Field programmable smart card terminal and token device

US 9,710,635 B2
Filed: 11/25/2014
Issued: 07/18/2017
Est. Priority Date: 02/18/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A handheld electronic smart card terminal, comprising:

a smart card reader for receiving and communicating with a smart card having smart card data stored thereon, said smart card comprising a cryptographic engine and said smart card data comprising a smart card secret;

a token personality logic programmed based on the smart card data as a token device personality for offering the functionality of a strong authentication token, subsequent to insertion of the smart card in said smart card reader, wherein said smart card terminal obtains a secret device key from said smart card when received by said smart card reader by submitting to the smart card an input value for processing by the cryptographic engine using said smart card secret to derive the secret device key; and

a communications mechanism for communicating authentication data derived from said token device personality to a user for transmission to an application provided by a service provider;

wherein said smart card terminal is adapted to work at least in a non-connected mode; and

wherein said smart card terminal further supports at least one of (i.) a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (ii.) a security paradigm including dynamic signatures based on at least transaction data input by the user and an event.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital programmable smart card terminal device and token collectively known as the token device is disclosed. The token device comprises a field programmable token device which accepts a user'"'"'s smart card. The combination of token device and smart card may then be used for a variety of applications that include user authentication, secure access, encryption. One specific application is that of an electronic wallet. In one embodiment, an electronic smart card terminal includes a smart card reader adapted to receive and communicate with a smart card having smart card data stored thereon; token personality logic programmed based on the smart card data as a token personality subsequent to insertion of the smart card in the smart card reader; and a communications mechanism for communicating authentication data derived from the token personality. Since the smart card terminal only gains its token personality when a smart card is inserted, manufacture and distribution of the terminal on a wide scale is possible.

Citations

46 Claims

1. A handheld electronic smart card terminal, comprising:
- a smart card reader for receiving and communicating with a smart card having smart card data stored thereon, said smart card comprising a cryptographic engine and said smart card data comprising a smart card secret;
  
  a token personality logic programmed based on the smart card data as a token device personality for offering the functionality of a strong authentication token, subsequent to insertion of the smart card in said smart card reader, wherein said smart card terminal obtains a secret device key from said smart card when received by said smart card reader by submitting to the smart card an input value for processing by the cryptographic engine using said smart card secret to derive the secret device key; and
  
  a communications mechanism for communicating authentication data derived from said token device personality to a user for transmission to an application provided by a service provider;
  
  wherein said smart card terminal is adapted to work at least in a non-connected mode; and
  
  wherein said smart card terminal further supports at least one of (i.) a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (ii.) a security paradigm including dynamic signatures based on at least transaction data input by the user and an event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The terminal of claim 1, further comprising means for erasing said token device personality when the smart card is removed from said smart card reader.
  - 3. The terminal of claim 1, further comprising a unique terminal identifier associated with said smart card terminal.
  - 4. The terminal of claim 1, further comprising:
    - a computing mechanism and a memory device storing at least one terminal application for execution by said computing mechanism.
  - 5. The terminal of claim 4, wherein said at least one terminal application is configured to accept a PIN from one of a set of terminal users, and provide access to other functions or applications on said terminal only to a user associated with the accepted PIN.
  - 6. The terminal of claim 4, further comprising an interface, wherein said at least one terminal application includes a connected mode whereby said terminal acts as a slave to a client computer, connected to said interface.
  - 7. The terminal of claim 6, wherein said interface comprises at least one of a scanning device or a universal serial bus port.
  - 8. The terminal of claim 1, wherein said communications mechanism comprises a display.
  - 9. The terminal of claim 1, wherein said communications mechanism communicates said authentication data in response to data input by the user.
  - 10. The terminal of claim 1, further comprising a cryptographic engine for processing data using at least one of DES, Triple DES, or other encryption processes.
  - 11. The terminal of claim 10, wherein the data being processed comprises transaction data input by the user and wherein the authentication data comprises a signature.
  - 12. The terminal of claim 1, which further supports a security paradigm including at least event based passwords.
  - 13. The terminal of claim 1, which further supports a security paradigm including at least signatures on transaction data.

14. A portable handheld smart card terminal device for use with a smart card, comprising:
- a memory;
  
  a smart card reading component adapted to receive and communicate with the smart card having the dimensions of a standard credit card, the smart card including a smart card secret and a cryptographic engine;
  
  a data processing component adapted to;
  
  obtain a secret device key from the smart card when received by said smart card reading component by submitting to the smart card an input value for processing by the cryptographic engine using the smart card secret to derive the secret device key,store the secret device key in said memory, andcalculate a signature using the stored secret device key, the signature to be used by the user to secure communication between the user and a service or application; and
  
  a display for displaying data to the user;
  
  wherein said smart card terminal device is adapted to work at least in a non-connected mode; and
  
  wherein at least one of (i.) the input value comprises a predefined values, (ii.) said smart card terminal device further supports a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (iii.) said smart card terminal device further supports a security paradigm including dynamic signatures based on at least transaction data input by the user and an event.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 15. The device of claim 14 further adapted to support DES (Data Encryption Standard) based calculations.
  - 16. The device of claim 14 further adapted so that the secret device key is erased if the smart card is removed.
  - 17. The device of claim 14 further comprising a keypad adapted for the user'"'"'s entering data.
  - 18. The device of claim 14 further adapted to allow the user to enter a PIN.
  - 19. The device of claim 14 in which a PIN is associated with the smart card.
  - 20. The device of claim 14 further adapted to receive via said keypad a PIN from the user to be handled by the smart card.
  - 21. The device of claim 14 having a length that is less than 150% of the length of a standard credit card and a width that is less than 140% of the width of a standard credit card.
  - 22. The device of claim 14 further comprising a USB (Universal Serial Bus) connector.
  - 23. The device of claim 22, wherein the smart card terminal device is further adapted to work in a connected mode.
  - 24. The device of claim 22 further comprising a firewall-like filter.
  - 25. The device of claim 24 in which said firewall-like filter specifies specific smart card commands.
  - 26. The device of claim 14 in which the inserted smart card is a personal smart card that has been issued by a financial institution.
  - 27. The device of claim 14 in which the service or application comprises an internet banking service.
  - 28. The device of claim 14 further adapted to support smart cards that are compliant with the EMV (Europay-Mastercard-VISA) standard.
  - 29. The device of claim 14 which furthermore does not comprise any personalized data prior to the user inserting a smart card.
  - 30. The device of claim 14 further comprising:
    - a keypad adapted for the user'"'"'s entering data, the data entered on the keypad comprising a PIN;
      
      wherein the data processing component is further adapted to erase the secret device key if the smart card is removed; and
      
      the device having a length that is less than 150% of the length of a standard credit card and a width that is less than 140% of the width of a standard credit card.
  - 31. The device of claim 30 further comprising a connector for connecting the device to a personal computer and a firewall-like filter specifying specific smart card commands, the device further adapted to operate in both connected and non-connected mode.
  - 32. The device of claim 31 in which said connector comprises a USB (Universal Serial Bus) connector.
  - 33. The device of claim 30 in which the service or application comprises an internet banking service and in which the smart card comprises a personal smart card issued by a financial institution to the user.
  - 34. The device of claim 30 further adapted to support smart cards that are compliant with the EMV (Europay-Mastercard-VISA) standard.
  - 35. The device of claim 30 which furthermore does not comprise any personalized data prior to the user inserting a smart card.
  - 36. The device of claim 30 wherein the PIN comprises a smart card PIN to be verified by the smart card.

37. A method of accessing a secure application, comprising the steps of:
- (a) receiving a handheld generic smart card reader terminal adapted to work at least in a non-connected mode, wherein said generic smart card reader terminal comprises a smart card reader for receiving and communicating with a smart card, said smart card comprising a cryptographic engine, a processing unit responsive to said smart card reader, and a communications mechanism for communicating data derived from a token device personality to a user for said secure application;
  
  (b) receiving at said smart card reader a user smart card having smart card data stored thereon, said smart card data comprising a smart card secret;
  
  (c) generating said token device personality based on said smart card data stored on the smart card, wherein said smart card reader terminal obtains a secret device key from said smart card when received by said smart card reader by submitting to the smart card an input value for processing by the cryptographic engine using said smart card secret to derive the secret device key; and
  
  (d) accessing said secure application using authentication data derived from said token device personality, wherein said terminal is generic until said smart card is received in said smart card reader;
  
  wherein at least one of (i.) a unique terminal identifier is associated with each smart card terminal, (ii.) said method further comprises the steps of entering data into the terminal, receiving a response, and communicating said response, wherein said data entered into the terminal include a personal identification number (iii.) said smart card terminal further supports a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (iv.) said smart card terminal further supports a security paradigm including dynamic signatures based on at least transaction data input by the user and an event.
- View Dependent Claims (38, 39, 40, 41, 42, 43)
- - 38. The method of claim 37, further comprising the step of erasing said token device personality when said smart card is removed from said smart card reader.
  - 39. The method of claim 37, further comprising the step of copying said smart card data stored on the smart card to said smart card terminal.
  - 40. The method of claim 37, further comprising the step of erasing said smart card data stored on the smart card when the smart card is removed from said smart card reader.
  - 41. The method of claim 37 wherein said step of entering is performed via a keypad coupled to said terminal, and said step of receiving is performed via a display coupled to said terminal.
  - 42. The method of claim 37, including the step of operating said terminal connected to a client computer.
  - 43. The method of claim 42, further comprising at the terminal site:
    - receiving personal data from said client computer;
      
      generating a response andcommunicating said response to said secure application.

44. A method of providing a user with secure access to a service provider application, comprising:
- distributing to a plurality of users a plurality of handheld smart card terminals, wherein each of said smart card terminals is adapted to work at least in a non-connected mode and comprises;
  
  a smart card reader adapted to receive and communicate with a smart card,a processor responsive to said smart card reader for generating a token device personality, and,a communications mechanism;
  
  allowing a first user of said plurality of users to generate with a first smart card terminal a token device personality for offering the functionality of a strong authentication token using user identification data stored on a first smart card, received at said smart card reader of said first smart card terminal, said first smart card comprising a cryptographic engine and storing a smart card secret, wherein said first smart card terminal obtains a secret device key from said first smart card when received by said smart card reader of said first smart card terminal by submitting to the first smart card an input value for processing by the cryptographic engine using said smart card secret to derive the secret device key; and
  
  ,granting said first user access to a secure application, using an element of said token device personality, said element being communicated to said first user via said communications mechanism of said first smart card terminal;
  
  wherein at least one of (i.) the method further comprises the step of associating a unique terminal identifier with each smart card terminal, (ii.) each smart card terminal further supports a security paradigm including at least a challenge response and a security paradigm including dynamic passwords based on at least a challenge input by the user and an event or (iii.) each smart card terminal further supports a security paradigm including dynamic signatures based on at least transaction data input by the user and an event.
- View Dependent Claims (45, 46)
- - 45. The method of claim 44, further comprising the step of erasing said token device personality when said smart card is removed from said smart card reader.
  - 46. The method of claim 44, including operating said terminal connected to a client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Onespan North America Incorporated (OneSpan, Inc.)
Original Assignee
Vasco Data Security Incorporated (OneSpan, Inc.)
Inventors
Hoornaert, Frank, Houthooft, Mario
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US14/553,260
Publication Number

US 20150082042A1
Time in Patent Office

966 Days
Field of Search
US Class Current
CPC Class Codes

E21B 41/0042   characterised by sealing th...

G06F 21/34   involving the use of extern...

G06K 7/0013   by galvanic contacts, e.g. ...

G06K 7/006   the housing being a portabl...

G06Q 20/341   Active cards, i.e. cards in...

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

Field programmable smart card terminal and token device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Field programmable smart card terminal and token device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links