System and method for encrypted smart card pin entry
First Claim
1. A method implemented at a mobile device, the method comprising:
- receiving, over a wireless link, a challenge comprising a public key stored by an authentication device, the mobile device receiving the challenge from an untrusted reader device in communication with the authentication device, the reader device being configured to wirelessly communicate with the mobile device over the wireless link, the mobile device, the reader device, and the authentication device being physically separate devices, the reader device and the authentication device being in wireless communication with each other, the mobile device comprising a user mobile communication device configured to send and receive messages;
receiving user-entered authentication information;
encrypting the user-entered authentication information using the public key;
transmitting for receipt by the authentication device, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and
receiving a verification signal sent by the authentication device over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device;
in response to receiving the verification signal, the mobile device being enabled to encrypt or digitally sign a message for transmission from the mobile device, or decrypt or verify a message received by the mobile device.
4 Assignments
0 Petitions
Accused Products
Abstract
A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.
-
Citations
18 Claims
-
1. A method implemented at a mobile device, the method comprising:
-
receiving, over a wireless link, a challenge comprising a public key stored by an authentication device, the mobile device receiving the challenge from an untrusted reader device in communication with the authentication device, the reader device being configured to wirelessly communicate with the mobile device over the wireless link, the mobile device, the reader device, and the authentication device being physically separate devices, the reader device and the authentication device being in wireless communication with each other, the mobile device comprising a user mobile communication device configured to send and receive messages; receiving user-entered authentication information; encrypting the user-entered authentication information using the public key; transmitting for receipt by the authentication device, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and receiving a verification signal sent by the authentication device over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device; in response to receiving the verification signal, the mobile device being enabled to encrypt or digitally sign a message for transmission from the mobile device, or decrypt or verify a message received by the mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A mobile device, including:
-
an input device; a processor configured to; receive, over a wireless link from an untrusted reader device in wireless communication with an authentication device, a challenge comprising a public key stored by the authentication device, the mobile device, the reader device, and the authentication device being physically separate devices, the reader device and the authentication device being in wireless communication with each other; receive user-entered authentication information via the input device; encrypt the user-entered authentication information using the public key; transmit for receipt by the authentication device, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and receive a verification signal sent by the authentication device over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device, in response to receiving the verification signal, the mobile device being enabled to encrypt or digitally sign a message for transmission from the mobile device, or decrypt or verify a message received by the mobile device. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium bearing code which, when executed by a processor of a mobile device, causes the mobile device to implement the method of:
-
receiving, over a wireless link from an untrusted reader device in wireless communication with an authentication device, a challenge comprising a public key stored by the authentication device, the mobile device, the reader device, and the authentication device being physically separate devices, the reader device and the authentication device being in wireless communication with each other, the mobile device comprising a user mobile communication device configured to send and receive messages; receiving user-entered authentication information; encrypting the user-entered authentication information using the public key; transmitting to the authentication device, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and receiving a verification signal sent by the authentication device over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device; in response to receiving the verification signal, the mobile device being enabled to encrypt or digitally sign a message for transmission from the mobile device, or decrypt or verify a message received by the mobile device. - View Dependent Claims (16, 17, 18)
-
Specification