Method and apparatus for protecting against side channel attacks against personal identification numbers
First Claim
Patent Images
1. A method for private personal identification number (PIN) management in a secure portable device having (1) executable instructions stored therein and (2) a processor wherein execution of said executable instructions on said processor provides the method comprising:
- receiving, by said processor, a first PIN;
receiving, by said processor, a first key;
receiving, by said processor, a first scrambled PIN;
creating, by said processor, a second scrambled PIN by scrambling said first PIN with a second key;
storing, by said processor, said second scrambled PIN in a field in a memory of said secure portable device;
marking, by said processor, a test field, in said memory, for said stored second scrambled PIN as untested;
creating, by said processor, a third scrambled PIN by scrambling said first PIN with said first key;
comparing, by said processor, said first scrambled PIN with said third scrambled PIN; and
marking, by said processor, said test field for said stored second scrambled PIN based at least in part on said comparing said first scrambled PIN with said third scrambled PIN.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for private personal identification number (PIN) management includes receiving a first PIN, receiving a first key used to scramble a second PIN that has been validated, receiving a first scrambled PIN comprising the second PIN scrambled with the first key, scrambling the first PIN with the first key to create a second scrambled PIN and validating the first PIN based at least in part on whether the first scrambled PIN matches the second scrambled PIN.
-
Citations
33 Claims
-
1. A method for private personal identification number (PIN) management in a secure portable device having (1) executable instructions stored therein and (2) a processor wherein execution of said executable instructions on said processor provides the method comprising:
-
receiving, by said processor, a first PIN; receiving, by said processor, a first key; receiving, by said processor, a first scrambled PIN; creating, by said processor, a second scrambled PIN by scrambling said first PIN with a second key; storing, by said processor, said second scrambled PIN in a field in a memory of said secure portable device; marking, by said processor, a test field, in said memory, for said stored second scrambled PIN as untested; creating, by said processor, a third scrambled PIN by scrambling said first PIN with said first key; comparing, by said processor, said first scrambled PIN with said third scrambled PIN; and
marking, by said processor, said test field for said stored second scrambled PIN based at least in part on said comparing said first scrambled PIN with said third scrambled PIN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A program storage device readable by a machine, embodying a program of instructions executable by a secure portable device to perform a method for private personal identification number (PIN) management wherein execution of said program of instructions by a processor on said secure portable device causes the secure portable device to perform the method comprising:
-
receiving, by said processor, a first PIN; receiving, by said processor, a first key; receiving, by said processor, a first scrambled PIN; creating, by said processor, a second scrambled PIN by scrambling said first PIN with a second key; storing, by said processor, said second scrambled PIN in a field in a memory of said secure portable device; marking, by said processor, a test field, in said memory, for said stored second scrambled PIN as untested; creating, by said processor, a third scrambled PIN by scrambling said first PIN with said first key; comparing, by said processor, said first scrambled PIN with said third scrambled PIN; and marking, by said processor, said test field for said stored second scrambled PIN based at least in part on said comparing said first scrambled PIN with said third scrambled PIN. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
-
a memory for storing at least one key, at least one scrambled PIN, and at least one validity indication; a processor; and executable instructions stored on said apparatus, wherein execution of said executable instructions on said processor causes the processor to perform the method including; receiving, by said processor, a first PIN; receiving, by said processor, a first key; receiving, by said processor, a first scrambled PIN; creating by said processor, a second scrambled PIN by scrambling said first PIN with a second key; storing, by said processor, said second scrambled PIN in a field in memory of said secure portable device; marking, by said processor, a test field, in said memory, for said stored second scrambled PIN as untested; creating by said processor, a third scrambled PIN by scrambling said first PIN with said first key; comparing, by said processor, said first scrambled PIN with said third scrambled PIN; and marking, by said processor, said test field for said stored second scrambled PIN based at least in part on said comparing said first scrambled PIN with said third scrambled PIN. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification