Dual-interface key management
First Claim
1. A system comprising an access card, the access card comprising:
- an interface;
a memory; and
a processor coupled to the interface and to the memory, whereinthe processor is configured to;
receive challenge data, according to an authentication protocol, via the interface of the access card, whereinthe challenge data is received in lieu of a challenge,the challenge comprises one or more random numbers, andthe challenge is processed to generate a response according to the authentication protocol,obtain key-management information from the challenge data, wherein the processor is configured to obtain the key-management information byextracting encrypted key-management information by processing the challenge data, andretrieving the key-management information by decrypting the encrypted key-management information, andstore the key-management information in the memory of the access card.
0 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a device includes a first interface, a second interface, a memory, and a processor coupled to the first and second interfaces and to the memory. The processor is configured to receive key-management information via the second interface, and to store the key-management information in a protected portion of the memory as stored key-management information. The processor is also configured to perform a challenge-response authentication interaction via the first interface. The challenge-response authentication interaction is based at least in part on the stored key-management information. The device is configured to prevent data in the protected portion of the memory from being modified in response to information received via the first interface.
-
Citations
35 Claims
-
1. A system comprising an access card, the access card comprising:
-
an interface; a memory; and a processor coupled to the interface and to the memory, wherein the processor is configured to; receive challenge data, according to an authentication protocol, via the interface of the access card, wherein the challenge data is received in lieu of a challenge, the challenge comprises one or more random numbers, and the challenge is processed to generate a response according to the authentication protocol, obtain key-management information from the challenge data, wherein the processor is configured to obtain the key-management information by extracting encrypted key-management information by processing the challenge data, and retrieving the key-management information by decrypting the encrypted key-management information, and store the key-management information in the memory of the access card. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving, by an access card, challenge data according to an authentication protocol, wherein the receiving is performed via an interface, the challenge data is received in lieu of a challenge, the challenge comprises one or more random numbers, and the challenge is processed to generate a response according to the authentication protocol; obtaining, by the access card, key-management information from the challenge data, wherein the obtaining comprises extracting encrypted key-management information by processing the challenge data, and retrieving the key-management information by decrypting the encrypted key-management information; and storing, by the access card, the key-management information in a memory of the access card. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising a non-transitory computer-readable medium storing:
a plurality of instructions, comprising; a first set of instructions, executable on a computer system, configured to receive, by an access card, challenge data according to an authentication protocol, wherein the challenge data is received in lieu of a challenge, the challenge comprises one or more random numbers, according to the authentication protocol, the challenge is processed to generate a response, and the receiving is performed via an interface, a second set of instructions, executable on the computer system, configured to obtain, by the access card, key-management information from the challenge data, wherein the second set of instructions is further comprises instructions executable and configured to perform the obtaining the key-management information by extracting encrypted key-management information by processing the challenge data, and retrieving the key-management information by decrypting the encrypted key-management information; and a third set of instructions, executable on the computer system, configured to store, by the access card, key-management information in a memory of the access card. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
28. An access card comprising:
-
an interface; a memory; and a processor coupled to the interface and to the memory, wherein the processor is configured to receive challenge data, according to an authentication protocol, via the interface, wherein the challenge data is received in lieu of a challenge, the challenge comprises one or more random numbers, the challenge data comprises encrypted key-management information, and the challenge is processed to generate a response according to the authentication protocol, obtain key-management information from the challenge data, wherein the processor is configured to obtain the key-management information by retrieving the key-management information from the challenge data by decrypting the encrypted key-management information, and store the key-management information in the memory of the access card. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
Specification