Secure access module for integrated circuit card applications
First Claim
Patent Images
1. A method comprising:
- initiating a transaction between a card-accessing device and a portable card;
determining that a portion of the transaction between the card-accessing device and the portable card involves the use of sensitive data; and
invoking a Secure Access Module contained within the card-accessing device to carry out the portion of the transaction involving the use of sensitive data, wherein the Secure Access Module comprises functionality sufficient to carry out the portion of the transaction involving the use of sensitive data;
determining that the portion of the transaction involving the use of sensitive data is completed; and
after the portion of the transaction involving the use of sensitive data is determined to be completed, relinquishing control of the transaction from the Secure Access Module to an unsecure environment of the card-accessing device such that the transaction is completed by a processor residing within the unsecure environment.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms are provided for executing security-sensitive applications with a general-purpose computing device. In particular, the general-purpose computing device includes an unsecure computing environment and a secure computing environment. The secure computing environment is established with a secure access module that includes data and functions for executing the security-sensitive application on behalf of the unsecure computing environment.
-
Citations
25 Claims
-
1. A method comprising:
-
initiating a transaction between a card-accessing device and a portable card; determining that a portion of the transaction between the card-accessing device and the portable card involves the use of sensitive data; and invoking a Secure Access Module contained within the card-accessing device to carry out the portion of the transaction involving the use of sensitive data, wherein the Secure Access Module comprises functionality sufficient to carry out the portion of the transaction involving the use of sensitive data; determining that the portion of the transaction involving the use of sensitive data is completed; and after the portion of the transaction involving the use of sensitive data is determined to be completed, relinquishing control of the transaction from the Secure Access Module to an unsecure environment of the card-accessing device such that the transaction is completed by a processor residing within the unsecure environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A card-accessing device, comprising:
-
an unsecure environment including memory and a processor, the memory including instructions for executing one or more applications and instructions for executing an operating system, wherein the processor is configured to execute the instructions stored in memory; a card interface configured to provide a communication channel between the processor and a portable card thereby facilitating a data transaction between the card-accessing device and the portable card; and a Secure Access Module configured carry out a portion of the data transaction involving the use of sensitive data and during the portion of the data transaction involving the use of sensitive data utilize the card interface to communicate with the portable card, determine that the portion of the data transaction involving the use of sensitive data is completed, and then, after determining that the portion of the data transaction involving the use of sensitive data has completed, relinquish control of the transaction to the unsecure environment such that the transaction is completed by the processor of the unsecure environment. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system, comprising:
-
a portable card; and a card-accessing device configured to execute a data exchange transaction with the portable card, wherein a first portion of the data exchange transaction involving the use of sensitive data is executed by a Secure Access Module contained within the card-accessing device and wherein a second portion of the data exchange transaction not involving the use of sensitive data is executed after the first portion of the data exchange transaction is completed, the second portion of the data exchange transaction being executed by a processor residing in an unsecure environment of the card-accessing device, wherein the Secure Access Module is further configured to determine that the first portion of the data exchange transaction involving the use of sensitive data is completed and, in response thereto, invoke the second portion of the data exchange transaction to be executed. - View Dependent Claims (24, 25)
-
Specification