Remote portable and universal smartcard authentication and authorization device
First Claim
1. A method of authenticating a transaction, the method comprising:
- providing a portable card reader unit to communicate directly with a device, communications between the portable card reader and the device being secured, wherein the portable card reader unit is independent from the device;
initiating a transaction request in the device with a server or another party;
authenticating a user of the device exclusively in the card reader unit, wherein the card reader is not involved to encrypt a transaction between the device and the server, but provides optical or multi-tone acoustical signals from the card reader unit to authenticate the transaction between the device and the server or another party, and wherein the optical or multi-tone acoustical signals include authenticated information about the user of the device, and are received in the server or another party via the device; and
executing the transaction, if authorized, through the server or another party.
1 Assignment
0 Petitions
Accused Products
Abstract
An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with specific input devices, namely a light sensor/DTMF/infrared and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-decoder. The unit may be used alone or as a plug-in to another device such as a PDA, cell phone, or remote control. The reader may further be coupled to various biometric or plug-in devices to achieve at least five levels of authentication, namely, (1) the smartcard itself; (2) the smartcard reader; (2) the PIN; (3) private-key cryptography (PKI); and (5) the (optional) biometric device. These five levels account for an extremely strong authentication applicable to public networking on public/private computers, and even on TV (satellite, cable, DVD, CD AUDIO, software applications. Transactions including payments may be carried out without any risk of communication tampering, authentication misconduct or identity theft. In essence, the device is a closed box with communication ports. The emulation of the device is therefore extremely complex due to the fact that it involves PKI, hardware serialization for communication and software implementation, in conjunction with a specific hardware embodiment and service usage infrastructure component that returns a response necessary for each unique transaction link to an atomic time synchronization.
-
Citations
49 Claims
-
1. A method of authenticating a transaction, the method comprising:
-
providing a portable card reader unit to communicate directly with a device, communications between the portable card reader and the device being secured, wherein the portable card reader unit is independent from the device; initiating a transaction request in the device with a server or another party; authenticating a user of the device exclusively in the card reader unit, wherein the card reader is not involved to encrypt a transaction between the device and the server, but provides optical or multi-tone acoustical signals from the card reader unit to authenticate the transaction between the device and the server or another party, and wherein the optical or multi-tone acoustical signals include authenticated information about the user of the device, and are received in the server or another party via the device; and executing the transaction, if authorized, through the server or another party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A method of authenticating a transaction, the method comprising:
-
initiating a transaction between a device and a server or another party; requesting authentication of a user associated with the device when the server or another party demands that the transaction must be authenticated; providing a card reader unit to authenticate the transaction by; acquiring personal data of the user into the portable card reader unit; encrypting the personal data only after the user is authenticated; and encoding the encrypted personal data into an optical or multi-tone acoustical signal; causing the optical or multi-tone acoustical signal to be sent to the server or the another party via the device; subsequently, data in the transaction being converted by the card reader into optical or multi-tone acoustical signals that are now transmitted between the device and the server or another party. - View Dependent Claims (49)
-
Specification