WO2011128778A2 - Security techniques card payment terminal - Google Patents

Security techniques card payment terminal Download PDF

Info

Publication number
WO2011128778A2
WO2011128778A2 PCT/IB2011/001231 IB2011001231W WO2011128778A2 WO 2011128778 A2 WO2011128778 A2 WO 2011128778A2 IB 2011001231 W IB2011001231 W IB 2011001231W WO 2011128778 A2 WO2011128778 A2 WO 2011128778A2
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
card reader
radio frequency
processor
resistor
Prior art date
Application number
PCT/IB2011/001231
Other languages
French (fr)
Other versions
WO2011128778A3 (en
Inventor
Andrew Campbell
Brian Docherty
James Churchman
Kevin Maidment
Nick Mcgarvey
Original Assignee
Paypod, Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/087,580 external-priority patent/US20110253786A1/en
Priority claimed from US13/087,538 external-priority patent/US20110255253A1/en
Application filed by Paypod, Ltd filed Critical Paypod, Ltd
Publication of WO2011128778A2 publication Critical patent/WO2011128778A2/en
Publication of WO2011128778A3 publication Critical patent/WO2011128778A3/en

Links

Classifications

    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05KPRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
    • H05K1/00Printed circuits
    • H05K1/02Details
    • H05K1/0275Security details, e.g. tampering prevention or detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/0008General problems related to the reading of electronic memory record carriers, independent of its reading method, e.g. power transfer
    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05KPRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
    • H05K2201/00Indexing scheme relating to printed circuits covered by H05K1/00
    • H05K2201/09Shape and layout
    • H05K2201/09209Shape and layout details of conductors
    • H05K2201/09218Conductive traces
    • H05K2201/09263Meander

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

A multi-layer Printed Circuit Board (PCB) holds a number of sections of serpentine track on two or more internal layers of a multi-layer PCB. The sections are connected in series with resistors between each section. One end of each of the resistors a connection to an analogue to digital converter is made. Attempts to drill through the PCB are likely to short the ground plane to one or more of the internal serpentine tracks, which will alter the voltages on the analogue to digital connections. In another embodiment, current flowing through the contacts of the smart card reader due to the presence of a "shim" is detected. Small value resistors are connected in series with either the Power connection or the Ground connection, or both. In another embodiment, circuitry detects wireless transmission of data from the card terminal from illicit transmitting equipment within the terminal. In another embodiments, dummy data wires or PCB tracks are employed that run close to and parallel with the wires or tracks that carry the actual data between the card and the microprocessor and are driven with dummy random data at a similar data rate to that used on the real data track(s) or wire(s).

Description

SECURITY TECHNIQUES FOR CARD PAYMENT TERMINAL FTFT .n OF THE TNVFNTTON
[0001] The present invention relates to Point of Sale Credit Card Terminals. In particular, the present invention is directed toward improved security for Point of Sale Credit Card and Payment Terminals. A CKO OI ΤΝΓ) OF THE TNVFNTTON
[0002] In a card payment terminal, serial data is exchanged between the card inserted in the reader slot of the terminal and the processing electronics within the terminal (e.g., a microprocessor). Generally, card payment terminals are designed to detect attempts to open or otherwise tamper with them in order to intercept data exchanged between the card and the processing electronics (generally a microprocessor). Fraudsters may go to great lengths to tamper with or modify card terminal apparatus. If a terminal can be modified in such a way that signals can be intercepted and routed out of the terminal in such a way as to be invisible or at least not obvious to a user then the chances of obtaining private data for fraudulent use are increased.
[0003] One method used to intercept card data may be to attempt to drill through the case of the terminal with a view to inserting conducting probes to contact tracks or connections within the terminal. A known method is to use a "serpentine" track on a flexible or rigid substrate (a flexible or rigid PCB) to cover vulnerable areas such that attempts to cut or drill through to vulnerable area are likely to result in breaks in the serpentine track. When a break to the serpentine track is detected, the device may be disabled. [0004] A typical method of detecting a break in such a track is illustrated in Figure 1. Referring to Figure 1, a power supply 110 provides power to a serpentine track 130 on a circuit board 120. Current passes from power supply 110 through the serpentine track 130 through resistor 150 to ground 150. An output signal before resistor 150 is provided to a microprocessor or the like, 140. In normal operation, the voltage at the connection to the microprocessor 140 is high and when the serpentine track 130 is cut, it goes low. The serpentine track may be cut if a hacker attempts to drill a hole 260 into the case of the device, as illustrated in Figure 2, or otherwise tamper with or alter the device, breaking the continuity of the serpentine track 120 The processor 140 then knows that the protected area has been compromised and the apparatus may be disabled.
[0005] This very simple method of protection can be circumvented by a determined attacker if he or she can get at the connections to the serpentine track and connect one to the other using a shunt or jumper wire 270 as illustrated in Figure 7, and thereby short circuiting the serpentine track. The track 130 may then be drilled or cut allowing access to protected circuits without the microprocessor 140 being aware of the break in the track. In Figure 2, after drilling a hole 260 in the case of the card reader unit, the hacker then inserts a jumper wire 270 between the connections of the serpentine track 130, thus completing the serpentine track circuit and preventing detection of the hole 260 in the case. As illustrated in Figure 2, such Prior Art serpentine track protection devices are thus easily defeated. Thus, it remains a requirement in the art to provide an improved security system for credit card terminals and other sensitive electronic devices, where a serpentine track protection cannot be defeated merely be shorting the connections of the serpentine track.
[0006] Another technique used by fraudsters is to insert what is known as a "shim" between the card reader terminals and the card such that data is intercepted between the card reader contacts and the card itself. Having done that, data can be extracted by leading wires out of the terminal via the card slot or otherwise. Such wires ought to be visible to a wary user. Alternatively, circuitry could be included on the shim, or elsewhere within the terminal (perhaps hidden in a battery compartment), which transmits the data wirelessly to a hidden receiver.
[0007] If such a shim is used, data, including bank account or credit card numbers, as well as PIN numbers, may be intercepted and transmitted to a third party for fraudulent uses. Detecting the presence of such a shim is thus important to preserve the integrity of a card reading device, particularly a portable card reading device. Alternately, circuitry could be included on the shim, or elsewhere within the terminal (perhaps hidden in a battery compartment), which transmits the data wirelessly to a hidden receiver. Such a wireless shim might not be readily detected by a user..
[0008] A potential fraudster may therefore attempt to sense the data without making direct contact with the wire or track (PCB track) connecting the card terminal to the microprocessor. The sensors may be attached to the outside of the terminal case or perhaps hidden within internal battery compartments or the like. They can work by sensing the voltage on the data tracks or wires (capacitive sensing) or by sensing the magnetic field produced by the current in the data wires or tracks either by inductive sensing whereby changes in the magnetic field induce current in a sensing coil or using methods (such as hall effect devices of magneto-resistive materials) that sense the actual value of the magnetic field (rather than its rate of change). Conceivably, a combination of these methods may be employed. Thus, it remains a requirement in the art to provide an improved security system for credit card and payment terminals and other sensitive electronic devices, to detect the presence of a shim and disable the card reader or notify the user that security may be compromised, when a shim is detected.
SUMMARY OF THF TNVFNTTON
[0009] In the present invention, it becomes far harder to short out sections of track without the microprocessor detecting the attempt to tamper with the circuit. The present invention uses a multi-layer Printed Circuit Board (PCB) to hold a number of sections of serpentine track on two or more internal layers of a multi-layer PCB. The sections are connected in series with resistors between each section. In principle there may be any number of these sections. From one end of each of the resistors a connection to an analogue to digital converter is made. In its simplest form each of the serpentine track is produced on a separate internal layer of the PCB. The outer layers are typically ground planes. Attempts to drill through the PCB are likely to short the ground plane to one or more of the internal serpentine tracks, which will alter the voltages on the analogue to digital connections.
[0010] Shorting out sections of serpentine track with a view to then drilling through undetected are made very difficult in this scheme since shorting any tack to the ground plane or any track to any other track or breaking any track will be detected by changes to the voltages on the connections to the analogue to digital converter inputs.
[0011] In another embodiment, a shim designed to transmit data to a hidden receiver will naturally require electrical power, which will be delivered through the contacts in the card reader that would normally directly contact the card. The present invention detects the current flowing through the contacts of the smart card reader due to the presence of a shim. The card terminal of the present invention, named "PayPod" includes a device for accepting and connecting to a standard Smart Card. There are five active connections on the device: Power, Ground, Card clock, Card reset, and Card data.
[0012] In the present invention, small value resistors are connected in series with either the Power connection or the Ground connection, or both. Values are typically 47 milliohms to 100 milliohms. The use of such small values ensures that little voltage is dropped across the resistors and that the card is therefore adequately powered. With no card present, the current through these resistors should be zero and therefore the voltage across the resistors will also be zero. Amplifier circuits are employed to monitor and amplify the voltage across the resistors and in the "PayPod" design the amplifier outputs are connected to analogue to digital inputs on the microprocessor. Where the microprocessor (or other processing electronics) used has no analogue to digital inputs, separate analogue to digital circuits may be used. The microprocessor may then monitor the current flowing into the power supply contacts of the card reader.
[0013] If current is flowing when no card is present then the terminal will not attempt to communicate with the card. The terminal may be programmed with a "normal range" of current flow to be expected when a card is in position and NOT being "clocked" (i.e., no clock signal is supplied to the clock connection to the card). If the measured current flow is greater than the top limit of this normal range then the terminal will cease communication with the card. In addition, the terminal will be programmed with a "normal range" of current flow to be expected when a card is in position and being "clocked" (i.e., a clock signal is supplied to the clock connection to the card). If the measured current flow is greater than the top limit of this normal range then the terminal will cease communication with the card.
[0014] In the case where the current into the power connection and out of the ground connection are both monitored, any difference between the measured levels will cause the terminal to cease communication with the card. This state could come about if the installer of the shim attempts to provide an alternative connection to ground rather than using the ground pin of the card connector. Attempts to interfere with the current sensing by shorting out the sensing resistors is thwarted by setting a minimum level of measured current for the card when it is being clocked (the clock signal in a smart card is the system clock for the card electronics and is not used as a clock for synchronous data transfer and thus a card containing CMOS circuitry will only draw significant current when the clock signal is present). If the measured current when the clock signal is applied is too low the terminal will cease communication with the card. This action amounts to a test of the current sensing mechanism each time a card is inserted. [0015] In another embodiment of the present invention, wireless transmission of data from the card terminal from illicit transmitting equipment within the terminal in the form of a "shim" or otherwise are detected. Included within the terminal electronics is a circuit designed to detect radiated signals over a wide range of frequencies. In the preferred embodiment, this circuit is based around the LTC5507 RF Power detector chip from Linear Technology that operates over the range of frequencies from 100kHz to lGHz. This particular circuit design provides an analog output voltage level that depends on the strength of the detected signal. Other circuit arrangements can provide similar functionality.
[0016] In the preferred embodiment, the detector circuit is connected to an "A to D" input of the microprocessor. In this way, the voltage level at the input can be measured rather than just treating it as digital input where the voltage level would be taken by the processor as either ON (signal present) or OFF (signal not present). Where the microprocessor (or other processing electronics) used does not have an analog to digital converter input, an external analog to digital circuit may be used.
[0017] With the inclusion of this circuitry, the terminal can determine the level of radio signal activity in its vicinity before a card is entered into the card slot, the level after the card is inserted and the level during the time the terminal is exchanging data with the card. If there is an abrupt increase in signal level when the card is inserted or when data exchange commences, the processor can ensure that the PIN is not sent to the card and can prevent all further transactions until the radio signal is no longer present.
[0018] In another embodiment, the present invention is designed to make the reliable detection of the data being sent to or received from the card (via the Card Data connection) difficult to achieve by methods not requiring a direct electrical connection to the wire or printed circuit track(s) carrying data between the smart card and the processing electronics circuits (e.g., a microprocessor). [0019] In another preferred embodiment of the present invention, "dummy data" wires or PCB tracks are employed that run close to and parallel with the wires or tracks that carry the actual data between the card and the microprocessor. These dummy data tracks or wires are driven with dummy random data at a similar data rate to that used on the real data track(s) or wire(s). As the dummy tracks or wires are close to the "real" data tracks or wires and the dummy data is random, attempts to capacitively sense the actual data will be disrupted.
[0020] Of course, with un-terminated dummy data tracks (connected to the microprocessor at one end but to nothing at the other), little current will flow (the data rate being low enough that it will be far below any resonance with the likely track lengths used in practice). The real data track(s) will of course connect to the smart card and this connection will represent a load such that current will flow when a voltage is applied to the track. This means that data could be detected by remotely sensing the magnetic field due to current flow in the data track even when dummy data is present on the dummy data tracks (since no current flows along these tracks).
[0021] To counter this method of detection the dummy data track may be connected to loads (resistive, capacitive or both) to ensure that current flows when dummy data is applied to the tracks. The loads may be selected such that the current flows are similar to those in the real data track. This is achieved by determining the terminating impedances on the real data track and using similar values on the dummy data tracks. Alternately, the strategy may be to ensure that the current flow in the dummy data tracks are much higher than the real data track current, in which case the total magnetic field will be dominated by the dummy data and the "real" signal will be "drowned out" by the dummy data signals. RRTFF DFSCRTPTTON OF THF PR AWTNCS
[0022] Figure 1 is a diagram illustrating a Prior Art serpentine track device used to protect a sensitive electronic device such as a credit card terminal.
[0023] Figure 2 is a diagram illustrating a Prior Art serpentine track device used to protect a sensitive electronic device such as a credit card terminal, illustrating how a hole drilled into the case of such a device breaks the serpentine track, and how a hacker can short out the track to prevent detection of tampering.
[0024] Figure 3 is a simplified diagram illustrating a multi-layer serpentine track device in a first embodiment of the present invention.
[0025] Figure 4 is a more detailed diagram illustrating a multi-layer serpentine track device in a first embodiment of the present invention using a four-layer Printed Circuit Board (PCB).
[0026] Figure 5 is a diagram illustrating a smart card contact pad and a basic schematic of the apparatus of one embodiment of the present invention.
[0027] Figure 6 is a diagram illustrating the steps in the shim detection process of the present invention.
[0028] Figure 7 is a diagram illustrating how the RF signal detector circuit may be used in the preferred embodiment to generate an analog signal to the input of an A/D converter input of a microprocessor. [0029] Figure 8 is a diagram illustrating how the RF signal detector circuit may be used in an alternative embodiment, where the microprocessor does not have an analog input and an external A/D converter is utilized.
[0030] Figure 9 is a flowchart illustrating the steps in the RF detection process of the present invention.
[0031] Figure 10 is a schematic diagram illustrating a first embodiment of the present invention.
[0032] Figure 11 is a schematic diagram illustrating a second embodiment of the present invention.
[0033] Figure 12 is a schematic diagram illustrating a third embodiment of the present invention.
[0034] Figure 13 is a frontal view of the PayPod card terminal of the present invention. fiFTATT ,FX) DFSCRTPTTON OF THF TNVFNTTON
[0035] Figure 13 is a frontal view of the PayPod card terminal of the present invention. The device includes a display, a keypad for inputting PIN numbers, payment amounts, and the like, and a card reader contact pad for accepting and connecting to a standard Smart Card.
[0036] Referring to Figures 3 and 4, the present invention uses a multi-layer PCB to hold a number of sections of serpentine track 330, 331 on two or more internal layers of a multi-layer PCB. The sections of serpentine track 330, 331 are connected in series as shown in Figures 3 and 4, from power supply 310 to ground 360, with resistors 352, 351, and 350 located between each serpentine track section 330, 331, power supply 310, and ground 360. In principle there may be any number of these serpentine track sections 330, 331, although only two are shown in Figures 3 and 4 for the purposes of illustration. From one end of each of the resistors 352, 351, and 350, a connection to an analogue to digital converter 340 is made, as illustrated in Figure 3.
[0037] In its simplest form, each of the serpentine tracks 330, 331 is produced on a separate internal layer of the PCB. The outer layers 370, 371 are typically ground planes. Attempts to drill through the PCB are likely to short the ground plane to one or more of the internal serpentine tracks, which will alter the voltages on the analogue to digital connections. Shorting out sections 330, 331 of serpentine track with a view to then drilling through undetected are made very difficult in this scheme since shorting any track to the ground plane 370, 371 or any track 330 to any other track 331 or breaking any track 330, 331 will be detected by changes to the voltages on the connections 340 to the analogue to digital converter input.
[0038] In the system as illustrated in Figure 3, several sections 330, 331 of "serpentine track" are arranged in series with a string of resistors 350, 351, 352 to act as a potential (Voltage) divider. Connections 340 are made to one or more analog to digital converters (ADC). Cutting any track 330, 331 or shorting it to any other track 330, 331 to ground 360 or to the supply 310 will cause changes in the measured voltages 340 at the analogue to digital converter(s), which the system microprocessor (not shown) will detect as tampering.
[0039] Figure 4 is a more detailed diagram illustrating a multi-layer serpentine track device of the present invention using a four-layer Printed Circuit Board. In Figure 4, a four-layer PCB board is shown, with layers separated for clarity. The top and bottom layers 370, 371 are ground planes, connected via through-hole plated connections. Resistors 350, 351, 352 may be typically mounted on the under surface of the bottom layer 371, connected via through-hole plated connections that, in the preferred embodiment, should not come through to the top ground plane layer 370. [0040] Referring to Figure 5, illustrated therein is a contact pad 150 for a so-called "Smart Card" of the type typically used for banking and other uses in many parts of the world. As illustrated in Figure 5, there are five active connections on the device: Power 130, Ground 140, Card clock 152, Card reset 151, and Card data 153.
[0041] As illustrated in Figure 5, small value resistors 160 and 170 are connected in series with either the Power connection 130 or the Ground connection 140, or both. Values are typically 47 milliohms to 100 milliohms. The use of such small values ensures that little voltage is dropped across the resistors 160, 170 and that the card is therefore adequately powered. With no card present, the current through these resistors 160, 170 should be zero and therefore the voltage across the resistors 160, 170 will also be zero. Amplifier circuits 110 and 120, as illustrated in Figure 1, are employed to monitor and amplify the voltage across the resistors 160 and 170, respectively, and in the "PayPod" design, the amplifier outputs are connected to analogue to digital inputs 180, 190 on a microprocessor 100. Where the microprocessor 100 (or other processing electronics) used has no analog to digital inputs, separate analogue to digital circuits 180, 190 may be used. The microprocessor 100 may then monitor the current flowing into the power supply contacts 150 of the card reader.
[0042] Figure 6 is a diagram illustrating the steps in the shim detection process of the present invention. Referring to Figures 5 and 6, the process starts at step 200. If current is flowing when no card is present, as shown in step 210, then the terminal will not attempt to communicate with the card. The terminal may be disabled in step 280 and an error code generated or displayed, or alternately the terminal may simply refuse to communicate with any card until the condition is corrected and the device reset. The terminal may be programmed with a "normal range" of current flow to be expected when a card is in position and NOT being "clocked" (i.e., no clock signal is supplied to the clock connection to the card). Once a card is inserted into the reader in step 220, if the measured current flow is greater than the top limit of this normal range (or lower than a minimum range), as determined in step 230, then the terminal will cease communication with the card and processing passed to step 280. In addition, the terminal may be programmed with a "normal range" of current flow to be expected when a card is in position and being "clocked" (i.e., a clock signal is supplied to the clock connection to the card). In step 240, the clock is then clocked, and if the measured current flow is greater than the top limit of this clocked normal range as determined in step 250 (or lower than a minimum range) then the terminal will cease communication with the card and processing passes to step 280.
[0043] In an optional step, in the embodiment where the current into the power connection and out of the ground connection are both monitored, any difference between the measured current levels, as determined in step 260 may cause the terminal to cease communication with the card and processing passes to step 280. This state could come about if the installer of the shim attempts to provide an alternative connection to ground rather than using the ground pin of the card connector.
[0044] Attempts to interfere with the current sensing by shorting out the sensing resistors may also be thwarted by setting a minimum level of measured current for the card when it is being clocked (the clock signal in a smart card is the system clock for the card electronics and is not used as a clock for synchronous data transfer and thus a card containing CMOS circuitry will only draw significant current when the clock signal is present). Note that in step 250, if the measured current when the clock signal is applied is also too low, the terminal may cease communication with the card and processing passes to step 280. This action amounts to a test of the current sensing mechanism each time a card is inserted.
[0045] If none of these events is detected, the card reader may be enabled as illustrated in step 270. Note that for the purposes of illustration, this process is shown as a flow chart in Figure 6. However, in actual operation, these processes may not be linear, but may occur concurrently, continually, periodically, or randomly, to insure that a shim or other device is not activated after the card has been inserted and clocked, or during a transaction or the like. [0046] While disclosed herein in the context of a Credit Card and Payment terminal, the present invention may also be applied to any type of sensitive electronic device, where data protection and anti-tampering features are desirable. Such applications include, but are not limited to, Automated Teller Machines (ATMs), Cable and Satellite Television decoders (set-top boxes), Cellular telephones, Personal Digital Assistants, and the like.
[0047] Referring to Figure 7, the present invention detects wireless transmission of data from the card terminal from illicit transmitting equipment within the terminal in the form of a "shim" or otherwise. Included within the terminal electronics is a circuit designed to detect radiated signals over a wide range of frequencies. As illustrated in Figure 7, this circuit comprises an antenna 810 in proximity to the card reader, preferably built-in to the card reader. An RF signal detector circuit 820 monitors for RF activity in the area around the card terminal. The RF signal detector circuit outputs an analog signal 850, which is fed to an analog input in the microprocessor 830 or other electronics.
[0048] In the preferred embodiment of the invention, the RF signal detector circuit 820 is based around the LTC5507 RF Power detector chip from Linear Technology of Milpitas, California that operates over the range of frequencies from 100kHz to lGHz. This particular circuit design provides an analog output voltage level that depends on the strength of the detected signal. Other circuit arrangements can provide similar functionality. In the present invention, the analog output 850 of the detector circuit 820 is connected to an A/D input of the 830 microprocessor as illustrated in Figure 7. In this way, the voltage level at the input can be measured rather than just treating it as digital input where the voltage level would be taken by the processor as either ON (signal present) or OFF (signal not present).
[0049] Where the microprocessor (or other processing electronics) 830 used does not have an analog to digital converter input, an external analog to digital circuit 860 may be used as is illustrated in Figure 8. In the embodiment of Figure 8, an analog to digital converter 860 is coupled to the output of the RF signal detector circuit 820 and to a digital input of the microprocessor or other control circuitry 830. The microprocessor 830 may then monitor RF signal strength on the basis of the digital output 890 of the A/D converter 860 and take appropriate action to secure the device if suspicious levels of RF signals are detected, as previously described.
[0050] Figure 9 is a flowchart illustrating the steps in the RF detection process of the present invention. The process starts at step 900. With the inclusion of the circuitry of Figures 7 or 8, the terminal can determine the level of radio signal activity in its vicinity before a card is entered into the card slot as shown in step 910. In step 920, the card is inserted into the slot and the radio signal level after the card is inserted and the level during the time the terminal is exchanging data with the card is measured in step 930. If there is an abrupt increase in signal level when the card is inserted or when data exchange commences, as illustrated in step 940, the processor can ensure that the PIN is not sent to the card and can prevent all further transactions until the radio signal is no longer present as illustrated in step 960. An appropriate error message may be generated and displayed if unusual RF activity is detected. If no unusual RF activity is detected, the card reader may process the card data, accept PIN input, and process and transmit card and PIN data normally, as illustrated in step 950.
[0051] Referring to Figure 10, "dummy data" wires or PCB tracks 1020 are employed that run close to and parallel with the wires or tracks 1050 that carry the data between the card contact 1040 and the microprocessor 1010. These dummy data tracks or wires 1020 are driven with dummy random data at a similar data rate to that used on the real data track(s) or wire(s) 1050. As the dummy tracks or wires 1020 are in close proximity to the "real" data tracks or wires 1050 and the dummy data is random, attempts to capacitively sense the will be disrupted. [0052] Figure 11 is a schematic diagram illustrating a second embodiment of the present invention. In the embodiment of Figure 11, a second dummy data track 1030 may be provided adjacent the data track 1050 (e.g., on an opposite side or different layer of the PCB) to further obfuscate data track signals from outside detection using inductive or capacitive means.
[0053] Of course, with un-terminated dummy data tracks 1020, 1030 (connected to the microprocessor 1010 at one end but to nothing at the other), little current will flow (the data rate being low enough that it will be far below any resonance with the likely track lengths used in practice). The real data track(s) 1050 will of course connect to the smart card contact 1040 and this connection will represent a load such that current will flow when a voltage is applied to the track 1050. This means that data could be detected by remotely sensing the magnetic field due to current flow in the data track 1050 even when dummy data is present on the dummy data tracks 1020, 1030 (since no current flows along these tracks).
[0054] To counter this method of detection the dummy data track(s) 1020, 1030 may be connected to loads 1060, 1070 (resistive, capacitive or both) to ensure that current flows when dummy data is applied to the dummy track(s) 1020, 1030. Figure 12 is a schematic diagram illustrating a third embodiment of the present invention. As illustrated in Figure 12, the loads 1060, 1070 may be chosen such that the current flows are similar to those in the real data track 1050. This is achieved by determining the terminating impedances on the real data track 1050 and using similar values on the dummy data track(s) 1020, 1030. Or, the strategy may be to ensure that the current flow in the dummy data track(s) 1020, 1030 are much higher than the current n the real data track 1050, in which case the total magnetic field will be dominated by the dummy data and the "real" signal will be "drowned out". Of course, the loads 1060, 1070 may be carefully selected so that current in the dummy data track(s) 1020, 1030 does not interfere with actual card data or normal functioning of the device, by inducing currents into the data track 1050. [0055] Thus, in the present invention, if a hacker or other unauthorized person attempts to read card data using non-invasive means (inductive pickups, capacitive detection, RF measurement or the like) the resulting signal will be masked by the random dummy data and the card data will not be discernable. In addition, the use of dummy data track(s) 1020, 1030 provides additional protection against invasive measurement, where a hacker or other unauthorized person attempts to connect to actual circuit board traces (e.g., by drilling a hole in the cabinet of the device) by presenting a confusing array of data tracks, some transmitting "real" data and others transmitting dummy data.
[0056] While disclosed herein in the context of a Credit Card terminal, the present invention may also be applied to any type of sensitive electronic device, where data protection and anti- tampering features are desirable. Such applications include, but are not limited to, Automated Teller Machines (ATMs), Cable and Satellite Television decoders (set-top boxes), Cellular telephones, Personal Digital Assistants, and the like.
[0057] While the preferred embodiment and various alternative embodiments of the invention have been disclosed and described in detail herein, it may be apparent to those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope thereof.

Claims

CT .ATMS We Claim:
1. A printed circuit board with tamper detection, comprising:
a muti-layer printed circuit board having a plurality of layers;
a plurality of conductive serpentine tracks, each formed on a different layer of the multilayer printed circuit board;
a plurality of resistors coupled between a power supply, at least of the conductive serpentine tracks, and a ground plane; and
a plurality of voltage outputs, each coupled to a corresponding one of the plurality of resistors, for measuring a change in voltage at a resistor to detect tampering of the printed circuit.
2. The printed circuit board with tamper detection of claim 1, wherein the conductive serpentine tracks are formed such that when a hole is drilled into the printed circuit board in an attempt to tamper with the printed circuit board, at least one of the conductive serpentine tracks is cut, causing a voltage change at one or more of the plurality of voltage outputs.
3. The printed circuit board with tamper detection of claim 1, further comprising:
at least one ground plane, formed on a layer of the multi-layer circuit board, such that when a hole is drilled into the printed circuit board in an attempt to tamper with the printed circuit board, at least one of the conductive serpentine tracks is shorted to ground, causing a voltage change at one or more of the plurality of voltage outputs.
4. The printed circuit board with tamper detection of claim 1, further comprising:
at least one ground plane, formed on outer layer of the multi-layer circuit board, such that when a hole is drilled into the printed circuit board in an attempt to tamper with the printed circuit board, at least one of the conductive serpentine tracks is shorted to ground, causing a voltage change at one or more of the plurality of voltage outputs.
5. The printed circuit board with tamper detection of claim 4, wherein the at least one ground plane comprises two ground planes, one formed on an upper outer layer of the multi-layer circuit board and another formed on a lower outer layer of the printed circuit board, such that when a hole is drilled into the printed circuit board in an attempt to tamper with the printed circuit board, at least one of the conductive serpentine tracks is shorted to ground, causing a voltage change at one or more of the plurality of voltage outputs.
6. A card payment terminal with tamper detection, comprising:
a card payment terminal having an external housing and one or more internal printed circuit boards, the one ore more printed circuit boards including a muti-layer printed circuit board having a plurality of layers;
a plurality of conductive serpentine tracks, each formed on a different layer of the multilayer printed circuit board;
a plurality of resistors coupled between a power supply, at least of the conductive serpentine tracks, and a ground plane; and
a plurality of voltage outputs, each coupled to a corresponding one of the plurality of resistors, for measuring a change in voltage at a resistor to detect tampering of the printed circuit.
7. A card payment terminal with tamper detection of claim 6, wherein the conductive serpentine tracks are formed such that when a hole is drilled into the printed circuit board in an attempt to tamper with the printed circuit board, at least one of the conductive serpentine tracks is cut, causing a voltage change at one or more of the plurality of voltage outputs.
8. The card payment terminal with tamper detection of claim 6, further comprising:
at least one ground plane, formed on a layer of the multi-layer circuit board, such that when a hole is drilled into the printed circuit board in an attempt to tamper with the printed circuit board, at least one of the conductive serpentine tracks is shorted to ground, causing a voltage change at one or more of the plurality of voltage outputs.
9. The card payment terminal with tamper detection of claim 6, further comprising:
at least one ground plane, formed on outer layer of the multi-layer circuit board, such that when a hole is drilled into the printed circuit board in an attempt to tamper with the printed circuit board, at least one of the conductive serpentine tracks is shorted to ground, causing a voltage change at one or more of the plurality of voltage outputs.
10. The card payment terminal with tamper detection of claim 9, wherein the at least one ground plane comprises two ground planes, one formed on an upper outer layer of the multi-layer circuit board and another formed on a lower outer layer of the printed circuit board, such that when a hole is drilled into the printed circuit board in an attempt to tamper with the printed circuit board, at least one of the conductive serpentine tracks is shorted to ground, causing a voltage change at one or more of the plurality of voltage outputs.
11. A tamper detection system for a smart card reader, comprising:
a card reader contact pad, having at least a power supply and ground contacts coupled to respective power supply and ground;
at least one resistor, placed in series with at least one of the power supply and ground contacts and a corresponding power supply and ground;
at least one amplifier, connected across the at least one resistor, for reading a voltage drop across the at least one resistor as a function of current draw and outputting a signal indicative of current draw,
a processor, for comparing the signal indicative of the current draw to a predetermined current draw amount, and detecting tampering if the current draw does not compare to the predetermined current draw amount.
12. The tamper detection system for a smart card reader of claim 11, wherein the processor compares the signal indicative of the current draw to a predetermined current draw amount when a smart card is not present in the smart card reader, and tampering is detected if the current draw exceeds the predetermined current draw amount when a smart card is not present in the smart card reader.
13. The tamper detection system for a smart card reader of claim 11,
wherein the card reader contact pad further includes a clock contact for transmitting a clock signal from the smart card reader to a smart card,
where a smart card is inserted in the smart card reader but is unclocked, and
where the processor compares the signal indicative of the current draw to a predetermined maximum current draw for an unclocked smart card, and tampering is detected if the current draw exceeds the predetermined maximum current draw for an unclocked smart card.
14. The tamper detection system for a smart card reader of claim 11,
wherein the card reader contact pad further includes a clock contact for transmitting a clock signal from the smart card reader to a smart card,
where a smart card is inserted in the smart card reader and is clocked, and
wherein the processor compares the signal indicative of the current draw to a predetermined maximum current draw for a clocked smart card, and tampering is detected if the current draw exceeds the predetermined maximum current draw for a clocked smart card.
15. The tamper detection system for a smart card reader of claim 11,
wherein the card reader contact pad further includes a clock contact for transmitting a clock signal from the smart card reader to a smart card,
where a smart card is inserted in the smart card reader and is clocked, and wherein the processor compares the signal indicative of the current draw to a predetermined minimum current draw for a clocked smart card, and tampering is detected if the current draw is lower than a predetermined minimum current draw for a clocked smart card.
16. The tamper detection system for a smart card reader of claim 11,
wherein the at least one resistor comprises:
a first resistor, placed in series between the power supply contact and the power supply and ground, and
a second resistor, placed in series with the ground contact and ground; and wherein the at least one amplifier comprises:
a first amplifier connected across the first resistor, for reading a voltage drop across the first resistor as a function of current through the first resistor and outputting a first signal indicative of current through the first resistor, and
a second amplifier connected across the second resistor, for reading a voltage drop across the second resistor as a function of current through the second resistor and outputting a second signal indicative of current through the second resistor,
wherein the processor compares the first signal to the second signal to compare current through the first resistor to current through the second resistor, and tampering is detected if the current through the first resistor is not substantially equal to current through the second resistor.
17. The tamper detection system for a smart card reader of claim 11, wherein if tampering is detected, the processor ceases communication with an inserted smart card.
18. A method of detecting tampering in a smart card reader comprising a card reader contact pad, having at least a power supply and ground contacts coupled to respective power supply and ground, at least one resistor, placed in series with at least one of the power supply and ground contacts and a corresponding power supply and ground, at least one amplifier, connected across the at least one resistor, for reading a voltage drop across the at least one resistor as a function of current draw and outputting a signal indicative of current draw, and a processor coupled to the at least one amplifier for receiving the signal indicative of current draw, the method comprising the steps of:
measuring current passing through the at least one resistor, using the at least one amplifier to measure a voltage drop across the at least one resistor and outputting a signal indicative of current passing through the at least one resistor,
comparing, in the processor, the signal indicative of the current draw to a predetermined current draw amount, and
detecting tampering if the current draw does not compare to the predetermined current draw amount.
19. The method of detecting tampering in a smart card reader of claim 18, wherein the step of comparing comprises the step of comparing in the processor, the signal indicative of the current draw to a predetermined current draw amount when a smart card is not present in the smart card reader, and
the step of detecting comprises detecting tampering if the current draw exceeds the predetermined current draw amount when a smart card is not present in the smart card reader.
20. The method of detecting tampering in a smart card reader of claim 18, wherein the card reader contact pad further includes a clock contact for transmitting a clock signal from the smart card reader to a smart card, the method further comprising the steps of:
inserting a smart in the smart card reader without clocking the smart card,
wherein the comparing step further comprises the step of comparing, in the processor, the signal indicative of the current draw to a predetermined maximum current draw for an unclocked smart card, and
wherein the step of detecting comprises the step of detecting tampering if the current draw exceeds the predetermined maximum current draw for an unclocked smart card.
21. The method of detecting tampering in a smart card reader of claim 18, wherein the card reader contact pad further includes a clock contact for transmitting a clock signal from the smart card reader to a smart card, the method further comprising the steps of:
inserting a smart card in the smart card reader,
clocking the smart card inserted in the smart card reader,
wherein the comparing step further comprises the step of comparing the signal indicative of the current draw to a predetermined maximum current draw for a clocked smart card, and
wherein the step of detecting comprises the step of detecting tampering if the current draw exceeds the predetermined maximum current draw for a clocked smart card.
22. The method of detecting tampering in a smart card reader of claim 18, wherein the card reader contact pad further includes a clock contact for transmitting a clock signal from the smart card reader to a smart card, the method further comprising the steps of:
inserting a smart card in the smart card reader,
clocking the smart card inserted in the smart card reader,
wherein the comparing step further comprises the step of comparing the signal indicative of the current draw to a predetermined minimum current draw for a clocked smart card, and
wherein the step of detecting further comprises the step of detecting tampering if the current draw is lower than the predetermined minimum current draw for a clocked smart card.
23. The method of detecting tampering in a smart card reader of claim 19, wherein the at least one resistor comprises a first resistor, placed in series between the power supply contact and the power supply and ground, and a second resistor, placed in series with the ground contact and ground, and wherein the at least one amplifier comprises a first amplifier connected across the first resistor, for reading a voltage drop across the first resistor as a function of current through the first resistor and outputting a first signal indicative of current through the first resistor, and a second amplifier connected across the second resistor, for reading a voltage drop across the second resistor as a function of current through the second resistor and outputting a second signal indicative of current through the second resistor, the method further comprising the steps of:
wherein the step of measuring current further comprises the steps of:
measuring current passing through the first resistor, using the first amplifier to measure a voltage drop across the first resistor and outputting a signal indicative of current passing through the first resistor, and
measuring current passing through the second resistor, using the first amplifier to measure a voltage drop across the second resistor and outputting a signal indicative of current passing through the second resistor,
wherein the step of comparing comprises the step of comparing, in the processor, the first signal to the second signal to compare current through the first resistor to current through the second resistor, and
wherein the step of detecting further comprises the step of detecting tampering if the current through the first resistor is not substantially equal to current through the second resistor.
24. The method of detecting tampering in a smart card reader of claim 18, wherein if tampering is detected, the processor ceases communication with an inserted smart card.
25. A portable smart card reader terminal having a tamper detection system, comprising: a portable smart card reader terminal housing;
a keypad, mounted to the housing, for receiving input data from a user, including a PIN number;
a display, mounted to the housing, for displaying data;
a card reader contact pad, mounted to the housing, having at least a power supply and ground contacts coupled to respective power supply and ground;
at least one resistor, placed in series with at least one of the power supply and ground contacts and a corresponding power supply and ground; at least one amplifier, connected across the at least one resistor, for reading a voltage drop across the at least one resistor as a function of current draw and outputting a signal indicative of current draw,
a processor, for comparing the signal indicative of the current draw to a predetermined current draw amount, and detecting tampering if the current draw does not compare to the predetermined current draw amount.
26. The portable smart card reader terminal having a tamper detection system of claim 25, wherein the processor compares the signal indicative of the current draw to a predetermined current draw amount when a smart card is not present in the smart card reader, and tampering is detected if the current draw exceeds the predetermined current draw amount when a smart card is not present in the smart card reader.
27. The portable smart card reader terminal having a tamper detection system of claim 25, wherein the card reader contact pad further includes a clock contact for transmitting a clock signal from the smart card reader to a smart card,
where a smart card is inserted in the smart card reader but is unclocked, and
where the processor compares the signal indicative of the current draw to a predetermined maximum current draw for an unclocked smart card, and tampering is detected if the current draw exceeds the predetermined maximum current draw for an unclocked smart card.
28. The portable smart card reader terminal having a tamper detection system of claim 25, wherein the card reader contact pad further includes a clock contact for transmitting a clock signal from the smart card reader to a smart card,
where a smart card is inserted in the smart card reader and is clocked, and
wherein the processor compares the signal indicative of the current draw to a predetermined maximum current draw for a clocked smart card, and tampering is detected if the current draw exceeds the predetermined maximum current draw for a clocked smart card.
29. The portable smart card reader terminal having a tamper detection system of claim 25, wherein the card reader contact pad further includes a clock contact for transmitting a clock signal from the smart card reader to a smart card,
where a smart card is inserted in the smart card reader and is clocked, and
wherein the processor compares the signal indicative of the current draw to a predetermined minimum current draw for a clocked smart card, and tampering is detected if the current draw is lower than a predetermined minimum current draw for a clocked smart card.
30. The portable smart card reader terminal having a tamper detection system of claim 25, wherein the at least one resistor comprises:
a first resistor, placed in series between the power supply contact and the power supply and ground, and
a second resistor, placed in series with the ground contact and ground; and wherein the at least one amplifier comprises:
a first amplifier connected across the first resistor, for reading a voltage drop across the first resistor as a function of current through the first resistor and outputting a first signal indicative of current through the first resistor, and
a second amplifier connected across the second resistor, for reading a voltage drop across the second resistor as a function of current through the second resistor and outputting a second signal indicative of current through the second resistor,
wherein the processor compares the first signal to the second signal to compare current through the first resistor to current through the second resistor, and tampering is detected if the current through the first resistor is not substantially equal to current through the second resistor.
31. The portable smart card reader terminal having a tamper detection system of claim 25, wherein if tampering is detected, the processor ceases communication with an inserted smart card.
32. A radio frequency detection system for a smart card reader, for detecting spurious and illicit radio frequency signals emanating from within or in the vicinity of a smart card reader, the radio frequency detection system comprising:
an antenna, mounted within or in proximity to the smart card reader;
a wideband radio frequency detection circuit, coupled to the antenna, for measuring radio frequency transmissions within the vicinity of the smart card reader and outputting an signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader; and
a processor, coupled to the wideband radio frequency detection circuit, for receiving the signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader, and determining whether radio frequency transmissions within the vicinity of the smart card reader are above a predetermined threshold.
33. The radio frequency detection system for a smart card reader of claim 32, further comprising:
an analog-to-digital converter, coupled between the wideband radio frequency detection circuit and the process, for converting the signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader to a digital signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader and passing the digital signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader to the processor.
34. The radio frequency detection system for a smart card reader of claim 32,
wherein the processor is programmed to determine a level of radio signal activity in the vicinity of the smart card reader before a smart card is inserted into the smart card reader,
wherein the processor is programmed to determine a level of radio signal activity in the vicinity of the smart card reader after the card is inserted into the smart card reader, and
if the processor determines an abrupt increase in radio frequency signal level is detected when the smart card is inserted into the smart card reader, the processor is programmed to disable further transactions until the radio signal is no longer present.
35. The radio frequency detection system for a smart card reader of claim 34, wherein the processor is programmed to output an error message if the processor determines an abrupt increase in radio frequency signal level is detected when the smart card is inserted into the smart card reader.
36. The radio frequency detection system for a smart card reader of claim 34, wherein the processor is programmed to suppress transmission of smart card data, including PIN number, the processor determines an abrupt increase in radio frequency signal level is detected when the smart card is inserted into the smart card reader.
37. The radio frequency detection system for a smart card reader of claim 32,
wherein the processor is programmed to determine a level of radio signal activity in the vicinity of the smart card reader before a smart card is inserted into the smart card reader,
wherein the processor is programmed to determine a level of radio signal activity in the vicinity of the smart card reader during a time the smart card reader is exchanging data with the card, and
if the processor determines an abrupt increase in radio frequency signal level is detected during a time the smart card reader is exchanging data with the card, the processor is programmed to disable further transactions until the radio signal is no longer present.
38. The radio frequency detection system for a smart card reader of claim 37, wherein the processor is programmed to output an error message if the processor determines an abrupt increase in radio frequency signal level is detected during a time the smart card reader is exchanging data with the card.
39. The radio frequency detection system for a smart card reader of claim 37, wherein the processor is programmed to suppress transmission of smart card data, including PIN number, the processor determines an abrupt increase in radio frequency signal level is detected during a time the smart card reader is exchanging data with the card.
40. A method of detecting spurious and illicit radio frequency signals emanating from within or in the vicinity of a smart card reader, comprising the steps of:
measuring, using a wideband radio frequency detection circuit, coupled to an antenna mounted within or in proximity to the smart card reader; frequency transmissions within the vicinity of the smart card reader,
outputting, from the wideband radio frequency detection circuit, a signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader; and
determining, in a processor coupled to the wideband radio frequency detection circuit and receiving the signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader, whether radio frequency transmissions within the vicinity of the smart card reader are above a predetermined threshold.
41. The method of detecting spurious and illicit radio frequency signals emanating from within or in the vicinity of a smart card reader in a smart card reader of claim 40, wherein the step of determining further comprises the steps of:
determining, in the processor, a level of radio signal activity in the vicinity of the smart card reader before a smart card is inserted into the smart card reader,
determining, in the processor, a level of radio signal activity in the vicinity of the smart card reader after the card is inserted into the smart card reader, and
if the processor determines an abrupt increase in radio frequency signal level is detected when the smart card is inserted into the smart card reader, disabling further transactions until the radio signal is no longer present.
42. The method of detecting spurious and illicit radio frequency signals emanating from within or in the vicinity of a smart card reader in a smart card reader of claim 41, wherein the step of determining further comprises the step of:
outputting from the processor, an error message if the processor determines an abrupt increase in radio frequency signal level is detected when the smart card is inserted into the smart card reader.
43. The method of detecting spurious and illicit radio frequency signals emanating from within or in the vicinity of a smart card reader in a smart card reader of claim 41, wherein the step of determining further comprises the step of:
suppressing, in the processor, transmission of smart card data, including PIN number, the processor determines an abrupt increase in radio frequency signal level is detected when the smart card is inserted into the smart card reader.
44. The method of detecting spurious and illicit radio frequency signals emanating from within or in the vicinity of a smart card reader in a smart card reader of claim 40, wherein the step of determining further comprises the steps of:
determining , in the processor, a level of radio signal activity in the vicinity of the smart card reader before a smart card is inserted into the smart card reader,
determining, in the processor, determine a level of radio signal activity in the vicinity of the smart card reader during a time the smart card reader is exchanging data with the card, and if the processor determines an abrupt increase in radio frequency signal level is detected during a time the smart card reader is exchanging data with the card, disabling further transactions until the radio signal is no longer present.
45. The method of detecting spurious and illicit radio frequency signals emanating from within or in the vicinity of a smart card reader in a smart card reader of claim 44, wherein the step of determining further comprises the step of: outputting an error message if the processor determines an abrupt increase in radio frequency signal level is detected during a time the smart card reader is exchanging data with the card.
46. The method of detecting spurious and illicit radio frequency signals emanating from within or in the vicinity of a smart card reader in a smart card reader of claim 44, wherein the step of determining further comprises the step of:
suppressing, in the processor, transmission of smart card data, including PIN number, the processor determines an abrupt increase in radio frequency signal level is detected during a time the smart card reader is exchanging data with the card.
47. A portable smart card reader terminal having a radio frequency detection system, for detecting spurious and illicit radio frequency signals emanating from within or in the vicinity of a smart card reader, the portable smart card reader terminal comprising:
a portable smart card reader terminal housing;
a keypad, mounted to the housing, for receiving input data from a user, including a PIN number;
a display, mounted to the housing, for displaying data;
an antenna, mounted within or in proximity to the smart card reader;
a wideband radio frequency detection circuit, coupled to the antenna, for measuring radio frequency transmissions within the vicinity of the smart card reader and outputting an signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader; and
a processor, coupled to the wideband radio frequency detection circuit, for receiving the signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader, and determining whether radio frequency transmissions within the vicinity of the smart card reader are above a predetermined threshold.
48. The portable smart card reader terminal having a radio frequency detection system of claim 47, further comprising:
an analog-to-digital converter, coupled between the wideband radio frequency detection circuit and the process, for converting the signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader to a digital signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader and passing the digital signal indicative of a level of radio frequency transmissions within the vicinity of the smart card reader to the processor.
49. The portable smart card reader terminal having a radio frequency detection system of claim 47,
wherein the processor is programmed to determine a level of radio signal activity in the vicinity of the smart card reader before a smart card is inserted into the smart card reader,
wherein the processor is programmed to determine a level of radio signal activity in the vicinity of the smart card reader after the card is inserted into the smart card reader, and
if the processor determines an abrupt increase in radio frequency signal level is detected when the smart card is inserted into the smart card reader, the processor is programmed to disable further transactions until the radio signal is no longer present.
50. The portable smart card reader terminal having a radio frequency detection system of claim 49, wherein the processor is programmed to output an error message if the processor determines an abrupt increase in radio frequency signal level is detected when the smart card is inserted into the smart card reader.
51. The portable smart card reader terminal having a radio frequency detection system of claim 49, wherein the processor is programmed to suppress transmission of smart card data, including PIN number, the processor determines an abrupt increase in radio frequency signal level is detected when the smart card is inserted into the smart card reader.
52. The portable smart card reader terminal having a radio frequency detection system of claim 47,
wherein the processor is programmed to determine a level of radio signal activity in the vicinity of the smart card reader before a smart card is inserted into the smart card reader,
wherein the processor is programmed to determine a level of radio signal activity in the vicinity of the smart card reader during a time the smart card reader is exchanging data with the card, and
if the processor determines an abrupt increase in radio frequency signal level is detected during a time the smart card reader is exchanging data with the card, the processor is programmed to disable further transactions until the radio signal is no longer present.
53. The portable smart card reader terminal having a radio frequency detection system of claim 52, wherein the processor is programmed to output an error message if the processor determines an abrupt increase in radio frequency signal level is detected during a time the smart card reader is exchanging data with the card.
54. The portable smart card reader terminal having a radio frequency detection system of claim 52, wherein the processor is programmed to suppress transmission of smart card data, including PIN number, the processor determines an abrupt increase in radio frequency signal level is detected during a time the smart card reader is exchanging data with the card.
55. An apparatus for masking data signals in a smart card reader to prevent sensing of data signals from within or without of the smart card reader, the apparatus comprising:
a card contact for transmitting and receiving data signals to and from a smart card;
a processor, coupled to the card contact, for processing data signals transmitted to and received from the smart card;
a data track coupling the card contact to the processor, for transmitting and receiving data signals between the card contact and the processor; and
at least one dummy track, coupled to the processor and located adjacent to the data track, wherein the processor generates dummy data on the at least one dummy track so as to mask data signals on the data track, to prevent sensing of data signals from within or without of the smart card reader.
56. The apparatus for masking data signals in a smart card reader of claim 55, wherein the at least one dummy track further comprises at least two dummy tracks, located on different layers of a printed circuit board carrying the data track.
57. The apparatus for masking data signals in a smart card reader of claim 55, further comprising:
at least one load, coupled to a respective one of the at least one dummy track, the at least one load being predetermined to draw a predetermined amount of current through the at least one dummy track to produce a predetermined magnetic field level so as to mask data signals on the data track.
58 The apparatus for masking data signals in a smart card reader of claim 57 wherein the at least one load is predetermined to draw a predetermined amount of current through the at least one dummy track while not interfering with data on the data track.
59. A method of masking data signals in a smart card reader to prevent sensing of data signals from within or without of the smart card reader, the method comprising the steps of:
transmitting and receiving data signals to and from a smart card though a smart card contact, coupled to a processor processing data signals transmitted to and received from the smart card by a data track, and
generating, from the processor, dummy data on at least one dummy track located adjacent to the data track, so as to mask data signals on the data track, to prevent sensing of data signals from within or without of the smart card reader.
60. The method of masking data signals in a smart card reader of claim 59, wherein the step of generating, from the processor, dummy data on at least one dummy track located adjacent to the data track, so as to mask data signals on the data track, to prevent sensing of data signals from within or without of the smart card reader comprises the step of:
generating, from the processor, dummy data on at least two dummy tracks located on different layers of a printed circuit board carrying the data track, so as to mask data signals on the data track, to prevent sensing of data signals from within or without of the smart card reader.
61. The method of masking data signals in a smart card reader of claim 59, wherein the step of generating dummy data on the at least one dummy track coupled to a respective at least one load, the at least one load being predetermined to draw a predetermined amount of current through the at least one dummy track to produce a predetermined magnetic field level so as to mask data signals on the data track.
62 The method of masking data signals in a smart card reader of claim 61, wherein the at least one load is predetermined to draw a predetermined amount of current through the at least one dummy track while not interfering with data on the data track.
PCT/IB2011/001231 2010-04-17 2011-04-16 Security techniques card payment terminal WO2011128778A2 (en)

Applications Claiming Priority (16)

Application Number Priority Date Filing Date Title
US32530010P 2010-04-17 2010-04-17
US32528910P 2010-04-17 2010-04-17
US32529110P 2010-04-17 2010-04-17
US61/325,291 2010-04-17
US61/325,300 2010-04-17
US61/325,289 2010-04-17
US32532710P 2010-04-18 2010-04-18
US61/325,327 2010-04-18
US13/087,580 US20110253786A1 (en) 2010-04-17 2011-04-15 Use of a wideband radio receiver within the device to detect transmissions from a parasitic shim or other unofficial circuitry implanted within the terminal
US13/087,562 2011-04-15
US13/087,538 US20110255253A1 (en) 2010-04-17 2011-04-15 Protective serpentine track for card payment terminal
US13/087,603 2011-04-15
US13/087,562 US20110253788A1 (en) 2010-04-17 2011-04-15 Monitoring current level and current into and out of the icc reader power contacts to detect a parasitic shim
US13/087,538 2011-04-15
US13/087,603 US20110253782A1 (en) 2010-04-17 2011-04-15 Loaded dummy track running alongside the card data lines carrying dummy data
US13/087,580 2011-04-15

Publications (2)

Publication Number Publication Date
WO2011128778A2 true WO2011128778A2 (en) 2011-10-20
WO2011128778A3 WO2011128778A3 (en) 2012-01-05

Family

ID=44534763

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2011/001231 WO2011128778A2 (en) 2010-04-17 2011-04-16 Security techniques card payment terminal

Country Status (1)

Country Link
WO (1) WO2011128778A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2701091A1 (en) * 2012-03-23 2014-02-26 Tecvan Informática LTDA. Control and monitoring module of safe devices
WO2014154504A2 (en) * 2013-03-28 2014-10-02 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Device and method having a carrier having circuit structures
CN112307780A (en) * 2019-07-23 2021-02-02 日立欧姆龙金融系统有限公司 Card reader, card reader control method, and cash automaton
WO2023059357A1 (en) * 2021-10-07 2023-04-13 Verifone, Inc. Wireless tamper detection

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3594770A (en) * 1968-10-28 1971-07-20 Lewis Eng Co Printed-circuit type security apparatus for protecting areas
FR2592268B1 (en) * 1985-12-20 1988-10-28 Philips Ind Commerciale PROTECTED SPEAKER WITH ELECTRICAL SWITCH AND APPLICATION THEREOF
US6686539B2 (en) * 2001-01-03 2004-02-03 International Business Machines Corporation Tamper-responding encapsulated enclosure having flexible protective mesh structure
GB0404922D0 (en) * 2004-03-04 2004-04-07 Dione Plc Secure card reader
US7281667B2 (en) * 2005-04-14 2007-10-16 International Business Machines Corporation Method and structure for implementing secure multichip modules for encryption applications
US9747472B2 (en) * 2007-09-13 2017-08-29 Avago Technologies General Ip (Singapore) Pte. Ltd. Mesh grid protection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2701091A1 (en) * 2012-03-23 2014-02-26 Tecvan Informática LTDA. Control and monitoring module of safe devices
WO2014154504A2 (en) * 2013-03-28 2014-10-02 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Device and method having a carrier having circuit structures
WO2014154504A3 (en) * 2013-03-28 2015-02-12 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Device and method having a carrier having circuit structures
US10592665B2 (en) 2013-03-28 2020-03-17 Fraunhofer-Gesellschaft Zur Foerderung Der Angewandten Forschung E.V. Apparatus and method comprising a carrier with circuit structures
CN112307780A (en) * 2019-07-23 2021-02-02 日立欧姆龙金融系统有限公司 Card reader, card reader control method, and cash automaton
WO2023059357A1 (en) * 2021-10-07 2023-04-13 Verifone, Inc. Wireless tamper detection

Also Published As

Publication number Publication date
WO2011128778A3 (en) 2012-01-05

Similar Documents

Publication Publication Date Title
US20110253782A1 (en) Loaded dummy track running alongside the card data lines carrying dummy data
US20110255253A1 (en) Protective serpentine track for card payment terminal
US7791898B2 (en) Security apparatus
US7898413B2 (en) Anti-tamper protected enclosure
US6853093B2 (en) Anti-tampering enclosure for electronic circuitry
US9298956B2 (en) Tamper protection mesh in an electronic device
US7270275B1 (en) Secured pin entry device
CA2752311C (en) Device for protecting a connector and a communications wire of a memory card reader
US20100327856A1 (en) Security Device
US20120106113A1 (en) Tamper secure circuitry especially for point of sale terminal
US20070177363A1 (en) Multilayer printed circuit board having tamper detection circuitry
US20130140364A1 (en) Systems and methods for detecting and preventing tampering of card readers
US11062548B2 (en) Card reader tampering detector
US8099783B2 (en) Security method for data protection
US20100024046A1 (en) Methods and systems for detecting a lateral intrusion of a secure electronic component enclosure
US9514308B2 (en) Tamper detection arrangement for integrated circuits
WO2007136766A2 (en) Security sensing module envelope
TW200933830A (en) Secure connector grid array package
CN207182284U (en) Integrated circuit and IC system
WO2011128778A2 (en) Security techniques card payment terminal
US8977868B2 (en) Flexible printed cable and information processing device
KR20050089880A (en) Detection of tampering of a smart card interface
CA2751857C (en) Protection device, corresponding method and computer software program
US20190278951A1 (en) Active shield portion serving as serial keypad
US11276648B2 (en) Protecting chips from electromagnetic pulse attacks using an antenna

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11743325

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11743325

Country of ref document: EP

Kind code of ref document: A2