Remote portable and universal smartcard authentication and authorization device

US 7,083,090 B2
Filed: 08/09/2002
Issued: 08/01/2006
Est. Priority Date: 08/09/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authenticating a transaction, the method comprising:

providing a portable card reader unit to communicate directly with a device, communications between the portable card reader and the device being secured, wherein the portable card reader unit is independent from the device;

initiating a transaction request in the device with a server or another party;

authenticating a user of the device exclusively in the card reader unit, wherein the card reader is not involved to encrypt a transaction between the device and the server, but provides optical or multi-tone acoustical signals from the card reader unit to authenticate the transaction between the device and the server or another party, and wherein the optical or multi-tone acoustical signals include authenticated information about the user of the device, and are received in the server or another party via the device; and

executing the transaction, if authorized, through the server or another party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with specific input devices, namely a light sensor/DTMF/infrared and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-decoder. The unit may be used alone or as a plug-in to another device such as a PDA, cell phone, or remote control. The reader may further be coupled to various biometric or plug-in devices to achieve at least five levels of authentication, namely, (1) the smartcard itself; (2) the smartcard reader; (2) the PIN; (3) private-key cryptography (PKI); and (5) the (optional) biometric device. These five levels account for an extremely strong authentication applicable to public networking on public/private computers, and even on TV (satellite, cable, DVD, CD AUDIO, software applications. Transactions including payments may be carried out without any risk of communication tampering, authentication misconduct or identity theft. In essence, the device is a closed box with communication ports. The emulation of the device is therefore extremely complex due to the fact that it involves PKI, hardware serialization for communication and software implementation, in conjunction with a specific hardware embodiment and service usage infrastructure component that returns a response necessary for each unique transaction link to an atomic time synchronization.

Citations

49 Claims

1. A method of authenticating a transaction, the method comprising:
- providing a portable card reader unit to communicate directly with a device, communications between the portable card reader and the device being secured, wherein the portable card reader unit is independent from the device;
  
  initiating a transaction request in the device with a server or another party;
  
  authenticating a user of the device exclusively in the card reader unit, wherein the card reader is not involved to encrypt a transaction between the device and the server, but provides optical or multi-tone acoustical signals from the card reader unit to authenticate the transaction between the device and the server or another party, and wherein the optical or multi-tone acoustical signals include authenticated information about the user of the device, and are received in the server or another party via the device; and
  
  executing the transaction, if authorized, through the server or another party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 2. The method of claim 1, wherein the authenticating of the user of the device exclusively in the card reader unit comprising:
    - acquiring personal data of the user into the portable card reader unit;
      
      encrypting the personal data only after the user is authenticated; and
      
      encoding the encrypted personal data into the optical or multi-tone acoustical signal.
  - 3. The method of claim 1, wherein the card reader converts data in the transaction into optical or multi-tone acoustical signals to be transmitted between the device and the server or another party.
  - 4. The method of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is a high-contrast optical signal.
  - 5. The method of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is from a computer display.
  - 6. The method of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is from a liquid-crystal display.
  - 7. The method of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is from a light-emitting diode.
  - 8. The method of claim 1, wherein the multi-tone acoustical signal is a dual tone, multiform (DTMF) signal.
  - 9. The method of claim 1, wherein the optical signal is an infrared signal.
  - 10. The method of claim 1, wherein the transaction request is initiated by a wireless signal.
  - 11. The method of claim 1, wherein communication between the device and the server or another party involves the use of the multi-tone acoustic signal.
  - 12. The method of claim 11, wherein the multi-tone acoustic signal is a dual tone, multi-format (DTMF) signal.
  - 13. The method of claim 11, wherein the multi-tone acoustic signal is an audio frequency shift keying (AFSK) signal.
  - 14. The method of claim 11, wherein the multi-tone acoustic signal is a private line (PL) signal.
  - 15. The method of claim 1, wherein the initiating of a transaction request at the card reader unit includes the entry of a personal identification number (PIN) through a keyboard.
  - 16. The method of claim 15, wherein the keyboard includes a touch-sensitive screen.
  - 17. The method of claim 15, further including terminating the operation of the portable card reader unit if a PIN entry is attempted more than a predetermined number of times.
  - 18. The method of claim 1, wherein the portable card reader unit further includes a biometric input;
    - and the initiating of the transaction in the device with the server or another party includes receiving biometric data through a biometric input.
  - 19. The method of claim 18, wherein the biometric input is a fingerprint.
  - 20. The method of claim 1, wherein information exchange subsequent to the transaction request are encrypted.
  - 21. The method of claim 20, wherein the encryption is based on public-key cryptography.
  - 22. The method of claim 20, wherein the encryption is based on identity-based encryption (IBE) cryptography.
  - 23. The method of claim 1, wherein the portable card reader unit includes a memory;
    - the transaction request initiates a session; and
      
      information regarding the session is stored in the memory.
  - 24. The method of claim 1, wherein the portable card reader unit forms part of the device.
  - 25. The method of claim 24, wherein the device is one of a personal digital assistant (PDA), a hand-held remote control and a cellular telephone.
  - 26. The method of claim 24, wherein the portable card reader unit operates in conjunction with the device to facilitate secured and authenticated operation with the server or another party.
  - 27. The method of claim 1, further including storing an encrypted dynamic credit report.
  - 28. The method of claim 27, further including storing encrypted pro-approved payment or banking authorization numbers.
  - 29. The method of claim 28, further including sending an encrypted credit report to a server or another party credit report company with an approval of the credit owner.
  - 30. The method of claim 1, wherein the portable card reader is further operative to communicate with another card reader.
  - 31. The method of claim 1, further including updating credit report data from a third party credit report company.
  - 32. The method of claim 1, wherein the portable card reader unit receives a smartcard, and the method further includes of storing encrypted credit report history on the smartcard.
  - 33. The method of claim 32, further including storing encrypted pro-approved payment or banking authorization numbers on the smartcard.
  - 34. The method of claim 32, further including comparing stored data with data stared on the smartcard.
  - 35. The method of claim 32, further including permitting or preventing access to data stored in the portable card reader unit.
  - 36. The method of claim 32, further including permitting or preventing access to the smartcard.
  - 37. The method of claim 1, further including steps to permit or prevent access is based on a security policy infrastructure.
  - 38. The method of claim 1, further including storing personal and historical medical data.
  - 39. The method of claim 1, further including storing and caching multiple smartcards at the same time.
  - 40. The method of claim 1, further including providing an digital identity for the card owner.
  - 41. The method of claim 1, further including storing, receiving, and sending personal information from the card owner to one or more third parties.
  - 42. The method of claim 1, further including capabilities to permit or prevent physical access to the card reader unit.
  - 43. The method of claim 1, further including storing multiple public and private keys or certificates in memory or on the card.
  - 44. The method of claim 1, further including linking to one or more third parties or services, and providing a secure environment to private-key cryptography (PKI) infrastructures.
  - 45. The method of claim 1, further including providing a portable authentication through a remote service without allowing non-secure access.
  - 46. The method of claim 45, wherein the non-secure access is associated with a web cafe or a public network.
  - 47. The method of claim 1, wherein the card reader unit is further operative to function as one of a payment device or an infrared universal remote control.

48. A method of authenticating a transaction, the method comprising:
- initiating a transaction between a device and a server or another party;
  
  requesting authentication of a user associated with the device when the server or another party demands that the transaction must be authenticated;
  
  providing a card reader unit to authenticate the transaction by;
  
  acquiring personal data of the user into the portable card reader unit;
  
  encrypting the personal data only after the user is authenticated; and
  
  encoding the encrypted personal data into an optical or multi-tone acoustical signal;
  
  causing the optical or multi-tone acoustical signal to be sent to the server or the another party via the device;
  
  subsequently, data in the transaction being converted by the card reader into optical or multi-tone acoustical signals that are now transmitted between the device and the server or another party.
- View Dependent Claims (49)
- - 49. The method of claim 48, wherein the card reader unit operates on an atomic time, and wherein the encrypting of the personal data comprises:
    - recovering the atomic time;
      
      generating a session key in accordance with the atomic time; and
      
      encrypt the personal data with the session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bright Smart Corporation
Original Assignee
Bright Smart Corporation
Inventors
Zuili, Patrick
Primary Examiner(s)
Lee, Seung H

Application Number

US10/215,888
Publication Number

US 20040026496A1
Time in Patent Office

1,453 Days
Field of Search

235/383, 235/380, 235/462.45, 235/462.46, 235/379, 235/472.02, 235/454, 235/492
US Class Current

235/383
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

Remote portable and universal smartcard authentication and authorization device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Remote portable and universal smartcard authentication and authorization device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links