Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
2000-03-10
2003-07-22
Trammell, James P. (Department: 3621)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S064000, C705S073000, C705S075000
Reexamination Certificate
active
06598032
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates in general to communications between data processing systems and peripheral devices, and in particular to a system and method for hiding from a computer system entry of a personal identification number (PIN) to a smart card when the PIN is being entered to authorize a purchase transaction for charging a purchase to the smart card. Still more particularly, the present invention relates to a system and method for further securing the use of a smart card that requires entry of a PIN from hackers.
2. Description of the Related Art
The proliferation of computers that provide Universal Serial Bus (USB) ports has resulted in the creation and use of various peripheral devices that interface to computers via the USB and will hereafter be referred to as USB devices. The use of such USB devices is very attractive due to the low cost of implementing USB technology.
USB devices that presently exist include authorization devices, authentication devices, secure devices, etc. (hereinafter collectively referred to as “security devices”). One well known example of such a security device is a smart card reader that reads a smart card. With reference now to the figures and in particular with reference to
FIG. 1
, a block diagram
100
illustrating a smart card reader
108
in communication with a computer system
102
via a USB communications line
106
according to the prior art is shown. As shown, smart card reader
108
has a smart card reader slot
110
in which a smart card
112
is inserted to be read. Smart card reader
108
may be easily connected to computer system
102
in a “Plug-and-Play” manner. The use of smart card reader
108
with computer system
102
is very attractive due to the low cost and ease of set up.
FIG. 1
further shows (in an exploded view) that smart card
112
has an electronic chip
114
embedded in a card body
115
of smart card
112
. Smart card
112
further has module contacts
116
that overlie and are in contact with electronic chip
114
. Module contacts
116
contact electronic contacts in smart card reader
108
and interface with smart card reader
108
when smart card
112
is inserted into slot
112
and read by smart card reader
108
. Electronic chip
114
generally has a microprocessor and a memory system, that includes at least a write-only memory device and an internal read-only memory (ROM) device. Smart card reader
108
generally serves as an electronic interface device between smart card
112
and computer system
102
.
A user uses computer system
102
to browse a product or service provider's web site at web server
105
B via Internet
101
. Computer system
102
may be either in a typical residential or commercial setting. When the user enters into a purchase transaction with the product or service provider hosting web server
105
B in order to purchase a product(s) or service(s) offered at the web site, web server
105
B is programmed to send to computer system
102
a payment method request to prompt the user to provide a payment method for satisfying the charge(s) of the purchase transaction. The user indicates to computer system
102
that smart card
112
is to be used as the charge card to be charged for the purchase transaction. The user inserts smart card
112
into smart card reader
108
. A message request is generated by web server
105
B, and the message request generally involves an inquiry by the product or service provider to the user to verify the purchase(s) and the respective amount(s) to be charged to smart card
112
and to prompt entry of the correct PIN for smart card
112
.
When smart card
112
is set up as a charge card used by a card holder only (i.e., user), the correct personal identification number (PIN) is assigned as an authorization code for smart card
112
and stored in the internal ROM device within electronic chip
114
of smart card
112
. The internal ROM device is only able to be read internally by the microprocessor of smart card
112
and not by any other device, particularly external devices. The PIN is memorized by the user and provided to smart card
112
by the user when the user wishes to charge a purchase(s) to smart card
112
.
As shown in
FIG. 1
, when smart card
112
is inserted into slot
110
of smart card reader
108
, electronic chip
114
of smart card
112
is then in contact with smart card reader
108
via module contacts
116
and electronic contacts of smart card reader
108
. Computer system
102
is programmed to sense insertion of smart card
112
into smart card reader
108
via USB communication line
106
. Identity of smart card
112
is stored in a memory device of electronic chip
114
and is sent to computer system
102
and web server
105
B in order to respectively identify smart card
112
as the card to be charged for a purchase(s) made in the purchase transaction. No other numbers or card information (i.e. credit or debit card numbers or expiration dates) are associated with smart card
112
in order to use smart card
112
as a charge card.
The message request prompts the user to enter the correct PIN (e.g., a four or five digit code) for authorizing use of smart card
112
. The user then attempts entry of the PIN through keyboard
104
, and the entered PIN is sent to computer system
102
, which, in turn, sends the entered PIN to smart card
112
via USB communication line
106
and smart card reader
108
. The entered PIN is received by electronic chip
114
of smart card
112
. Electronic chip
114
directs storage of the entered PIN into the write-only memory device. The entry of the PIN is generally a one-time entry to smart card
112
, and the entered PIN is used only one time per entry for authorizing smart card
112
. The entered PIN may be programmed to be erased after authorization or after a pre-determined amount of time has elapsed.
The microprocessor in electronic chip
114
compares the entered PIN stored in the write-only memory device with the correct PIN stored in the ROM device (i.e., PIN comparison is performed). If the entered PIN in the write-only memory device matches the correct PIN stored in the ROM device, then an authorization signal for authorizing the purchase transaction and allowing the purchase(s) from the purchase transaction to be charged to smart card
112
is generated by smart card
112
. The authorization signal does not contain any PIN information. The authorization signal is sent from smart card
112
to computer system
102
via smart card reader
108
and USB communication line
106
and then to web server
105
B via Internet
101
. Web server
105
B accordingly acknowledges authorization of the purchase transaction and respectively charges smart card
112
for the purchase(s) from the purchase transaction. On the other hand, if the entered PIN in the write-only memory device does not match the correct PIN stored in the ROM device, then a decline signal for declining the purchase transaction and prohibiting the purchase(s) from the purchase transaction to be charged to smart card
112
is generated by smart card
112
. The decline signal is sent from smart card
112
to computer system
102
via smart card reader
108
and USB communication line
106
and then to web server
105
B via Internet
101
. Computer system
102
may be directed to prompt the user to re-attempt entry of the correct PIN, and the process of verifying the correct PIN for smart card
112
is again repeated for the re-entered PIN. After a number of attempts to enter the PIN have been tried, computer system
102
may be programmed to finally prevent the user from making any further attempts to enter the correct PIN.
Since the identity of smart card
112
is sent to computer system
102
by smart card
112
and the PIN is entered by the user into computer system
102
through keyboard
104
, an unauthorized person using another computer system
105
A may be able to gain illicit access into computer system
102
and learn the identity of smart card
112
and the PIN for sma
Challener David Carroll
McGovern Joseph
Ovies Hernando
Ward James Peter
Bracewell & Patterson LLP
International Business Machines - Corporation
Schelkopf J. Bruce
Trammell James P.
Worjloh Jalatee
LandOfFree
Systems and method for hiding from a computer system entry... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Systems and method for hiding from a computer system entry..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Systems and method for hiding from a computer system entry... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3098467