Dual-interface key management

US 8,689,013 B2
Filed: 10/20/2010
Issued: 04/01/2014
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A system comprising an access card, the access card comprising:

an interface;

a memory; and

a processor coupled to the interface and to the memory, whereinthe processor is configured to;

receive challenge data, according to an authentication protocol, via the interface of the access card, whereinthe challenge data is received in lieu of a challenge,the challenge comprises one or more random numbers, andthe challenge is processed to generate a response according to the authentication protocol,obtain key-management information from the challenge data, wherein the processor is configured to obtain the key-management information byextracting encrypted key-management information by processing the challenge data, andretrieving the key-management information by decrypting the encrypted key-management information, andstore the key-management information in the memory of the access card.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a device includes a first interface, a second interface, a memory, and a processor coupled to the first and second interfaces and to the memory. The processor is configured to receive key-management information via the second interface, and to store the key-management information in a protected portion of the memory as stored key-management information. The processor is also configured to perform a challenge-response authentication interaction via the first interface. The challenge-response authentication interaction is based at least in part on the stored key-management information. The device is configured to prevent data in the protected portion of the memory from being modified in response to information received via the first interface.

Citations

35 Claims

1. A system comprising an access card, the access card comprising:
- an interface;
  
  a memory; and
  
  a processor coupled to the interface and to the memory, whereinthe processor is configured to;
  
  receive challenge data, according to an authentication protocol, via the interface of the access card, whereinthe challenge data is received in lieu of a challenge,the challenge comprises one or more random numbers, andthe challenge is processed to generate a response according to the authentication protocol,obtain key-management information from the challenge data, wherein the processor is configured to obtain the key-management information byextracting encrypted key-management information by processing the challenge data, andretrieving the key-management information by decrypting the encrypted key-management information, andstore the key-management information in the memory of the access card.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, whereinthe challenge data is comprised in a public key infrastructure (PKI) authentication request;
    - andthe processor is configured to request a PKI authentication of a provider of the key-management information.
  - 3. The system of claim 1, wherein the processor is configured to:
    - generate another response to the key-management information; and
      
      transmit the another response in the form of a second challenge data to a provider of the key-management information.
  - 4. The system of claim 1, whereinthe key-management information is encrypted within the challenge data.
  - 5. The system of claim 1, whereinthe processor is further configured to generate another response based on the challenge data.
  - 6. The system of claim 1, whereinthe authentication protocol is a secure socket layer (SSL) protocol that uses client certificate authentication,the processing the challenge data comprisesusing the client certificate authentication to perform the extracting of the encrypted key-management information.
  - 7. The system of claim 1, whereinthe processor is further configured toreceive, according to the authentication protocol, the challenge, andgenerate the response by decrypting, according to the authentication protocol, the challenge.
  - 8. The system of claim 1, whereinanother key is encrypted within the challenge data,the another key is used in a generation of an access request, andthe access request comprises a request for authentication.
  - 9. The system of claim 1, whereinthe authentication protocol comprises a PKI protocol, andthe processing the challenge data comprisesusing a cryptographic key according to the PKI protocol.

10. A method comprising:
- receiving, by an access card, challenge data according to an authentication protocol, whereinthe receiving is performed via an interface,the challenge data is received in lieu of a challenge,the challenge comprises one or more random numbers, andthe challenge is processed to generate a response according to the authentication protocol;
  
  obtaining, by the access card, key-management information from the challenge data,whereinthe obtaining comprisesextracting encrypted key-management information by processing the challenge data, andretrieving the key-management information by decrypting the encrypted key-management information; and
  
  storing, by the access card, the key-management information in a memory of the access card.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, whereinthe challenge data is comprised in a public key infrastructure (PKI) authentication request;
    - andthe method further comprisesrequesting a PKI authentication of a provider of the key-management information.
  - 12. The method of claim 10, further comprising:
    - generating another response to the key-management information; and
      
      transmitting the another response in the form of a second challenge data to a provider of the key-management information.
  - 13. The method of claim 10, whereinthe key-management information is encrypted within the challenge data.
  - 14. The method of claim 10, further comprising:
    - generating another response based on the challenge data.
  - 15. The method of claim 10, whereinthe authentication protocol is a secure socket layer (SSL) protocol that uses client certificate authentication,the processing the challenge data comprisesusing the client certificate authentication to perform the extracting of the encrypted key-management information.
  - 16. The method of claim 10, whereinanother key is encrypted within the challenge data,the another key is used in a generation of an access request, andthe access request comprises a request for authentication.
  - 17. The method of claim 10, whereinthe authentication protocol comprises a PKI protocol, andthe processing the challenge data comprisesusing a cryptographic key according to the PKI protocol.
  - 18. The method of claim 10, further comprising:
    - receiving, according to the authentication protocol, the challenge; and
      
      generating a response by decrypting, according to the authentication protocol, the challenge.
  - 19. The computer program product of claim 18, whereinthe challenge data is comprised in a public key infrastructure (PKI) authentication request;
    - andthe plurality of instructions further comprisea fourth set of instructions, executable on the computer system, configured to request a PKI authentication of a provider of the key-management information.

20. A computer program product comprising a non-transitory computer-readable medium storing:
- a plurality of instructions, comprising;
  
  a first set of instructions, executable on a computer system, configured to receive, by an access card, challenge data according to an authentication protocol, whereinthe challenge data is received in lieu of a challenge,the challenge comprises one or more random numbers,according to the authentication protocol, the challenge is processed to generate a response, andthe receiving is performed via an interface,a second set of instructions, executable on the computer system, configured to obtain, by the access card, key-management information from the challenge data, whereinthe second set of instructions is further comprises instructions executable and configured to perform the obtaining the key-management information byextracting encrypted key-management information by processing the challenge data, andretrieving the key-management information by decrypting the encrypted key-management information; and
  
  a third set of instructions, executable on the computer system, configured to store, by the access card, key-management information in a memory of the access card.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The computer program product of claim 20, wherein the plurality of instructions further comprise:
    - a fourth set of instructions, executable on the computer system, configured togenerate another response to the key-management information, anda fifth set of instructions, executable on the computer system, configured totransmit the another response in the form of a second challenge data to a provider of the key-management information.
  - 22. The computer program product of claim 20, wherein the key-management information is encrypted within the challenge data.
  - 23. The computer program product of claim 20, wherein the plurality of instructions further comprise:
    - a fourth set of instructions, executable on the computer system, configured to generate another response based on the challenge data.
  - 24. The computer program product of claim 20, whereinthe authentication protocol is a secure socket layer (SSL) protocol that uses client certificate authentication,wherein the second set of instructions is further executable and configured to use the client certificate authentication to perform the extracting of the encrypted key-management information.
  - 25. The computer program product of claim 20, whereinanother key is encrypted within the challenge data,the another key is used in a generation of an access request, andthe access request comprises a request for authentication.
  - 26. The computer program product of claim 20, whereinthe authentication protocol comprises a PKI protocol, and whereinthe processing the challenge data comprisesusing a cryptographic key according to the PKI protocol.
  - 27. The computer program product of claim 20,wherein the plurality of instructions further comprise:
    - a fourth set of instructions, executable on the computer system, configured to receive, according to the authentication protocol, the challenge, anda fifth set of instructions, executable on the computer system, configured to generate the response by decrypting, according to the authentication protocol, the challenge.

28. An access card comprising:
- an interface;
  
  a memory; and
  
  a processor coupled to the interface and to the memory, whereinthe processor is configured toreceive challenge data, according to an authentication protocol, via the interface, whereinthe challenge data is received in lieu of a challenge,the challenge comprises one or more random numbers,the challenge data comprises encrypted key-management information, andthe challenge is processed to generate a response according to the authentication protocol,obtain key-management information from the challenge data, whereinthe processor is configured to obtain the key-management information byretrieving the key-management information from the challenge data by decrypting the encrypted key-management information, andstore the key-management information in the memory of the access card.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
- - 29. The access card of claim 28, whereinthe challenge data is comprised in a public key infrastructure (PKI) authentication request;
    - andthe processor is configured to request a PKI authentication of a provider of the key-management information.
  - 30. The access card of claim 28, wherein the processor is further configured to:
    - generate another response to the key-management information; and
      
      transmit the another response in the form of a second challenge data to a provider of the key-management information.
  - 31. The access card of claim 28, whereinthe processor is further configured to generate another response based on the challenge data.
  - 32. The access card of claim 28, whereinthe authentication protocol is a secure socket layer (SSL) protocol that uses client certificate authentication.
  - 33. The access card of claim 28, whereinthe processor is further configured toreceive, according to the authentication protocol, the challenge, andgenerate the response by decrypting, according to the authentication protocol, the challenge.
  - 34. The access card of claim 28, whereinanother key is encrypted within the challenge data,the another key is used in a generation of an access request, andthe access request comprises a request for authentication.
  - 35. The access card of claim 28, whereinthe authentication protocol comprises a PKI protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Habraken G. Wouter
Original Assignee
Habraken G. Wouter
Inventors
Habraken, G. Wouter
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
SIMS, JING F

Application Number

US12/908,332
Publication Number

US 20110035604A1
Time in Patent Office

1,259 Days
Field of Search

713193-194, 726 26- 30, 726 2- 3, 365/185.01, 711163-164
US Class Current

713/193
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06Q 20/327   Short range or proximity pa...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/352   Contactless payments by cards

G06Q 20/409   Device specific authenticat...

G06Q 20/40975   using encryption therefor

G07C 2009/00388   code verification carried o...

G07C 2009/00412   the transmitted data signal...

G07C 2009/00793   by Hertzian waves

G07C 9/22   in combination with an iden...

G07F 7/08   by coded identity card or c...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

Dual-interface key management

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Dual-interface key management

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links