US20130179686A1 - Transaction Verification on RFID Enabled Payment and Transaction Instruments - Google Patents

Transaction Verification on RFID Enabled Payment and Transaction Instruments Download PDF

Info

Publication number
US20130179686A1
US20130179686A1 US13/782,827 US201313782827A US2013179686A1 US 20130179686 A1 US20130179686 A1 US 20130179686A1 US 201313782827 A US201313782827 A US 201313782827A US 2013179686 A1 US2013179686 A1 US 2013179686A1
Authority
US
United States
Prior art keywords
reader
user
dert
transaction
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/782,827
Inventor
Gene Tsudik
Ersin Uzun
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of California
Original Assignee
University of California
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of California filed Critical University of California
Priority to US13/782,827 priority Critical patent/US20130179686A1/en
Publication of US20130179686A1 publication Critical patent/US20130179686A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/352Contactless payments by cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0846On-card display means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0853On-card keyboard means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Definitions

  • the disclosure relates to the field of methods of using RFID tags in secure transactions and communications.
  • RFID tags capable of performing public key operations has enabled some new applications in commerce (e.g., RFID-enabled credit cards) and security (e.g., ePassports and access control badges). While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particularly, when RFID tags are used for financial transactions or bearer identification. What is need is some kind of user-involved techniques for secure user-to-tag authentication, transaction verification, reader expiration & revocation checking, as well as association of RFID tags with other personal devices.
  • Radio Frequency Identification is a wireless technology mainly used for identification of various types of objects, e.g. merchandize.
  • An RFID tag is a purely passive device—it has no power source of its own. Information stored on an RFID tag can be read by a special device called an RFID reader, from some distance away and without requiring line-of-sight alignment (in contrast to barcodes).
  • RFID technology was initially envisaged as a replacement for barcodes in supply chain and inventory management, its many advantages have greatly broadened the scope of possible applications.
  • RFID tags vary widely depending on the target application. At the high end of the spectrum are the tags used in e-Passports, electronic ID (e-ID) Cards, e-Licenses, and contactless payment instruments. Such applications involve relatively sophisticated tags each costing a few dollars. Even though they are powerful enough to perform sophisticated public key cryptographic operations, there remain security and privacy issues when these tags are used as a means of payment or owner/bearer identification.
  • PIN-Vibra A similar technique called “PIN-Vibra” was suggested by Saxena, et al. for authenticating to an accelerometer-equipped RFID tags using a mobile phone. In it, a vibrating mobile phone is used to lock or unlock RFID tags. While the usability of PIN-Vibra seems promising, it has a some drawbacks: (1) high error rates—accelerometers on tags cannot perfectly decode PINs encoded in phone vibrations, (2) user's phone must be present and functional (e.g., not out of battery) whenever the tag has to be used, and (3) accelerometer-equipped RFID tags are relatively expensive and do not lend themselves to other applications that would help amortize their cost.
  • PLC public key certificate
  • CTLs Certificate Revocation Lists
  • OCSP Online Certificate Status Protocol
  • CRS Certificate Revocation System
  • CRLs are signed lists of revoked certificates periodically published by certification or revocation authorities (CAs or RAs). Usage of CRLs is problematic in RFID systems as they require the tag to have a clock in order to determine whether a given CRL is sufficiently recent. The communication overhead can be quite high if the number of revoked entities is large.
  • OCSP is an online revocation checking method that reduces storage requirements for all parties involved, while providing timely revocation status information. Although well suited for large connected networks, it is a poor fit for RFID systems as it requires constant connectivity between readers and OCSP responders. Furthermore, the need for a two-round challenge-response protocol with OCSP responders may make it susceptible to adverse effects of network congestion and slow turnaround times.
  • CRS offers implicit, efficient, and compact proofs of certificate revocation.
  • RFID tags verifiers
  • RFID tags are commonly used as payment and transaction instruments (e.g., credit, debit, ATM and voting cards).
  • a reader can easily be maliciously used to mislead the tag into signing or authorizing a transaction different from the one that is communicated to, or intended by, the user.
  • This is possible because there is no direct channel from a tag to its user (i.e., no secure user interface) on regular RFID tags and the only information a user gets (e.g., a receipt, or an amount displayed on the cash register) is under the control of a potentially malicious reader.
  • Display enabled RFID tag receives transaction details from the reader (seller/merchant).
  • DERT verifies that the details (e.g., issuing bank, account number, etc.) match their counterparts in the reader public key certificate (PKC). Protocol is aborted in case of a mismatch.
  • PLC public key certificate
  • DERT extracts and displays user-verifiable data, i.e., the amount and, optionally, the currency code. It then enters a countdown stage that lasts for a predetermined duration (e.g., 10 seconds).
  • the DERT automatically aborts the protocol.
  • This solution takes a proactive approach (instead of reacting to fraudulent transactions after they occur) and doesn't allow any transactions to go through without user's approval of its details (e.g., the amount for a credit card transaction). It is also important that users verify transaction details at the time of the transaction in our solution (not few days later).
  • the illustrated embodiment can be used in many domains especially with RFID enabled payment instruments. Banks, credit card companies and companies producing equipment for RFID based voting systems will find the method useful.
  • the illustrated embodiment includes a method for securing the communication of a wireless, interface-constrained device with a reader including the steps of: providing the wireless, interface-constrained device with a passive display, where the wireless, interface-constrained device is capable of generating a random number and is characterized by a personal identification number (PIN) having a predetermined number of numbers; generating the random number with the same length as the PIN; displaying the random number with the wireless, interface-constrained device; using a reader keypad to change the displayed random number on the wireless, interface-constrained device to the PIN; and performing a matching algorithm in the wireless, interface-constrained device, so that if the PIN was entered correctly, the wireless, interface-constrained device unlocks itself for communication with the reader, otherwise the wireless, interface-constrained device remains locked.
  • PIN personal identification number
  • the method further includes the step of masking all numbers displayed on the wireless, interface-constrained device except the one currently being modified to reduce vulnerability to spying.
  • the illustrated embodiment includes a method for securing the communication of a wireless, interface-constrained device with a reader including the steps of: providing the wireless, interface-constrained device with a timer, passive display and a user-controlled input; receiving transaction details in the wireless, interface-constrained device from the reader; verifying that the transaction details match their counterparts in the reader PKC, otherwise aborting communication in case of a mismatch; extracting and displaying selected user-verifiable data relating to the transaction; initiating a countdown for a predetermined duration; observing the selected extracted and displayed transaction information by a user and, if the selected extracted and displayed transaction information is deemed correct by the user, activating the user-controlled input before the countdown ends; aborting communication with the reader if the user deems that the selected extracted and displayed transaction information is incorrect, or if the countdown ends; detecting activation of the user-controlled input; automatically authorizing a time-stamped transaction statement to be sent to the reader if communication with the reader is allowed by the user;
  • the illustrated embodiment includes a method for securing the communication of a wireless, interface-constrained device with a reader including the steps of: providing the wireless, interface-constrained device with a timer, passive display and a user-controlled input; receiving in the wireless, interface-constrained device a Certificate Revocation List (CRL) and the reader's Public Key Certificate (PKC) from the reader;
  • CTL Certificate Revocation List
  • PKC Public Key Certificate
  • CRLexp or PKCexp where CRLexp and PKCexp are the expiration times of CRL and PKC, respectively, is smaller than Tagcurr, the last valid time-stamp encountered by the wireless, interface-constrained device, or if CRLiss PKCexp, where CRLiss is the issuance time of the CRL, aborting the communication with the reader; determining in the wireless, interface-constrained device whether the CRL from the reader includes the serial number of the reader certificate and if so, aborting the communication with the reader; checking in the wireless, interface-constrained device the Certificate Authority (CA) signatures of the PKC and CRL from the reader, and if either check fails, aborting the communication with the reader; If CRLiss or PKCiss is more recent than the currently stored date in the wireless, interface-constrained device, where PKCiss is the issuance time of the PKC, updating the stored date stored in the wireless, interface-constrained device to the more recent of CRLiss and PKCiss
  • the illustrated embodiment includes a method for securing the communication of a wireless, interface-constrained device including the steps of: providing the wireless, interface-constrained device with a passive display and capability of generating a random pass code for device pairing and running a secret based key agreement protocol; generating and displaying a pass code in wireless, interface-constrained device; prompting a user of a paired device to enter the pass code; and using the pass code to perform an authenticated key agreement protocol to establish a common key between the wireless, interface-constrained device and paired device and to confirm its possession by both the wireless, interface-constrained device and the paired device.
  • the illustrated embodiment includes a wireless, interface-constrained device adapted to communicate with a reader with a reader keypad including: a passive display; a random number generator; a memory for a personal identification number (PIN) having a predetermined number of numbers, the random number with the same length as the PIN; a circuit for communicating with the reader so that the displayed random number on the wireless, interface-constrained device can be changed to the PIN by use of the reader keypad; and a processor coupled to the display, random number generator, memory and circuit for communicating.
  • the processor is provided for performing a matching algorithm, so that if the PIN is entered correctly, the wireless, interface-constrained device unlocks itself for further communication with the reader, otherwise the wireless, interface-constrained device remains locked. As a result a reliable user-to-tag authentication is performed in an RFID tag with constrained inputs.
  • the processor is arranged and configured to mask all numbers displayed on the display except the one currently being modified to reduce vulnerability to spying.
  • the illustrated embodiment includes a wireless, interface-constrained device for securing communication with a reader with a Public Key Certificate (PKC) including: a timer; a passive display; a user-controlled input; a circuit for communicating with the reader for receiving transaction details from the reader; and a processor coupled to the timer, display, user-controlled input and the circuit for communicating.
  • the processor is provided for verifying that the transaction details match their counterparts in the reader Public Key Certificate (PKC), otherwise aborting communication in case of a mismatch, for extracting and displaying selected user-verifiable data relating to the transaction.
  • PLC Public Key Certificate
  • the timer initiates a countdown for a predetermined duration during which time a user observes the selected extracted and displayed transaction information and, if the selected extracted and displayed transaction information is deemed correct by the user, activates the user-controlled input before the countdown ends.
  • the processor detects activation of the user-controlled input, aborts communication with the reader if the user deems that the selected extracted and displayed transaction information is incorrect, or if the countdown ends, otherwise the processor automatically authorizes a time-stamped transaction statement to be sent to the reader if communication with the reader is allowed by the user, and completes the transaction through the reader if authorized.
  • a reliable transaction verification is performed in an RFID tag with constrained inputs.
  • the illustrated embodiment includes a wireless, interface-constrained device for securing the communication with a reader including: a timer; a passive display; a user-controlled input; a circuit for communicating with the reader for receiving a Certificate Revocation List (CRL) and the reader's Public Key Certificate (PKC) from the reader; and a processor coupled to the timer, display, user-controlled input and the circuit for communicating.
  • a wireless, interface-constrained device for securing the communication with a reader including: a timer; a passive display; a user-controlled input; a circuit for communicating with the reader for receiving a Certificate Revocation List (CRL) and the reader's Public Key Certificate (PKC) from the reader; and a processor coupled to the timer, display, user-controlled input and the circuit for communicating.
  • CTL Certificate Revocation List
  • PLC Public Key Certificate
  • the processor is provided for aborting communication with the reader, if either CRLexp or PKCexp, where CRLexp and PKCexp are the expiration times of CRL and PKC, respectively, is smaller than Tagcurr, the last valid time-stamp encountered by the wireless, interface-constrained device, or if CRLiss ⁇ PKCexp, where CRLiss is the issuance time of the CRL, for determining whether the CRL from the reader includes the serial number of the reader certificate and if so, aborting the communication with the reader, for checking the Certificate Authority (CA) signatures of the PKC and CRL from the reader, and if either check fails aborting the communication with the reader, for updating a stored date to a more recent of CRLiss and PKCiss, if CRLiss or PKCiss is more recent than the currently stored date, where PKCiss is the issuance time of the PKC, for displaying the lesser of CRLexp and PKCexp in the display and initiating a countdown
  • a user decides whether the displayed time-stamp, namely the lesser of CRLexp and PKCexp, is in the future, and if so activates the user-controlled input before the countdown by the timer ends.
  • the processor detects activation of the user-controlled input and allows communication with the reader, otherwise automatically aborts communication with the reader if activation of the user-controlled input is not detected before the countdown by the timer ends.
  • An embodiment of the device further includes a user-controlled rejection input and where the processor aborts communication with the reader if the user activates the user-controlled rejection input.
  • the illustrated embodiment includes wireless, interface-constrained device adapted for communication with a paired device including: a passive display; a memory for storing a random pass code for device pairing; a circuit for communicating with the paired device; and a processor coupled to the display, the memory and the circuit for communicating.
  • the processor is provided for running a secret based key agreement protocol, for generating and displaying a pass code in the display, for sending a prompt to a user of the paired device to enter the pass code, and for using the pass code to perform an authenticated key agreement protocol to establish a common key with paired device and to confirm possession of the pass code by both the wireless, interface-constrained device and the paired device.
  • the various embodiments may be combined one with the other in every possible logical combination to provide an RFID tag having the characteristics of the correspondingly combined embodiments.
  • FIG. 1 is a prior art NXP Display-Equipped RFID Tag (DERT) with two buttons.
  • DERT NXP Display-Equipped RFID Tag
  • FIG. 2 is a diagram illustrating a secure DERT to user authentication protocol.
  • FIG. 3 is a diagram illustrating the DERT enabled transaction verification protocol.
  • FIG. 4 is a diagram illustrating the reader certificate expiration or revocation verification protocol.
  • RFID tags 12 are commonly used as payment and transaction instruments (e.g., credit, debit, ATM and voting cards). In such settings, a malicious reader 10 can easily mislead the tag 12 into signing or authorizing a transaction different from the one that is communicated to, or intended by, the user. This is possible because there is no direct channel from a tag 12 to its user (i.e., no secure user interface) on regular RFID tags 12 and the only information a user gets (e.g., a receipt, or an amount displayed on the cash register) is under the control of a potentially malicious reader 10 . Thus, it seems impossible for a user to verify (in real time) transaction details, e.g., the amount or the currency. This problem becomes especially important with current electronic credit cards.
  • certificate revocation in RFID systems should concern two entities: RFID tags 12 and RFID readers 10 .
  • the former only becomes relevant if each tag 12 has a “public key identity” and we claim that revocation of RFID tags 12 is a non-issue, since, once a tag 12 identifies itself to a reader 10 , the latter can use any current revocation status checking method.
  • expiration and revocation of reader certificates is a challenging problem in any public key-enabled RFID system. This is because RFID tags 12 , being powerless passive devices, cannot maintain a clock. In other words, an RFID tag 12 (on its own) has no means of verifying whether a given certificate has expired or whether any revocation information is recent.
  • the gist of the illustrated embodiment involves taking advantage of recently developed technology that allows high-end RFID tags 12 to be equipped with a small passive display.
  • tags 12 as Display-Equipped RFID Tags 12 or DERT-s.
  • DERT-s such as the one manufactured by NXP Semiconductors (shown in FIG. 1 ), are already being produced and are available on the market. Moreover, they cost only a few dollars (or Euros) more than their display-less counterparts.
  • one device chooses a passkey and displays it to the user and the user is asked to type the displayed value into the second device.
  • the devices automatically run a shared secret authentication protocol which succeeds or fails depending on the user's ability to copy the passkey correctly into the second device and depending on the presence of an active attacker.
  • Tags 12 are owned and operated by individuals (users/owners) who understand their roles in each context. 2. Tags 12 are powerful enough to perform public key operations (at least signature verification). 3. Tags 12 are equipped with a one-line alpha-numeric display (OLED or eDisclosure) capable of showing at least 8 characters. 4. Tags 12 can maintain simple counters or timers while powered by a reader 10 . 5. Each tag 12 has a programmable button. These parameters are not intended to restrict the scope of the invention, but only to provide a context in which the illustrated embodiment can be understood. Many other and different parameters values and features can be adopted in the claimed invention without departing from its scope and spirit.
  • Tags 12 are capable of generating short (i.e., 4-6 decimal digits) random numbers.
  • Users have access to a possibly untrusted keypad (or keyboard) with cursor keys. The keypad can be part of (or be connected to) the reader 10 .
  • Tags 12 always clear and reset their displays after authentication completes.
  • NXP tags 12 with two buttons in our usability tests, however, one of the button actions can be always substituted with a timeout.
  • a tag 12 for a transaction e.g., a credit card at a store, a cash card at an ATM, or an e-passport at a hotel
  • the user needs to be authenticated by proving knowledge of a secret, such as a PIN.
  • a secret such as a PIN.
  • the following method allows user-to-tag authentication without requiring any buttons/keys on the tag 12 .
  • the PIN is protected from potentially malicious (and certainly untrusted) readers 10 .
  • Step 1 Powered by the reader 10 , DERT generates a one-time random number of the same length as the PIN. DERT proceeds to display this random number.
  • Step 2 User operates the cursor keys ( ⁇ ⁇ ⁇ ⁇ ) on the reader keypad to basically change this random number on the DERT into his/her PIN. This is done digit by digit.
  • the necessary sequence of key presses namely: 1) press ⁇ 4 times to change 5 to 1, press ⁇ once to go to the next digit; 2) press ⁇ 5 times to change 7 to 2, press ⁇ once to go to the next digit; 3) press ⁇ 7 times to change 2 to 9, press ⁇ once to go to the next digit; and 4) press ⁇ 3 times to change 3 to 6, followed by Confirm.
  • the reader 10 sends a corresponding message to the tag 12 detailing the key-press, thereby prompting the tag 12 to update its display. Step 3 .
  • On each key press send a unique message to the tag 12 from reader 10 .
  • Step. 4 On each key press send a unique message to the tag 12 from reader 10 .
  • Step 5 Upon receipt of the Confirm message, run an internal matching algorithm in tag 12 . If the PIN was entered correctly, DERT unlocks itself for a transaction to receive all message formats. Otherwise tag 12 remains locked.
  • this method's security is based on several factors. The first is our assumption about the DERT's ability to generate quality, true or nearly true random numbers. The second security requirement is that the user must alternate ⁇ and ⁇ movements between digits. In other words, if only ⁇ key is used for small, i.e., ⁇ “5”, PIN digits (instead of sometimes going past “9” to reach it), or vice versa for large digits; such a pattern may leak information about the PIN in the long run after repetitive executions of the protocol with a given PIN with the same reader 10 . If there is a concern about such leaks, they can easily be prevented by allowing only one of ⁇ or ⁇ keys to be used when modifying the digits.
  • a shoulder surfing attack involves the adversary somehow observing user's actions to obtain critical information (e.g., PIN entered into an ATM).
  • critical information e.g., PIN entered into an ATM.
  • Such attacks techniques range from simply looking over the users shoulder, or using a camera to observe the victim. They are simple to launch and effective in public areas where large crowds or long queues are likely to occur.
  • By applying a simple modification of masking all digits except the one being modified it is easy to make the above listed protocol shoulder surfing-resistant. (It does not become shoulder surfing-proof, however). We tested both flavors of this protocol and using the letter ‘n’ as the masking character.
  • transaction amount verification is designed to work with any RFID enabled payment instrument. Its primary goal is to provide simple, secure and usable transaction verification at a Point-of-Sale (PoS). The following additional assumption is necessary:—The user has access to either printed or digital (e.g., displayed on the cash register) receipt for the transactions to be verified.
  • PoS Point-of-Sale
  • the transaction verification protocol in FIG. 3 is as follows:
  • Step 1 DERT 12 receives transaction details from the reader 10 (seller/merchant).
  • Step 2 DERT 12 verifies that the details (e.g., issuing bank, account number, etc.) match their counterparts in the reader PKC. The protocol is aborted in case of a mismatch.
  • Step 3 DERT 12 extracts and displays user-verifiable data, i.e., the amount and, optionally, the currency code. It then enters a countdown stage that lasts for a predetermined duration (e.g., 10 seconds).
  • Step 4 The user observes transaction information and, if the transaction amount and other details are deemed correct, in step 4 a presses accept button on DERT 12 before the timer runs out.
  • Step 5 If there is acceptance the activation of the accept button is detected.
  • Step 6 DERT 12 signs the time-stamped transaction statement and sends it to the reader 10 . This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT 12 .
  • reader certificate expiration and revocation checking is aimed at personal RFID tags 12 —such as ePassports, e-licences or credit/debit cards—when used in places where trust is not implicit.
  • personal RFID tags 12 such as ePassports, e-licences or credit/debit cards—when used in places where trust is not implicit.
  • trust in readers 10 might be implicit in international airports (immigration halls) or official border crossings. Whereas, it is not implicit in many other locations, such as car rental agencies, hotels, flea-markets or duty-free shops.
  • This approach entails the following additional assumptions:—Tags 12 are aware of the identity and public key of the system-wide trusted Certificate Authority (CA).
  • CA system-wide trusted Certificate Authority
  • PKI Public Key Infrastructure
  • the CA is assumed to be infallible: anything signed by the CA is guaranteed to be genuine and error-free.
  • the CA periodically (at fixed intervals) issues an updated revocation structure, such as a CRL.
  • All tags 12 are aware of the periodicity of issuance of the revocation information and thus can determine expiration time of the revocation structure by simply consulting its issuance time-stamp.
  • a tag 12 can retain (in local non-volatile storage) the last valid time-stamp it has encountered. Note that our usage of the term “time-stamp” is not restricted to time, i.e., hours and minutes. It is meant to express (at appropriate granularity) issuance and expiration of both certificates (PKCs) and revocation information.
  • a tag 12 Before providing any information to the reader 10 , a tag 12 has to validate the reader's certificate (PKC). The verification process is as illustrated in FIG. 4 .
  • Step 1 Freshly powered-up DERT 12 receives the Certificate Revocation List (CRL) and the reader's Public Key Certificate (PKC) from reader 10 .
  • CRL Certificate Revocation List
  • PKC Public Key Certificate
  • CRLiss, CRLexp, PKCiss and PKCexp denote issuance and expiration times of CRL and PKC, respectively.
  • the last encountered valid time-stamp kept by DERT 12 is denoted as TagCurr.
  • Step 2 If either CRLexp or PKCexp is smaller than Tagcurr, or CRLiss ⁇ PKCexp, DERT 12 aborts.
  • Step 3 DERT 12 checks whether CRL includes the serial number of the reader certificate. If so, it aborts.
  • Step 4 DERT 12 checks the CA signatures of PKC and CRL. If either check fails, DERT 12 aborts.
  • Step 5 If CRLiss or PKCiss is more recent than the currently stored date, DERT 12 updates it to the more recent of the two.
  • Step 6 DERT 12 displays the lesser of: CRLexp and PKCexp. It then enters a countdown stage of fixed duration (e.g., 10 seconds).
  • Step 7 The user 14 decides whether the displayed time-stamp is in the future. If so, the user 14 presses DERT 12 accept button before the timer runs out, activation is detected and communication with the reader 10 continues at step 7 a. Otherwise, the user 14 does nothing: the timer runs out and DERT 12 automatically aborts the protocol or user 14 explicitly rejects reader 10 , if a reject button is available at step 7 b and the protocol aborts.
  • the secure device pairing protocol is illustrated as follows.
  • DERT 12 generates and displays a sufficiently long, e.g., 6-9 digit, pass code (in decimal). 2. The software interface on the other device prompts the user 14 to enter this pass code. 3. Using the (presumably common) pass code, DERT 12 and the second device run an authenticated key agreement protocol to establish a (stronger) common key and confirm its possession by both parties.

Abstract

A display enabled RFID tag (DERT) receives transaction details from the reader. DERT verifies that the details match their counterparts in the reader public key certificate. The process is aborted in case of a mismatch. DERT extracts and displays user-verifiable data. It then enters a countdown stage that lasts for a predetermined duration. A user observes the transaction information and, if the transaction amount and other details are deemed correct, presses an accept button provided on the DERT before the timer runs out. DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT.

Description

    RELATED APPLICATIONS
  • The present application is related to U.S. patent application Ser. No. 13/286,154, filed on Oct. 31, 2011, which is incorporated herein by reference and to which priority is claimed pursuant to 35 USC 120.
    • STATEMENT OF GOVERNMENT SUPPORT
  • This invention was made with government support under grant 0831526 awarded by the National Science Foundation. The government has certain rights in the invention.
    • BACKGROUND
  • 1. Field of the Technology
  • The disclosure relates to the field of methods of using RFID tags in secure transactions and communications.
  • 2. Description of the Prior Art
  • Recent emergence of RFID tags capable of performing public key operations has enabled some new applications in commerce (e.g., RFID-enabled credit cards) and security (e.g., ePassports and access control badges). While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particularly, when RFID tags are used for financial transactions or bearer identification. What is need is some kind of user-involved techniques for secure user-to-tag authentication, transaction verification, reader expiration & revocation checking, as well as association of RFID tags with other personal devices.
  • Radio Frequency Identification (RFID) is a wireless technology mainly used for identification of various types of objects, e.g. merchandize. An RFID tag is a purely passive device—it has no power source of its own. Information stored on an RFID tag can be read by a special device called an RFID reader, from some distance away and without requiring line-of-sight alignment (in contrast to barcodes). Although RFID technology was initially envisaged as a replacement for barcodes in supply chain and inventory management, its many advantages have greatly broadened the scope of possible applications. Current and emerging applications range from visible and personal (e.g., toll transponders, passports, credit cards, access badges, livestock/pet tracking devices) to stealthy tags in merchandize (e.g., clothes, pharmaceuticals and books/periodicals).
  • The costs and capabilities of RFID tags vary widely depending on the target application. At the high end of the spectrum are the tags used in e-Passports, electronic ID (e-ID) Cards, e-Licenses, and contactless payment instruments. Such applications involve relatively sophisticated tags each costing a few dollars. Even though they are powerful enough to perform sophisticated public key cryptographic operations, there remain security and privacy issues when these tags are used as a means of payment or owner/bearer identification.
  • User authentication is a fundamental problem that has received a great deal of attention in the security community, for several decades. Solutions range from simple modifications to the standard PIN/password entry techniques to schemes that require more complicated cognitive tasks from users. Authentication of users to passive devices (such as RFID tags) is a very recent issue. The first solution was proposed by Czeckis, et al. In it, users authenticate to an accelerometer-equipped RFID tag by moving or shaking it (or the wallet containing it) in a certain pattern. However, this method assumes that RFID tags are equipped with an accelerometer, and requires users to memorize movement patterns. Also, it is prone to passive observer attacks.
  • A similar technique called “PIN-Vibra” was suggested by Saxena, et al. for authenticating to an accelerometer-equipped RFID tags using a mobile phone. In it, a vibrating mobile phone is used to lock or unlock RFID tags. While the usability of PIN-Vibra seems promising, it has a some drawbacks: (1) high error rates—accelerometers on tags cannot perfectly decode PINs encoded in phone vibrations, (2) user's phone must be present and functional (e.g., not out of battery) whenever the tag has to be used, and (3) accelerometer-equipped RFID tags are relatively expensive and do not lend themselves to other applications that would help amortize their cost.
  • Current literature and systems that address the transaction verification and amount fraud problem use data mining, machine learning techniques, and out-of-band communication; most banks verify transactions via alternate communication mediums such as email or telephone. A complete survey of modern fraud detection techniques for Card Present (a.k.a, off-line) and Card not Present (a.k.a, on-line) transactions is due to Kou, et al.
  • Three popular prior art methods to verify the status of a public key certificate (PKC) are: Certificate Revocation Lists (CRLs), Online Certificate Status Protocol (OCSP) and Certificate Revocation System (CRS).
  • CRLs are signed lists of revoked certificates periodically published by certification or revocation authorities (CAs or RAs). Usage of CRLs is problematic in RFID systems as they require the tag to have a clock in order to determine whether a given CRL is sufficiently recent. The communication overhead can be quite high if the number of revoked entities is large.
  • OCSP is an online revocation checking method that reduces storage requirements for all parties involved, while providing timely revocation status information. Although well suited for large connected networks, it is a poor fit for RFID systems as it requires constant connectivity between readers and OCSP responders. Furthermore, the need for a two-round challenge-response protocol with OCSP responders may make it susceptible to adverse effects of network congestion and slow turnaround times.
  • CRS offers implicit, efficient, and compact proofs of certificate revocation. However, it is unworkable in the RFID context as it also requires verifiers (RFID tags) to have a clock. Despite much prior work in RFID security and certificate revocation, coupled with the fact that the problem had been spotted by researchers, little has been done to address reader PKC revocation and expiration checking problems. Only very recently, Nithyanand, et al. proposed a method that entails user involvement and DERT-s to determine PKC validity. Although this prior work includes a preliminary usability study, it used a mock-up implementation of DERT-s on mobile phones.
  • A number of device security association/pairing methods have been proposed over the last several years. They use various out-of-band (OOB) channels in the process of secure connection establishment, and as a result, yield different usability characteristics. However, because of the nature of very basic displays that can be integrated into RFID tags, only visual text-based methods are appropriate for DERT-s.
    • BRIEF SUMMARY
  • The development of the illustrated embodiment is based on two factors: (1) recent advances in hardware and manufacturing have made it possible to mass-produce inexpensive passive display-equipped RFID tags, and (2) high-end RFID tags used in financial transactions or identification are usually attended by a human user (owner). Our techniques rely on user involvement coupled with on-tag displays to achieve security. User acceptance is a crucial factor in this context.
  • RFID tags are commonly used as payment and transaction instruments (e.g., credit, debit, ATM and voting cards). In such settings, a reader can easily be maliciously used to mislead the tag into signing or authorizing a transaction different from the one that is communicated to, or intended by, the user. This is possible because there is no direct channel from a tag to its user (i.e., no secure user interface) on regular RFID tags and the only information a user gets (e.g., a receipt, or an amount displayed on the cash register) is under the control of a potentially malicious reader. Thus, it seems impossible for a user to verify (in real time) transaction details, e.g., the amount or the currency. This problem becomes especially important with current electronic credit cards.
  • The problem of malicious RFID readers and the more specific problem of transaction fraud has been largely ignored. Currently, receipts produced by readers (or devices that they are attached to) are the only verification proof users get at the time of transaction. However, as mentioned earlier this doesn't solve problem and arguably make it even worse by triggering false sense of trust.
  • In the case of credit cards, users usually get monthly statements or given access to online statements that list recent transactions. However, small amount frauds are very easy to miss on those statements since this information is available at least few days or more after the transaction and it is hard for users to remember and verify all those transactions listed on a statement.
  • Our approach to transaction amount verification is designed to work with any RFID-enabled payment instrument. Its primary goal is to provide simple, secure and usable transaction verification at a point-of-sale (PoS).
    • The Protocol
  • 1. Display enabled RFID tag (DERT) receives transaction details from the reader (seller/merchant).
    2. DERT verifies that the details (e.g., issuing bank, account number, etc.) match their counterparts in the reader public key certificate (PKC). Protocol is aborted in case of a mismatch.
    3. DERT extracts and displays user-verifiable data, i.e., the amount and, optionally, the currency code. It then enters a countdown stage that lasts for a predetermined duration (e.g., 10 seconds).
    4. User observes transaction information and, if the transaction amount and other details are deemed correct, presses an accept button provided on the DERT before the timer runs out. At this point, DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT.
  • However, if the user decides that transaction details are incorrect, the timer runs out (or the user presses the reject button, if one is available), the DERT automatically aborts the protocol.
  • Thus, what is disclosed is a method that allows users to verify the transaction details (e.g., the amount being charged) and explicitly approve them on RFID enabled payment and transaction instruments.
  • This solution takes a proactive approach (instead of reacting to fraudulent transactions after they occur) and doesn't allow any transactions to go through without user's approval of its details (e.g., the amount for a credit card transaction). It is also important that users verify transaction details at the time of the transaction in our solution (not few days later).
  • The illustrated embodiment can be used in many domains especially with RFID enabled payment instruments. Banks, credit card companies and companies producing equipment for RFID based voting systems will find the method useful.
  • More particularly, the illustrated embodiment includes a method for securing the communication of a wireless, interface-constrained device with a reader including the steps of: providing the wireless, interface-constrained device with a passive display, where the wireless, interface-constrained device is capable of generating a random number and is characterized by a personal identification number (PIN) having a predetermined number of numbers; generating the random number with the same length as the PIN; displaying the random number with the wireless, interface-constrained device; using a reader keypad to change the displayed random number on the wireless, interface-constrained device to the PIN; and performing a matching algorithm in the wireless, interface-constrained device, so that if the PIN was entered correctly, the wireless, interface-constrained device unlocks itself for communication with the reader, otherwise the wireless, interface-constrained device remains locked. By reason of this method a reliable user-to-tag authentication is performed using an RFID with constrained inputs.
  • The method further includes the step of masking all numbers displayed on the wireless, interface-constrained device except the one currently being modified to reduce vulnerability to spying.
  • In another embodiment the illustrated embodiment includes a method for securing the communication of a wireless, interface-constrained device with a reader including the steps of: providing the wireless, interface-constrained device with a timer, passive display and a user-controlled input; receiving transaction details in the wireless, interface-constrained device from the reader; verifying that the transaction details match their counterparts in the reader PKC, otherwise aborting communication in case of a mismatch; extracting and displaying selected user-verifiable data relating to the transaction; initiating a countdown for a predetermined duration; observing the selected extracted and displayed transaction information by a user and, if the selected extracted and displayed transaction information is deemed correct by the user, activating the user-controlled input before the countdown ends; aborting communication with the reader if the user deems that the selected extracted and displayed transaction information is incorrect, or if the countdown ends; detecting activation of the user-controlled input; automatically authorizing a time-stamped transaction statement to be sent to the reader if communication with the reader is allowed by the user; and completing the transaction through the reader if authorized. As a result a reliable transaction verification is performed in an RFID tag with constrained inputs.
  • In another embodiment the illustrated embodiment includes a method for securing the communication of a wireless, interface-constrained device with a reader including the steps of: providing the wireless, interface-constrained device with a timer, passive display and a user-controlled input; receiving in the wireless, interface-constrained device a Certificate Revocation List (CRL) and the reader's Public Key Certificate (PKC) from the reader;
  • if either CRLexp or PKCexp, where CRLexp and PKCexp are the expiration times of CRL and PKC, respectively, is smaller than Tagcurr, the last valid time-stamp encountered by the wireless, interface-constrained device, or if CRLiss PKCexp, where CRLiss is the issuance time of the CRL, aborting the communication with the reader; determining in the wireless, interface-constrained device whether the CRL from the reader includes the serial number of the reader certificate and if so, aborting the communication with the reader; checking in the wireless, interface-constrained device the Certificate Authority (CA) signatures of the PKC and CRL from the reader, and if either check fails, aborting the communication with the reader; If CRLiss or PKCiss is more recent than the currently stored date in the wireless, interface-constrained device, where PKCiss is the issuance time of the PKC, updating the stored date stored in the wireless, interface-constrained device to the more recent of CRLiss and PKCiss; displaying the lesser of CRLexp and PKCexp in the wireless, interface-constrained device and entering a countdown of fixed duration; deciding by means of user discernment whether the displayed time-stamp, namely the lesser of CRLexp and PKCexp, is in the future, and if so, activating the user-controlled input before the countdown ends; detecting activation of the user-controlled input; and allowing communication with the reader, otherwise automatically aborting communication with the reader if activation of the user-controlled input is not detected before the countdown ends or if the user otherwise activates a user-controlled rejection input.
  • In another embodiment the illustrated embodiment includes a method for securing the communication of a wireless, interface-constrained device including the steps of: providing the wireless, interface-constrained device with a passive display and capability of generating a random pass code for device pairing and running a secret based key agreement protocol; generating and displaying a pass code in wireless, interface-constrained device; prompting a user of a paired device to enter the pass code; and using the pass code to perform an authenticated key agreement protocol to establish a common key between the wireless, interface-constrained device and paired device and to confirm its possession by both the wireless, interface-constrained device and the paired device.
  • In another embodiment the illustrated embodiment includes a wireless, interface-constrained device adapted to communicate with a reader with a reader keypad including: a passive display; a random number generator; a memory for a personal identification number (PIN) having a predetermined number of numbers, the random number with the same length as the PIN; a circuit for communicating with the reader so that the displayed random number on the wireless, interface-constrained device can be changed to the PIN by use of the reader keypad; and a processor coupled to the display, random number generator, memory and circuit for communicating. The processor is provided for performing a matching algorithm, so that if the PIN is entered correctly, the wireless, interface-constrained device unlocks itself for further communication with the reader, otherwise the wireless, interface-constrained device remains locked. As a result a reliable user-to-tag authentication is performed in an RFID tag with constrained inputs.
  • In a further embodiment the processor is arranged and configured to mask all numbers displayed on the display except the one currently being modified to reduce vulnerability to spying.
  • In another embodiment the illustrated embodiment includes a wireless, interface-constrained device for securing communication with a reader with a Public Key Certificate (PKC) including: a timer; a passive display; a user-controlled input; a circuit for communicating with the reader for receiving transaction details from the reader; and a processor coupled to the timer, display, user-controlled input and the circuit for communicating. The processor is provided for verifying that the transaction details match their counterparts in the reader Public Key Certificate (PKC), otherwise aborting communication in case of a mismatch, for extracting and displaying selected user-verifiable data relating to the transaction. The timer initiates a countdown for a predetermined duration during which time a user observes the selected extracted and displayed transaction information and, if the selected extracted and displayed transaction information is deemed correct by the user, activates the user-controlled input before the countdown ends. The processor detects activation of the user-controlled input, aborts communication with the reader if the user deems that the selected extracted and displayed transaction information is incorrect, or if the countdown ends, otherwise the processor automatically authorizes a time-stamped transaction statement to be sent to the reader if communication with the reader is allowed by the user, and completes the transaction through the reader if authorized. As a result a reliable transaction verification is performed in an RFID tag with constrained inputs.
  • In another embodiment the illustrated embodiment includes a wireless, interface-constrained device for securing the communication with a reader including: a timer; a passive display; a user-controlled input; a circuit for communicating with the reader for receiving a Certificate Revocation List (CRL) and the reader's Public Key Certificate (PKC) from the reader; and a processor coupled to the timer, display, user-controlled input and the circuit for communicating. The processor is provided for aborting communication with the reader, if either CRLexp or PKCexp, where CRLexp and PKCexp are the expiration times of CRL and PKC, respectively, is smaller than Tagcurr, the last valid time-stamp encountered by the wireless, interface-constrained device, or if CRLiss≧PKCexp, where CRLiss is the issuance time of the CRL, for determining whether the CRL from the reader includes the serial number of the reader certificate and if so, aborting the communication with the reader, for checking the Certificate Authority (CA) signatures of the PKC and CRL from the reader, and if either check fails aborting the communication with the reader, for updating a stored date to a more recent of CRLiss and PKCiss, if CRLiss or PKCiss is more recent than the currently stored date, where PKCiss is the issuance time of the PKC, for displaying the lesser of CRLexp and PKCexp in the display and initiating a countdown by the timer of fixed duration. A user decides whether the displayed time-stamp, namely the lesser of CRLexp and PKCexp, is in the future, and if so activates the user-controlled input before the countdown by the timer ends. The processor detects activation of the user-controlled input and allows communication with the reader, otherwise automatically aborts communication with the reader if activation of the user-controlled input is not detected before the countdown by the timer ends.
  • An embodiment of the device further includes a user-controlled rejection input and where the processor aborts communication with the reader if the user activates the user-controlled rejection input.
  • In another embodiment the illustrated embodiment includes wireless, interface-constrained device adapted for communication with a paired device including: a passive display; a memory for storing a random pass code for device pairing; a circuit for communicating with the paired device; and a processor coupled to the display, the memory and the circuit for communicating. The processor is provided for running a secret based key agreement protocol, for generating and displaying a pass code in the display, for sending a prompt to a user of the paired device to enter the pass code, and for using the pass code to perform an authenticated key agreement protocol to establish a common key with paired device and to confirm possession of the pass code by both the wireless, interface-constrained device and the paired device.
  • The various embodiments may be combined one with the other in every possible logical combination to provide an RFID tag having the characteristics of the correspondingly combined embodiments.
  • While the apparatus and method has or will be described for the sake of grammatical fluidity with functional explanations, it is to be expressly understood that the claims, unless expressly formulated under 35 USC 112, are not to be construed as necessarily limited in any way by the construction of “means” or “steps” limitations, but are to be accorded the full scope of the meaning and equivalents of the definition provided by the claims under the judicial doctrine of equivalents, and in the case where the claims are expressly formulated under 35 USC 112 are to be accorded full statutory equivalents under 35 USC 112. The disclosure can be better visualized by turning now to the following drawings wherein like elements are referenced by like numerals.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a prior art NXP Display-Equipped RFID Tag (DERT) with two buttons.
  • FIG. 2 is a diagram illustrating a secure DERT to user authentication protocol.
  • FIG. 3 is a diagram illustrating the DERT enabled transaction verification protocol.
  • FIG. 4 is a diagram illustrating the reader certificate expiration or revocation verification protocol.
    •
  • The disclosure and its various embodiments can now be better understood by turning to the following detailed description of the preferred embodiments which are presented as illustrated examples of the embodiments defined in the claims. It is expressly understood that the embodiments as defined by the claims may be broader than the illustrated embodiments described below.
    • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • In this disclosure, we address four primary issues: user-to-tag authentication, transaction verification, reader revocation and expiration, and secure pairing of RFID tags.
    • User-to-Tag Authentication
  • In many use cases of RFID-based electronic payment and identification documents, authentication of the user to the tag 12 before disclosing any information is necessary to prevent leaks of valuable or private information. Current systems require trust in readers 10 for the purpose of authentication. For example, users must enter PIN-s into ATMs or Point-of-Sale (POS) terminals to authenticate themselves to the RFID tag 12 embedded into their ATM or credit card. However, this leaves users vulnerable to attacks, since secret PINs are being disclosed to third party readers 10, that are easy to hack and modify.
    • Transaction Verification
  • RFID tags 12 are commonly used as payment and transaction instruments (e.g., credit, debit, ATM and voting cards). In such settings, a malicious reader 10 can easily mislead the tag 12 into signing or authorizing a transaction different from the one that is communicated to, or intended by, the user. This is possible because there is no direct channel from a tag 12 to its user (i.e., no secure user interface) on regular RFID tags 12 and the only information a user gets (e.g., a receipt, or an amount displayed on the cash register) is under the control of a potentially malicious reader 10. Thus, it seems impossible for a user to verify (in real time) transaction details, e.g., the amount or the currency. This problem becomes especially important with current electronic credit cards.
    • Reader Revocation and Expiration
  • Any certificate-based Public Key Infrastructure (PKI) needs an effective expiration and revocation mechanism. Intuitively, certificate revocation in RFID systems should concern two entities: RFID tags 12 and RFID readers 10. The former only becomes relevant if each tag 12 has a “public key identity” and we claim that revocation of RFID tags 12 is a non-issue, since, once a tag 12 identifies itself to a reader 10, the latter can use any current revocation status checking method. In contrast, expiration and revocation of reader certificates is a challenging problem in any public key-enabled RFID system. This is because RFID tags 12, being powerless passive devices, cannot maintain a clock. In other words, an RFID tag 12 (on its own) has no means of verifying whether a given certificate has expired or whether any revocation information is recent.
    • Secure Pairing of RFID Tags
  • Current high-end RFID tag 12 cannot establish a secure ad-hoc communication channel to another device, unless the latter is part of the same RFID infrastructure (i.e., an authorized reader 10). Establishing such a channel might be important as it would give tag 12 owner the ability to manage its tag 12. Previously proposed secure device pairing solutions require an auxiliary communication channel to authenticate devices and establish a secure communication channel. However, until now, RFID tags 12 lacked any human interfaces and thus could not be paired with other devices using current methods. Display-equipped RFID tags 12 open a new chapter in RFID security and give users more control over their tags 12, e.g., using an NFC-capable personal device (such as a smart-phone), a user can change settings on a personal RFID tag 12.
  • The gist of the illustrated embodiment involves taking advantage of recently developed technology that allows high-end RFID tags 12 to be equipped with a small passive display. We refer to such tags 12 as Display-Equipped RFID Tags 12 or DERT-s.
  • As shown in the rest of this disclosure, carefully designed user interaction with personal DERT-s can yield solutions to aforementioned problems. We present several simple techniques and conduct a thorough study to assess their usability factors. One of the key motivating factors for our work is the fact that DERT-s, such as the one manufactured by NXP Semiconductors (shown in FIG. 1), are already being produced and are available on the market. Moreover, they cost only a few dollars (or Euros) more than their display-less counterparts.
  • In this disclosure, we use DERT-s to design a very simple solution that permits user-aided verification and fully mitigates amount (and currency) fraud for Card Present transactions. To the best of our knowledge, this is the first work that offers a real solution and provides a comprehensive analysis of its usability. The secure user-to-tag authentication solution described and tested in this disclosure is to be compared to that of Abadi, et al.'s proposal for authentication on smartcards, where a displayed random number is modified by a user to match a PIN.
  • In this disclosure, we adopt a copy pairing technique, one device chooses a passkey and displays it to the user and the user is asked to type the displayed value into the second device. The devices automatically run a shared secret authentication protocol which succeeds or fails depending on the user's ability to copy the passkey correctly into the second device and depending on the presence of an active attacker.
  • All methods described below share the following general assumptions: 1. Tags 12 are owned and operated by individuals (users/owners) who understand their roles in each context. 2. Tags 12 are powerful enough to perform public key operations (at least signature verification). 3. Tags 12 are equipped with a one-line alpha-numeric display (OLED or eDisclosure) capable of showing at least 8 characters. 4. Tags 12 can maintain simple counters or timers while powered by a reader 10. 5. Each tag 12 has a programmable button. These parameters are not intended to restrict the scope of the invention, but only to provide a context in which the illustrated embodiment can be understood. Many other and different parameters values and features can be adopted in the claimed invention without departing from its scope and spirit.
  • Consider first user-to-tag authentication. The illustrated user authentication method is designed for DERT-s but can be used on any wireless, interface-constrained device. We make three additional assumptions:—Tags 12 are capable of generating short (i.e., 4-6 decimal digits) random numbers.—Users have access to a possibly untrusted keypad (or keyboard) with cursor keys. The keypad can be part of (or be connected to) the reader 10.—Tags 12 always clear and reset their displays after authentication completes. We use NXP tags 12 with two buttons in our usability tests, however, one of the button actions can be always substituted with a timeout.
  • Turn now to the utilized protocol in the illustrated embodiment as depicted in the diagram of FIG. 2. In order to unlock a tag 12 for a transaction (e.g., a credit card at a store, a cash card at an ATM, or an e-passport at a hotel), the user needs to be authenticated by proving knowledge of a secret, such as a PIN. The following method allows user-to-tag authentication without requiring any buttons/keys on the tag 12. Moreover, the PIN is protected from potentially malicious (and certainly untrusted) readers 10.
  • Step 1. Powered by the reader 10, DERT generates a one-time random number of the same length as the PIN. DERT proceeds to display this random number.
    Step 2. User operates the cursor keys (↑ ↓ ← →) on the reader keypad to basically change this random number on the DERT into his/her PIN. This is done digit by digit. For example, if the random number displayed by DERT is “5723” and the users PIN is “1296”, the necessary sequence of key presses namely: 1) press ↓ 4 times to change 5 to 1, press → once to go to the next digit; 2) press ↓ 5 times to change 7 to 2, press → once to go to the next digit; 3) press ↑ 7 times to change 2 to 9, press → once to go to the next digit; and 4) press ↑ 3 times to change 3 to 6, followed by Confirm. For each user key-press, the reader 10 sends a corresponding message to the tag 12 detailing the key-press, thereby prompting the tag 12 to update its display.
    Step 3. On each key press send a unique message to the tag 12 from reader 10.
    Step. 4. Refresh the tag display after each key press message is received.
    Step 5. Upon receipt of the Confirm message, run an internal matching algorithm in tag 12. If the PIN was entered correctly, DERT unlocks itself for a transaction to receive all message formats. Otherwise tag 12 remains locked.
  • Note that this method's security is based on several factors. The first is our assumption about the DERT's ability to generate quality, true or nearly true random numbers. The second security requirement is that the user must alternate ↑ and ↓ movements between digits. In other words, if only ↓ key is used for small, i.e., <“5”, PIN digits (instead of sometimes going past “9” to reach it), or vice versa for large digits; such a pattern may leak information about the PIN in the long run after repetitive executions of the protocol with a given PIN with the same reader 10. If there is a concern about such leaks, they can easily be prevented by allowing only one of ↓ or ↑ keys to be used when modifying the digits.
  • Consider now what is a called a shoulder surfing-resistant variant of the protocol. A shoulder surfing attack involves the adversary somehow observing user's actions to obtain critical information (e.g., PIN entered into an ATM). Such attacks techniques range from simply looking over the users shoulder, or using a camera to observe the victim. They are simple to launch and effective in public areas where large crowds or long queues are likely to occur. By applying a simple modification of masking all digits except the one being modified, it is easy to make the above listed protocol shoulder surfing-resistant. (It does not become shoulder surfing-proof, however). We tested both flavors of this protocol and using the letter ‘n’ as the masking character.
  • Turn to the issue of transaction verification of FIG. 3. In the illustrated embodiment transaction amount verification is designed to work with any RFID enabled payment instrument. Its primary goal is to provide simple, secure and usable transaction verification at a Point-of-Sale (PoS). The following additional assumption is necessary:—The user has access to either printed or digital (e.g., displayed on the cash register) receipt for the transactions to be verified.
  • The transaction verification protocol in FIG. 3 is as follows:
  • Step 1. DERT 12 receives transaction details from the reader 10 (seller/merchant).
    Step 2. DERT 12 verifies that the details (e.g., issuing bank, account number, etc.) match their counterparts in the reader PKC. The protocol is aborted in case of a mismatch.
    Step 3. DERT 12 extracts and displays user-verifiable data, i.e., the amount and, optionally, the currency code. It then enters a countdown stage that lasts for a predetermined duration (e.g., 10 seconds).
    Step 4. The user observes transaction information and, if the transaction amount and other details are deemed correct, in step 4 a presses accept button on DERT 12 before the timer runs out. However, if the user decides that transaction details are incorrect, the timer runs out (or the user presses the reject button, if one is available) and DERT 12 automatically aborts the protocol at step 4 b.
    Step 5. If there is acceptance the activation of the accept button is detected.
    Step 6. DERT 12 signs the time-stamped transaction statement and sends it to the reader 10. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT 12.
  • Consider reader revocation status checking of FIG. 4. In the illustrated embodiment reader certificate expiration and revocation checking is aimed at personal RFID tags 12—such as ePassports, e-licences or credit/debit cards—when used in places where trust is not implicit. For example, trust in readers 10 might be implicit in international airports (immigration halls) or official border crossings. Whereas, it is not implicit in many other locations, such as car rental agencies, hotels, flea-markets or duty-free shops. This approach entails the following additional assumptions:—Tags 12 are aware of the identity and public key of the system-wide trusted Certificate Authority (CA). In other words, all tags and readers are subsumed by a system-wide Public Key Infrastructure (PKI).—The CA is assumed to be infallible: anything signed by the CA is guaranteed to be genuine and error-free.—The CA periodically (at fixed intervals) issues an updated revocation structure, such as a CRL.—All tags 12 are aware of the periodicity of issuance of the revocation information and thus can determine expiration time of the revocation structure by simply consulting its issuance time-stamp.—A tag 12 can retain (in local non-volatile storage) the last valid time-stamp it has encountered. Note that our usage of the term “time-stamp” is not restricted to time, i.e., hours and minutes. It is meant to express (at appropriate granularity) issuance and expiration of both certificates (PKCs) and revocation information.
  • Turn now to the reader revocation status checking protocol. Before providing any information to the reader 10, a tag 12 has to validate the reader's certificate (PKC). The verification process is as illustrated in FIG. 4.
  • Step 1. Freshly powered-up DERT 12 receives the Certificate Revocation List (CRL) and the reader's Public Key Certificate (PKC) from reader 10. Let CRLiss, CRLexp, PKCiss and PKCexp denote issuance and expiration times of CRL and PKC, respectively. The last encountered valid time-stamp kept by DERT 12 is denoted as TagCurr.
  • Step 2. If either CRLexp or PKCexp is smaller than Tagcurr, or CRLiss≧PKCexp, DERT 12 aborts.
  • Step 3. DERT 12 checks whether CRL includes the serial number of the reader certificate. If so, it aborts.
  • Step 4. DERT 12 checks the CA signatures of PKC and CRL. If either check fails, DERT 12 aborts.
  • Step 5. If CRLiss or PKCiss is more recent than the currently stored date, DERT 12 updates it to the more recent of the two.
  • Step 6. DERT 12 displays the lesser of: CRLexp and PKCexp. It then enters a countdown stage of fixed duration (e.g., 10 seconds).
  • Step 7. The user 14 decides whether the displayed time-stamp is in the future. If so, the user 14 presses DERT 12 accept button before the timer runs out, activation is detected and communication with the reader 10 continues at step 7 a. Otherwise, the user 14 does nothing: the timer runs out and DERT 12 automatically aborts the protocol or user 14 explicitly rejects reader 10, if a reject button is available at step 7 b and the protocol aborts.
  • Note that we use the term CRL above to denote a generic revocation structure. In fact, the most appropriate (constant-length) revocation structure for DERT 12 applications is the so-called “mini-CRL”. In this disclosure, we remain agnostic in this respect since revocation structure details are not germane to usability.
  • Consider now secure device pairing. Our protocol for bootstrapping a secure communication channel between (i.e., pairing) DERTs 12 and more powerful computing devices—such as laptops or cell-phones—is based on the “Copy” pairing technique described above. This technique entails the following additional assumption:—DERT 12 can generate short random pass codes for the purpose of device pairing and can run secret based key agreement protocols.
  • The secure device pairing protocol is illustrated as follows.
  • 1. DERT 12 generates and displays a sufficiently long, e.g., 6-9 digit, pass code (in decimal).
    2. The software interface on the other device prompts the user 14 to enter this pass code.
    3. Using the (presumably common) pass code, DERT 12 and the second device run an authenticated key agreement protocol to establish a (stronger) common key and confirm its possession by both parties.
  • The words used in this specification to describe the various embodiments are to be understood not only in the sense of their commonly defined meanings, but to include by special definition in this specification structure, material or acts beyond the scope of the commonly defined meanings. Thus if an element can be understood in the context of this specification as including more than one meaning, then its use in a claim must be understood as being generic to all possible meanings supported by the specification and by the word itself.
  • The definitions of the words or elements of the following claims are, therefore, defined in this specification to include not only the combination of elements which are literally set forth, but all equivalent structure, material or acts for performing substantially the same function in substantially the same way to obtain substantially the same result. In this sense it is therefore contemplated that an equivalent substitution of two or more elements may be made for any one of the elements in the claims below or that a single element may be substituted for two or more elements in a claim. Although elements may be described above as acting in certain combinations and even initially claimed as such, it is to be expressly understood that one or more elements from a claimed combination can in some cases be excised from the combination and that the claimed combination may be directed to a subcombination or variation of a subcombination.
  • Insubstantial changes from the claimed subject matter as viewed by a person with ordinary skill in the art, now known or later devised, are expressly contemplated as being equivalently within the scope of the claims. Therefore, obvious substitutions now or later known to one with ordinary skill in the art are defined to be within the scope of the defined elements.
  • The claims are thus to be understood to include what is specifically illustrated and described above, what is conceptionally equivalent, what can be obviously substituted and also what essentially incorporates the essential idea of the embodiments.

Claims (2)

We claim:
1. A method for securing the communication of a wireless, interface-constrained device comprising:
providing the wireless, interface-constrained device with a passive display and capability of generating a random pass code for device pairing and running a secret based key agreement protocol;
generating and displaying a pass code in wireless, interface-constrained device;
prompting a user of a paired device to enter the pass code; and
using the pass code to perform an authenticated key agreement protocol to establish a common key between the wireless, interface-constrained device and paired device and to confirm its possession by both the wireless, interface-constrained device and the paired device.
2. A wireless, interface-constrained device adapted for communication with a paired device comprising:
a passive display;
a memory for storing a random pass code for device pairing;
a circuit for communicating with the paired device; and
a processor coupled to the display, the memory and the circuit for communicating, the processor for running a secret based key agreement protocol, for generating and displaying a pass code in the display, for sending a prompt to a user of the paired device to enter the pass code, and for using the pass code to perform an authenticated key agreement protocol to establish a common key with paired device and to confirm possession of the pass code by both the wireless, interface-constrained device and the paired device.
US13/782,827 2010-11-09 2013-03-01 Transaction Verification on RFID Enabled Payment and Transaction Instruments Abandoned US20130179686A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/782,827 US20130179686A1 (en) 2010-11-09 2013-03-01 Transaction Verification on RFID Enabled Payment and Transaction Instruments

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US41171810P 2010-11-09 2010-11-09
US13/286,154 US20120130905A1 (en) 2010-11-09 2011-10-31 Transaction verification on rfid enabled payment and transaction instruments
US13/782,827 US20130179686A1 (en) 2010-11-09 2013-03-01 Transaction Verification on RFID Enabled Payment and Transaction Instruments

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/286,154 Division US20120130905A1 (en) 2010-11-09 2011-10-31 Transaction verification on rfid enabled payment and transaction instruments

Publications (1)

Publication Number Publication Date
US20130179686A1 true US20130179686A1 (en) 2013-07-11

Family

ID=46065274

Family Applications (3)

Application Number Title Priority Date Filing Date
US13/286,154 Abandoned US20120130905A1 (en) 2010-11-09 2011-10-31 Transaction verification on rfid enabled payment and transaction instruments
US13/782,827 Abandoned US20130179686A1 (en) 2010-11-09 2013-03-01 Transaction Verification on RFID Enabled Payment and Transaction Instruments
US13/782,764 Active 2033-10-08 US9443240B2 (en) 2010-11-09 2013-03-01 Transaction verification on RFID enabled payment and transaction instruments

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/286,154 Abandoned US20120130905A1 (en) 2010-11-09 2011-10-31 Transaction verification on rfid enabled payment and transaction instruments

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/782,764 Active 2033-10-08 US9443240B2 (en) 2010-11-09 2013-03-01 Transaction verification on RFID enabled payment and transaction instruments

Country Status (1)

Country Link
US (3) US20120130905A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130152176A1 (en) * 2011-12-09 2013-06-13 Sean Alexander Courtney Secure authentication
US20130179349A1 (en) * 2010-11-09 2013-07-11 The Regents Of The University Of California Transaction Verification on RFID Enabled Payment and Transaction Instruments
US20130226795A1 (en) * 2012-02-29 2013-08-29 Gregory S. Hopper Vehicle immobilizing devices, systems, and methods
CN106549906A (en) * 2015-09-17 2017-03-29 中兴通讯股份有限公司 Realize method, terminal and the network side element of end-to-end call encryption

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150254483A1 (en) * 2005-02-07 2015-09-10 Steven Michael Colby RFID Sensor
US11270182B2 (en) * 2005-02-07 2022-03-08 Mynette Technologies, Inc. RFID financial device including mechanical switch
US20120223818A1 (en) * 2011-03-03 2012-09-06 Sino Matrix Technology, Inc. Data random selection device
US8800004B2 (en) * 2012-03-21 2014-08-05 Gary Martin SHANNON Computerized authorization system and method
US9536100B2 (en) * 2012-04-16 2017-01-03 Intel Corporation Scalable secure execution
EP2674888A1 (en) * 2012-06-13 2013-12-18 Gemalto SA System and method for validating a user of an account using a token
US9565173B2 (en) * 2013-03-26 2017-02-07 Xerox Corporation Systems and methods for establishing trusted, secure communications from a mobile device to a multi-function device
WO2015144971A1 (en) * 2014-03-27 2015-10-01 Nokia Technologies Oy Method and apparatus for automatic inter-device authorisation
CN106778397B (en) * 2016-11-15 2019-06-28 武汉瑞纳捷电子技术有限公司 A kind of control device and control method for arresting rate for improving active card
WO2018187596A1 (en) * 2017-04-06 2018-10-11 Walmart Apollo, Llc Authentication system using nfc tags
US11301554B2 (en) * 2018-03-13 2022-04-12 Ethernom, Inc. Secure tamper resistant smart card
US11769577B1 (en) 2020-01-15 2023-09-26 Ledgerdomain Inc. Decentralized identity authentication framework for distributed data
US11245691B1 (en) 2020-01-15 2022-02-08 Ledgerdomain Inc. Secure messaging in a blockchain network
CN114982197B (en) * 2020-04-16 2024-04-02 深圳市欢太科技有限公司 Authentication method, system and storage medium
US11848754B1 (en) 2022-11-07 2023-12-19 Ledgerdomain Inc. Access delegation leveraging private keys on keystores read by provisioned devices
US11741215B1 (en) 2022-11-07 2023-08-29 Ledgerdomain Inc. Recipient credentialing leveraging private keys on keystores read by provisioned devices
US11736290B1 (en) 2022-11-07 2023-08-22 Ledgerdomain Inc. Management of recipient credentials leveraging private keys on keystores read by provisioned devices
US11741216B1 (en) * 2022-11-07 2023-08-29 Ledgerdomain Inc. Credential revocation leveraging private keys on keystores read by provisioned devices

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5777903A (en) * 1996-01-22 1998-07-07 Motorola, Inc. Solar cell powered smart card with integrated display and interface keypad
US6834294B1 (en) * 1999-11-10 2004-12-21 Screenboard Technologies Inc. Methods and systems for providing and displaying information on a keyboard
US20060120616A1 (en) * 2004-11-15 2006-06-08 Konica Minolta Business Technologies, Inc. Equipment and image forming system
US20080294902A1 (en) * 2007-01-24 2008-11-27 Feitian Technologies Co., Ltd. Method and system for improving security of the key device
US7624433B1 (en) * 2005-02-24 2009-11-24 Intuit Inc. Keyfob for use with multiple authentication entities

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7127088B1 (en) * 1999-07-19 2006-10-24 Mandylion Research Labs, Llc Method of authenticating proper access to secured site and device for implementation thereof
US20040182921A1 (en) * 2000-05-09 2004-09-23 Dickson Timothy E. Card reader module with account encryption
US7597250B2 (en) * 2003-11-17 2009-10-06 Dpd Patent Trust Ltd. RFID reader with multiple interfaces
US7533047B2 (en) * 2005-05-03 2009-05-12 International Business Machines Corporation Method and system for securing card payment transactions using a mobile communication device
BRPI0520722B1 (en) * 2005-11-30 2018-12-26 Telecom Italia Spa method for automatically providing a communication terminal with service access credentials for accessing an online service, system for automatically providing a communication terminal adapted for use on a communications network, service access credentials for accessing a service online, online service provider, and communication terminal.
US8219826B2 (en) * 2008-09-04 2012-07-10 Total System Services, Inc. Secure pin character retrieval and setting
US20120130905A1 (en) * 2010-11-09 2012-05-24 The Regents Of The University Of California Transaction verification on rfid enabled payment and transaction instruments

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5777903A (en) * 1996-01-22 1998-07-07 Motorola, Inc. Solar cell powered smart card with integrated display and interface keypad
US6834294B1 (en) * 1999-11-10 2004-12-21 Screenboard Technologies Inc. Methods and systems for providing and displaying information on a keyboard
US20060120616A1 (en) * 2004-11-15 2006-06-08 Konica Minolta Business Technologies, Inc. Equipment and image forming system
US7624433B1 (en) * 2005-02-24 2009-11-24 Intuit Inc. Keyfob for use with multiple authentication entities
US20080294902A1 (en) * 2007-01-24 2008-11-27 Feitian Technologies Co., Ltd. Method and system for improving security of the key device

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130179349A1 (en) * 2010-11-09 2013-07-11 The Regents Of The University Of California Transaction Verification on RFID Enabled Payment and Transaction Instruments
US9443240B2 (en) * 2010-11-09 2016-09-13 The Regents Of The University Of California Transaction verification on RFID enabled payment and transaction instruments
US20130152176A1 (en) * 2011-12-09 2013-06-13 Sean Alexander Courtney Secure authentication
US8701166B2 (en) * 2011-12-09 2014-04-15 Blackberry Limited Secure authentication
US20130226795A1 (en) * 2012-02-29 2013-08-29 Gregory S. Hopper Vehicle immobilizing devices, systems, and methods
US9156436B2 (en) * 2012-02-29 2015-10-13 Pra Group, Inc. Vehicle immobilizing devices, systems, and methods
CN106549906A (en) * 2015-09-17 2017-03-29 中兴通讯股份有限公司 Realize method, terminal and the network side element of end-to-end call encryption

Also Published As

Publication number Publication date
US9443240B2 (en) 2016-09-13
US20120130905A1 (en) 2012-05-24
US20130179349A1 (en) 2013-07-11

Similar Documents

Publication Publication Date Title
US9443240B2 (en) Transaction verification on RFID enabled payment and transaction instruments
US11720943B2 (en) Trusted remote attestation agent (TRAA)
US20210226798A1 (en) Authentication in ubiquitous environment
US10560444B2 (en) Methods, apparatuses and systems for providing user authentication
US9674705B2 (en) Method and system for secure peer-to-peer mobile communications
US10120993B2 (en) Secure identity binding (SIB)
US10607211B2 (en) Method for authenticating a user to a machine
CA2639662C (en) System and method for sensitive data field hashing
US7693797B2 (en) Transaction and payment system security remote authentication/validation of transactions from a transaction provider
US20090307140A1 (en) Mobile device over-the-air (ota) registration and point-of-sale (pos) payment
AU2010204732B2 (en) Secure remote authentication through an untrusted network
JP2015511336A (en) ID authentication
Mahansaria et al. Secure authentication for ATM transactions using NFC technology
CN109496405B (en) Multi-device authentication method and system using cryptographic techniques
CN114365449A (en) Preset method and system with message conversion
US20230062507A1 (en) User authentication at access control server using mobile device
Nithyanand et al. Readers behaving badly: Reader revocation in PKI-based RFID systems
US20190325427A1 (en) Contactless device and method for generating a unique temporary code
Kobsa et al. Can Jannie verify? Usability of display-equipped RFID tags for security purposes
Kobsa et al. Usability of display-equipped rfid tags for security purposes
Madlmayr et al. Secure communication between web browsers and NFC targets by the example of an e-ticketing system

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION