IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0215888
(2002-08-09)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
34 인용 특허 :
36 |
초록
▼
An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with specific input devices, namely a light sensor/DTMF/infrared and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-d
An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with specific input devices, namely a light sensor/DTMF/infrared and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-decoder. The unit may be used alone or as a plug-in to another device such as a PDA, cell phone, or remote control. The reader may further be coupled to various biometric or plug-in devices to achieve at least five levels of authentication, namely, (1) the smartcard itself; (2) the smartcard reader; (2) the PIN; (3) private-key cryptography (PKI); and (5) the (optional) biometric device. These five levels account for an extremely strong authentication applicable to public networking on public/private computers, and even on TV (satellite, cable, DVD, CD AUDIO, software applications. Transactions including payments may be carried out without any risk of communication tampering, authentication misconduct or identity theft. In essence, the device is a closed box with communication ports. The emulation of the device is therefore extremely complex due to the fact that it involves PKI, hardware serialization for communication and software implementation, in conjunction with a specific hardware embodiment and service usage infrastructure component that returns a response necessary for each unique transaction link to an atomic time synchronization.
대표청구항
▼
I claim: 1. A method of authenticating a transaction, the method comprising: providing a portable card reader unit to communicate directly with a device, communications between the portable card reader and the device being secured, wherein the portable card reader unit is independent from the devic
I claim: 1. A method of authenticating a transaction, the method comprising: providing a portable card reader unit to communicate directly with a device, communications between the portable card reader and the device being secured, wherein the portable card reader unit is independent from the device; initiating a transaction request in the device with a server or another party; authenticating a user of the device exclusively in the card reader unit, wherein the card reader is not involved to encrypt a transaction between the device and the server, but provides optical or multi-tone acoustical signals from the card reader unit to authenticate the transaction between the device and the server or another party, and wherein the optical or multi-tone acoustical signals include authenticated information about the user of the device, and are received in the server or another party via the device; and executing the transaction, if authorized, through the server or another party. 2. The method of claim 1, wherein the authenticating of the user of the device exclusively in the card reader unit comprising: acquiring personal data of the user into the portable card reader unit; encrypting the personal data only after the user is authenticated; and encoding the encrypted personal data into the optical or multi-tone acoustical signal. 3. The method of claim 1, wherein the card reader converts data in the transaction into optical or multi-tone acoustical signals to be transmitted between the device and the server or another party. 4. The method of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is a high-contrast optical signal. 5. The method of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is from a computer display. 6. The method of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is from a liquid-crystal display. 7. The method of claim 1, wherein the optical signal received at the card reader unit to authenticate the transaction is from a light-emitting diode. 8. The method of claim 1, wherein the multi-tone acoustical signal is a dual tone, multiform (DTMF) signal. 9. The method of claim 1, wherein the optical signal is an infrared signal. 10. The method of claim 1, wherein the transaction request is initiated by a wireless signal. 11. The method of claim 1, wherein communication between the device and the server or another party involves the use of the multi-tone acoustic signal. 12. The method of claim 11, wherein the multi-tone acoustic signal is a dual tone, multi-format (DTMF) signal. 13. The method of claim 11, wherein the multi-tone acoustic signal is an audio frequency shift keying (AFSK) signal. 14. The method of claim 11, wherein the multi-tone acoustic signal is a private line (PL) signal. 15. The method of claim 1, wherein the initiating of a transaction request at the card reader unit includes the entry of a personal identification number (PIN) through a keyboard. 16. The method of claim 15, wherein the keyboard includes a touch-sensitive screen. 17. The method of claim 15, further including terminating the operation of the portable card reader unit if a PIN entry is attempted more than a predetermined number of times. 18. The method of claim 1, wherein the portable card reader unit further includes a biometric input; and the initiating of the transaction in the device with the server or another party includes receiving biometric data through a biometric input. 19. The method of claim 18, wherein the biometric input is a fingerprint. 20. The method of claim 1, wherein information exchange subsequent to the transaction request are encrypted. 21. The method of claim 20, wherein the encryption is based on public-key cryptography. 22. The method of claim 20, wherein the encryption is based on identity-based encryption (IBE) cryptography. 23. The method of claim 1, wherein the portable card reader unit includes a memory; the transaction request initiates a session; and information regarding the session is stored in the memory. 24. The method of claim 1, wherein the portable card reader unit forms part of the device. 25. The method of claim 24, wherein the device is one of a personal digital assistant (PDA), a hand-held remote control and a cellular telephone. 26. The method of claim 24, wherein the portable card reader unit operates in conjunction with the device to facilitate secured and authenticated operation with the server or another party. 27. The method of claim 1, further including storing an encrypted dynamic credit report. 28. The method of claim 27, further including storing encrypted pro-approved payment or banking authorization numbers. 29. The method of claim 28, further including sending an encrypted credit report to a server or another party credit report company with an approval of the credit owner. 30. The method of claim 1, wherein the portable card reader is further operative to communicate with another card reader. 31. The method of claim 1, further including updating credit report data from a third party credit report company. 32. The method of claim 1, wherein the portable card reader unit receives a smartcard, and the method further includes of storing encrypted credit report history on the smartcard. 33. The method of claim 32, further including storing encrypted pro-approved payment or banking authorization numbers on the smartcard. 34. The method of claim 32, further including comparing stored data with data stared on the smartcard. 35. The method of claim 32, further including permitting or preventing access to data stored in the portable card reader unit. 36. The method of claim 32, further including permitting or preventing access to the smartcard. 37. The method of claim 1, further including steps to permit or prevent access is based on a security policy infrastructure. 38. The method of claim 1, further including storing personal and historical medical data. 39. The method of claim 1, further including storing and caching multiple smartcards at the same time. 40. The method of claim 1, further including providing an digital identity for the card owner. 41. The method of claim 1, further including storing, receiving, and sending personal information from the card owner to one or more third parties. 42. The method of claim 1, further including capabilities to permit or prevent physical access to the card reader unit. 43. The method of claim 1, further including storing multiple public and private keys or certificates in memory or on the card. 44. The method of claim 1, further including linking to one or more third parties or services, and providing a secure environment to private-key cryptography (PKI) infrastructures. 45. The method of claim 1, further including providing a portable authentication through a remote service without allowing non-secure access. 46. The method of claim 45, wherein the non-secure access is associated with a web cafe or a public network. 47. The method of claim 1, wherein the card reader unit is further operative to function as one of a payment device or an infrared universal remote control. 48. A method of authenticating a transaction, the method comprising: initiating a transaction between a device and a server or another party; requesting authentication of a user associated with the device when the server or another party demands that the transaction must be authenticated; providing a card reader unit to authenticate the transaction by: acquiring personal data of the user into the portable card reader unit; encrypting the personal data only after the user is authenticated; and encoding the encrypted personal data into an optical or multi-tone acoustical signal; causing the optical or multi-tone acoustical signal to be sent to the server or the another party via the device; subsequently, data in the transaction being converted by the card reader into optical or multi-tone acoustical signals that are now transmitted between the device and the server or another party. 49. The method of claim 48, wherein the card reader unit operates on an atomic time, and wherein the encrypting of the personal data comprises: recovering the atomic time; generating a session key in accordance with the atomic time; and encrypt the personal data with the session key.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.