Method and apparatus for protecting against side channel attacks against personal identification numbers

US 7,596,531 B2
Filed: 06/05/2002
Issued: 09/29/2009
Est. Priority Date: 06/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method for private personal identification number (PIN) management in a secure portable device having (1) executable instructions stored therein and (2) a processor wherein execution of said executable instructions on said processor provides the method comprising:

receiving, by said processor, a first PIN;

receiving, by said processor, a first key;

receiving, by said processor, a first scrambled PIN;

creating, by said processor, a second scrambled PIN by scrambling said first PIN with a second key;

storing, by said processor, said second scrambled PIN in a field in a memory of said secure portable device;

marking, by said processor, a test field, in said memory, for said stored second scrambled PIN as untested;

creating, by said processor, a third scrambled PIN by scrambling said first PIN with said first key;

comparing, by said processor, said first scrambled PIN with said third scrambled PIN; and

marking, by said processor, said test field for said stored second scrambled PIN based at least in part on said comparing said first scrambled PIN with said third scrambled PIN.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for private personal identification number (PIN) management includes receiving a first PIN, receiving a first key used to scramble a second PIN that has been validated, receiving a first scrambled PIN comprising the second PIN scrambled with the first key, scrambling the first PIN with the first key to create a second scrambled PIN and validating the first PIN based at least in part on whether the first scrambled PIN matches the second scrambled PIN.

Citations

33 Claims

1. A method for private personal identification number (PIN) management in a secure portable device having (1) executable instructions stored therein and (2) a processor wherein execution of said executable instructions on said processor provides the method comprising:
- receiving, by said processor, a first PIN;
  
  receiving, by said processor, a first key;
  
  receiving, by said processor, a first scrambled PIN;
  
  creating, by said processor, a second scrambled PIN by scrambling said first PIN with a second key;
  
  storing, by said processor, said second scrambled PIN in a field in a memory of said secure portable device;
  
  marking, by said processor, a test field, in said memory, for said stored second scrambled PIN as untested;
  
  creating, by said processor, a third scrambled PIN by scrambling said first PIN with said first key;
  
  comparing, by said processor, said first scrambled PIN with said third scrambled PIN; and
  
  marking, by said processor, said test field for said stored second scrambled PIN based at least in part on said comparing said first scrambled PIN with said third scrambled PIN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising validating, by said processor, said second scrambled PIN based at least in part on said marking based at least in part on said comparing said first scrambled PIN with said third scrambled PIN.
  - 3. The method of claim 1, further comprising using, by said processor, said stored second scrambled PIN in validating a subsequent PIN.
  - 4. The method of claim 1 wherein at least one of said first key and said second key comprise a session ID.
  - 5. The method of claim 1 wherein at least one of said first key and said second key comprise a randomized key.
  - 6. The method of claim 1 wherein said storing further comprises storing said second scrambled PIN in a persistent mutable memory.
  - 7. The method of claim 6 wherein said persistent mutable memory comprises an EEPROM.
  - 8. The method of claim 2 wherein said validating further comprises:
    - indicating said stored second scrambled PIN is invalid if said marking indicates said first scrambled PIN does not match said third scrambled PIN; and
      
      indicating said stored second scrambled PIN is valid if said marking indicates said first scrambled PIN matches said third scrambled PIN.

9. A program storage device readable by a machine, embodying a program of instructions executable by a secure portable device to perform a method for private personal identification number (PIN) management wherein execution of said program of instructions by a processor on said secure portable device causes the secure portable device to perform the method comprising:
- receiving, by said processor, a first PIN;
  
  receiving, by said processor, a first key;
  
  receiving, by said processor, a first scrambled PIN;
  
  creating, by said processor, a second scrambled PIN by scrambling said first PIN with a second key;
  
  storing, by said processor, said second scrambled PIN in a field in a memory of said secure portable device;
  
  marking, by said processor, a test field, in said memory, for said stored second scrambled PIN as untested;
  
  creating, by said processor, a third scrambled PIN by scrambling said first PIN with said first key;
  
  comparing, by said processor, said first scrambled PIN with said third scrambled PIN; and
  
  marking, by said processor, said test field for said stored second scrambled PIN based at least in part on said comparing said first scrambled PIN with said third scrambled PIN.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The program storage device of claim 9 wherein said method further comprises validating said second scrambled PIN based at least in part on said marking based at least in part on said comparing said first scrambled PIN with said third scrambled PIN.
  - 11. The program storage device of claim 9 wherein said method further comprises using said stored second scrambled PIN in validating a subsequent PIN.
  - 12. The program storage device of claim 9 wherein at least one of said first key and said second key comprise a session ID.
  - 13. The program storage device of claim 9 wherein at least one of said first key and said second key comprise a randomized key.
  - 14. The program storage device of claim 9 wherein said storing further comprises storing said second scrambled PIN in a persistent mutable memory.
  - 15. The program storage device of claim 9 wherein said persistent mutable memory comprises an EEPROM.
  - 16. The program storage device of claim 10 wherein said validating further comprises:
    - indicating said stored second scrambled PIN is invalid if said marking indicates said first scrambled PIN does not match said third scrambled PIN; and
      
      indicating said stored second scrambled PIN is valid if said marking indicates said first scrambled PIN matches said third scrambled PIN.

17. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- a memory for storing at least one key, at least one scrambled PIN, and at least one validity indication;
  
  a processor; and
  
  executable instructions stored on said apparatus, wherein execution of said executable instructions on said processor causes the processor to perform the method including;
  
  receiving, by said processor, a first PIN;
  
  receiving, by said processor, a first key;
  
  receiving, by said processor, a first scrambled PIN;
  
  creating by said processor, a second scrambled PIN by scrambling said first PIN with a second key;
  
  storing, by said processor, said second scrambled PIN in a field in memory of said secure portable device;
  
  marking, by said processor, a test field, in said memory, for said stored second scrambled PIN as untested;
  
  creating by said processor, a third scrambled PIN by scrambling said first PIN with said first key;
  
  comparing, by said processor, said first scrambled PIN with said third scrambled PIN; and
  
  marking, by said processor, said test field for said stored second scrambled PIN based at least in part on said comparing said first scrambled PIN with said third scrambled PIN.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 18. The apparatus of claim 17 wherein said method further includes validating said second scrambled PIN based at least in part on said mark based at least in part on said comparing said first scrambled PIN with said third scrambled PIN.
  - 19. The apparatus of claim 17 wherein said method further includes validating a subsequent PIN using said stored second scrambled PIN.
  - 20. The apparatus of claim 17 wherein at least one of said first key and said second key comprise a session ID.
  - 21. The apparatus of claim 17 wherein at least one of said first key and said second key comprise a randomized key.
  - 22. The apparatus of claim 17 wherein said memory comprises a persistent mutable memory.
  - 23. The apparatus of claim 22 wherein said persistent mutable memory comprises an EEPROM.
  - 24. The apparatus of claim 18 wherein said method further includesindicating said stored second scrambled PIN is invalid if said marking indicates said first scrambled PIN does not match said third scrambled PIN;
    - andindicating said stored second scrambled PIN is valid if said marking indicates said first scrambled PIN matches said third scrambled PIN.
  - 25. The apparatus of claim 17 wherein said apparatus comprises a smart card.
  - 26. The apparatus of claim 17 wherein said smart card comprises a Java Card™
    - technology-enabled smart card.
  - 27. The apparatus of claim 17 wherein said smart card comprises a CDMA (Code Division Multiple Access) technology-enabled smart card.
  - 28. The apparatus of claim 17 wherein said smart card comprises a SIM (Subscriber Identity Module) card.
  - 29. The apparatus of claim 17 wherein said smart card comprises a WIM (Wireless Interface Module).
  - 30. The apparatus of claim 17 wherein said smart card comprises a USIM (Universal Subscriber Identity Module).
  - 31. The apparatus of claim 17 wherein said smart card comprises a UIM (User Identity Module).
  - 32. The apparatus of claim 17 wherein said smart card comprises a R-UIM (Removable User Identity Module).
  - 33. The apparatus of claim 17 wherein said apparatus comprises a mobile phone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
de Jong, Eduard
Primary Examiner(s)
Hewitt, II; Calvin L
Assistant Examiner(s)
Winter; John M

Application Number

US10/164,662
Publication Number

US 20030229598A1
Time in Patent Office

2,673 Days
Field of Search

705/1, 705/50, 705/72, 713/183, 713/163
US Class Current

705/72
CPC Class Codes

G06F 21/31   User authentication

G06F 21/755   with measures against power...

G06Q 20/4012   Verifying personal identifi...

G06Q 30/018   Certifying business or prod...

Method and apparatus for protecting against side channel attacks against personal identification numbers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for protecting against side channel attacks against personal identification numbers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links