Secure use of externally stored data

US 8,448,875 B2
Filed: 04/02/2012
Issued: 05/28/2013
Est. Priority Date: 12/01/2008
Status: Active Grant

First Claim

Patent Images

1. A method to be performed by an electronic device, the method comprising:

transmitting a request Application Protocol Data Unit (APDU) to a smart card reader coupled to the electronic device, the request APDU requesting authentication data stored on a smart card coupled to the smart card reader; and

in response to transmitting the request APDU, receiving from the smart card reader a filtered response APDU that excludes the authentication data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart card reader is adapted to extract and store authentication data from a response APDU received from a smart card before generating a filtered response APDU, wherein the filtered response APDU does not include the authentication data. Beneficially, when the smart card reader transmits the filtered response APDU toward a destination, the biometric template data is less susceptible to interception, thereby providing a more secure solution.

Citations

26 Claims

1. A method to be performed by an electronic device, the method comprising:
- transmitting a request Application Protocol Data Unit (APDU) to a smart card reader coupled to the electronic device, the request APDU requesting authentication data stored on a smart card coupled to the smart card reader; and
  
  in response to transmitting the request APDU, receiving from the smart card reader a filtered response APDU that excludes the authentication data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as claimed in claim 1, further comprising:
    - prior to transmitting the request APDU, transmitting a filter activation message to the smart card reader.
  - 3. The method as claimed in claim 1, wherein the filtered response APDU comprises a header section that includes an indication of a length of a payload section of the filtered response APDU.
  - 4. The method as claimed in claim 3, wherein the indication of the length of the payload section is zero.
  - 5. The method as claimed in claim 3, wherein the indication of the length of the payload section is greater than zero.
  - 6. The method as claimed in claim 5, wherein the payload section of the filtered response APDU comprises only zero values.
  - 7. The method as claimed in claim 1, wherein the authentication data comprises data related to a biometric template.
  - 8. The method as claimed in claim 7, wherein the data related to the biometric template comprises data related to a fingerprint template.
  - 9. The method as claimed in claim 7, wherein the filtered response APDU comprises a header section that includes an indication of a length of a payload section of the filtered response APDU, the payload section comprising data related to another biometric template that is distinct from the data related to the biometric template.

10. A method to be performed by an electronic device, the method comprising:
- receiving a notification of an attempt to gain access to the electronic device;
  
  transmitting to a smart card reader coupled to the electronic device a biometric template index message comprising an identification of a particular index of a biometric template and a set of commands instructing the smart card reader;
  
  (1) to obtain a biometric candidate;
  
  (2) to perform a comparison of the biometric candidate to the biometric template corresponding to the particular index; and
  
  (3) to respond with a result of the comparison; and
  
  receiving from the smart card reader the result of the comparison.
- View Dependent Claims (11, 12, 13)
- - 11. The method as claimed in claim 10, further comprising:
    - permitting access to the electronic device where the result is that the biometric candidate matches the biometric template corresponding to the particular index.
  - 12. The method as claimed in claim 10, further comprising:
    - denying access to the electronic device where the result is that the biometric candidate does not match the biometric template corresponding to the particular index.
  - 13. The method as claimed in claim 10, wherein the biometric template comprises a fingerprint template and the particular index of the biometric template is an index of a particular finger.

14. An electronic device comprising:
- a processor;
  
  a communication interface coupled to the processor and adapted to communicate with a smart card reader;
  
  a computer-readable medium coupled to the processor and adapted to store code which, when executed by the processor, causes the electronic device;
  
  to transmit a request Application Protocol Data Unit (APDU) to the smart card reader via the communication interface, the request APDU requesting authentication data stored on a smart card coupled to the smart card reader; and
  
  in response to transmitting the request APDU, to receive from the smart card reader via the communication interface a filtered response APDU that excludes the authentication data.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The electronic device as claimed in claim 14, wherein the code, when executed by the processor, further cause the electronic device:
    - to transmit a filter activation message to the smart card reader via the communication interface prior to transmitting the request APDU.
  - 16. The electronic device as claimed in claim 14, wherein the filtered response APDU comprises a header section that includes an indication of a length of a payload section of the filtered response APDU.
  - 17. The electronic device as claimed in claim 15, wherein the indication of the length of the payload section is zero.
  - 18. The electronic device as claimed in claim 15, wherein the indication of the length of the payload section is greater than zero.
  - 19. The electronic device as claimed in claim 18, wherein the payload section of the filtered response APDU comprises only zero values.
  - 20. The electronic device as claimed in claim 14, wherein the authentication data comprises data related to a biometric template.
  - 21. The electronic device as claimed in claim 20, wherein the data related to the biometric template comprises data related to a fingerprint template.
  - 22. The electronic device as claimed in claim 20, wherein the filtered response APDU comprises a header section that includes an indication of a length of a payload section of the filtered response APDU, the payload section comprising data related to another biometric template that is distinct from the data related to the biometric template.

23. An electronic device comprising:
- a processor;
  
  a user input component coupled to the processor and adapted to receive a notification of an attempt to gain access to the electronic device;
  
  a communication interface coupled to the processor and adapted to communicate with a smart card reader;
  
  a computer-readable medium coupled to the processor and adapted to store code which, when executed by the processor, causes the electronic device;
  
  in response to receiving the notification, to transmit to a smart card reader via the communication interface a biometric template index message comprising an identification of a particular index of a biometric template and a set of commands instructing the smart card reader;
  
  (1) to obtain a biometric candidate;
  
  (2) to perform a comparison of the biometric candidate to the biometric template corresponding to the particular index; and
  
  (3) to respond with a result of the comparison; and
  
  to receive from the smart card reader via the communication interface the result of the comparison.
- View Dependent Claims (24, 25, 26)
- - 24. The electronic device as claimed in claim 23, wherein the code, when executed by the processor, further causes the electronic device:
    - to permit access to the electronic device where the result is that the biometric candidate matches the biometric template corresponding to the particular index.
  - 25. The electronic device as claimed in claim 23, wherein the code, when executed by the processor, further causes the electronic device:
    - to deny access to the electronic device where the result is that the biometric candidate does not match the biometric template corresponding to the particular index.
  - 26. The electronic device as claimed in claim 23, wherein the biometric template comprises a fingerprint template and the particular index of the biometric template is an index of a particular finger.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Singh, Ravi, Adams, Neil Patrick, Sibley, Richard Paul
Primary Examiner(s)
Lee, Michael G
Assistant Examiner(s)
Mikels, Matthew

Application Number

US13/437,312
Publication Number

US 20120286039A1
Time in Patent Office

421 Days
Field of Search

235/435, 235/439, 235/451, 235/487, 235/492, 340/10, 340/572
US Class Current

235/492
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

G06F 21/34 involving the use of extern...

Secure use of externally stored data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Secure use of externally stored data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links