1. Field of the Invention
The present invention relates to smart cards and smart card readers, and more particularly, to a portable and preferably wearable smart card reader having secure wireless communications capability.
2. Description of the Prior Art
A smart card is a device, typically about the same size as a credit card, that includes an embedded integrated circuit chip that stores and processes information. Information can be transferred between the smart card and an associated computing device such as a PC, a laptop computer or a handheld electronic device like a PDA, a two way pager, a cell phone or the like, through a reader device that is coupled to the associated computing device. In particular, the reader device is used to make an electrical connection to the integrated circuit of the smart card to provide a communication link between the smart card and the computing device.
In the prior art, the reader devices have been physically coupled to the associated computing device, such as through a wire or some other physical connection. The physical connection provides a level of data security for the transfer of data between the reader device and the smart card. Also, smarts cards are typically protected by an access control mechanism such as a password that must be provided in order the access the information stored on and the functionality provided by the integrated circuit chip of the smart card.
One common application of smart cards is to store cryptographic keys for use in conducting secure communications. For example, a smart card may be used to store cryptographic keys used for encrypting and/or digitally signing electronic mail (email) messages.
As is known in the art, a number of secure, encrypted email protocols have been developed, such as S/MIME and PGP, that use both symmetric (secret key) and asymmetric (public key) cryptography techniques. Generally, according to these protocols, after a sender creates an email message, the sender's email program generates a symmetric session key (appropriate for the chosen symmetric encryption algorithm, such as DES, Triple DES or RC2) and uses the session key to encrypt the email message. The session key is then encrypted using the message recipient's public key (typically obtained from the recipient's public key certificate) and a public key encryption algorithm such as Diffie-Hellman and RSA. Next, a digest of the message is created using a message digest algorithm such as SHA-1 or MD5. The message digest is then encrypted using the sender's private key (to create a digital signature), again employing a public key encryption algorithm such as Diffie-Hellman or RSA. The encrypted session key, the sender's public key certificate, the encrypted message, and the encrypted message digest are then sent to the recipient.
Upon receiving the message, the recipient uses his or her private key to decrypt the encrypted session key which is then used to decrypt the encrypted message. Also, the recipient uses the sender's public key to decrypt the encrypted message digest. The recipient then creates a digest of the decrypted message using the same algorithm used by the sender and compares that digest to the received message digest to authenticate and check the integrity of the message. As an alternative, if message privacy is not a concern, the protocols provide for sending a message that is digitally signed only.
A smart card is often used to store each individual's private key and public key certificate (which includes the individual's public key). When a recipient receives an encrypted email message, the smart card password and encrypted session key are sent to the recipient's smart card (through the reader device) by the recipient's computing device. The smart card then decrypts the encrypted session key using the recipient's private key and send sends the decrypted session key back to the computing device (through the reader device), where it is used thereby to decrypt the email message. In addition, during the preparation of a message, after the message digest is created by the sender's computing device, it and the smart card password are sent to the sender's smart card (through the reader device) where message digest is encrypted using the sender's private key (to create a digital signature) and returned to the computing device.
Many smart cards also carry additional information such as identifying information embodied in a photograph or stored in a readable bar code or magnetic strip. Such identifying information may be used, for example, to provide access to certain restricted locations. It is thus often important for this information to be visible so that it may be readily checked by a guard or the like.
As noted above, in current smart card systems, the reader device is physically coupled to the associated computing device. As a result, the transmission of clear-text session keys (after being decrypted) and clear-text smart card passwords between the two is secure. However, the requirement of a physical connection creates a number of problems and disadvantages. For example, users often forget to remove their smart card from a reader device when they leave their work areas, and thus encounter problems accessing locations that require the identifying information on the smart card. Furthermore, if the smart card is inadvertently not removed from the reader device when the user leaves his or her work are, a security problem arises as another individual could use the still active smart card to access the associated computing device and to falsely send and receive secure messages. In addition, current readers are bulky and are thus difficult to carry around, which presents a problem for users that wish to use them in connection with (and thus physically couple them to) a portable device such as a handheld electronic device.