Integrity protected smart card transaction

摘要

Systems, methods, and technologies for configuring a conventional smart card and client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.

主权项

1. A smart card configured for use with a computing device and further configured for performing actions, the smart card comprising a processor and a memory, the actions comprising:
providing, to the computing device, a modifier that is encrypted, where the encrypted modifier is configured for being decrypted using a key unique to the computing device; receiving, from the computing device, an identification number that was generated based on the provided modifier and on a personal identification number provided by a user of the computing device; and unlocking the smart card in response to the received identification number matching an identification number stored on the smart card, where the stored identification number was previously generated based on an unencrypted version of the modifier, and further based on the user's personal identification number as provided at a time that the smart card was configured.