초록 ▼

An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with two specific input devices, namely a light sensor and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-decoder. Th

An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with two specific input devices, namely a light sensor and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-decoder. The unit may be used alone or as a plug-in to another device such as a PDA, cell phone, or remote control. The reader may further be coupled to various biometric or plug-in devices to achieve at least five levels of authentication, namely, (1) the smartcard itself; (2) the smartcard reader; (2) the PIN; (3) private-key cryptography (PKI); and (5) the (optional) biometric device. These five levels account for an extremely strong authentication applicable to public networking on public/private computers, and even on TV (satellite, cable, DVD, CD AUDIO, software applications. Transactions including payments may be carried out without any risk of communication tampering, authentication misconduct or identity theft. In essence, the device is a closed box with only two communication ports. The emulation of the device is therefore extremely complex due to the fact that it involves PKI, hardware serialization for communication and software implementation, in conjunction with a specific hardware embodiment and service usage infrastructure component that returns a response necessary for each unique transaction.

대표청구항 ▼

I claim: 1. A method of authenticating a transaction, the method comprising: causing a separate unit to communicate with a device, the separate unit being secured and independently operating from the device, the separate unit configurable to include a biometric sensor to obtain biometric characteri

I claim: 1. A method of authenticating a transaction, the method comprising: causing a separate unit to communicate with a device, the separate unit being secured and independently operating from the device, the separate unit configurable to include a biometric sensor to obtain biometric characteristics of a user, the biometric characteristics physically representing the user; initiating a local authentication process using the separate unit, the local authentication process comprising: obtaining the biometric characteristics of the user from the biometric sensor; decrypting stored biometric characteristics for the user; and comparing the biometric characteristics with the stored biometric characteristics; if the biometric characteristics match with the stored biometric characteristics, initiating an encrypted authentication transaction request comprising: receiving personalized data at the device from the user; recovering atomic time for usage in session key generation; encrypting the personalized data using the sessions keys, public keys and third party public keys; and sending the encrypted personalized data to the third party through the device as encrypted authentication transaction request using a challenge response protocol method, wherein the atomic time is used as a serialization and challenge response protocol variable; receiving a signal at the separate unit signing the encrypted authenticated transaction request via the device to authenticate the transaction; and digitally signing the authentication at the separate unit using the atomic time clock stamping of the transaction between the device and the third party. 2. The method of claim 1, wherein the separate unit is further configurable to include a second biometric sensor to acquire second biometric characteristics of the user to ensure that the user is indeed authenticated. 3. The method of claim 1, wherein the first biometric sensor is a fingerprint sensor to acquire a fingerprint of the user, and the second biometric sensor is a microphone to acquire a voice of the user. 4. The method of claim 1, wherein the device is a personal digital assistant (PDA). 5. The method of claim 1, wherein the device is a telephone. 6. The method of claim 5, wherein the telephone is a cellular telephone. 7. The method of claim 1, wherein the signal used to authenticate the transaction is a high-contrast signal. 8. The method of claim 1, wherein said communicating the transaction request to the third party involves a use of a dual tone audio signal. 9. The method of claim 8, wherein the signal is an audio frequency shift keying (AFSK) signal. 10. The method of claim 8, wherein the signal is a private line (PL) signal or a wireless signal. 11. The method of claim 1, wherein the signal is an audio frequency shift keying (AFSK) signal. 12. The method of claim 1, wherein said initiating a transaction request includes an entry of a personal identification number (PIN) through the keyboard of the device. 13. The method of claim 12, wherein the separate unit is terminated if a PIN entry is attempted more than a predetermined number of times. 14. The method of claim 1, wherein the separate unit further includes a biometric input; and said initiating a transaction request includes receiving biometric data through the biometric input. 15. The method of claim 14, wherein the biometric input is a fingerprinting. 16. The method of claim 1, wherein one or both of the transaction request and the authentication signal are encrypted. 17. The method of claim 16, wherein the encryption is based on public key cryptography further including and not limited to Identity-Based Encryption (IBE). 18. The method of claim 1, wherein the separate unit or device includes a memory; the transaction request and authentication signal constitute a session; and information regarding the session is stored in the memory. 19. The method of claim 1, wherein the separate unit is a headset. 20. The method of claim 19, wherein the headset includes capability of reading in confidential information from a user associated with the device. 21. The method of claim 1, wherein the said encryption is performed using a one-way encryption algorithm that employs one or many biometric input, atomic clock and unique session keys. 22. The method of claim 1, wherein the said authentication is performed using a challenge response protocol.