vehicle for securely transporting the user'"'"'s private keys and certificates without exposing them in plaintext form. The IC card is designed with enough processing capabilities to perform rudimentary cryptographic functions so that the private keys may be employed for signing or encryption without ever being released from the card.
-
Citations
53 Claims
-
1. A system for supporting at least one computer-implemented application to access and manage a multi-purpose integrated circuit (IC) card, the system comprising:
-
a multi-purpose integrated circuit (IC) card having a plurality of resources for different uses; a card reader which interfaces with the IC card to transfer information to and from the IC card; a computers coupled to the card reader, to implement at least one application to enable a user to access and manage select resources of the plurality of resources of the IC card; and an application-independent application interface executing on the computer to implement services utilized by the computer-implemented application to facilitate user access to certain of the plurality of resources provided by the IC card. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-implemented application program interface to interface an application executing on a computer operating system with a program executing on an integrated circuit (IC) card, the IC card being coupled to communicate with a computer on which the operating system is running, the application program interface comprising:
-
a cryptographic services module which implements cryptographic functionality for the application, the cryptographic services module using cryptographic resources maintained on the IC card so that when the application requests a cryptographic function, the cryptographic services module communicates with the IC card to have the IC card support the cryptographic function without exposing the cryptographic resources maintained thereon; and a card management services module which implements administration functionality for the application for managing resources maintained on the IC card so that when the application requests that an administrative task be performed on the IC card, the card management services module communicates with the IC card to perform the administrative task requested by the application. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer to configure and manage a plurality of resources of an integrated circuit (IC) card, the computer comprising:
-
a processor; a display; and a card manager user interface (UI) executing on the processor, the card manager UI presenting at least one graphical dialog screen on the display which enables a user to reconfigure the IC card and to manage the resources on the IC card. - View Dependent Claims (27, 28, 29)
-
-
30. A configuration system enabling a user to configure an integrated circuit (IC) card after manufacture of the IC card, the IC card having a processor and programmable memory, the configuration system comprising:
-
a computer having a card reader to interface with the IC card; and a card management application interface executing on the computer to enable the user to access the IC card and add, delete and otherwise configure the resources of the IC card stored within the programmable memory with data selected by a user. - View Dependent Claims (31, 32)
-
-
33. An integrated circuit (IC) card comprising:
-
a processor; a data I/O port controlled by the processor to receive and output data; a data memory coupled to the processor, the data memory being partitioned into a public storage and a private storage; the processor being configured to access the private storage of the data memory only following receipt and verification of an externally supplied passcode from the data I/O port; and the processor being configured to access the public storage and output contents stored in the public storage to the data I/O port without requiring receipt and verification of the passcode. - View Dependent Claims (34, 35, 36, 37, 38)
-
-
39. A method to provide cryptographic function support to a requesting application, the method comprising the following steps:
-
storing at least one cryptographic key on a portable integrated circuit (IC) card; supplying a request for a cryptographic function from the application to an application-independent application interface; establishing data communication between the application-independent application interface and the IC card; and performing the cryptographic function requested by the application cooperatively between the application-independent application interface and the IC card using the cryptographic key stored on the IC card and without exposing the cryptographic key from the IC card. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. A method for personalizing contents on an integrated circuit (IC) card from a computer according to a user'"'"'s preferences, the method comprising the following steps:
-
interfacing the IC card to the computer with an application-independent application interface executing on the computer; presenting a user interface on the computer to the user as part of the execution of the application interface; initializing the IC card using the user interface; configuring the IC card, using the user interface, to include cryptographic resources and non-cryptographic resources; and managing the cryptographic and non-cryptographic resources that are maintained on the IC card using the user interface. - View Dependent Claims (50, 51)
-
-
52. A method for conducting secure electronic transactions comprising the following steps:
-
configuring, at a first computing site, a portable multi-purpose integrated circuit (IC) card with resources that enable the IC card to be used for multiple purposes, the resources including a cryptographic key and a certificate which can be used for at least one of the multiple purposes; transporting the multi-purpose IC card from the first computing site to a second computing site; interfacing the multi-purpose IC card with an application interface executing at the second computing site, the application interface supporting an application which is executing at the second computing site to process data for a designated purpose, the application requiring transformation of at least a portion of the data according to a cryptographic function, the application having a certificate; exchanging certificates between the application and the IC card to verify authenticity to each other; establishing data communication between the application and the IC card through the application interface; supplying a request for the cryptographic function from the application to the application interface; performing the cryptographic function cooperatively between the application interface and the IC card using the cryptographic key stored on the IC card without exposing the cryptographic key from the IC card; transporting the IC card from the second computing site to a third computing site; interfacing the IC card with an application interface executing at the third computing site, the application interface at the third computing site supporting an application which is executing at the third computing site and requires access to a non-cryptographic resource on the IC card for another designated purpose; establishing data communication between the application and the IC card through the application interface; making a request from the application for the non-cryptographic resource on the IC card; and fulfilling the request for the non-cryptographic resource. - View Dependent Claims (53)
-
Specification