System and method for encrypted smart card PIN entry

US 7,735,132 B2
Filed: 08/04/2005
Issued: 06/08/2010
Est. Priority Date: 07/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating by a smart card using a user device in wireless communication with a physically separate smart card reader, the smart card comprising a microprocessor and a memory for storing a private key and a public key, the memory comprising secure memory for storing the private key, a decryption algorithm, and predetermined authentication information, the method comprising the steps of:

transmitting a challenge from the smart card to the user device via the smart card reader over a wireless communication link, the challenge comprising the public key;

receiving at the smart card from the user device via the smart card reader over the wireless communication link, a response to the challenge comprising received user-entered authentication information encrypted using the challenge;

decrypting the received user-entered authentication information using the private key at the smart card;

comparing the received user-entered authentication information with the predetermined authentication information at the smart card; and

if the received user-entered authentication information matches the predetermined authentication information, transmitting a verification signal from the smart card to the user device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.

Citations

20 Claims

1. A method for authenticating by a smart card using a user device in wireless communication with a physically separate smart card reader, the smart card comprising a microprocessor and a memory for storing a private key and a public key, the memory comprising secure memory for storing the private key, a decryption algorithm, and predetermined authentication information, the method comprising the steps of:
- transmitting a challenge from the smart card to the user device via the smart card reader over a wireless communication link, the challenge comprising the public key;
  
  receiving at the smart card from the user device via the smart card reader over the wireless communication link, a response to the challenge comprising received user-entered authentication information encrypted using the challenge;
  
  decrypting the received user-entered authentication information using the private key at the smart card;
  
  comparing the received user-entered authentication information with the predetermined authentication information at the smart card; and
  
  if the received user-entered authentication information matches the predetermined authentication information, transmitting a verification signal from the smart card to the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the memory of the smart card is further provided with a nonce generation function, the method further comprising the step of generating and storing a nonce wherein the challenge further comprises the nonce, such that the received user-entered authentication information comprises the nonce comprised in the challenge received by the user device, and wherein the step of comparing the received user-entered authentication information comprises comparing the stored nonce with the nonce comprised in the received authentication information.
  - 3. The method of claim 2, wherein the step of transmitting the challenge to the user device occurs after a request for authentication is received.
  - 4. The method of claim 2, further comprising the steps of:
    - transmitting a request for authentication to the smart card before the step of transmitting the challenge to the user device;
      
      prompting a user of the user device to enter authentication information;
      
      encrypting, at the user device, the authentication information entered by the user using the challenge;
      
      transmitting to the smart card via the smart card reader the encrypted user-entered authentication information; and
      
      receiving a verification signal from the smart card.
  - 5. The method of claim 4, wherein the user device comprises a mobile communication device, the method further comprising the step of decrypting or digitally signing an electronic message upon receipt of the verification signal from the smart card.
  - 6. The method of claim 5, wherein the step of decrypting or digitally signing an electronic message comprises the step of accessing a second private key for carrying out the decryption or digital signature.
  - 7. The method of claim 1, wherein the step of transmitting the challenge to the user device occurs after a request for authentication is received.
  - 8. The method of claim 1, further comprising the steps of:
    - transmitting a request for authentication to the smart card before the step of transmitting the challenge to the user device;
      
      prompting for user input of authentication information at the user device;
      
      encrypting, at the user device, the authentication information entered by the user using the challenge;
      
      transmitting to the smart card via the smart card reader the encrypted user-entered authentication information; and
      
      receiving a verification signal from the smart card.
  - 9. The method of claim 8, wherein the user device comprises a mobile communication device, the method further comprising the step of decrypting or digitally signing an electronic message upon receipt of the verification signal from the smart card.
  - 10. The method of claim 9, wherein the step of decrypting or digitally signing an electronic message comprises the step of accessing a second private key for carrying out the decryption or digital signature.
  - 11. The method of claim 1, wherein the user device comprises a mobile communication device.

12. A smart card adapted to authenticate a user at a user device, the smart card comprising:
- a memory adapted to store a private key, a public key, and predetermined authentication information, at least the private key being stored in a secure portion of memory;
  
  an interface adapted to communicate with a smart card reader physically separate from the user device, wirelessly transmit a challenge comprising at least the public key to the user device via the smart card reader over a wireless communication link, and receiver encrypted authentication information from the user device over the wireless communication link via the smart card reader in response to the challenge, the encrypted authentication information comprising user-entered authentication information encrypted by the public key; and
  
  a processor adapted to execute a decryption algorithm on the received encrypted authentication information using the private key to obtain decrypted authentication information, compare the decrypted authentication information with the predetermined authentication information, and generate a verification signal if the decrypted authentication information and the predetermined authentication information match.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. smart card of claim 12, further comprising a processor adapted to generate a nonce for storage in the memory, and wherein the interface is adapted to transmit a challenge comprising at least the public key and the nonce and to receive encrypted authentication information comprising the nonce, and the processor for comparing the decrypted authentication information is configured to compare the decrypted information with both the predetermined authentication information and a stored nonce.
  - 14. The smart card of claim 13, wherein the private key is used by the user device in digitally signing or decrypting electronic messages.
  - 15. The smart card of claim 13, wherein the memory is further adapted to store a second private key and a corresponding second public key, the second private key being usable by the user device in digitally signing or decrypting electronic messages.
  - 16. The smart card of claim 12, wherein the interface is configured to receive, via the smart card reader, a request for authentication from the user device.
  - 17. The smart card of claim 12, wherein the interface is configured to receive, via the smart card reader, a request for authentication from the user device.

18. A system for authenticating a user, the system comprising:
- a smart card comprising a microprocessor and a memory for storing a private key, a public key, and predetermined authentication information, the memory comprising secure memory for storing at least the private key, and the microprocessor being configured to execute a decryption algorithm using the private key and to perform a comparison of the predetermined authentication information against received authentication information;
  
  a user device for receiving input from the user, the user device being configured to encrypt input; and
  
  a smart card reader physically separate from the user device and in wireless communication with the user device, for providing communication means between the smart card and the user device;
  
  wherein when the smart card is in communication with the user device via the smart card reader, the smart card is configured to transmit to the user device a challenge comprising the public key, the user device is configured to encrypt, using the public key, authentication information inputted by a user and to transmit the encrypted authentication information to the smart card via the smart card reader in response to the challenge, and the smart card is further configured to decrypt the encrypted authentication information thus received from the user device using the decryption algorithm and the private key to provide decrypted authentication information such that the microprocessor may perform a comparison of the predetermined authentication information against the decrypted authentication information, and such that the smart card reader never receives or communicates unencrypted authentication information.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the microprocessor is further configured to generate a nonce and store the nonce in memory, such that when the smart card is in communication with the user device via the smart card reader, the smart card is configured to transmit the public key and the nonce, and the user device is configured to encrypt a concatenation of the nonce received from the smart card and the authentication information inputted by the user using the public key and transmit the information thus encrypted to the smart card, and the smart card is further configured to decrypt the encrypted authentication information received from the user device using the decryption algorithm and the private key to provide decrypted authentication information and a decrypted nonce such that the microprocessor may perform a comparison of the predetermined authentication information and the stored nonce against the decrypted authentication information and the decrypted nonce.
  - 20. The system of claim 18, wherein the user device comprises a mobile communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Adams, Neil P., Brown, Michael K., Little, Herbert A.
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
Vaughan; Michael R

Application Number

US11/196,340
Publication Number

US 20070028118A1
Time in Patent Office

1,769 Days
Field of Search

None
US Class Current

726/20
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

System and method for encrypted smart card PIN entry

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for encrypted smart card PIN entry

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links