Secure use of externally stored data

US 8,172,151 B2
Filed: 02/28/2011
Issued: 05/08/2012
Est. Priority Date: 12/01/2008
Status: Active Grant

First Claim

Patent Images

1. At a smart card reader, a method of making secure use of authentication data stored on a smart card read by said smart card reader, said method comprising:

receiving a response Application Protocol Data Unit (APDU) from said smart card, said response APDU including authentication data from said smart card, said response APDU indicating a destination;

extracting said authentication data from said response APDU;

storing said authentication data;

generating a filtered response APDU, wherein the filtered response APDU includes a portion of the response APDU received from the smart card and said filtered response APDU does not include said authentication data included in the response APDU received from said smart card; and

transmitting said filtered response APDU toward said destination.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart card reader is adapted to extract and store authentication data from a response APDU received from a smart card before generating a filtered response APDU, wherein the filtered response APDU does not include the authentication data. Beneficially, when the smart card reader transmits the filtered response APDU toward a destination, the biometric template data is less susceptible to interception, thereby providing a more secure solution.

15 Citations

View as Search Results

26 Claims

1. At a smart card reader, a method of making secure use of authentication data stored on a smart card read by said smart card reader, said method comprising:
- receiving a response Application Protocol Data Unit (APDU) from said smart card, said response APDU including authentication data from said smart card, said response APDU indicating a destination;
  
  extracting said authentication data from said response APDU;
  
  storing said authentication data;
  
  generating a filtered response APDU, wherein the filtered response APDU includes a portion of the response APDU received from the smart card and said filtered response APDU does not include said authentication data included in the response APDU received from said smart card; and
  
  transmitting said filtered response APDU toward said destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 21, 22)
- - 2. The method of claim 1 wherein the filtered response APDU comprises a header indicating a zero payload length.
  - 3. The method of claim 1 wherein the filtered response APDU comprises a payload carrying only zero values.
  - 4. The method of claim 1 wherein the authentication data from the smart card comprises data related to a biometric template.
  - 5. The method of claim 1 wherein the authentication data from the smart card comprises data related to a fingerprint template.
  - 6. The method of claim 1 wherein the portion of the response APDU received from the smart card includes a status word.
  - 7. The method of claim 1 further comprising:
    - receiving a command APDU from the destination; and
      
      generating a filtered command APDU based on the command APDU.
  - 21. The method of claim 1 wherein the authentication data from the smart card comprises a photograph.
  - 22. The method of claim 1 wherein the authentication data from the smart card comprises a social security number.

8. A smart card reader comprising:
- a storage component interface adapted to communicate with a smart card to receive a response Application Protocol Data Unit (APDU) from the smart card, the response APDU including authentication data from the smart card, the response APDU indicating a destination;
  
  a processor for executing a filter to extract the authentication data from the response APDU and generate a filtered response APDU, wherein the filtered response APDU includes a portion of the response APDU received from the smart card and the filtered response APDU does not include the authentication data included in the response APDU received from the smart card;
  
  a memory adapted to store the authentication data from the smart card; and
  
  a short range communication subsystem adapted to transmit the filtered response APDU toward the destination.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 23, 24)
- - 9. The smart card reader of claim 8 wherein the filtered response APDU comprises a header indicating a zero payload length.
  - 10. The smart card reader of claim 8 wherein the filtered response APDU comprises a payload carrying only zero values.
  - 11. The smart card reader of claim 8 wherein the authentication data from the smart card comprises data related to a biometric template.
  - 12. The smart card reader of claim 8 wherein the authentication data from the smart card comprises data related to a fingerprint template.
  - 13. The smart card reader of claim 8 wherein the portion of the response APDU received from the smart card includes a status word.
  - 14. The smart card reader of claim 8 wherein:
    - the short range communication subsystem is further adapted to receive a command APDU from the destination; and
      
      the processor is adapted to execute a further filter to generate a filtered command APDU based on the command APDU.
  - 23. The smart card reader of claim 8 wherein the authentication data from the smart card comprises a photograph.
  - 24. The smart card reader of claim 8 wherein the authentication data from the smart card comprises a social security number.

15. A computer-readable medium containing computer-executable instructions that, when performed by processor in a smart card reader, cause the processor to:
- receive a response Application Protocol Data Unit (APDU) from a smart card, the response APDU including authentication data from the smart card, the response APDU indicating a destination;
  
  extract the authentication data from the response APDU;
  
  store the authentication data;
  
  generate a filtered response APDU, wherein the filtered response APDU includes a portion of the response APDU received from the smart card and the filtered response APDU does not include the authentication data included in the response APDU received from the smart card; and
  
  transmit the filtered response APDU toward the destination.
- View Dependent Claims (16, 17, 18, 19, 20, 25, 26)
- - 16. The computer-readable medium of claim 15 wherein the filtered response APDU comprises a header indicating a zero payload length.
  - 17. The computer-readable medium of claim 15 wherein the filtered response APDU comprises a payload carrying only zero values.
  - 18. The computer-readable medium of claim 15 wherein the authentication data from the smart card comprises data related to a biometric template.
  - 19. The computer-readable medium of claim 15 wherein the authentication data from the smart card comprises data related to a fingerprint template.
  - 20. The computer-readable medium of claim 15 wherein the computer-executable instructions further cause the processor to:
    - receive a command APDU from the destination; and
      
      generate a filtered command APDU based on the command APDU.
  - 25. The computer-readable medium of claim 15 wherein the authorization data from the smart card comprises a photograph.
  - 26. The computer-readable medium of claim 15 wherein the authorization data from the smart card comprises a social security number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Singh, Ravi, Adams, Neil Patrick, Sibley, Richard Paul
Primary Examiner(s)
Lee, Michael G
Assistant Examiner(s)
Mikels, Matthew

Application Number

US13/037,328
Publication Number

US 20110198397A1
Time in Patent Office

435 Days
Field of Search

235/435, 235/439, 235/451, 235/487, 235/492
US Class Current

235/492
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

G06F 21/34 involving the use of extern...

Secure use of externally stored data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Secure use of externally stored data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others