WO2009149715A1 - Secure link module and transaction system - Google Patents

Secure link module and transaction system Download PDF

Info

Publication number
WO2009149715A1
WO2009149715A1 PCT/DK2009/050125 DK2009050125W WO2009149715A1 WO 2009149715 A1 WO2009149715 A1 WO 2009149715A1 DK 2009050125 W DK2009050125 W DK 2009050125W WO 2009149715 A1 WO2009149715 A1 WO 2009149715A1
Authority
WO
WIPO (PCT)
Prior art keywords
pin
link module
token
transaction
transaction system
Prior art date
Application number
PCT/DK2009/050125
Other languages
French (fr)
Inventor
Per Christoffersen
Original Assignee
Sagem Denmark A/S
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sagem Denmark A/S filed Critical Sagem Denmark A/S
Publication of WO2009149715A1 publication Critical patent/WO2009149715A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/0826Embedded security module
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0833Card having specific functional components
    • G07F7/084Additional components relating to data transfer and storing, e.g. error detection, self-diagnosis
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption

Definitions

  • EMV chip-cards There is an increasing demand for solutions that handles chip-cards as means of payment.
  • One feature of EMV chip-cards is the support for offline PIN verification. Before introduction of chip-cards the PIN had to be verified online through contact with the relevant host.
  • Use of chip cards in payment transactions are defined in a set of documents called the EMV specifications. These specifications are issued by EMVCo and can, at the time of this writing, be downloaded from http://www.emvco.com.
  • PCI Payment Card Industry
  • the requirements for securing the PIN can either be achieved by combining the PIN pad and the chip-card reader in one tamper protected device or by having two tamper protected devices between which the PIN shall pass in encrypted form.
  • Fig. 7 illustrates schematically a one-piece solution 701 and a two-piece solution 721 for reading a payment card 750 and verifying a PIN code.
  • the one-piece solution 701 comprises a PIN pad 705 for entering a PIN code and a card reader 709 for reading a card 750.
  • Fig. 7 also illustrates a payment controller 707 connecting the two.
  • the PIN pad and the card reader are enclosed is the same tamper protection 703, meaning that the communication between the two can be considered, at least at the face of it, to be secure simply by prevention of physical access.
  • Fig. 7 also illustrates a two-piece solution 721.
  • the PIN pad 725 and the card reader 729 are each enclosed in its own tamper protection 726 and 730, respectively.
  • a payment controller 727 connects the two.
  • the one-piece solution and the two-piece solution each has its own advantages and disadvantages.
  • the present invention provides equipment for providing a high degree of security for instance in payment systems, but is also applicable in other types of systems.
  • the invention introduces a "link module", the role of which will be described in detail below.
  • the main purpose of the "link module” is to separate logical security (inside the “link module”), and physical security (tamper detection and removal detection). This is described in more detail below.
  • logical security inside the “link module”
  • physical security stamper detection and removal detection
  • the invention provides a transaction system for use in performing a transaction, for instance as part of a payment transaction.
  • the transaction system comprises • a transaction unit having a link module interface for connecting a link module to a transaction unit controller to establish a data connection between the transaction unit controller and the link module, • a first memory operably connected to the transaction unit controller,
  • the transaction system being connectable to a tamper protection enclosure having a tamper circuit which, when connected to the transaction system, is capable of detecting a tampering of the tamper protection enclosure and to provide a tamper indication in response, a tamper indication being indicative of a compromising of the tamper protection enclosure;
  • the transaction unit when connected with a link module, being capable of receiving a first token ("TAMPER_TOKEN”) from the link module and storing the first token in the first memory;
  • the transaction system being configured to obfuscate the first token in the first memory in case the tamper circuit provides a tamper indication.
  • the link module concept introduced as described in relation to the transaction system above can help ensure that the transaction system cannot be tampered with without the first token becoming obfuscated.
  • a tampering of the tamper protection enclosure will cause the tamper circuit to signal to the transaction unit that a tampering has taken place, which in turn causes the transaction system to obfuscate the first token in the first memory.
  • "Obfuscate" in this context means a process that, when completed, prevents the original token to be read from the memory, such as by overwriting, deletion or erasing of the memory segment holding the first token. A compromising of the tamper protection enclosure is typically associated with unauthorized access.
  • the transaction unit controller is typically an appropriately designed ASIC.
  • a security authentication module card is a practical embodiment for the link module, in which case the link module interface shall comprise a SAM card compatible socket.
  • the transaction system comprises the tamper protection enclosure and tamper circuit.
  • CMOS static RAM which is a type of RAM that uses very little current.
  • Flash RAM is another example of an applicable RAM type.
  • a commonly used type of tamper protection enclosure consists of a material comprising a long, unbroken electrical conductor through which a current runs. If case the material is tampered, the conductor is broken and the current in the conductor stops. This type of tamper protection enclosure is commonly used to protect electronics for instance in a PIN pad. In case a CMOS RAM is used as the first memory, this RAM can be receiving current from the tamper protection enclosure.
  • a tamper indication in the form of the current stopping running will cause the CMOS RAM to lose the token, as the CMOS RAM holds information only when it receives a current.
  • the tampering circuit is connected to the transaction unit controller, and if there is a tampering, the controller will note the loss of current from the tamper protection enclosure, and will erase the first token actively by overwriting the first token with random data.
  • the transaction system can have a first data interface ("transaction interface") for establishing an operational transaction connection to external hardware.
  • the transaction unit is typically a card reader
  • the external hardware is a PIN pad.
  • the external hardware is a payment controller, such as a computer or a dedicated hardware executing a payment application, through which payment controller the PIN pad and the card reader are connected.
  • the card reader and the PIN pad can communicate commands and/or provide command responses and/or essential data, such as an encrypted PIN, over the transaction connection.
  • the transaction system described above can be used in many contexts. In principle, any system that includes a transaction system of a kind and relies on a link module as described above can be made intentionally inoperable if tampering takes place, by applying the principles described above.
  • a card reader for reading a credit card having an authorization PIN stored on a chip on the card is an example of a transaction unit for which the present invention can provide increased security.
  • the invention thus relates to a two-piece payment solution consisting of an encrypting PIN pad and a secure card reader (connected either directly, or through a payment controller). A PIN entered on the PIN pad will be encrypted in the PIN pad and then transferred to the secure card reader.
  • the PIN pad is capable of receiving a clear-text PIN (via its interface, such as a keyboard), and encrypting the received PIN using an encryption algorithm.
  • the transaction system comprises a transaction interface for establishing an operable connection to the PIN pad, as described above.
  • the card reader can then receive the encrypted PIN (which is a first PIN-related datum) and send it to the link module along with the tamper token and optionally the removal token, if applicable.
  • the card reader receives a decrypted PIN (a second PIN-related datum) from the link module if the tokens correspond to the tokens stored by the link module.
  • the card reader can then send the decrypted PIN to the chip card, and the chip card can determine whether the decrypted PIN corresponds to a PIN on the chip card. In the affirmative, the chip card will respond by returning an indication that the transaction is to be considered valid.
  • a second aspect of the invention provides a process for determining offline whether a PIN entered on a PIN pad corresponds to a PIN stored in a chip card readable by a card reader.
  • the process comprises:
  • the card reader sending a first data representing an encrypted PIN to the link module, together with a first token stored in the first memory, • the link module determining whether the received first token corresponds to the tamper token stored by the link module; and in the affirmative: the link module returning to the card reader a decrypted PIN, the decrypted PIN being provided by the link module by applying, to the encrypted PIN, a decryption algorithm corresponding to the encryption algorithm applied by the PIN pad,
  • the card reader is connected to a tamper protection enclosure having a tamper circuit. If the card reader receives a tamper indication, it shall obfuscate the first token in the first memory. Other considerations relating to the first aspect of the invention apply to the second aspect as well.
  • the transaction system can be adapted in such a way that the tamper circuit can be activated with a specific tamper detection activation command ("Token_APDU"). In a payment system, this command could originate from a connected PIN pad (possibly being passed on by a payment controller if the PIN pad and the card reader are connected via a payment controller).
  • the transaction system can, upon receiving the tamper detection activation command, request a first token from the link module (using a "GET_TOKEN” command), receive the first token and then store it in the first memory. That way, the tamper circuit becomes activated ("armed").
  • Transaction systems in accordance with the invention may furthermore comprise a housing having a mount for mounting the housing on a support.
  • the housing is used for holding the transaction unit, making it more difficult to tamper with it.
  • the transaction system has a removal detection mechanism coupled to the mount, and the removal detection mechanism is connected to a removal detection circuit. If the housing is unmounted from the support, the removal detection mechanism is triggered, and the removal circuit gives off a removal indication.
  • Such a feature can be achieved for instance through a switch which stays pressed as long as the device is mounted, but becomes un-pressed at removal.
  • the card reader might for instance be mounted in an Automated Teller Machine (ATM) system.
  • ATM Automated Teller Machine
  • the removal detection circuit can be activated by providing to it a removal detection activation command when the casing is mounted on a support. In response, the removal detection circuit enters an activated state.
  • the transaction system requests a second token (REMOVAL_TOKEN) from the link module.
  • the link module forms a second token which it returns to the transaction system, which in turn stores the second token in a second memory connected to the transaction unit.
  • second memory means a memory section that does not interfere with the storing of the first token. It may thus be a separate memory chip, or it may simply be another part of the memory in which the first token is stored.
  • the transaction system is constructed in such a way that if the housing is unmounted from the support (i.e. the removal detection mechanism is triggered and the removal circuit gives off a removal indication), the transaction system will obfuscate the second token stored in the second memory. If the system is setup in such a way that the transaction unit in order for a transaction to be performed must present the second token (REMOVAL_TOKEN) to the link module, the transaction system's capability of performing a transaction becomes inoperable in case the transaction system is unmounted from the support.
  • REMOVAL_TOKEN the second token
  • both the tamper protection circuit and the removal detection circuit are activated.
  • either a tampering or a removal will render the transaction functionality inoperable.
  • This can for instance allow a more efficient reinstallation in case the transaction system is removed, but not tampered with. If the transaction system is unmounted and then remounted, the transaction functionality can be reestablished by a simpler procedure than if tampering has taken place. In case of removal, the transaction system simply needs reactivation.
  • the unit should go to a trusted facility to be checked. If the unit is valid, it can be enclosed in a new tamper protection enclosure and the tamper protection be activated, thereby establishing a new first token.
  • unmounting of the transaction system is given one degree of severity, while tampering is given another (or the same) degree of severity.
  • the first token will typically be established in a secure (production) facility.
  • the link module is connected to the transaction unit, and the transaction unit is enclosed in the tamper protection material.
  • an activation command is issued to the transaction system, typically via an electrical signal from an external controller to the tamper circuit. This enables the tamper detection. If the transaction system is unmounted, the tamper token will still be stored, and the transaction system merely needs to be remounted and reactivated.
  • Fig. Ia illustrates a transaction system in accordance with the invention. It comprises a transaction unit 101 that has an interface 103 for connecting a SAM card 123. It also comprises a memory module 111, and a transaction unit controller 102 controls the core functionality of the transaction unit and operably connects it to the interface 103, via connection 113, and to the memory module via connection 112.
  • the transaction unit could be a card reader, a functionality of which is to read information, such as a PIN, from a chip inserted into a slot in the card reader.
  • the transaction system is connectable via connection 115a to a tamper protection enclosure 105 having a tamper circuit 107.
  • a tamper circuit When the tamper circuit is connected to the transaction system and armed, it will detect tampering of the tamper protection enclosure and provide, via the connection 115a, a tamper indication in response. This causes the token stored in the memory 111 to be erased.
  • Fig. Ib illustrates a configuration in which the transaction system is connectable to the tamper circuit via a connection 115b to the controller rather than directly to the memory. In this case, the controller is responsible for obfuscating the token. When the controller detects a tamper indication, it will obfuscate the token.
  • Fig. 2 illustrates another transaction system. It comprises a transaction unit 201 having the elements of the transaction unit 101.
  • the transaction unit also comprises a second memory module 211 connected to the transaction unit controller via connection 212.
  • the connection 115 between the tamper circuit 107 and the memory 111 is configured similarly to connection 115a in Fig. Ia, which means that the tamper circuit can modify the memory 111 more or less directly, without requiring communication with controller 102.
  • the tamper protection enclosure 105 is illustrated as being a part of the transaction system, the tamper protection enclosure having its tamper circuit 207 connected to the transaction unit controller.
  • a housing 205 houses these elements.
  • the housing has a mount 206 for securing the housing to a support.
  • the mount has a removal detection system mechanism, which in this example is a switch 208 that will become pressed when the housing is mounted. If the housing is unmounted, the switch will become un-pressed, and the removal detection circuit 207 gives off a removal indication to the transaction unit controller. In response, the transation unit controller will erase a token stored in the memory module 211.
  • memory 111 and 211 can be part of the same module, being simply different addresses of that memory, or they may be two distinct modules.
  • the removal circuit could instead by connected to the controller 102 (this type of connection is not shown in the figure), and the transaction unit controller be responsible for detecting removal and erasing the token in memory 211.
  • Figs. Ia, Ib and 2 illustrate three different embodiments of the invention.
  • Fig. Ia and Ib apply, in two different ways, only the tamper mechanism, whereas the embodiment in Fig. 2 applies both the tamper mechanism and the removal mechanism.
  • Fig. 3 illustrates the elements of a two-piece payment system. It comprises a transaction unit 301 similar to transaction unit 201 in Fig. 2.
  • the transaction unit 301 also has a card slot 303 for receiving a chip card 323 to be used for payment.
  • unit 301 is a card reader.
  • the housing and tamper protection enclosure have been adapted to accommodate a chip card. Communication between the card reader controller 302 and the card slot takes place via connection 305, which connects the card slot and the card reader controller.
  • the transaction system can communicate with an external device via an interface 304 coupled to the controller 302.
  • the (external) device 302 represents a PIN pad capable of receiving a PIN via an interface (a keyboard, for instance) and encrypting the PIN using an encryption algorithm, such as 3DES, AES, and RSA.
  • Fig. 3 illustrates a connection between the transaction system and the PIN pad.
  • the PIN pad and the card reader are often connected via a payment controller, which is a hardware having implemented on it a payment application.
  • This application might be responsible for interacting with a user by displaying text relevant for performing a payment transaction.
  • the payment application may log parts (or all) of the communication between the PIN pad and the transaction system to allow relevant parties to monitor use and/or abuse.
  • the PIN pad and card reader can be connected to the payment controller via L)SB connections, RS232-connections, infrared connections, bluetooth connections etc.
  • the two need not be connected using the same connection type.
  • the PIN pad and the card reader might very well be manufactured by two separate entities, each of which has its own preference in this respect.
  • the payment controller must in turn be built to allow the respective connection 306 between the transaction system and the payment controller, and connection 315 between the PIN pad and the payment controller to be established.
  • Fig. 4 illustrates the process of establishing the tamper token and the removal 5 token.
  • the transaction unit (“TL)" is enclosed 401 in the tamper protection enclosure/material 105 (see Fig. 3), with the link module inserted into the SAM socket 103.
  • the transaction system can now receive an activation command, issued in step 403, that, when received by the transaction unit (step 405) causes the transaction unit to request (also step 405) a token from the link module.
  • the link module When receiving the request from the transaction system, the link module establishes, in step 407, a token, Tl. This is the tamper token. It can for instance simply be a random number, for instance 8 bytes long. Other lengths can of course be used, such as 4 bytes, 10 bytes or 16 bytes. This is merely a design issue.
  • the link module stores the token (step 409) and returns it (step 411) to the
  • the transaction system receives and stores the token (step 413) in its volatile memory (element 111 in Fig. 3). This establishes the armed state 415 of the tamper detection.
  • the PIN pad manufacturer and card reader manufacturer must implement the 20 required commands that allow the PIN pad and card reader to perform the communication.
  • step 421 when the transaction system has been mounted on a support (step 421), the transaction system can receive an activation command (issued in step 422).
  • step 25 423) that, when received (step 425) by the transaction system, causes the transaction unit to request (also in step 425) a token from the link module.
  • the link module When receiving the request from the transaction unit (step 427), the link module establishes (also step 427) a token, T2. This is the removal token. Similarly to the tamper token, the removal token might simply be a random number. Again, a
  • the link module stores the token (step 429) and returns it (step 431) to the transaction system in response to the request.
  • the transaction system receives and stores the token (step 433) in its volatile memory (element 211 in Fig. 3). As illustrated in Fig. 3,
  • this memory segment is different from the memory segment 111 in which the tamper token, Tl, was stored. Otherwise, the transaction system will not become functional, since the transaction unit will be unable to present both the tamper token and the removal token to the link module.
  • the transaction system can be adapted in such a way that it must receive certain data from the card in order to proceed with the token provision. This is a matter of transaction system design.
  • Fig. 5 illustrates simply what happens when the transaction system is either tampered with or removed from a support.
  • a tampering (step 501) causes the tamper circuit to provide a tamper indication (in step 503) and this causes the transaction unit controller to erase, in step 505, token Tl from the memory in which Tl is stored (element 111 in Fig. 3).
  • the erasing can also be performed by the tamper circuit via a connection as indicated by 115a in Fig. 1 and 115 in Fig. 2.
  • the link module remains unaffected. It simply continues, as indicated in step 520, to store the two tokens, Tl and T2 established in steps 407, 427 in Fig. 4 and stored in steps 409, 429 in Fig. 4 during the activation of the tamper mechanism and the removal mechanism.
  • a removal/unmounting causes the removal circuit to provide a removal indication (in step 513), which causes the removal circuit to erase, in step 515, token T2 (via a connection as indicated by 216 in Fig. 2) from the memory in which T2 is stored (element 211 in Fig. 3).
  • the obfuscation of the memory 211 can also be performed by the transaction unit controller.
  • Fig. 6 illustrates a process that takes advantage of the present invention.
  • the process represents an offline payment procedure in a payment system such as that illustrated in Fig. 3.
  • the example illustrates how the tokens can be used to prevent offline payment if the equipment has been tampered with or has been removed and replaced (with a potentially counterfeit unit).
  • the PIN pad 302 (in Fig. 3) encrypts clear-text PINs using an encryption key K E , which may for instance be a private key of a key pair.
  • the transaction unit (card reader) 301 holds token Tl' and T2' in memories 111 and 211, but it is not a given that they are valid.
  • the link module holds the valid tokens Tl and T2.
  • the link module also has a decryption key K D corresponding to the PIN pad's encryption key K E .
  • the PIN pad might use a public key of a public/private key pair to encrypt a received clear-text PIN, and the link module could use the private key to decrypt the received encrypted key.
  • the process in this example is initiated when a card is inserted into the card reader, in step 601. This causes the transaction unit to request a PIN, in step 603.
  • a display on the payment controller might ask the card holder to enter his PIN on the PIN pad.
  • PIN pad receives a PIN, PIN'
  • the PIN pad encrypts the received PIN', thereby obtaining E(PIN').
  • E(PIN') is the result of applying the encryption key to the received PIN, PIN'.
  • the manufacturer the PIN pad and the manufacturer of the card reader have agreed on which key to use.
  • the PIN pad and the link module may contain such keys, but might instead use them to exchange for instance a temporary symmetric key. This could happen for instance each the time the system is restarted.
  • the PIN pad generates a key, encrypts it, and sends it to the card reader, which then stores the key and knows to apply it for future decryption, until further notice.
  • the card reader now appends, in step 609, the tokens Tl and T2 to E(PIN'), and sends all three parts to the link module.
  • the link module receives the three data in step 611, and then it compares, in step 613, the tokens received from the card reader with the tokens it itself stores, Tl and T2, formed, respectively, after the tamper protection enclosure was established around the card reader and link module and after the transaction system was mounted for instance in an ATM. This is illustrated in Fig. 4.
  • the PIN pad will consider the system secure.
  • An erroneous Tl' would have indicated a tampering, and an erroneous T2' would have indicated an unmounting, dismantling, or other type to removal of the card reader away from the position considered to be valid.
  • the link module finds that the tokens are in agreement - the system is in good order - it will decrypt the received encrypted PIN', E(PIN'), in step 615.
  • the decryption provides PIN', which the link module will return to the card reader, in step 617. It can thus be assumed that the PIN' received by the card reader in step 619 has not been intercepted and replaced or modified in some way, for whatever reason.
  • the card reader then sends the decrypted PIN, PIN', to the chip on the chip card, also in step 619.
  • the chip determines, in step 621, whether PIN' received from the link module agrees with the PIN stored in the chip. If the two agree, the payment system can issue an indication of validation, as illustrated by step 625.
  • the payment system can then go on to store information about the validation and details about the transaction as documentation and allow the actual transfer of funds between the card holder and the party represented by the payment system, such as a store or a bank. Such steps are represented by the dashed arrow following step 625 in Fig. 6.
  • the payment system will not provide an indication of validation. This can happen either because the card reader was unable to deliever the correct tokens, Tl and/or T2, to the link module, or because the incorrect PIN was entered.
  • the first reason indicates tampering or removal, and the device is considered unsafe.
  • the second reason indicates that an incorrect PIN was provided at the PIN pad and can represent a lack of familiarity with the card on behalf of the person entering the PIN. That person might either have forgotten the card PIN, or he might not be authorized to use the card in question. In either case, the transaction is denied.
  • the link module will not return the decrypted PIN. It might not even calculate the decrypted PIN. Instead, it aborts the process, as illustrated by step 627. In that case, the link module might attempt to signal to the card reader that a problem arisen. If the card reader has not been tampered with, it will be a valid card reader. The valid card reader might be programmed to recognize such a message and in response communicate a corresponding error code to the payment controller, which can then in turn display on a screen that the transaction could not be performed. The displaying could for instance be audible or visual (or both). In a visual implementation the information could be more or less informative. Text stating that the device needs reinstallation, or similar type of information, could be helpful to the customer and/or to the store owner to help them understand that the problem is due to a defective/untrusted payment system.
  • the card reader can signal this to the payment controller, which can then issue audibly or visually that the entered PIN was incorrect.
  • an exchange of the symmetric key discussed above may include an exchange of one or more nonces to allow both the PIN pad and the card reader to ensure that the exchange has not been interfered with by a replay attack.
  • commands must be implemented to allow functional communication between the card reader and the link module. These commands can be implemented in many ways, for instance using APDL) commands. When using SAM chip cards, this could be an advantageous choice.
  • the invention requires that the card reader implements a number of standard APDU's and a few non-standard commands. For instance, the card reader must implement a command that allows it to request a tamper token - and in some embodiments also a removal token - from the link module, and the link module must provide them in a response, such as in a response APDL), having a data field that accommodates the one or two tokens (depending again on the particular embodiment and implementation).
  • the APDL) command for requesting a token from the link module comprises an information field that informs the link module about whether the requested token is to be used as a tamper token or as a removal token.
  • a response APDL) can have a data field for carrying the token and a parameter field that indicates whether the returned token is a tamper token or a removal token.
  • a command is required for allowing the card reader to transfer the tamper token and the removal token to the link module. In the example of a payment system described above, the command must also transfer the encrypted PIN, and the link module must implement a response command that can comprise the decrypted PIN.

Abstract

The present invention provides a transaction system that uses a “link module” to ensure that a transaction unit enclosed in a tamper protection and mounted on a support becomes inoperable if either unmounted or tampered with. The invention also provides a card reader that employs the link module. The invention also provides a method for performing offline PIN verification. Finally, the invention provides a link module.

Description

Secure link module and transaction system
Background of the invention
There is an increasing demand for solutions that handles chip-cards as means of payment. One feature of EMV chip-cards is the support for offline PIN verification. Before introduction of chip-cards the PIN had to be verified online through contact with the relevant host. Use of chip cards in payment transactions are defined in a set of documents called the EMV specifications. These specifications are issued by EMVCo and can, at the time of this writing, be downloaded from http://www.emvco.com.
The offline verification on most chip-cards in operation today requires that the PIN is presented on the card contacts in clear-text. It is a potential security risk if fraudsters can "tap in" and record this communication.
To counter this form of attack, the Payment Card Industry (PCI) has defined security requirements for the PIN pad (PED, pin entry device) and chip-card reader.
The requirements for securing the PIN can either be achieved by combining the PIN pad and the chip-card reader in one tamper protected device or by having two tamper protected devices between which the PIN shall pass in encrypted form.
Device components used in such a solution must be PCI PED approved as a whole. Both devices must provide secure processing capability within a tamper responsive enclosure. Their cryptographic capabilities and logical schemes must work together in a secure manner.
Fig. 7 illustrates schematically a one-piece solution 701 and a two-piece solution 721 for reading a payment card 750 and verifying a PIN code. The one-piece solution 701 comprises a PIN pad 705 for entering a PIN code and a card reader 709 for reading a card 750. Fig. 7 also illustrates a payment controller 707 connecting the two. The PIN pad and the card reader are enclosed is the same tamper protection 703, meaning that the communication between the two can be considered, at least at the face of it, to be secure simply by prevention of physical access.
Fig. 7 also illustrates a two-piece solution 721. The PIN pad 725 and the card reader 729 are each enclosed in its own tamper protection 726 and 730, respectively. A payment controller 727 connects the two.
The one-piece solution and the two-piece solution each has its own advantages and disadvantages.
Summary of the invention
The present invention provides equipment for providing a high degree of security for instance in payment systems, but is also applicable in other types of systems. The invention introduces a "link module", the role of which will be described in detail below.
The main purpose of the "link module" is to separate logical security (inside the "link module"), and physical security (tamper detection and removal detection). This is described in more detail below. One consequence of this separation is that the manufacturer of the "link module" and the manufacturer of the physical security can be two different entities.
In a first aspect, the invention provides a transaction system for use in performing a transaction, for instance as part of a payment transaction. The transaction system comprises • a transaction unit having a link module interface for connecting a link module to a transaction unit controller to establish a data connection between the transaction unit controller and the link module, • a first memory operably connected to the transaction unit controller,
the transaction system being connectable to a tamper protection enclosure having a tamper circuit which, when connected to the transaction system, is capable of detecting a tampering of the tamper protection enclosure and to provide a tamper indication in response, a tamper indication being indicative of a compromising of the tamper protection enclosure; the transaction unit, when connected with a link module, being capable of receiving a first token ("TAMPER_TOKEN") from the link module and storing the first token in the first memory;
the transaction system being configured to obfuscate the first token in the first memory in case the tamper circuit provides a tamper indication.
The link module concept introduced as described in relation to the transaction system above can help ensure that the transaction system cannot be tampered with without the first token becoming obfuscated. When the transaction unit is placed inside a tamper protection enclosure and is connected to it and the tamper circuit is operational, a tampering of the tamper protection enclosure will cause the tamper circuit to signal to the transaction unit that a tampering has taken place, which in turn causes the transaction system to obfuscate the first token in the first memory. "Obfuscate" in this context means a process that, when completed, prevents the original token to be read from the memory, such as by overwriting, deletion or erasing of the memory segment holding the first token. A compromising of the tamper protection enclosure is typically associated with unauthorized access.
The transaction unit controller is typically an appropriately designed ASIC.
By programming the link module to respond in a "constructive" manner to APDL) commands from the transaction unit only if the transaction unit can present the first token when sending the commands to the link module, the link module becomes a way of preventing the transaction unit from obtaining certain information if tampering has taken place. A security authentication module card (SAM card) is a practical embodiment for the link module, in which case the link module interface shall comprise a SAM card compatible socket.
The example above illustrates an embodiment of the first aspect in which the transaction system comprises the tamper protection enclosure and tamper circuit.
One applicable type of memory to use as a first memory is a CMOS static RAM, which is a type of RAM that uses very little current. A Flash RAM is another example of an applicable RAM type. A commonly used type of tamper protection enclosure consists of a material comprising a long, unbroken electrical conductor through which a current runs. If case the material is tampered, the conductor is broken and the current in the conductor stops. This type of tamper protection enclosure is commonly used to protect electronics for instance in a PIN pad. In case a CMOS RAM is used as the first memory, this RAM can be receiving current from the tamper protection enclosure. If the tamper protection enclosure is compromised, a tamper indication in the form of the current stopping running will cause the CMOS RAM to lose the token, as the CMOS RAM holds information only when it receives a current. Alternatively, the tampering circuit is connected to the transaction unit controller, and if there is a tampering, the controller will note the loss of current from the tamper protection enclosure, and will erase the first token actively by overwriting the first token with random data.
The transaction system according to the first aspect can have a first data interface ("transaction interface") for establishing an operational transaction connection to external hardware. In a payment solution, the transaction unit is typically a card reader, and the external hardware is a PIN pad. Alternatively, quite commonly, the external hardware is a payment controller, such as a computer or a dedicated hardware executing a payment application, through which payment controller the PIN pad and the card reader are connected. The card reader and the PIN pad can communicate commands and/or provide command responses and/or essential data, such as an encrypted PIN, over the transaction connection.
The transaction system described above can be used in many contexts. In principle, any system that includes a transaction system of a kind and relies on a link module as described above can be made intentionally inoperable if tampering takes place, by applying the principles described above. A card reader for reading a credit card having an authorization PIN stored on a chip on the card is an example of a transaction unit for which the present invention can provide increased security. In this respect, the invention thus relates to a two-piece payment solution consisting of an encrypting PIN pad and a secure card reader (connected either directly, or through a payment controller). A PIN entered on the PIN pad will be encrypted in the PIN pad and then transferred to the secure card reader. The PIN pad is capable of receiving a clear-text PIN (via its interface, such as a keyboard), and encrypting the received PIN using an encryption algorithm. For this application, the transaction system comprises a transaction interface for establishing an operable connection to the PIN pad, as described above. The card reader can then receive the encrypted PIN (which is a first PIN-related datum) and send it to the link module along with the tamper token and optionally the removal token, if applicable. In return, the card reader receives a decrypted PIN (a second PIN-related datum) from the link module if the tokens correspond to the tokens stored by the link module. The card reader can then send the decrypted PIN to the chip card, and the chip card can determine whether the decrypted PIN corresponds to a PIN on the chip card. In the affirmative, the chip card will respond by returning an indication that the transaction is to be considered valid.
A second aspect of the invention provides a process for determining offline whether a PIN entered on a PIN pad corresponds to a PIN stored in a chip card readable by a card reader. The process comprises:
• the card reader sending a first data representing an encrypted PIN to the link module, together with a first token stored in the first memory, • the link module determining whether the received first token corresponds to the tamper token stored by the link module; and in the affirmative: the link module returning to the card reader a decrypted PIN, the decrypted PIN being provided by the link module by applying, to the encrypted PIN, a decryption algorithm corresponding to the encryption algorithm applied by the PIN pad,
• the card reader sending the decrypted PIN to the chip card,
• the chip card determining whether the decrypted PIN corresponds to a PIN stored in the chip card.
This process makes use of the principles described in relation to the first aspect of the invention. Accordingly, the card reader is connected to a tamper protection enclosure having a tamper circuit. If the card reader receives a tamper indication, it shall obfuscate the first token in the first memory. Other considerations relating to the first aspect of the invention apply to the second aspect as well. The transaction system can be adapted in such a way that the tamper circuit can be activated with a specific tamper detection activation command ("Token_APDU"). In a payment system, this command could originate from a connected PIN pad (possibly being passed on by a payment controller if the PIN pad and the card reader are connected via a payment controller). The transaction system can, upon receiving the tamper detection activation command, request a first token from the link module (using a "GET_TOKEN" command), receive the first token and then store it in the first memory. That way, the tamper circuit becomes activated ("armed").
Transaction systems in accordance with the invention may furthermore comprise a housing having a mount for mounting the housing on a support. The housing is used for holding the transaction unit, making it more difficult to tamper with it. Advantageously, the transaction system has a removal detection mechanism coupled to the mount, and the removal detection mechanism is connected to a removal detection circuit. If the housing is unmounted from the support, the removal detection mechanism is triggered, and the removal circuit gives off a removal indication. Such a feature can be achieved for instance through a switch which stays pressed as long as the device is mounted, but becomes un-pressed at removal. The card reader might for instance be mounted in an Automated Teller Machine (ATM) system.
The removal detection circuit can be activated by providing to it a removal detection activation command when the casing is mounted on a support. In response, the removal detection circuit enters an activated state. When receiving the removal detection activation command, the transaction system requests a second token (REMOVAL_TOKEN) from the link module. The link module forms a second token which it returns to the transaction system, which in turn stores the second token in a second memory connected to the transaction unit. In this context, "second memory" means a memory section that does not interfere with the storing of the first token. It may thus be a separate memory chip, or it may simply be another part of the memory in which the first token is stored.
To exploit the second token, the transaction system according to the present embodiment is constructed in such a way that if the housing is unmounted from the support (i.e. the removal detection mechanism is triggered and the removal circuit gives off a removal indication), the transaction system will obfuscate the second token stored in the second memory. If the system is setup in such a way that the transaction unit in order for a transaction to be performed must present the second token (REMOVAL_TOKEN) to the link module, the transaction system's capability of performing a transaction becomes inoperable in case the transaction system is unmounted from the support.
Advantageously, both the tamper protection circuit and the removal detection circuit are activated. In this way, either a tampering or a removal will render the transaction functionality inoperable. This can for instance allow a more efficient reinstallation in case the transaction system is removed, but not tampered with. If the transaction system is unmounted and then remounted, the transaction functionality can be reestablished by a simpler procedure than if tampering has taken place. In case of removal, the transaction system simply needs reactivation. In case of tampering, the unit should go to a trusted facility to be checked. If the unit is valid, it can be enclosed in a new tamper protection enclosure and the tamper protection be activated, thereby establishing a new first token. In a sense, unmounting of the transaction system is given one degree of severity, while tampering is given another (or the same) degree of severity. In a real-world scenario, the first token will typically be established in a secure (production) facility. The link module is connected to the transaction unit, and the transaction unit is enclosed in the tamper protection material. Then, an activation command is issued to the transaction system, typically via an electrical signal from an external controller to the tamper circuit. This enables the tamper detection. If the transaction system is unmounted, the tamper token will still be stored, and the transaction system merely needs to be remounted and reactivated.
Detailed description of selected embodiments
Fig. Ia illustrates a transaction system in accordance with the invention. It comprises a transaction unit 101 that has an interface 103 for connecting a SAM card 123. It also comprises a memory module 111, and a transaction unit controller 102 controls the core functionality of the transaction unit and operably connects it to the interface 103, via connection 113, and to the memory module via connection 112. In a payment system, the transaction unit could be a card reader, a functionality of which is to read information, such as a PIN, from a chip inserted into a slot in the card reader.
The transaction system is connectable via connection 115a to a tamper protection enclosure 105 having a tamper circuit 107. When the tamper circuit is connected to the transaction system and armed, it will detect tampering of the tamper protection enclosure and provide, via the connection 115a, a tamper indication in response. This causes the token stored in the memory 111 to be erased. Fig. Ib illustrates a configuration in which the transaction system is connectable to the tamper circuit via a connection 115b to the controller rather than directly to the memory. In this case, the controller is responsible for obfuscating the token. When the controller detects a tamper indication, it will obfuscate the token.
Fig. 2 illustrates another transaction system. It comprises a transaction unit 201 having the elements of the transaction unit 101. The transaction unit also comprises a second memory module 211 connected to the transaction unit controller via connection 212. The connection 115 between the tamper circuit 107 and the memory 111 is configured similarly to connection 115a in Fig. Ia, which means that the tamper circuit can modify the memory 111 more or less directly, without requiring communication with controller 102. The tamper protection enclosure 105 is illustrated as being a part of the transaction system, the tamper protection enclosure having its tamper circuit 207 connected to the transaction unit controller. A housing 205 houses these elements. The housing has a mount 206 for securing the housing to a support. The mount has a removal detection system mechanism, which in this example is a switch 208 that will become pressed when the housing is mounted. If the housing is unmounted, the switch will become un-pressed, and the removal detection circuit 207 gives off a removal indication to the transaction unit controller. In response, the transation unit controller will erase a token stored in the memory module 211. (As previously mentioned, memory 111 and 211 can be part of the same module, being simply different addresses of that memory, or they may be two distinct modules.) Also, as described in relation to memory 111 and the first token, the removal circuit could instead by connected to the controller 102 (this type of connection is not shown in the figure), and the transaction unit controller be responsible for detecting removal and erasing the token in memory 211.
Figs. Ia, Ib and 2 illustrate three different embodiments of the invention. Fig. Ia and Ib apply, in two different ways, only the tamper mechanism, whereas the embodiment in Fig. 2 applies both the tamper mechanism and the removal mechanism.
To illustrate the invention further, the following describes its use in a payment system. Fig. 3 illustrates the elements of a two-piece payment system. It comprises a transaction unit 301 similar to transaction unit 201 in Fig. 2. The transaction unit 301 also has a card slot 303 for receiving a chip card 323 to be used for payment. In other words, unit 301 is a card reader. In the present example, the housing and tamper protection enclosure have been adapted to accommodate a chip card. Communication between the card reader controller 302 and the card slot takes place via connection 305, which connects the card slot and the card reader controller. The transaction system can communicate with an external device via an interface 304 coupled to the controller 302. In the present example, the (external) device 302 represents a PIN pad capable of receiving a PIN via an interface (a keyboard, for instance) and encrypting the PIN using an encryption algorithm, such as 3DES, AES, and RSA. Fig. 3 illustrates a connection between the transaction system and the PIN pad. In reality, the PIN pad and the card reader are often connected via a payment controller, which is a hardware having implemented on it a payment application. This application might be responsible for interacting with a user by displaying text relevant for performing a payment transaction. The payment application may log parts (or all) of the communication between the PIN pad and the transaction system to allow relevant parties to monitor use and/or abuse. The PIN pad and card reader can be connected to the payment controller via L)SB connections, RS232-connections, infrared connections, bluetooth connections etc. The two need not be connected using the same connection type. The PIN pad and the card reader might very well be manufactured by two separate entities, each of which has its own preference in this respect. The payment controller must in turn be built to allow the respective connection 306 between the transaction system and the payment controller, and connection 315 between the PIN pad and the payment controller to be established.
Fig. 4 illustrates the process of establishing the tamper token and the removal 5 token. First, the transaction unit ("TL)") is enclosed 401 in the tamper protection enclosure/material 105 (see Fig. 3), with the link module inserted into the SAM socket 103. The transaction system can now receive an activation command, issued in step 403, that, when received by the transaction unit (step 405) causes the transaction unit to request (also step 405) a token from the link module.
10 When receiving the request from the transaction system, the link module establishes, in step 407, a token, Tl. This is the tamper token. It can for instance simply be a random number, for instance 8 bytes long. Other lengths can of course be used, such as 4 bytes, 10 bytes or 16 bytes. This is merely a design issue. The link module stores the token (step 409) and returns it (step 411) to the
15 transaction system in response to the request. The transaction system receives and stores the token (step 413) in its volatile memory (element 111 in Fig. 3). This establishes the armed state 415 of the tamper detection.
The PIN pad manufacturer and card reader manufacturer must implement the 20 required commands that allow the PIN pad and card reader to perform the communication.
Similarly, when the transaction system has been mounted on a support (step 421), the transaction system can receive an activation command (issued in step
25 423) that, when received (step 425) by the transaction system, causes the transaction unit to request (also in step 425) a token from the link module. When receiving the request from the transaction unit (step 427), the link module establishes (also step 427) a token, T2. This is the removal token. Similarly to the tamper token, the removal token might simply be a random number. Again, a
30 typical length of this data is 8 bytes, and, as described in relation to the tamper token, other lengths are available as a matter of design. The link module stores the token (step 429) and returns it (step 431) to the transaction system in response to the request. The transaction system receives and stores the token (step 433) in its volatile memory (element 211 in Fig. 3). As illustrated in Fig. 3,
35 this memory segment is different from the memory segment 111 in which the tamper token, Tl, was stored. Otherwise, the transaction system will not become functional, since the transaction unit will be unable to present both the tamper token and the removal token to the link module. Fig. 5 and 6, which are described below, illustrate an example of this situation.
By requiring that a specialized card be used in the activation processes, such a card will have the function of a physical "key", further enhancing the security of the system. The transaction system can be adapted in such a way that it must receive certain data from the card in order to proceed with the token provision. This is a matter of transaction system design.
Fig. 5 illustrates simply what happens when the transaction system is either tampered with or removed from a support. A tampering (step 501) causes the tamper circuit to provide a tamper indication (in step 503) and this causes the transaction unit controller to erase, in step 505, token Tl from the memory in which Tl is stored (element 111 in Fig. 3). As discussed in relation to the obfuscation of the memory 111 in Fig. Ia and Fig. 2, the erasing can also be performed by the tamper circuit via a connection as indicated by 115a in Fig. 1 and 115 in Fig. 2.
The link module, on the other hand, remains unaffected. It simply continues, as indicated in step 520, to store the two tokens, Tl and T2 established in steps 407, 427 in Fig. 4 and stored in steps 409, 429 in Fig. 4 during the activation of the tamper mechanism and the removal mechanism.
Similarly, a removal/unmounting (step 511 in Fig. 5) causes the removal circuit to provide a removal indication (in step 513), which causes the removal circuit to erase, in step 515, token T2 (via a connection as indicated by 216 in Fig. 2) from the memory in which T2 is stored (element 211 in Fig. 3). Similarly to the discussion of the erasing of the tamper token in memory 111, the obfuscation of the memory 211 can also be performed by the transaction unit controller.
Again, the link module remains unaffected. Fig. 6 illustrates a process that takes advantage of the present invention. The process represents an offline payment procedure in a payment system such as that illustrated in Fig. 3. The example illustrates how the tokens can be used to prevent offline payment if the equipment has been tampered with or has been removed and replaced (with a potentially counterfeit unit).
The PIN pad 302 (in Fig. 3) encrypts clear-text PINs using an encryption key KE , which may for instance be a private key of a key pair. The transaction unit (card reader) 301 holds token Tl' and T2' in memories 111 and 211, but it is not a given that they are valid. The link module, on the other hand, holds the valid tokens Tl and T2. The link module also has a decryption key KD corresponding to the PIN pad's encryption key KE . The PIN pad might use a public key of a public/private key pair to encrypt a received clear-text PIN, and the link module could use the private key to decrypt the received encrypted key.
The process in this example is initiated when a card is inserted into the card reader, in step 601. This causes the transaction unit to request a PIN, in step 603. A display on the payment controller might ask the card holder to enter his PIN on the PIN pad. In step 605, such a PIN, PIN', is received by the PIN pad, and in step 607 the PIN pad encrypts the received PIN', thereby obtaining E(PIN'). E(PIN') is the result of applying the encryption key to the received PIN, PIN'. The manufacturer the PIN pad and the manufacturer of the card reader have agreed on which key to use. Alternatively, the PIN pad and the link module may contain such keys, but might instead use them to exchange for instance a temporary symmetric key. This could happen for instance each the time the system is restarted. The PIN pad generates a key, encrypts it, and sends it to the card reader, which then stores the key and knows to apply it for future decryption, until further notice.
At this point in the verification process, it is not yet determined if the correct PIN was entered. This is to be determined. The card reader now appends, in step 609, the tokens Tl and T2 to E(PIN'), and sends all three parts to the link module. The link module receives the three data in step 611, and then it compares, in step 613, the tokens received from the card reader with the tokens it itself stores, Tl and T2, formed, respectively, after the tamper protection enclosure was established around the card reader and link module and after the transaction system was mounted for instance in an ATM. This is illustrated in Fig. 4.
In case the tokens are in agreement, the PIN pad will consider the system secure. An erroneous Tl' would have indicated a tampering, and an erroneous T2' would have indicated an unmounting, dismantling, or other type to removal of the card reader away from the position considered to be valid. However, when the link module finds that the tokens are in agreement - the system is in good order - it will decrypt the received encrypted PIN', E(PIN'), in step 615. The decryption provides PIN', which the link module will return to the card reader, in step 617. It can thus be assumed that the PIN' received by the card reader in step 619 has not been intercepted and replaced or modified in some way, for whatever reason.
The card reader then sends the decrypted PIN, PIN', to the chip on the chip card, also in step 619. The chip then determines, in step 621, whether PIN' received from the link module agrees with the PIN stored in the chip. If the two agree, the payment system can issue an indication of validation, as illustrated by step 625. The payment system can then go on to store information about the validation and details about the transaction as documentation and allow the actual transfer of funds between the card holder and the party represented by the payment system, such as a store or a bank. Such steps are represented by the dashed arrow following step 625 in Fig. 6.
On the other hand, if the PINs disagree, the payment system will not provide an indication of validation. This can happen either because the card reader was unable to deliever the correct tokens, Tl and/or T2, to the link module, or because the incorrect PIN was entered. The first reason indicates tampering or removal, and the device is considered unsafe. The second reason indicates that an incorrect PIN was provided at the PIN pad and can represent a lack of familiarity with the card on behalf of the person entering the PIN. That person might either have forgotten the card PIN, or he might not be authorized to use the card in question. In either case, the transaction is denied. In case the tokens provided by the card reader to the link module do not agree with the tokens held by the link module, the link module will not return the decrypted PIN. It might not even calculate the decrypted PIN. Instead, it aborts the process, as illustrated by step 627. In that case, the link module might attempt to signal to the card reader that a problem arisen. If the card reader has not been tampered with, it will be a valid card reader. The valid card reader might be programmed to recognize such a message and in response communicate a corresponding error code to the payment controller, which can then in turn display on a screen that the transaction could not be performed. The displaying could for instance be audible or visual (or both). In a visual implementation the information could be more or less informative. Text stating that the device needs reinstallation, or similar type of information, could be helpful to the customer and/or to the store owner to help them understand that the problem is due to a defective/untrusted payment system.
In case the PINs do not agree, the card reader can signal this to the payment controller, which can then issue audibly or visually that the entered PIN was incorrect.
The exchange will typically be much more complicated, involving handshakes of various kinds. For instance, an exchange of the symmetric key discussed above may include an exchange of one or more nonces to allow both the PIN pad and the card reader to ensure that the exchange has not been interfered with by a replay attack.
The person skilled in the art will recognize that the figures and examples in the description of the invention are simplified and are for illustrational purposes only. They are not to be considered as limiting the scope defined in the claims.
As briefly touch upon previously in this specification, commands must be implemented to allow functional communication between the card reader and the link module. These commands can be implemented in many ways, for instance using APDL) commands. When using SAM chip cards, this could be an advantageous choice. The invention requires that the card reader implements a number of standard APDU's and a few non-standard commands. For instance, the card reader must implement a command that allows it to request a tamper token - and in some embodiments also a removal token - from the link module, and the link module must provide them in a response, such as in a response APDL), having a data field that accommodates the one or two tokens (depending again on the particular embodiment and implementation). In one implementation, the APDL) command for requesting a token from the link module comprises an information field that informs the link module about whether the requested token is to be used as a tamper token or as a removal token. Correspondingly, a response APDL) can have a data field for carrying the token and a parameter field that indicates whether the returned token is a tamper token or a removal token. Likewise, a command is required for allowing the card reader to transfer the tamper token and the removal token to the link module. In the example of a payment system described above, the command must also transfer the encrypted PIN, and the link module must implement a response command that can comprise the decrypted PIN. Other information can be carried in the response, such as a version number of the link module, an ID indicating which decryption key the link module implements, a time stamp indicating when the tokens were generated etc. Providing variations of these APDL) commands and providing other APDL) commands for use in embodiments of the present invention are, in light of the description provided above, within the capability of a skilled person who is implementing the commands, and further implementation details will therefore be left to the implementer.
Any reference number that might appear in the claims is provided as an aid only; its presence in the claims shall not in any way be construed as limiting the scope of the claims.

Claims

Claims
1. A transaction system comprising
• a transaction unit (101) having a link module interface (103) for connecting a link module (123) to a transaction unit controller (102) to establish a data connection (113) between the transaction unit controller and the link module,
• a first memory (111) operably connected (112) to the transaction unit controller,
the transaction system being connectable (115a, 115b, 115) to a tamper protection enclosure (105) having a tamper circuit (107) which, when connected to the transaction system, is capable of detecting a tampering of the tamper protection enclosure and to provide a tamper indication in response, a tamper indication being indicative of an unauthorized access to the transaction unit;
the transaction unit, when connected with a link module, being capable of receiving a first token from the link module and storing the first token in the first memory;
the transaction system being configured to obfuscate the first token in the first memory in case the tamper circuit, when connected to the transaction system, provides a tamper indication.
2. A transaction system in accordance with claim 1, further comprising the tamper protection enclosure and the link module, the tamper protection enclosure enclosing the transaction unit, the transaction unit being connected to the link module.
3. A transaction system in accordance with claim 1 or 2, further comprising a housing (205) having a mount (206) for mounting the housing on a support, the housing comprising:
• the transaction unit,
• the first memory, • a second memory (211) operably connected (212) to the transaction unit controller,
the transaction system having a removal detection mechanism (208) coupled to the mount, the removal detection mechanism being connected to a removal detection circuit (207) capable of providing a removal indication if the transaction system is unmounted from the support,
the transaction unit, when connected with a link module, being capable of receiving a second token from the link module and storing the second token in the second memory;
the transaction system being configured to obfuscate the second token stored in the second memory in case the removal detection circuit provides a removal indication.
4. A transaction system according to any of claims 1-3, further comprising a first data interface (304) for establishing a data connection (306) with an external electronic device (302, 310).
5. A transaction system according to any of claims 1-4, wherein the transaction unit controller is configured to request the first token from the link module and receive and store the first token in the first memory in response to receiving a tamper circuit activation command.
6. A transaction system according to claim 5, wherein the tamper circuit activation command can be provided via the first data interface or other data interface connected to the transaction unit controller.
7. A transaction system according to any of claims 3-6, wherein the transaction unit controller is configured to request the second token from the link module and receive and store the second token in the second memory in response to receiving a removal detection circuit activation command.
8. A transaction system according to claim 7, wherein the removal detection circuit activation command can be provided via the first data interface or other data interface, if present, connected to the transaction unit controller.
9. A transaction system in accordance with claim 4, wherein the transaction unit comprises a card reader for reading a chip card.
10. A transaction system according to claim 9, wherein the external device is a PIN pad (302), or is a payment controller (310) capable of providing a data connection between the transaction system's data interface and the PIN pad.
11. A transaction system according to claim 10, wherein the transaction unit is capable of
• receiving a first PIN-related datum via the first data interface, and sending the first token, unless obfuscated, and the first PIN-related datum to the link module, and to receive a second PIN-related datum in response,
• sending the second PIN-related datum to a chip card connected to the card reader and receiving, from the chip card, a response representing whether or not the second PIN-related datum corresponds to a PIN stored on the chip card.
12. A transaction system according to claim 11, wherein the transaction unit controller is also capable of sending the second token to the link module.
13. A transaction system according to any of claims 1-12, wherein the link module is a SAM card and the link module interface comprises a SAM socket.
14. A link module, the link module being enabled to act as the link module referred to in claims 1-13.
15. A link module in accordance with claim 14, wherein the link module is a SAM card.
16. A method for offline-determination of a PIN in a transaction system in accordance with claim 11, the method comprising:
• entering (605) a PIN using a PIN pad connected to the transaction system, the PIN pad subsequently encrypting (607) the PIN and sending the encrypted PIN to the transaction system,
• the transaction system receiving (609) the encrypted PIN and sending the encrypted PIN and a first token stored in the first memoryand, if applicable, a second token stored in the second memory to the link module,
• the link module receiving (611) the encrypted PIN and determining (613) whether the received first token corresponds to a first token stored by the link module and, if applicable, whether the received second token corresponds to a second token stored by the link module, and in the affirmative (615) decrypting the encrypted PIN and returning (617) the decrypted PIN to the transaction unit, • the transaction unit receiving (619) the decrypted PIN and sending (619) the decrypted PIN to the chip card in the card reader,
• the chip card receiving the decrypted PIN and determining (621) whether or not the received PIN corresponds to a PIN stored on the chip card.
PCT/DK2009/050125 2008-06-11 2009-06-11 Secure link module and transaction system WO2009149715A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US6068208P 2008-06-11 2008-06-11
DKPA200800808 2008-06-11
US61/060,682 2008-06-11
DKPA200800808 2008-06-11

Publications (1)

Publication Number Publication Date
WO2009149715A1 true WO2009149715A1 (en) 2009-12-17

Family

ID=40941680

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DK2009/050125 WO2009149715A1 (en) 2008-06-11 2009-06-11 Secure link module and transaction system

Country Status (1)

Country Link
WO (1) WO2009149715A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2507954A (en) * 2012-10-13 2014-05-21 Korala Associates Ltd Tamper detection system associated with an encryption device and an additional trigger for other components in a user terminal.
WO2018156742A1 (en) * 2017-02-22 2018-08-30 Square, Inc. Line-based chip card tamper detection
CN109215214A (en) * 2017-07-04 2019-01-15 佛山市顺德区顺达电脑厂有限公司 Card-punching system with data protection function
US10255464B2 (en) 2017-01-31 2019-04-09 Square, Inc. Systems and methods for determining clock rates for communicating with processing devices
US10318952B1 (en) 2015-05-23 2019-06-11 Square, Inc. NFC base station and passive transmitter device
US10380389B1 (en) 2015-12-11 2019-08-13 Square, Inc. Reading payment object upon detection of reader readiness
US10402816B2 (en) 2016-12-31 2019-09-03 Square, Inc. Partial data object acquisition and processing
US10438189B2 (en) 2017-02-22 2019-10-08 Square, Inc. Server-enabled chip card interface tamper detection
US10621590B2 (en) 2017-02-22 2020-04-14 Square, Inc. Line-based chip card tamper detection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1160647A2 (en) * 2000-06-01 2001-12-05 Hewlett-Packard Company, A Delaware Corporation Tamper detection in electronic devices
US6715078B1 (en) * 2000-03-28 2004-03-30 Ncr Corporation Methods and apparatus for secure personal identification number and data encryption
US20060211491A1 (en) * 2005-03-17 2006-09-21 Falvey Grahame M Software security for gaming devices
US20070204173A1 (en) * 2006-02-15 2007-08-30 Wrg Services Inc. Central processing unit and encrypted pin pad for automated teller machines

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6715078B1 (en) * 2000-03-28 2004-03-30 Ncr Corporation Methods and apparatus for secure personal identification number and data encryption
EP1160647A2 (en) * 2000-06-01 2001-12-05 Hewlett-Packard Company, A Delaware Corporation Tamper detection in electronic devices
US20060211491A1 (en) * 2005-03-17 2006-09-21 Falvey Grahame M Software security for gaming devices
US20070204173A1 (en) * 2006-02-15 2007-08-30 Wrg Services Inc. Central processing unit and encrypted pin pad for automated teller machines

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9990797B2 (en) 2012-10-13 2018-06-05 Korala Associates Limited User terminal system and method
GB2507954B (en) * 2012-10-13 2018-07-04 Korala Associates Ltd A user terminal system and method
GB2507954A (en) * 2012-10-13 2014-05-21 Korala Associates Ltd Tamper detection system associated with an encryption device and an additional trigger for other components in a user terminal.
US10318952B1 (en) 2015-05-23 2019-06-11 Square, Inc. NFC base station and passive transmitter device
US10380389B1 (en) 2015-12-11 2019-08-13 Square, Inc. Reading payment object upon detection of reader readiness
US10402816B2 (en) 2016-12-31 2019-09-03 Square, Inc. Partial data object acquisition and processing
US10970708B2 (en) 2016-12-31 2021-04-06 Square, Inc. Predictive data object acquisition and processing
US10255464B2 (en) 2017-01-31 2019-04-09 Square, Inc. Systems and methods for determining clock rates for communicating with processing devices
WO2018156742A1 (en) * 2017-02-22 2018-08-30 Square, Inc. Line-based chip card tamper detection
US10438189B2 (en) 2017-02-22 2019-10-08 Square, Inc. Server-enabled chip card interface tamper detection
US10621590B2 (en) 2017-02-22 2020-04-14 Square, Inc. Line-based chip card tamper detection
US11113698B2 (en) 2017-02-22 2021-09-07 Square, Inc. Line-based chip card tamper detection
US11669842B2 (en) 2017-02-22 2023-06-06 Block, Inc. Transaction chip incorporating a contact interface
CN109215214A (en) * 2017-07-04 2019-01-15 佛山市顺德区顺达电脑厂有限公司 Card-punching system with data protection function

Similar Documents

Publication Publication Date Title
US4961142A (en) Multi-issuer transaction device with individual identification verification plug-in application modules for each issuer
WO2009149715A1 (en) Secure link module and transaction system
US5036461A (en) Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device
JP5050066B2 (en) Portable electronic billing / authentication device and method
JP4251667B2 (en) Integrated circuit card with application history list
ES2599985T3 (en) Validation at any time for verification tokens
EP2143028B1 (en) Secure pin management
US7254706B2 (en) System and method for downloading of files to a secure terminal
US6367017B1 (en) Apparatus and method for providing and authentication system
JP4095680B2 (en) Security management method for card type storage device and card type storage device
US9355277B2 (en) Installable secret functions for a peripheral
CN110249586B (en) Method for securely storing sensitive data on a smart card and smart card
US7293700B2 (en) Transaction terminal device and transaction terminal control method
US20050055318A1 (en) Secure PIN management
CA2529580C (en) Method of authentication of memory device and device therefor
JP2001512873A (en) Data carrier authentication inspection method
US20140281527A1 (en) Detecting Fraud Using Operational Parameters for a Peripheral
EP1082710A1 (en) Preloaded ic-card and method for authenticating the same
WO2007010333A1 (en) Host security module using a collection of smartcards
AU8545398A (en) Method for managing a secure terminal
CN105608775A (en) Authentication method, terminal, access control card and SAM card
Petri An introduction to smart cards
JP4303768B2 (en) Security management method for card type storage device, card type storage device, and transaction device for card type storage device
US20030140236A1 (en) Method and arrangement for preventing unauthorized execution of computer programs and a corresponding software product and a corresponding computer-legible storage medium
JPH11328325A (en) Ic card system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09761334

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09761334

Country of ref document: EP

Kind code of ref document: A1