System and method for encrypted smart card PIN entry
First Claim
1. A method for authenticating by a smart card using a user device in wireless communication with a physically separate smart card reader, the smart card comprising a microprocessor and a memory for storing a private key and a public key, the memory comprising secure memory for storing the private key, a decryption algorithm, and predetermined authentication information, the method comprising the steps of:
- transmitting a challenge from the smart card to the user device via the smart card reader over a wireless communication link, the challenge comprising the public key;
receiving at the smart card from the user device via the smart card reader over the wireless communication link, a response to the challenge comprising received user-entered authentication information encrypted using the challenge;
decrypting the received user-entered authentication information using the private key at the smart card;
comparing the received user-entered authentication information with the predetermined authentication information at the smart card; and
if the received user-entered authentication information matches the predetermined authentication information, transmitting a verification signal from the smart card to the user device.
5 Assignments
0 Petitions
Accused Products
Abstract
A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.
-
Citations
20 Claims
-
1. A method for authenticating by a smart card using a user device in wireless communication with a physically separate smart card reader, the smart card comprising a microprocessor and a memory for storing a private key and a public key, the memory comprising secure memory for storing the private key, a decryption algorithm, and predetermined authentication information, the method comprising the steps of:
-
transmitting a challenge from the smart card to the user device via the smart card reader over a wireless communication link, the challenge comprising the public key; receiving at the smart card from the user device via the smart card reader over the wireless communication link, a response to the challenge comprising received user-entered authentication information encrypted using the challenge; decrypting the received user-entered authentication information using the private key at the smart card; comparing the received user-entered authentication information with the predetermined authentication information at the smart card; and if the received user-entered authentication information matches the predetermined authentication information, transmitting a verification signal from the smart card to the user device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A smart card adapted to authenticate a user at a user device, the smart card comprising:
-
a memory adapted to store a private key, a public key, and predetermined authentication information, at least the private key being stored in a secure portion of memory; an interface adapted to communicate with a smart card reader physically separate from the user device, wirelessly transmit a challenge comprising at least the public key to the user device via the smart card reader over a wireless communication link, and receiver encrypted authentication information from the user device over the wireless communication link via the smart card reader in response to the challenge, the encrypted authentication information comprising user-entered authentication information encrypted by the public key; and a processor adapted to execute a decryption algorithm on the received encrypted authentication information using the private key to obtain decrypted authentication information, compare the decrypted authentication information with the predetermined authentication information, and generate a verification signal if the decrypted authentication information and the predetermined authentication information match. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system for authenticating a user, the system comprising:
-
a smart card comprising a microprocessor and a memory for storing a private key, a public key, and predetermined authentication information, the memory comprising secure memory for storing at least the private key, and the microprocessor being configured to execute a decryption algorithm using the private key and to perform a comparison of the predetermined authentication information against received authentication information; a user device for receiving input from the user, the user device being configured to encrypt input; and a smart card reader physically separate from the user device and in wireless communication with the user device, for providing communication means between the smart card and the user device; wherein when the smart card is in communication with the user device via the smart card reader, the smart card is configured to transmit to the user device a challenge comprising the public key, the user device is configured to encrypt, using the public key, authentication information inputted by a user and to transmit the encrypted authentication information to the smart card via the smart card reader in response to the challenge, and the smart card is further configured to decrypt the encrypted authentication information thus received from the user device using the decryption algorithm and the private key to provide decrypted authentication information such that the microprocessor may perform a comparison of the predetermined authentication information against the decrypted authentication information, and such that the smart card reader never receives or communicates unencrypted authentication information. - View Dependent Claims (19, 20)
-
Specification