Authenticating a chip card interface device

US 8,707,413 B2
Filed: 07/30/2010
Issued: 04/22/2014
Est. Priority Date: 01/15/2010
Status: Active Grant

First Claim

Patent Images

1. A chip card interface device (CCID) configured for authenticating with a backend system during a transaction with the backend system, the CCID comprising:

a network communication device configured for communicating with the backend system over a network;

a memory device configured for storing a unique chip key created by the backend system based at least in part on a master chip key of the backend system and based at least in part on a serial number of the processing device of the CCID;

a processing device coupled with the network communication device, the processing device configured for;

instructing the network communication device to communicate a transaction initiation communication to the backend system,receiving a request sent from the backend system in response to the transaction initiation communication, for authentication information, the request for authentication information from the backend system comprising a random number,symmetrically encrypting the random number based at least in part on the unique chip key stored in the memory device; and

instructing the network communication device to communicate, in response to receiving the request for authentication information, an authentication communication to the backend system, the authentication communication including a serial number of the processing device of the CCID such that the backend system can authenticate the identity of the processing device of the CCID and complete the transaction, the authentication communication comprising the encrypted random number;

wherein the serial number is to be used by the backend system to recalculate the unique chip key using the master chip key, the recalculated unique chip key is to be used by the backend system to encrypt a copy of the random number previously received at the CCID from the backend system, and the encrypted copy of the random number is to be compared to the encrypted random number, thereby indicating whether the identity of the processing device is authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is configured for authenticating a chip card interface device (CCID) during a transaction with the CCID. The system has a communication device configured for communicating with the CCID over a network and a processing device coupled with the communication device. The processing device is configured for receiving a transaction initiation communication from the CCID and instructing the communication device to communicate a request for authentication information including a random number to the CCID. The CCID encrypts the random number with a unique chip key (UCK) previously created with a master chip key (MCK). Then, the CCID communicates the encrypted random number to the system along with a serial number. The system recalculates the UCK using the serial number, encrypts a copy of the random number using the recalculated UCK and compares the encrypted copy with the encrypted random number received from the CCID to authenticate the CCID.

14 Citations

24 Claims

1. A chip card interface device (CCID) configured for authenticating with a backend system during a transaction with the backend system, the CCID comprising:
- a network communication device configured for communicating with the backend system over a network;
  
  a memory device configured for storing a unique chip key created by the backend system based at least in part on a master chip key of the backend system and based at least in part on a serial number of the processing device of the CCID;
  
  a processing device coupled with the network communication device, the processing device configured for;
  
  instructing the network communication device to communicate a transaction initiation communication to the backend system,receiving a request sent from the backend system in response to the transaction initiation communication, for authentication information, the request for authentication information from the backend system comprising a random number,symmetrically encrypting the random number based at least in part on the unique chip key stored in the memory device; and
  
  instructing the network communication device to communicate, in response to receiving the request for authentication information, an authentication communication to the backend system, the authentication communication including a serial number of the processing device of the CCID such that the backend system can authenticate the identity of the processing device of the CCID and complete the transaction, the authentication communication comprising the encrypted random number;
  
  wherein the serial number is to be used by the backend system to recalculate the unique chip key using the master chip key, the recalculated unique chip key is to be used by the backend system to encrypt a copy of the random number previously received at the CCID from the backend system, and the encrypted copy of the random number is to be compared to the encrypted random number, thereby indicating whether the identity of the processing device is authenticated.
- View Dependent Claims (2)
- - 2. The CCID of claim 1 wherein the processing device is further configured for receiving a successful authentication communication from the backend system, the CCID further configured for completing the transaction.

3. A method for authenticating a chip card interface device (CCID) with a backend system during a transaction with the backend system, the method comprising:
- storing, by a memory device of the CCID, a unique chip key created by the backend system based at least in part on a master chip key of the backend system and based at least in part on a serial number of the processing device of the CCID;
  
  instructing, by a processing device of the CCID, the network communication device to communicate a transaction initiation communication to the backend system;
  
  receiving, at the processing device, a request sent from the backend system in response to the transaction initiation communication, for authentication information, the request for authentication information from the backend system comprising a random number;
  
  symmetrically encrypting, by the processing device, the random number based at least in part on the unique chip key stored in the memory device; and
  
  instructing, by the processing device, the network communication device to communicate, in response to receiving the request for authentication information, an authentication communication to the backend system, the authentication communication including a serial number of the processing device of the CCID such that the backend system can authenticate the identity of the processing device of the CCID and complete the transaction, the authentication communication comprising the encrypted random number;
  
  wherein the serial number is to be used by the backend system to recalculate the unique chip key using the master chip key, the recalculated unique chip key is to be used by the backend system to encrypt a copy of the random number previously received at the CCID from the backend system, and the encrypted copy of the random number is to be compared to the encrypted random number, thereby indicating whether the identity of the processing device is authenticated such that the transaction can be completed.
- View Dependent Claims (4)
- - 4. The method of claim 3, further comprising:
    - receiving, at the processing device, a successful authentication communication from the backend system, andcompleting, by the processing device, the transaction with the backend system.

5. A computer program product comprising a non-transitory computer-readable medium comprising computer-readable instructions for execution by a chip card interface device (CCID), the instructions configured for authenticating the CCID with a backend system during a transaction with the backend system, the instructions comprising:
- instructions for storing, by a memory device of the CCID, a unique chip key created by the backend system based at least in part on a master chip key of the backend system and based at least in part on a serial number of the processing device of the CCID;
  
  instructions for instructing, by a processing device of the CCID, a network communication device to communicate a transaction initiation communication to the backend system;
  
  instructions for receiving, at the processing device, a request sent from the backend system in response to the transaction initiation communication, for authentication information, the request for authentication information from the backend system comprising a random number;
  
  instructions for symmetrically encrypting, by the processing device, the random number based at least in part on the unique chip key stored in the memory device; and
  
  instructions for instructing, by the processing device, the network communication device to communicate, in response to receiving the request for authentication information, an authentication communication to the backend system, the authentication communication including a serial number of the processing device of the CCID such that the backend system can authenticate the identity of the processing device of the CCID and complete the transaction, the authentication communication comprising the encrypted random number;
  
  wherein the serial number is to be used by the backend system to recalculate the unique chip key using the master chip key, the recalculated unique chip key is to be used by the backend system to encrypt a copy of the random number previously received at the CCID from the backend system, and the encrypted copy of the random number is to be compared to the encrypted random number, thereby indicating whether the identity of the processing device is authenticated such that the transaction can be completed.
- View Dependent Claims (6)
- - 6. The computer program product of claim 5, the instructions further comprising:
    - instructions for receiving, at the processing device, a successful authentication communication from the backend system, andinstructions for completing, by the processing device, the transaction with the backend system.

7. A system configured for authenticating a chip card interface device (CCID) during a transaction with the CCID, the system comprising:
- a communication device configured for communicating with the CCID over a network;
  
  a memory device configured for storing a master chip key;
  
  a processing device coupled with the communication device and the memory device, the processing device configured for;
  
  receiving a transaction initiation communication from the CCID;
  
  in response to receiving the transaction initiation communication, instructing the communication device to communicate a request for authentication information to the CCID, the request for authentication information comprising a random number;
  
  receiving an authentication communication from the CCID in response to the request for authentication information, the authentication communication including a serial number of a processing device of the CCID;
  
  receiving, via the communication device, an encrypted random number and a serial number of a processing device of the CCID, the encrypted random number being an encryption of the random number based at least in part on a unique chip key based at least in part on the serial number of the processing device of the CCID and based at least in part on the master chip key;
  
  re-calculating the unique chip key by encrypting the received serial number and the stored master chip key;
  
  encrypting a copy of the random number communicated to the CCID based at least in part on the recalculated unique chip key;
  
  comparing the encrypted copy of the random number with the encrypted random number received from the CCID; and
  
  determining whether the identity of the processing device of the CCID corresponds with a processing device allowed to conduct the transaction.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the processing device is further configured for creating the unique chip key based at least in part on the serial number of the processing device of the CCID and based at least in part on the master chip key, the unique chip key configured for storage at a memory device of the CCID and configured for assisting authentication of the CCID with the backend system.
  - 9. The system of claim 8, wherein the processing device is configured for instructing the communication device to communicate the unique chip key to the CCID and instructing the communication device to communicate instructions to store the unique chip key in the memory device of the CCID to the CCID.
  - 10. The system of claim 7, wherein the processing device is further configured for logging the serial number of the CCID as a potentially fraudulent device when the encrypted copy of the random number does not match the encrypted random number received from the CCID.
  - 11. The system of claim 7, wherein the processing device is further configured for terminating the transaction.
  - 12. The system of claim 7, wherein the processing device is further configured for proceeding with the transaction when the encrypted copy of the random number matches the encrypted random number received from the CCID.

13. A method for authenticating a chip card interface device (CCID) during a transaction with the CCID, the method comprising:
- storing, at a memory device coupled with a processing device of a system, a master chip key;
  
  communicating, by a communication device of the system, with the CCID over a network;
  
  receiving, at the processing device of the system coupled with the communication device of the system, a transaction initiation communication from the CCID;
  
  in response to receiving the transaction initiation communication, instructing, by the processing device, the communication device to communicate a request for authentication information to the CCID, the authentication information comprising a random number;
  
  receiving, at the processing device, an authentication communication from the CCID in response to the request for authentication information, the authentication communication including a serial number of a processing device of the CCID;
  
  receiving, at the processing device, via the communication device, an encrypted random number and a serial number of a processing device of the CCID, the encrypted random number being an encryption of the random number based at least in part on a unique chip key based at least in part on the serial number of the processing device of the CCID and based at least in part on the master chip key;
  
  re-calculating, by the processing device, the unique chip key by encrypting the received serial number and the stored master chip key;
  
  encrypting, by the processing device, a copy of the random number communicated to the CCID based at least in part on the recalculated unique chip key;
  
  comparing, by the processing device, the encrypted copy of the random number with the encrypted random number received from the CCID; and
  
  determining, by the processing device of the system, whether the identity of the processing device of the CCID corresponds with a processing device allowed to conduct the transaction.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, further comprising:
    - creating the unique chip key based at least in part on a serial the serial number of the processing device of the CCID and based at least in part on the master chip key, the unique chip key configured for storage at a memory device of the CCID and configured for assisting authentication of the CCID with the backend system.
  - 15. The method of claim 14, further comprising:
    - instructing, by the processing device, the communication device to communicate the unique chip key to the CCID; and
      
      instructing the communication device to communicate instructions to store the unique chip key in the memory device of the CCID to the CCID.
  - 16. The method of claim 13, further comprising:
    - logging the serial number of the CCID as a potentially fraudulent device when the encrypted copy of the random number does not match the encrypted random number received from the CCID.
  - 17. The method of claim 13, further comprising:
    - terminating, by the processing device, the transaction.
  - 18. The method of claim 13, further comprising:
    - proceeding, by the processing device, with the transaction when the encrypted copy of the random number matches the encrypted random number received from the CCID.

19. A computer program product comprising a non-transitory computer-readable medium comprising computer-readable instructions for execution by a chip card interface device (CCID), the instructions configured for authenticating a chip card interface device (CCID) during a transaction with the CCID, the instructions comprising:
- instructions for storing, at a memory device coupled with a processing device of a system, a master chip key;
  
  instructions for communicating, by a communication device of the system, with the CCID over a network;
  
  instructions for receiving, at the processing device of the system coupled with the communication device of the system, a transaction initiation communication from the CCID;
  
  instructions for, in response to receiving the transaction initiation communication, instructing, by the processing device, the communication device to communicate a request for authentication information to the CCID, the authentication information including a random number;
  
  instructions for receiving, at the processing device, an authentication communication from the CCID in response to the request for authentication information, the authentication communication including a serial number of a processing device of the CCID;
  
  instructions for receiving, at the processing device, via the communication device, an encrypted random number and a serial number of the processing device of the CCID, the encrypted random number being an encryption of the random number based at least in part on a unique chip key based at least in part on the serial number of the processing device of the CCID and based at least in part on the master chip key;
  
  instructions for re-calculating, by the processing device, the unique chip key by encrypting the received serial number and the stored master chip key;
  
  instructions for encrypting, by the processing device, a copy of the random number communicated to the CCID based at least in part on the recalculated unique chip key;
  
  instructions for comparing, by the processing device, the encrypted copy of the random number with the encrypted random number received from the CCID; and
  
  instructions for determining, by the processing device of the system, whether the identity of the processing device of the CCID corresponds with a processing device allowed to conduct the transaction.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The computer program product of claim 19, wherein the instructions further comprise:
    - instructions for creating the unique chip key based at least in part on a serial number of the processing device of the CCID and based at least in part on the master chip key, the unique chip key configured for storage at a memory device of the CCID and configured for assisting authentication of the CCID with the backend system.
  - 21. The computer program product of claim 20, wherein the instructions further comprise:
    - instructions for instructing, by the processing device, the communication device to communicate the unique chip key to the CCID; and
      
      instructions for instructing the communication device to communicate instructions to store the unique chip key in the memory device of the CCID to the CCID.
  - 22. The computer program product of claim 19, wherein the instructions further comprise:
    - instructions for logging the serial number of the CCID as a potentially fraudulent device when the encrypted copy of the random number does not match the encrypted random number received from the CCID.
  - 23. The computer program product of claim 19, wherein the instructions further comprise:
    - instructions for terminating, by the processing device, the transaction.
  - 24. The computer program product of claim 19, wherein the instructions further comprise:
    - instructions for proceeding, by the processing device, with the transaction when the encrypted copy of the random number matches the encrypted random number received from the CCID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Adams, Amanda Jane, Woodward, Richard John
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US12/847,373
Publication Number

US 20110179290A1
Time in Patent Office

1,362 Days
Field of Search

713/193, 726/2, 726/9
US Class Current

726/9
CPC Class Codes

G07F 7/00 Mechanisms actuated by obje...

Authenticating a chip card interface device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating a chip card interface device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links