摘要 |
A secure channel is established between a processor and a smart card such that authentication can be achieved without transmitting a Personal Identification Number (PIN) to or from the smart card in the clear. A session ticket indicative of the PIN is generated, and the session ticket is securely negotiated between the computer and the smart card instead of the PIN. Also, a trusted path is established between a user and the operating system of the processor for allowing the user to enter a PIN. A trusted computing base is established in the processor for receiving the PIN from the user and performing operations associated therewith. |