Method and system for secure, decentralized personalization of smart cards

US 5,534,857 A
Filed: 04/28/1994
Issued: 07/09/1996
Est. Priority Date: 11/12/1991
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securely writing confidential data from issuer'"'"'s secure computer to a customer smart card presented to a secure terminal device with smart card reader/writer connected to a retailer'"'"'s data terminal device at a remote location, including the steps of:

(a) establishing a communications link between the data terminal device and the secure computer;

(b) authenticating the retailer to the issuer by;

(i) presenting a retailer smart card to the secure terminal device reader/writer and establishing access to information stored in the smart card by entering a retailer secret code into the secure terminal device to unlock the retailer smart card(ii) reading data from the unlocked retailer smart card and sending only information pertaining to the identity of the retailer smart card to the secure computer;

(iii) generating and sending from the secure computer a first random number to the secure terminal device;

(iv) enciphering the first random number at the secure terminal device using a cipher key read from the unlocked retailer smart card, the cipher key having a value unrelated to the retailer secret code, and sending the enciphered first random number back to the secure computer;

(v) comparing the retailer smart card identification data with data stored in the secure computer to identify the retailer smart card, then retrieving a cipher key stored in the secure computer associated with the identification data and enciphering the first random number with the cipher key; and

(vi) comparing the enciphered first random number received from the secure terminal device with the enciphered first random number generated in the secure computer to authenticate the retailer when the values of the enciphered first random numbers are identical;

(c) establishing a mutual session key for enciphering data transfer between the secure terminal and the secure computer after authentication of the retailer to the issuer has been effected, the mutual session key being generated by using a common key stored in the secure computer and the retailer smart card;

(d) retrieving the retailer smart card and subsequently presenting the customer smart card to the secure terminal device;

(e) enciphering at the secure computer, the confidential data to be written to the customer smart card using the mutual session key and sending the enciphered confidential data to the secure terminal device; and

(f) deciphering at the secure terminal device, the enciphered confidential data using the mutual session key and writing the confidential data on to the customer smart card.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for securely writing confidential data from an issuerer to a customer smart card at a remote location includes, establishing a communication link between a retailer data terminal device at the remote location and the issuer'"'"'s secure computer. A communication link is established between a secure terminal device, which includes a smart card reader/writer, and the data terminal device. The retailer is authenticated to the issuer and the issuer to the retailer by means of a retailer smart card presented to the secure terminal device. A session key is established for enciphering data traffic between the secure terminal device and the issuer'"'"'s computer using the retailer smart card. The customer smart card is presented to the secure terminal device. Confidential customer data is enciphered using the session key and it is written from the issuer'"'"'s computer to the customer smart card.

286 Citations

10 Claims

1. A method for securely writing confidential data from issuer'"'"'s secure computer to a customer smart card presented to a secure terminal device with smart card reader/writer connected to a retailer'"'"'s data terminal device at a remote location, including the steps of:
- (a) establishing a communications link between the data terminal device and the secure computer;
  
  (b) authenticating the retailer to the issuer by;
  
  (i) presenting a retailer smart card to the secure terminal device reader/writer and establishing access to information stored in the smart card by entering a retailer secret code into the secure terminal device to unlock the retailer smart card(ii) reading data from the unlocked retailer smart card and sending only information pertaining to the identity of the retailer smart card to the secure computer;
  
  (iii) generating and sending from the secure computer a first random number to the secure terminal device;
  
  (iv) enciphering the first random number at the secure terminal device using a cipher key read from the unlocked retailer smart card, the cipher key having a value unrelated to the retailer secret code, and sending the enciphered first random number back to the secure computer;
  
  (v) comparing the retailer smart card identification data with data stored in the secure computer to identify the retailer smart card, then retrieving a cipher key stored in the secure computer associated with the identification data and enciphering the first random number with the cipher key; and
  
  (vi) comparing the enciphered first random number received from the secure terminal device with the enciphered first random number generated in the secure computer to authenticate the retailer when the values of the enciphered first random numbers are identical;
  
  (c) establishing a mutual session key for enciphering data transfer between the secure terminal and the secure computer after authentication of the retailer to the issuer has been effected, the mutual session key being generated by using a common key stored in the secure computer and the retailer smart card;
  
  (d) retrieving the retailer smart card and subsequently presenting the customer smart card to the secure terminal device;
  
  (e) enciphering at the secure computer, the confidential data to be written to the customer smart card using the mutual session key and sending the enciphered confidential data to the secure terminal device; and
  
  (f) deciphering at the secure terminal device, the enciphered confidential data using the mutual session key and writing the confidential data on to the customer smart card.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1 including, after step (b), the step of(g) authenticating the issuer to the retailer by performing an enciphered challenge-response including:
    - (i) generating at the secure terminal device a second random number, sending the second random number to the secure computer, and enciphering the second random number using a cipher key read from the unlocked retailer smart card;
      
      (ii) using the identification data of the retailer smart card, for the purpose of retrieving the cipher key stored in the secure computer associated with the identification data, enciphering the second random number using the cipher key and sending;
      
      the enciphered second random number back to the secure terminal device; and
      
      (iii) comparing the enciphered second random number received from the secure computer with the enciphered second random number generated in the secure terminal device to authenticate the issuer when the values of the enciphered second random numbers are identical.
  - 3. A method according to claim 1 or claim 2, wherein the session key is established by the secure computer generating and sending a first random number to the secure terminal device, the secure terminal device generating a second random number and sending the second random number to the secure computer, the secure computer and the secure terminal device each enciphering the combined product of the two random numbers using the common key stored in the secure computer and the retailer smart card to generate the session key.
  - 4. A method according to claim 1, wherein the confidential data to be written on the customer smart card is an issuer secret code which enables locking and unlocking of the customer smart card, the issuer secret code being required to unlock the card to accept data.
  - 5. A method according to claim 4, wherein the data also comprises a directory and file structures and other consumer specific data.
  - 6. A method according to claim 1, wherein a second session key is established for enciphering traffic between the data terminal device and the issuer'"'"'s secure computer in a manner analogous to the establishment of the session key for enciphering traffic between the secure terminal device and the secure computer.

7. A system for securely writing confidential data from an issuer to a customer smart card in a remote location comprising:
- an issuer'"'"'s secure computer containing data pertaining to the identification of a plurality of retailer smart cards and respective associated cipher keys;
  
  a retailer data terminal device at the remote location selectively in communication with the secure computer by means of a communications link;
  
  a secure terminal device at the remote locating including a smart card reader/writer, selectively in communication with the secure computer via the data terminal device;
  
  a retailer smart card containing data required to authenticate the retailer to the issuer including a retailer secret code to enable unlocking of the smart card upon positive comparison, with a secret code inputted into the secure terminal device, data pertaining to the identity of the smart card, a cipher key to encipher an authentication challenge generated by the secure computer and sent to the secure terminal device, and data required to establish a session key for enciphering traffic between the secure terminal device and the secure computer including a common cipher key stored in the retailer smart card and the secure computer; and
  
  a customer smart card able to accept the confidential data, when presented to the secure terminal device, sent from the computer to the secure data terminal after being deciphered using the session key.

8. A secure terminal which can be coupled to a remote computer, and a data link, intended for use with first and second, different, authorization cards comprising:
- a programmed processor;
  
  an input device coupled to said processor; and
  
  a card reader/write coupled to said processor wherein said processor includes means for reading a first indicium from a first card and a second indicium entered via said input device and for comparing same, said processor including means, responsive to said comparing for reading a third, identifying, indicium from said first card and for transmitting same to the remote computer and for receiving a random number response from the remote computer, associated with said identifying indicium, and for reading a fourth, key indicium from the first card for combining said random numeric response with said key indicium thereby producing an enciphered random numeric response sent to the remote computer for authentication, wherein said processor includes means for establishing a different transaction enciphering key in response to said authentication and wherein said processor includes means for reading a second card and for authorizing transactions using said transaction key and an identifying indicium carried by said second card and not entered by said input device.
- View Dependent Claims (9, 10)
- - 9. A terminal as in claim 8 wherein said processor includes means for entering onto said second card a user specified identifying indicium different from said transaction enciphering key.
  - 10. A terminal as in claim 8 wherein said processor includes means for terminating communication with the remote computer and wherein said transaction enciphering key is erased in response to said termination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security Domain Pty Ltd. (Oryx International Growth Fund Ltd.)
Original Assignee
Security Domain Pty Ltd. (Oryx International Growth Fund Ltd.)
Inventors
Laing, Simon G., Bowcock, Matthew P.
Primary Examiner(s)
Zimmerman, Brian
Assistant Examiner(s)
WILSON JR, WILLIAM HALL

Application Number

US08/232,088
Time in Patent Office

803 Days
Field of Search

340/825.31, 340/825.34, 340/825.33, 380/23, 380/24, 380/25, 364/401, 364/406, 235/380, 235/382, 235/382.5, 235/487
US Class Current

340/5.74
CPC Class Codes

G06K 17/0022   arrangements or provisious ...

G06Q 20/229   Hierarchy of users of accounts

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3558   Preliminary personalisation...

G06Q 20/3674   involving authentication

G06Q 20/3829   involving key management

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/0844   with user authentication or...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Method and system for secure, decentralized personalization of smart cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

286 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

Method and system for secure, decentralized personalization of smart cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

286 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others