[go: up one dir, main page]

GB2571310A - Security of contactless cards - Google Patents

Security of contactless cards Download PDF

Info

Publication number
GB2571310A
GB2571310A GB1802957.9A GB201802957A GB2571310A GB 2571310 A GB2571310 A GB 2571310A GB 201802957 A GB201802957 A GB 201802957A GB 2571310 A GB2571310 A GB 2571310A
Authority
GB
United Kingdom
Prior art keywords
user
card
response
action
prompt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1802957.9A
Other versions
GB2571310B (en
GB201802957D0 (en
Inventor
Meers Jason
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Equinox Card Ltd
Original Assignee
Equinox Card Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Equinox Card Ltd filed Critical Equinox Card Ltd
Priority to GB1802957.9A priority Critical patent/GB2571310B/en
Publication of GB201802957D0 publication Critical patent/GB201802957D0/en
Priority to PCT/GB2019/050476 priority patent/WO2019162674A1/en
Priority to EP19710470.6A priority patent/EP3756136A1/en
Priority to US16/971,588 priority patent/US20200387765A1/en
Publication of GB2571310A publication Critical patent/GB2571310A/en
Application granted granted Critical
Publication of GB2571310B publication Critical patent/GB2571310B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/0893Details of the card reader the card reader reading the card in a contactless manner
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0723Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • G06K19/07345Means for preventing undesired reading or writing from or onto record carriers by activating or deactivating at least a part of the circuit on the record carrier, e.g. ON/OFF switches
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/204Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/352Contactless payments by cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

A method of authorizing an action comprises presenting a contactless card 5, such as a debit or credit card, having a plurality of user-actuable switches 52 to a reader having a user interface 21 to establish data exchange therebetween. A prompt 58 is provided through the user interface for the user to provide a response using the user-actuable switches. The action is subsequently authorized or not authorized on the basis of the user response, or data derived therefrom. The action may be a financial transaction or a purchase at a point of sale. The contactless card may comprise two to ten user-actuable switches. The prompt may include a letter, number or other symbol or character, or an audible or tactile stimulus, representing at least one switch to be actuated by the user to authorize the action. The user may be required to provide two or more temporally separated responses to authorise the action. Data carried by the card may only be able to be read following a successful challenge and user response. The data supplied by the card may be encrypted.

Description

SECURITY OF CONTACTLESS CARDS
The present invention is concerned with contactless cards and with security measures implemented in such devices.
The term contactless as used herein in relation to a card or other form of electronic tag implies that data carried by the card is able to be read through a wireless interface. Known contactless cards may be interrogated through close proximity inductive coupling and/or through propagating electromagnetic waves, and the term contactless card must be understood to encompass, without limitation, both or either of these possibilities. Protocols used for transmission of data in this context at the time of writing include the near-field communication (NFC) protocol and other protocols applied in relation to radio-frequency identification (RFID) but the term contactless does not - as used herein - refer to any specific communications protocol. Some contactless cards do have electrical contacts which provide an alternative means of reading data from the card. At the time of writing contactless payment cards commonly have two interfaces - a contactless interface and a set of contacts for making a direct electrical connection to a reader. These are nonetheless contactless in the relevant sense that data carried by the card is able to be read through a wireless interface.
Contactless cards are widely used for a variety of purposes. Importantly, many payment cards issued by banks, credit card companies and other financial institutions have a contactless interface for use at a point of sale, for purposes including authorisation of the transfer of funds. This is highly convenient for the purchaser, who can effect payment merely by presenting a card to a reader at the point of sale. Other applications of contactless cards include:
access management, where access barriers such as turnstiles or doors have a reader and a user is required to present a suitable card to obtain access. Hotel room keys provide one example;
verification of identity, where a bearer of a contactless card is taken to be the person identified by data on the card;
verification of attendance - some institutions of learning, for example, use contactless cards to verify students' attendance at lessons, seminars etc.;
access to resources, such as public transport, bike rentals etc.
This is far from being an exhaustive list.
It will be apparent that if a malfeasor is able to obtain unauthorised access to data from a contactless card, that data may be put to a variety of illegitimate uses. In the case of payment cards, this misappropriated data may be used to steal money from a financial account. A cloned hotel key card bearing the misappropriated data may be used for a burglary. The malfeasor may use such data to access confidential data intended for the bearer of the card, and so on.
Whereas contact-based interfaces can be interrogated only if access is available to the card itself, contactless cards suffer from the fundamental vulnerability that they can be interrogated remotely. Hence subject to whatever security precautions are taken, there is the possibility of a malfeasor reading the card without having direct physical access to it. An individual with a suitable reader may for example collect card data in a public place from passers-by.
Barring the use of suitable security measures, the technical and practical barriers to this type of abuse are not large. Cards' wireless interfaces typically conform to publicly available standards. The ISO/IEC 7816 standard which is widely adopted in relation to payment cards at the time of writing is also implemented for example in door-entry systems, car park barriers, hotel room locks, gymnasia, electricity and gas meters. The know-how required to interrogate cards using these standards is widely available, as is the hardware. One existing range of card chips and readers is sold at the time of writing under the trade mark MIFARE, owned by NXP Semiconductors, who state that 150 million readers have been sold. The contactless cards issued by financial institutions to make transactions do have a slightly different level of security from the cards used in hotels and transport networks, requiring additional vendor specific steps to translate received data into human readable form, but the additional security provided thereby is minimal. The information needed to extract customer and account information from a contactless payment card can be found in the public EMV standard which was originally developed by Mastercard (RTM) and Visa (RTM) in the early nineties.
Devices exist within the criminal fraternity that can harvest data from contactless payment cards at a rate of approximately 15 cards per second, and that remain undetectable by the typical card holder. But specialist equipment is not required. Many modern smartphones and tablets contain RFID/NFC readers, so that a standard device with a suitable application can be used to collect data from contactless cards. Applications can even be downloaded from mainstream app stores that are capable of reading data from contactless cards.
As to the range over which information can be misappropriated, a typical payment card operating in the 13.56 MHz range needs to be placed within a few centimetres of a legitimate reader for data to be exchanged. But it is also possible to read these cards from over a metre away with the correct equipment, and from a much larger distance using a specialised antenna and related circuitry. Other frequencies may be used. For instance some standards use 125KHz.
So for example where contactless cards are carried in public by users in coat pockets, trouser pockets or non-shielded wallets and purses there is a risk that data from the cards may be misappropriated. Fraudsters may use handheld readers for the purpose in crowded areas such as lifts (elevators), escalators, turnstiles, public transport and so on.
Fraud in relation to contactless cards is a real and current source of concern to consumers and to institutions using the technology.
Various security measures are available in this context.
One precaution that the user can take is to provide the card with a shield which blocks the signals used to exchange data. The card is placed in the shield when not in use and is intended to be removed from it only for use, e.g. at a point of sale. The shield may take the form of a sleeve to receive and surround the card. An electrically conductive layer can provide shielding, functioning in the manner of a Faraday cage. Wallets and purses claimed to screen radio frequency transmissions are commercially available. Shields provide an incomplete solution however. From the point of view of the institution issuing the card, the fact that not all users have adopted use of shields leaves them at risk. From the point of view of the end user, to be effective, a shield relies on that user manually taking the card out of the shield for use, and then returning it to the shield after use. This is potentially inconvenient for the user and there is the possibility that the card will not be returned to the shield after use, leaving it vulnerable.
US2013015955A (Verizon Patent and Licensing Inc. et al) discloses an RFID tag which may take the form of a credit card and which has a switch which is actuable by a user to change the tag from a first state in which it is not able to be activated by a carrier signal and a second state in which it is able to be activated by the carrier signal. In this way the card is disabled unless the user activates it by means of the switch. Other patent cases disclosing tags or cards whose interface is able to be activated using a switch are WO11067428A1 (Servicios Para Medios De Pago etal), US2003132301A (Massachusetts Institute of Technology), US2008011859A (Simon Phillips), US2006266831 (Douglas Kozlay), US8052052B (Intuit Inc.) and US7994920B (International Business Machines). In all these examples the card is reversibly activated/deactivated by some transient user input such as the application/withdrawal of a fingertip.
According to a first aspect of the present invention there is a method of authorising an action, the method comprising:
providing a user with a contactless card having a plurality of user-actuable switches;
providing a reader for contactlessly reading the card, the reader having a user interface;
presenting the card to the reader to establish data exchange between them;
providing a prompt through the user interface for the user to provide a response using the card's user-actuable switches;
receiving the user's response, which is made using the card's user-actuable switches; and authorising or not authorising the action based on the user's response.
Specific embodiments of the present invention will now be described, by way of example only, with reference to the accompanying drawings, in which:Figure 1 depicts the exterior of a typical contactless payment card, viewed from the front;
Figure 2 represents depicts the exterior ofthe same card, viewed from the rear;
Figure 3 is a simplified depiction of an interaction between a contactless payment card and a reader used to interrogate the card;
Figure 4 is a highly schematic representation of functional components of the circuitry of a contactless card;
Figure 5 shows a front view of a contactless card embodying the present invention;
Figure 6 shows a front view of a further contactless card embodying the present invention, along with a user interface of a card reader;
Figure 7 shows a front view of a still a further contactless card embodying the present invention, along with the user interface of the card reader;
Figure 8 shows a front view of yet a further contactless card embodying the present invention, along with a user interface of a card reader; and
Figure 9 shows a front view of yet a further contactless card embodying the present invention, along with a user interface of a card reader.
Figures 1 and 2 depict a conventional contactless payment card 10 conforming to industry standards ISO/IEC 7816 and ISO/IEC 14443. The card carries visual data including an embossed 16 digit card number 12. Other human-readable visual data printed on a typical card is omitted for the sake of simplicity. This example card 10 is able to be electronically interrogated through any of three different devices:
a contact chip 14 having multiple exposed electrical contacts conforming to the EMV standard, often referred to by the names Chip and Pin or Chip and Signature, according to the method of authentication employed by the card issuer. To use this interface the card is normally inserted into a reader which makes physical connections to the contacts to interrogate the contact chip;
a contactless interface housed within the card, whose components are formed by an inner layer of the card not visible from its exterior and whose presence is indicated by a logo 16 on the card; and a magnetic strip 18 on the rear of the card, which is provided for the sake of backwards compatibility, being used in older point of sale devices.
The rear of the card also carries visible alphanumeric characters 19 representing a CVV or CVV2 code, which is used in some online and telephone transactions, and a signature strip 21.
In a contactless interaction the card 10 is read by a remote reader 20 (Figure 3) which may for example be a point of sale device used to authorise a financial transaction. A modern point of sale device typically interacts with the user through a user interface which includes a screen 21 capable of displaying prompts for the user to take actions, and other information. The reader need not be in physical contact with the card 10. The reader 20 interrogates the card through an interrogating electromagnetic field 22. In response the card 10 transmits data to the reader 20 through a suitably modulated data transmission electromagnetic field 24.
Figure 4 is a highly simplified representation of the architecture of the electronics of the card 10 as they pertain to exchange of data through the contactless interface. This is presented by way of example and not limitation. Other architectures may be adopted in embodiments of the present invention. The card 10 has a contactless interface comprising an antenna 26, which is depicted in this example as an inductive element, and associated interface electronics 28. The card 10 is in this example of the passive type which runs on power harvested through the antenna 26 from the interrogating electromagnetic field 22 generated by the reader 20. The invention may however be implemented in active cards having an on-board power supply. The interface electronics 28 comprise a voltage regulator through which power received from the interrogating electromagnetic field 22 is supplied to the card's other circuitry, and an RF modulator/demodulator function. The technical implementation of these functions is known in the art and familiar to the skilled person.
Figure 4 is wholly schematic and does not purport to represent the physical layout of the relevant components. In a practical implementation the antenna 26 is typically formed as a conductive loop extending repeatedly around the card close to its perimeter.
In the present example the card 10 further comprises a processing unit 30 and associated memory 32, which may, without limitation, comprise read only memory, non-volatile random access memory and/or EEPROM (electrically erasable programmable read only memory). The memory 32 stores, among other items, a data set which the card 10 is able to transmit to the reader 20 through the contactless interface 26, 28. In the case of a payment card, this data set includes in particular the identity and security information needed for authorisation of a financial transaction. In this case its transmission to malfeasors would pose a security risk to the user. The data set typically includes data which is written to the card before its delivery to the end user.
Figure 5 depicts a contactless card 50 which embodies the present invention, which has in the present embodiment the features of appearance, architecture and function described above with reference to Figures 1 to 4, and which additionally comprises a plurality of user-actuable switches 52. The switches may be of a mechanical type, having two contacts which are brought into contact by applied pressure, or may be a capacitive type, being sensitive to the local change of dielectric permittivity provided by the presence of e.g. a fingertip 54, or may be piezoelectric devices, e.g. piezoelectric films or buttons, or may be pressure sensitive switches, or may take any other suitable form. The switches 52 are provided on a face of the contactless card 50, specifically the front face, in the present embodiment. In other embodiments the switches may however be on the rear face, or may use pads, electrodes or other means on both faces of the card, e.g. so that actuation involves touching two sides of the card using finger and thumb. Switches suitable for the purpose and capable of integration in the structure of a contactless card are known to the skilled person.
The switches 52 are able to be used in a challenge and response type interaction at a point of sale in which, having presented the contactless card 50 to the reader 20 to establish communication between them, the user is prompted by the reader 20 to provide an input using the switches 52 carried on the card. The user actuates the switches 52 to provide the response. Some action (typically a financial transaction, although the invention is applicable to other types of transaction including control of a door or other access barrier) is then either authorised or not authorised based on the user's response. In this way the present invention can provide additional security against fraudulent transactions, especially at a point of sale. The challenge and response process requires human input and decision making in the authorisation process.
The number of switches may vary without departing from the scope of the present invention. Figure 5 shows a contactless card 50 having three switches arranged along a short edge of the card, to be easily actuated by fingertip 54. Figure 6 shows an alternative card 50 having four switches 52 arranged along a long edge.
In the discussion below the action being authorised will in each example be a payment being made at a point of sale, but it should be understood that the present invention is applicable to authorisation of other actions, for example unlocking a door or other access control barrier.
The interaction between the user and the system may take a variety of different forms.
In one form of challenge and response interaction, the reader 20 provides the user with a prompt which requires a specific response in order to obtain authorisation of the transaction. In Figure 6 the user interface 21 takes the form of a screen of the card reader 20 and displays a simple prompt identifying one of the switches 52. In this example the switches are numbered and the prompt presents the user with the number of the switch to be actuated, in order to enable the transaction to proceed. In Figure 7 the card shows a symbol 56 in connection with each switch 52 and the prompt takes the form of the symbol (designated 58 where it is displayed in the user interface 21) associated with the switch which is to be actuated, which in this case is a triangle. In other embodiments the prompt could take the form of a colour, with that colour being displayed through the reader's user interface 21 and the switches 52 being associated with respective colours.
The input to be provided by the user may be related to the nature of the transaction. In particular it may correspond to the value of the transaction. In Figure 8 each of the switches 52 is associated with a value range displayed on or adjacent the relevant switch. The user interface 21 of the point of sale device displays the actual value of the transaction in hand, and the user is required to select the value range in which that falls by actuating the appropriate switch. In other interactions the user may set a value limit on card transactions using the same switches 52.
The prompt provided to the user need not convey to him/her the input required. Instead, the user may be provided with, or given the ability to select, a personal identifier input intended to be confidential to the user. Authorisation of a transaction requires the user to provide this input. This could be as simple as a number or selection of a single button. Figure 9 provides an example, where the user is prompted simply to press the button corresponding to the personal identifier input. A sequence of switch actuations could be required (e.g. each in response to an individual prompt) to give more permutations. To avoid repeated use of a single button 52 which might leave visible traces on the card 50, the user interface 21 may display a prompt which represents a scrambled ordering of the buttons, so that the user must identify the button to be pressed based both on this display and on knowledge of his/her personal identifier input. For example, looking again at Figure 7, the user's personal identifier input may be the triangle. The user interface 21 can display the symbols in randomised order, so that the user must select the switch 52 corresponding to the triangle in the display.
The user interface 21 may take a variety of forms. Typically it will comprise a display screen. But an alternative is to use a relatively small number of discrete light sources. Specifically, some point of sale devices currently in use have a set of indicator lights in the form of four LEDs. These can be used to provide the required prompt to the user to actuate a specific switch 52, each LED corresponding to a specific switch. For the visually impaired, audible prompts may be given. For the deaf blind, tactile prompts may be provided. Certain types of interface or prompt may be disabled for certain users, e.g. to avoid giving a colour based prompt to a user with colour blindness, or giving certain linguistic prompts to dyslexic users.
Any of the types of response discussed above may be used singly or in sequence or combination, providing more response permutations and so greater security. Multiple challenge and response cycles may be used to authorise a single transaction.
A predetermined number of wrong attempts may be permitted before some security action is taken, such as blocking transactions through the contactless card 50, or adjusting a transaction value limit.
The effect of a valid challenge and response exchange may be to open a time limited window for authorisation of transactions. It may be to open a time limited window for transactions to be carried out subject to an increased limit on transaction value. Thus for example a timer may be activated on completion a valid response, which will enable the transaction - or the raised transaction value limit - until the predetermined time has elapsed, after which transactions are disabled, or the transaction value limit returns to a default value.
The switches 52 may be used by a user during an interaction with the reader 20 to provide an emergency signal and/or to indicate that the user is under duress. One form of crime associated with payment cards involves placing the user under some form of duress (e.g. by threatening the user with a weapon) and so forcing them to carry out a transaction, which might for example be purchase of an item for the malfeasor. A certain choice of switch or response may be known to the user to trigger an emergency signal. A specific switch 52 may serve as the duress signal. Alternatively all wrong inputs may serve as the duress signal. In some examples repetition of the duress signal may be required, to guard against false alarms.
Authorisation may be implemented by the card or by the reader or by another system. In one embodiment, the
The payment system may be configured to respond suitably. This response may entail allowing the transaction to go forward but alerting law enforcement agencies. It may involve photographing the scene, e.g. using a camera carried by the point of sale device or using closed circuit television if that is available.
For the sake of security, the data exchanged between the reader 20 and the card 50 may exclude information identifying the actual response to be provided by the user. This may be achieved using known hashing techniques. The reader 50 necessarily stores the required response, which might for example be a combination of switches. Suppose - in the case of the card depicted in Figure 6 having four switches - that the required response is to actuate the first and third switches. That response may be represented numerically, e.g. by the binary number 1010. That number need not be transmitted between the reader 50 and the card 20. The reader displays the required prompt. The user provides input through the switches. The user's input is likewise represented numerically, e.g. (assuming that the user makes the correct input) by the binary number 1010. That number is hashed by the card, and the hash value is transmitted to the reader. The reader hashes the value it stores representing the required response and authorises the transaction if the two match. In that case the reader can authorise the transaction. But alternatively the card may compare the two hashed values and inhibit action unless they match.
Security can be further improved using known salting techniques in which a salt value, which may be chosen at random or drawn from some aspect of the transaction itself, is additionally used in generating the hash value. The salt may be sent from card to reader or vice versa, or it may be drawn from data known to both (e.g. data relating to the transaction in hand). The process need not be based on a hashing function as such but may utilise any suitable mathematical function, encryption scheme or other algorithm for converting the data to a secure form.
Reading of data, or of selected data, from the card may be permitted only after a successful challenge and response. For example, the card may be programmed to inhibit transmission of certain data unless a challenge and response sequence has been conducted. Or data on the card may be encrypted, e.g. in such a manner that its decryption is possible only after the user's response has been input.
The data transmitted from the card may be in encrypted form, to prevent it from being used by an unauthorised party. In one such example, the data despatched from the card is salted and hashed, the salt being formed by the user's response as supplied through the switches carried by the card. In this case, provided that the user's response correctly matches the prompt provided by the reader, the salt is known to both the reader (which provides the prompt) and the card (through the user's response) but is not available to some third party attempting to read the card. Hence the embodiment provides an additional level of security. This approach may be implemented using encryption techniques other than salting and hashing. Any suitable encryption key may be used, which is (a) known to the reader and forms the basis of the prompt and (b) is input to the card by the user in the response, and is then used to encrypt data read from the card.
The above described embodiments serve as examples only of the manner in which the present invention can be implemented. Numerous possible variants and alternatives will be apparent to the 5 skilled reader.

Claims (20)

1. A method of authorising an action, the method comprising:
providing a user with a contactless card having a plurality of user-actuable switches;
providing a reader for contactlessly reading the card, the reader having a user interface;
presenting the card to the reader to establish data exchange between them;
providing a prompt through the user interface for the user to provide a response using the card's user-actuable switches;
receiving the user's response, which is made using the card's user-actuable switches, or receiving data derived from the user's response; and authorising or not authorising the action based on the user's response.
2. A method as claimed in claim 1 in which the action is a financial transaction.
3. A method as claimed in claim 1 in which the action is a purchase at a point of sale.
4. A method as claimed in any preceding claim 1 in which the contactless card has from two to ten user-actuable switches..
5. A method as claimed in any preceding claim in which the card has from three to six user-actuable switches.
6. A method as claimed in any preceding claim in which the prompt provided through the user interface contains information representing the response to be made by the user to enable the action to be authorised.
7. A method as claimed in claim 6 in which the prompt provided through the user interface includes a letter, number or other symbol or character, or an audible or tactile stimulus, representing at least one switch to be actuated by the user to enable the action to be authorised.
8. A method as claimed in any preceding claim in which the user interface comprises a set of selectively illuminable LEDs on a point of sale device.
9. A method as claimed in claim 8 in which the LEDs are used to provide a prompt representing the response required from the user to authorise the action.
10. A method as claimed in any preceding claim in which the user interface comprises a display screen.
11. A method as claimed in any preceding claim in which the user is required to provide two or more temporally separated responses to authorise the action.
12. A method as claimed in any preceding claim comprising, after providing the prompt and receiving the user response, providing another prompt and receiving another user response, before the action is authorised.
13. A method as claimed in any preceding claim in which authorisation of the action is time limited.
14. A method as claimed in any preceding claim in which the action being authorised is a time limited increase in the value of a transaction to be made using the contactless card.
15. A contactless card for use in a method as claimed in any preceding claim, comprising a plurality of user-actuable switches.
16. A point of sale device for use in a method according to any of claims 1 to 14, configured to provide the prompt to a user and to receive the user response.
17. A method as claimed in any preceding claim in which data carried by the card is able to be read only following a successful challenge and response.
18. A method as claimed in any preceding claim in which the received data comprises data derived from the user's response through a hashing function or another conversion process.
19. A method as claimed in any preceding claim in which data supplied by the card is encrypted.
20. A method as claimed in claim 19 in which:
the prompt represents an encryption key, the user's response serves to input the encryption key to the card;
data transmitted by the card is encrypted using the encryption key obtained at the card from the user's response; and data is decrypted following receipt by the reader using the encryption key.
GB1802957.9A 2018-02-23 2018-02-23 Security of contactless cards Expired - Fee Related GB2571310B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
GB1802957.9A GB2571310B (en) 2018-02-23 2018-02-23 Security of contactless cards
PCT/GB2019/050476 WO2019162674A1 (en) 2018-02-23 2019-02-21 Security measures in relation to data tags and contactless cards
EP19710470.6A EP3756136A1 (en) 2018-02-23 2019-02-21 Security measures in relation to data tags and contactless cards
US16/971,588 US20200387765A1 (en) 2018-02-23 2019-02-21 Security Measures in Relation to Data Tags and Contactless Cards

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1802957.9A GB2571310B (en) 2018-02-23 2018-02-23 Security of contactless cards

Publications (3)

Publication Number Publication Date
GB201802957D0 GB201802957D0 (en) 2018-04-11
GB2571310A true GB2571310A (en) 2019-08-28
GB2571310B GB2571310B (en) 2020-09-16

Family

ID=61903162

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1802957.9A Expired - Fee Related GB2571310B (en) 2018-02-23 2018-02-23 Security of contactless cards

Country Status (1)

Country Link
GB (1) GB2571310B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1004980A2 (en) * 1998-11-23 2000-05-31 Cardis Research & Development Ltd. Smart card PIN system, card, and reader
US20060097059A1 (en) * 2004-11-08 2006-05-11 Seiko Epson Corporation IC card
US20130048712A1 (en) * 2011-08-24 2013-02-28 Philippe Guillaud Nagraid information card
US20130113606A1 (en) * 2011-11-08 2013-05-09 International Business Machines Corporation Passive Wireless Article with Passcode Touch Sensor Array

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1004980A2 (en) * 1998-11-23 2000-05-31 Cardis Research & Development Ltd. Smart card PIN system, card, and reader
US20060097059A1 (en) * 2004-11-08 2006-05-11 Seiko Epson Corporation IC card
US20130048712A1 (en) * 2011-08-24 2013-02-28 Philippe Guillaud Nagraid information card
US20130113606A1 (en) * 2011-11-08 2013-05-09 International Business Machines Corporation Passive Wireless Article with Passcode Touch Sensor Array

Also Published As

Publication number Publication date
GB2571310B (en) 2020-09-16
GB201802957D0 (en) 2018-04-11

Similar Documents

Publication Publication Date Title
US9047713B2 (en) Multiface document
US7997503B2 (en) Visual code transaction verification
EP2171636B1 (en) Appliance for financial transaction tokens
US7946502B2 (en) Financial transaction token
US20170289127A1 (en) Smart data cards that enable the performance of various functions upon activation/authentication by a user's fingerprint, oncard pin number entry, and/or by facial recognition of the user, or by facial recognition of a user alone, including an automated changing security number that is displayed on a screen on a card's surface following an authenticated biometric match
US20200387765A1 (en) Security Measures in Relation to Data Tags and Contactless Cards
WO2016160816A1 (en) Smart data cards that enable the performance of various functions upon activation/authentication by a user's fingerprint, oncard pin number entry, and/or by facial recognition of the user, or by facial recognition of a user alone, including an automated changing security number that is displayed on a screen on a card's surface following an authenticated biometric match
WO2009097604A1 (en) System and method for self-authenticating token
WO2008060922A2 (en) Biometrics-secured transaction card
US11797816B2 (en) Multi-purpose smart card with user trusted bond
US20190043045A1 (en) Limited operational life password for digital transactions
GB2564655A (en) Biometric bank card
TW201800995A (en) Apparatus and method for communicating with a digital transaction processing unit (DTPU)
US20090278660A1 (en) Credit card protection system
US20200302428A1 (en) Secure Biometric Card and Method for Securing Information
GB2571310A (en) Security of contactless cards
KR101713956B1 (en) Financial card
AU2013204335B2 (en) Multiface document
GB2571308A (en) Security of contactless cards
Jacobs et al. Biometrics and Smart Cards in Identity Management
Khan et al. Double security of RFID credit cards
GB2571303A (en) Security of contactless cards and other tags
GB2571301A (en) Security of data tags
Mackinnon et al. Smart cards: A case study
Benjamin et al. National identification issues and the solution using smart card technology

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20220223