System and method for encrypted smart card pin entry

US 9,003,516 B2
Filed: 09/13/2012
Issued: 04/07/2015
Est. Priority Date: 07/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method implemented at a mobile device, the method comprising:

receiving, over a wireless link, a challenge comprising a public key stored by an authentication device, the mobile device receiving the challenge from an untrusted reader device in communication with the authentication device, the reader device being configured to wirelessly communicate with the mobile device over the wireless link, the mobile device, the reader device, and the authentication device being physically separate devices, the reader device and the authentication device being in wireless communication with each other, the mobile device comprising a user mobile communication device configured to send and receive messages;

receiving user-entered authentication information;

encrypting the user-entered authentication information using the public key;

transmitting for receipt by the authentication device, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and

receiving a verification signal sent by the authentication device over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device;

in response to receiving the verification signal, the mobile device being enabled to encrypt or digitally sign a message for transmission from the mobile device, or decrypt or verify a message received by the mobile device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.

Citations

18 Claims

1. A method implemented at a mobile device, the method comprising:
- receiving, over a wireless link, a challenge comprising a public key stored by an authentication device, the mobile device receiving the challenge from an untrusted reader device in communication with the authentication device, the reader device being configured to wirelessly communicate with the mobile device over the wireless link, the mobile device, the reader device, and the authentication device being physically separate devices, the reader device and the authentication device being in wireless communication with each other, the mobile device comprising a user mobile communication device configured to send and receive messages;
  
  receiving user-entered authentication information;
  
  encrypting the user-entered authentication information using the public key;
  
  transmitting for receipt by the authentication device, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and
  
  receiving a verification signal sent by the authentication device over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device;
  
  in response to receiving the verification signal, the mobile device being enabled to encrypt or digitally sign a message for transmission from the mobile device, or decrypt or verify a message received by the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the challenge further comprises a value generated by the authentication device, and the generated value is used for encrypting the user-entered authentication information and decrypting the encrypted user-entered authentication information.
  - 3. The method of claim 2, wherein the generated value is a nonce.
  - 4. The method of claim 1, wherein the authentication device is a smart card.
  - 5. The method of claim 1, wherein the user-entered authentication information comprises a password.
  - 6. The method of claim 1, wherein the user-entered authentication information is received after the challenge is received.
  - 7. The method of claim 6, wherein the user-entered authentication information is received in response to a request, the request being triggered by receipt of the challenge.
  - 8. The method of claim 1, further comprising the authentication device:
    - receiving the encrypted user-entered authentication information;
      
      decrypting the encrypted user-entered authentication information; and
      
      determining that the user-entered authentication information obtained by decryption matches the previously stored authentication information.

9. A mobile device, including:
- an input device;
  
  a processor configured to;
  
  receive, over a wireless link from an untrusted reader device in wireless communication with an authentication device, a challenge comprising a public key stored by the authentication device, the mobile device, the reader device, and the authentication device being physically separate devices, the reader device and the authentication device being in wireless communication with each other;
  
  receive user-entered authentication information via the input device;
  
  encrypt the user-entered authentication information using the public key;
  
  transmit for receipt by the authentication device, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and
  
  receive a verification signal sent by the authentication device over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device,in response to receiving the verification signal, the mobile device being enabled to encrypt or digitally sign a message for transmission from the mobile device, or decrypt or verify a message received by the mobile device.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The mobile device of claim 9, wherein the challenge further comprises a value generated by the authentication device, and the generated value is used for encrypting the user-entered authentication information and decrypting the encrypted user-entered authentication information.
  - 11. The mobile device of claim 10, wherein the generated value is a nonce.
  - 12. The mobile device of claim 9, wherein the user-entered authentication information comprises a password.
  - 13. The mobile device of claim 9, wherein the user-entered authentication information is received after the challenge is received.
  - 14. The mobile device of claim 13, wherein the user-entered authentication information is received in response to a request, the request being triggered by receipt of the challenge.

15. A non-transitory computer-readable medium bearing code which, when executed by a processor of a mobile device, causes the mobile device to implement the method of:
- receiving, over a wireless link from an untrusted reader device in wireless communication with an authentication device, a challenge comprising a public key stored by the authentication device, the mobile device, the reader device, and the authentication device being physically separate devices, the reader device and the authentication device being in wireless communication with each other, the mobile device comprising a user mobile communication device configured to send and receive messages;
  
  receiving user-entered authentication information;
  
  encrypting the user-entered authentication information using the public key;
  
  transmitting to the authentication device, over the wireless link and in response to the challenge, the encrypted user-entered authentication information; and
  
  receiving a verification signal sent by the authentication device over the wireless link once the encrypted user-entered authentication information is decrypted using a private key stored by the authentication device, and is determined to match authentication information previously stored by the authentication device;
  
  in response to receiving the verification signal, the mobile device being enabled to encrypt or digitally sign a message for transmission from the mobile device, or decrypt or verify a message received by the mobile device.
- View Dependent Claims (16, 17, 18)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the challenge further comprises a nonce generated by the authentication device, and the nonce is used for encrypting the user-entered authentication information and decrypting the encrypted user-entered authentication information.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the user-entered authentication information is received in response to a request, the request being triggered by receipt of the challenge.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the authentication device is a smart card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael Kenneth, Adams, Neil Patrick, Little, Herbert Anthony
Primary Examiner(s)
Vaughan, Michael R

Application Number

US13/614,436
Publication Number

US 20130019102A1
Time in Patent Office

936 Days
Field of Search

None
US Class Current

726/20
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

System and method for encrypted smart card pin entry

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for encrypted smart card pin entry

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links