Method and system for establishing a remote connection to a personal security device

Abstract

System and method for establishing a remote connection over a network with a personal security device connected to a local client without using a local APDU interface or local cryptography.

Description

[0001] The present invention relates to a data processing method and system for establishing a communications path (the "pipe") over a communications network between a Personal Security Device (PSD) and a Remote Computer System in a way that does not require localized APDU generation to communicate with a PSD nor discloses the security mechanisms implemented in the PSD to a local Client computer.BACKGROUND OF INVENTION[0002] The current art involving the use of personal security devices (PSD), for example, smart cards, subscriber identity module (SIM) cards, biometric devices, or combinations thereof, requires specialized messaging software or firmware to be installed on a local Client in which the PSD is connected. These specialized routines are used to translate from higher level messaging formats into low-level messaging packets and are generally known in the art as an Application Protocol Data Unit (APDU) Interface. Installing and maintaining APDU Interfaces for a large number o...

AI Technical Summary

Benefits of technology

[0005] This invention resides in a method of generating a communications pipe between a personal security device (PSD) and a Remote Computer System over a network without requiring APDU interface software and / or security mechanism to be installed on a local Client in which a PSD is connected. The improvements comprising relocation of APDU interface and security mechanisms from local Clients in which the PSD is connected to one or more Remote Computer Systems; using a local Client as a host which allows a connected PSD to communicate with one or more Remote Computer Systems over a network. By moving APDU interface and security mechanisms from numerous local Clients to a few secure Remote Computer Systems, the overall data processing system is much easier to maintain and significantly less susceptible to unauthorized access or compromise.

Problems solved by technology

Installing and maintaining APDU Interfaces for a large number of local Clients can be a substantial and costly challenge in a multi-user organization.

In addition, Client resources such as disk space, memory and computing resources are unnecessarily tied up by the software, which could be better utilized for other purposes.

Another significant limitation of the current art is that security mechanisms are implemented on a local Client to gain access to secure functions contained within a connected PSD.

The potential exposure of secure information weakens the basic functionality of current PSDs, which is to protect private keys and other proprietary information from being unnecessarily disclosed.

The limitations of the current art are such that localized key generating mechanisms, APDU interface software and transactions involving this software are potentially vulnerable to compromise by unauthorized programs running on the local Client or by other illicit means intending to monitor the key generation process and thus gaining access to security codes, algorithms and other sensitive data contained within the PSD or elsewhere, These limitations are magnified in a multi-user environment where the ability to control unauthorized access to local Clients and vulnerable software contained therein are limited.

Images