Authentication system and method for smart card transactions

Assignee

• Microsoft Corporation · US

Inventors

• Vinay Deo · Bellevue, US
• Robert B. Seidensticker, Jr. · Woodinville, US
• Daniel R. Simon · Redmond, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/56
• WIPO fieldIT methods for management
• WIPO sectorElectrical engineering

Abstract

An authentication system includes a portable information device, such as a smart card, that is configured to store and process multiple different applications. The smart card is assigned its own digital certificate which contains a digital signature from a trusted certifying authority and a unique public key. Each of the applications stored on the smart card is also assigned an associated certificate having the digital signature of the certifying authority. The system further includes a terminal that is capable of accessing the smart card. The terminal has at least one compatible application which operates in conjunction with an application on the smart card. The terminal is assigned its own certificate which also contains the digital signature from the trusted certifying authority and a unique public key. Similarly, the application on the terminal is given an associated digital certificate. During a transactional session, the smart card and terminal exchange their certificates to authenticate one another. Thereafter, a smart card application is selected and the related certificates for both the smart card application and the terminal application are exchanged between the smart car…