Secure transactions with passive storage media

US 7,549,057 B2
Filed: 02/04/2005
Issued: 06/16/2009
Est. Priority Date: 07/06/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A secure transaction system comprising:

a plurality of information carriers distributed to authorized users for secure storage of information related to carrying out of transactions by said authorized users, each information carrier having a passive data storage medium but lacking any data processing unit, said information stored on said passive data storage medium being in encrypted form and including transaction messages, cryptographic keys, and at least one digital certificate issued to an authorized user; and

a drive for reading and writing information relating to transactions on an information carrier presented thereto by an authorized user, said drive connected via a communications link or network to a host computer, said drive having a control unit executing secure protocols for mediating communication between said host computer and drive and between said drive and information carrier, said drive also having a cryptographic processing unit providing encryption and decryption of transaction messages and digital certificates in accord with said secure protocols executed by said control unit and using cryptographic keys, including cryptographic keys stored by said drive and cryptographic keys read from said information carriers, as specified by said secure protocols.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A transaction system for use with passive data storage media, such as optical memory cards, uses secure protocols involving digital certificates for communication between a read/write drive and the medium and also for communication between the drive and a host computer. The drive stores crytographic keys and firmware for executing the secure protocols. All messages (data or commands) passed between the drive and the passive medium or host computer not only are encrypted but also include at least one digital certificate for authenticating the message. Typically, asymmetric (public-private key) encryption is used and keys may be derived from an authorized user'"'"'s password, personal identification number, or biometric data. The drive includes sensors to detect any attempted intrusions and a control unit that will destroy the critical information (keys and protocol code) in response to a detected intrusion. The keys and protocols stored in a drive can themselves be changed through appropriate use of a secure protocol involving digital certificates.

Citations

16 Claims

1. A secure transaction system comprising:
- a plurality of information carriers distributed to authorized users for secure storage of information related to carrying out of transactions by said authorized users, each information carrier having a passive data storage medium but lacking any data processing unit, said information stored on said passive data storage medium being in encrypted form and including transaction messages, cryptographic keys, and at least one digital certificate issued to an authorized user; and
  
  a drive for reading and writing information relating to transactions on an information carrier presented thereto by an authorized user, said drive connected via a communications link or network to a host computer, said drive having a control unit executing secure protocols for mediating communication between said host computer and drive and between said drive and information carrier, said drive also having a cryptographic processing unit providing encryption and decryption of transaction messages and digital certificates in accord with said secure protocols executed by said control unit and using cryptographic keys, including cryptographic keys stored by said drive and cryptographic keys read from said information carriers, as specified by said secure protocols.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1 wherein said cryptographic processing unit of said drive also provides, as specified by said secure protocols, encryption and decryption of information communicated with said host computer via said communications link.
  - 3. The system of claim 1 wherein said drive includes sensors for detecting attempted intrusions into the drive, said control unit being responsive to said sensors for destroying critical cryptographic keys in the drive upon detection of any intrusion.
  - 4. The system of claim 1 wherein said storage medium is logically partitioned and at least one different digital certificate is stored thereon for each partition.
  - 5. The system of claim 1 wherein said secure protocols include an enrollment of an authorized user wherein personal data for said user is digitally signed, and transmitted from a host computer to said drive with at least one digital certificate, and recertified by said drive and stored on said passive storage medium.
  - 6. The system of claim 1 wherein said secure protocols include a transaction by an authorized user wherein transaction requests and authorization information and are transmitted between said drive and said host computer and between said drive and said storage medium with at least one digital certificate.
  - 7. The system of claim 1 wherein said secure protocols executed by said drive include at least one protocol that permits modification of said keys stored by said drive.
  - 8. The system of claim 7 wherein said protocol permitting modification of said keys is one of said protocols mediating communications between said host computer and said drive.
  - 9. The system of claim 7 wherein said protocol permitting modification of said keys is one of said protocols mediating communication between said drive and said information carriers.
  - 10. The system of claim 7 wherein at least one of said secure protocols also permits modification of the secure protocols themselves.
  - 11. The system of claim 1 wherein said data storage medium comprises an optical medium.
  - 12. The system of claim 11 wherein said information carrier is an optical memory card.
  - 13. The system of claim 11 wherein said information carrier is an optical disk.
  - 14. The system of claim 1 wherein said information stored on said information carrier is in encrypted form corresponding to a decryption key stored in said drive.
  - 15. The system of claim 14 wherein said information stored on said information carrier also includes personal data for generating keys of said authorized user.
  - 16. The system of claim 15 wherein said personal data comprises any of a personal identification number (PIN) a password, and biometric data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
LaserCard Corp. (Assa Abloy AB)
Inventors
Sciupac, Louis H.
Primary Examiner(s)
Lipman; Jacob

Application Number

US11/052,481
Publication Number

US 20050160277A1
Time in Patent Office

1,593 Days
Field of Search

713/189, 713/185
US Class Current

713/189
CPC Class Codes

G06Q 20/382   insuring higher security of...

G07C 9/23   by means of a password

G07C 9/25   using biometric data, e.g. ...

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Secure transactions with passive storage media

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Secure transactions with passive storage media

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links