Secure key component and pin entry

US 9,917,696 B2
Filed: 08/04/2015
Issued: 03/13/2018
Est. Priority Date: 08/04/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a user input apparatus comprising a physical processor, a communication from a smart card control device upon connection of the smart card control device with the user input apparatus, wherein the communication comprises a command to generate a key component on a smart card that is communicatively connected via an encrypted channel to the user input apparatus, wherein the key component is one of a plurality of key components to be used to form a Master File Key (MFK), the plurality of key components to be stored in a plurality of smart cards;

in response to a receipt of the communication from the smart card control device, the user input apparatus sending to the smart card, via the encrypted channel, an encrypted command to generate the key component on the smart card; and

in response to receiving the encrypted command from the user input apparatus via the encrypted channel, the smart card generating the key component to be stored in the smart card.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an example, secure key component and PIN entry may include receiving a communication from a smart card control device upon connection of the smart card control device with a secure key component and PIN entry apparatus. The communication may be related to storage of a key component on a smart card that is communicatively connectable to the apparatus. The key component may be related to a Master File Key (MFK) that is formed by using a plurality of key components including the key component. In response to the communication, the smart card may be prompted to generate the key component, or entry of the key component may be received based on actuation of a keypad of the apparatus. Further, the generated or received key component may be stored on the smart card upon connection of the smart card with the apparatus.

11 Citations

20 Claims

1. A method comprising:
- receiving, by a user input apparatus comprising a physical processor, a communication from a smart card control device upon connection of the smart card control device with the user input apparatus, wherein the communication comprises a command to generate a key component on a smart card that is communicatively connected via an encrypted channel to the user input apparatus, wherein the key component is one of a plurality of key components to be used to form a Master File Key (MFK), the plurality of key components to be stored in a plurality of smart cards;
  
  in response to a receipt of the communication from the smart card control device, the user input apparatus sending to the smart card, via the encrypted channel, an encrypted command to generate the key component on the smart card; and
  
  in response to receiving the encrypted command from the user input apparatus via the encrypted channel, the smart card generating the key component to be stored in the smart card.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising forming the Master File Key by applying an XOR operation to the plurality of key components stored in the plurality of smart cards.
  - 3. The method according to claim 1, further comprising:
    - storing, by the user input apparatus, encrypted channel information; and
      
      using, by the user input apparatus, the stored encrypted channel information to establish the encrypted channel with the smart card.
  - 4. The method according to claim 3, further comprising:
    - determining, by the user input apparatus, a status of the user input apparatus as being secure or insecure; and
      
      in response to a determination that the status of the user input apparatus is insecure, changing, by the user input apparatus the encrypted channel information on the user input apparatus to a user-defined value not equal to zero.
  - 5. The method according to claim 4, wherein determining, by the user input apparatus, the status of the user input apparatus as being secure or insecure further comprises:
    - determining whether a contact part disposed on a first panel of the user input apparatus is disposed in an engaged or a disengaged position relative to another contact part disposed on a second panel of the user input apparatus; and
      
      in response to a determination that the contact part disposed on the first panel of the user input apparatus is disposed in the disengaged position relative to the another contact part disposed on the second panel of the user input apparatus, changing, by the user input apparatus, the encrypted channel information on the user input apparatus to the user-defined value.
  - 6. The method according to claim 3, further comprising:
    - determining, by the user input apparatus, whether a power status of the user input apparatus is below a predetermined threshold; and
      
      in response to a determination that the power status of the user input apparatus is below the predetermined threshold, changing, by the user input apparatus, the encrypted channel information on the user input apparatus to a user-defined value not equal to zero.
  - 7. The method according to claim 3, further comprising:
    - determining whether a front panel of the user input apparatus is in alignment with a back panel of the user input apparatus; and
      
      in response to a determination that the front panel of the user input apparatus is not in alignment with the back panel of the user input apparatus, changing, by the user input apparatus, the encrypted channel information on the user input apparatus to zero.

8. A user input apparatus comprising:
- a keypad for selection of numbers 0-9, and letters A-F for key component entry in hexadecimal notation;
  
  at least one physical processor; and
  
  a memory storing machine readable instructions that when executed by the at least one physical processor cause the at least one physical processor to;
  
  receive a communication from a smart card control device upon connection of the smart card control device with the user input apparatus, wherein the communication comprises a command to generate a key component on a smart card communicatively connected via an encrypted channel to the user input apparatus, wherein the key component is one of a plurality of key components to be used to form a Master File Key (MFK), the plurality of key components to be stored in a plurality of smart cards;
  
  in response to a receipt of the communication from the smart card control device, send to the smart card, via the encrypted channel, an encrypted command to generate the key component, the smart card to generate and store the key component responsive to the encrypted command received from the user input apparatus via the encrypted channel.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The user input apparatus according to claim 8, further comprising a tamper proof seal on first and second panels of the user input apparatus, wherein the tamper proof seal is at least one of removable and breakable to provide a visual indication of tampering with the user input apparatus.
  - 10. The user input apparatus according to claim 8, further comprising machine readable instructions that when executed by the at least one physical processor further cause the at least one physical processor to:
    - store encrypted channel information; and
      
      use the stored encrypted channel information to establish the encrypted channel with the smart card.
  - 11. The user input apparatus according to claim 10, further comprising machine readable instructions that when executed by the at least one physical processor further cause the at least one physical processor to:
    - determine whether a contact part disposed on a first panel of the user input apparatus is disposed in an engaged or a disengaged position relative to another contact part disposed on a second panel of the user input apparatus; and
      
      in response to a determination that the contact part disposed on the first panel of the user input apparatus is disposed in the disengaged position relative to the another contact part disposed on the second panel of the user input apparatus, change the encrypted channel information on the user input apparatus to a user-defined value not equal to zero.
  - 12. The user input apparatus according to claim 10, further comprising machine readable instructions that when executed by the at least one physical processor further cause the at least one physical processor to:
    - determine whether a power status of the user input apparatus is below a predetermined threshold; and
      
      in response to a determination that the power status of the user input apparatus is below the predetermined threshold, change the encrypted channel information on the user input apparatus to a user-defined value not equal to zero.
  - 13. The user input apparatus according to claim 8, further comprising machine readable instructions that when executed by the at least one physical processor further cause the at least one physical processor to:
    - determine whether a front panel of the user input apparatus is in alignment with a back panel of the user input apparatus; and
      
      in response to a determination that the front panel of the user input apparatus is not in alignment with the back panel of the user input apparatus, change the encrypted channel information on the user input apparatus to zero.
  - 14. The user input apparatus according to claim 8, further comprising machine readable instructions that when executed by the at least one physical processor further cause the at least one physical processor to:
    - access the plurality of key components from the plurality of smart cards; and
      
      generate the Master File Key using the plurality of key components.

15. A non-transitory computer readable medium having stored thereon machine readable instructions, the machine readable instructions, when executed, cause at least one physical processor of a user input apparatus to:
- receive, by the user input apparatus, a communication from a smart card control device upon connection of the smart card control device with the user input apparatus, wherein the communication comprises a command to generate a key component on a smart card that is communicatively connected via an encrypted channel to the user input apparatus, wherein the key component is one of a plurality of key components to be used to form a Master File Key (MFK), the plurality of key components to be stored in a plurality of smart cards;
  
  in response to a receipt of the communication from the smart card control device, send to the smart card, via the encrypted channel, an encrypted command to generate the key component, the smart card to generate and store the key component responsive to the encrypted command received from the user input apparatus via the encrypted channel.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable medium according to claim 15, further comprising machine readable instructions, when executed, further cause the at least one physical processor of the user input apparatus to:
    - generate a prompt to enter a PIN prior to a transmission of the encrypted command to the smart card via the encrypted channel;
      
      verify the PIN to determine whether a user of the user input apparatus is an authorized user; and
      
      in response to a determination that the user of the user input apparatus is the authorized user, send the encrypted command to the smart card via the encrypted channel.
  - 17. The non-transitory computer readable medium according to claim 15, further comprising machine readable instructions, when executed, further cause the at least one physical processor of the user input apparatus to:
    - determine whether a contact part disposed on a first panel of the user input apparatus is disposed in an engaged or a disengaged position relative to another contact part disposed on a second panel of the user input apparatus; and
      
      in response to a determination that the contact part disposed on the first panel of the user input apparatus is disposed in the disengaged position relative to the another contact part disposed on the second panel of the user input apparatus, change encrypted channel information on the user input apparatus to a user-defined value not equal to zero.
  - 18. The non-transitory computer readable medium according to claim 17, further comprising machine readable instructions, when executed, further cause the at least one physical processor of the user input apparatus to:
    - use the encrypted channel information to establish the encrypted channel with the smart card.
  - 19. The non-transitory computer readable medium according to claim 15, further comprising machine readable instructions, when executed, further cause the at least one physical processor of the user input apparatus to:
    - determine whether a front panel of the user input apparatus is in alignment with a back panel of the user input apparatus; and
      
      in response to a determination that the front panel of the user input apparatus is not in alignment with the back panel of the user input apparatus, change the encrypted channel information on the user input apparatus to zero.
  - 20. The non-transitory computer readable medium according to claim 15, further comprising machine readable instructions, when executed, further cause the at least one physical processor of the user input apparatus to:
    - access the plurality of key components from the plurality of smart cards; and
      
      generate the Master File Key using the plurality of key components.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
entIT Software LLC (Open Text Corporation)
Original Assignee
entIT Software LLC (Open Text Corporation)
Inventors
Windle, Chris A., Libershteyn, Vladimir, Liu, Richard
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US14/817,978
Publication Number

US 20170041143A1
Time in Patent Office

952 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 9/0877   using additional device, e....

H04L 9/0897   involving additional device...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

Secure key component and pin entry

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure key component and pin entry

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others