Field programmable smart card terminal and token device
First Claim
1. A handheld electronic smart card terminal, comprising:
- a smart card reader for receiving and communicating with a smart card having smart card data stored thereon, said smart card comprising a cryptographic engine and said smart card data comprising a smart card secret;
a token personality logic programmed based on the smart card data as a token device personality for offering the functionality of a strong authentication token, subsequent to insertion of the smart card in said smart card reader, wherein said smart card terminal obtains a secret device key from said smart card when received by said smart card reader by submitting to the smart card an input value for processing by the cryptographic engine using said smart card secret to derive the secret device key; and
a communications mechanism for communicating authentication data derived from said token device personality to a user for transmission to an application provided by a service provider;
wherein said smart card terminal is adapted to work at least in a non-connected mode; and
wherein said smart card terminal further supports at least one of (i.) a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (ii.) a security paradigm including dynamic signatures based on at least transaction data input by the user and an event.
1 Assignment
0 Petitions
Accused Products
Abstract
A digital programmable smart card terminal device and token collectively known as the token device is disclosed. The token device comprises a field programmable token device which accepts a user'"'"'s smart card. The combination of token device and smart card may then be used for a variety of applications that include user authentication, secure access, encryption. One specific application is that of an electronic wallet. In one embodiment, an electronic smart card terminal includes a smart card reader adapted to receive and communicate with a smart card having smart card data stored thereon; token personality logic programmed based on the smart card data as a token personality subsequent to insertion of the smart card in the smart card reader; and a communications mechanism for communicating authentication data derived from the token personality. Since the smart card terminal only gains its token personality when a smart card is inserted, manufacture and distribution of the terminal on a wide scale is possible.
-
Citations
46 Claims
-
1. A handheld electronic smart card terminal, comprising:
-
a smart card reader for receiving and communicating with a smart card having smart card data stored thereon, said smart card comprising a cryptographic engine and said smart card data comprising a smart card secret; a token personality logic programmed based on the smart card data as a token device personality for offering the functionality of a strong authentication token, subsequent to insertion of the smart card in said smart card reader, wherein said smart card terminal obtains a secret device key from said smart card when received by said smart card reader by submitting to the smart card an input value for processing by the cryptographic engine using said smart card secret to derive the secret device key; and a communications mechanism for communicating authentication data derived from said token device personality to a user for transmission to an application provided by a service provider; wherein said smart card terminal is adapted to work at least in a non-connected mode; and wherein said smart card terminal further supports at least one of (i.) a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (ii.) a security paradigm including dynamic signatures based on at least transaction data input by the user and an event. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A portable handheld smart card terminal device for use with a smart card, comprising:
-
a memory; a smart card reading component adapted to receive and communicate with the smart card having the dimensions of a standard credit card, the smart card including a smart card secret and a cryptographic engine; a data processing component adapted to; obtain a secret device key from the smart card when received by said smart card reading component by submitting to the smart card an input value for processing by the cryptographic engine using the smart card secret to derive the secret device key, store the secret device key in said memory, and calculate a signature using the stored secret device key, the signature to be used by the user to secure communication between the user and a service or application; and a display for displaying data to the user; wherein said smart card terminal device is adapted to work at least in a non-connected mode; and wherein at least one of (i.) the input value comprises a predefined values, (ii.) said smart card terminal device further supports a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (iii.) said smart card terminal device further supports a security paradigm including dynamic signatures based on at least transaction data input by the user and an event. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A method of accessing a secure application, comprising the steps of:
-
(a) receiving a handheld generic smart card reader terminal adapted to work at least in a non-connected mode, wherein said generic smart card reader terminal comprises a smart card reader for receiving and communicating with a smart card, said smart card comprising a cryptographic engine, a processing unit responsive to said smart card reader, and a communications mechanism for communicating data derived from a token device personality to a user for said secure application; (b) receiving at said smart card reader a user smart card having smart card data stored thereon, said smart card data comprising a smart card secret; (c) generating said token device personality based on said smart card data stored on the smart card, wherein said smart card reader terminal obtains a secret device key from said smart card when received by said smart card reader by submitting to the smart card an input value for processing by the cryptographic engine using said smart card secret to derive the secret device key; and (d) accessing said secure application using authentication data derived from said token device personality, wherein said terminal is generic until said smart card is received in said smart card reader; wherein at least one of (i.) a unique terminal identifier is associated with each smart card terminal, (ii.) said method further comprises the steps of entering data into the terminal, receiving a response, and communicating said response, wherein said data entered into the terminal include a personal identification number (iii.) said smart card terminal further supports a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (iv.) said smart card terminal further supports a security paradigm including dynamic signatures based on at least transaction data input by the user and an event. - View Dependent Claims (38, 39, 40, 41, 42, 43)
-
-
44. A method of providing a user with secure access to a service provider application, comprising:
-
distributing to a plurality of users a plurality of handheld smart card terminals, wherein each of said smart card terminals is adapted to work at least in a non-connected mode and comprises; a smart card reader adapted to receive and communicate with a smart card, a processor responsive to said smart card reader for generating a token device personality, and, a communications mechanism; allowing a first user of said plurality of users to generate with a first smart card terminal a token device personality for offering the functionality of a strong authentication token using user identification data stored on a first smart card, received at said smart card reader of said first smart card terminal, said first smart card comprising a cryptographic engine and storing a smart card secret, wherein said first smart card terminal obtains a secret device key from said first smart card when received by said smart card reader of said first smart card terminal by submitting to the first smart card an input value for processing by the cryptographic engine using said smart card secret to derive the secret device key; and
,granting said first user access to a secure application, using an element of said token device personality, said element being communicated to said first user via said communications mechanism of said first smart card terminal; wherein at least one of (i.) the method further comprises the step of associating a unique terminal identifier with each smart card terminal, (ii.) each smart card terminal further supports a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (iii.) each smart card terminal further supports a security paradigm including dynamic signatures based on at least transaction data input by the user and an event. - View Dependent Claims (45, 46)
-
Specification