GB2468349A - Securing devices against unauthorized use - Google Patents

Securing devices against unauthorized use Download PDF

Info

Publication number
GB2468349A
GB2468349A GB0903829A GB0903829A GB2468349A GB 2468349 A GB2468349 A GB 2468349A GB 0903829 A GB0903829 A GB 0903829A GB 0903829 A GB0903829 A GB 0903829A GB 2468349 A GB2468349 A GB 2468349A
Authority
GB
United Kingdom
Prior art keywords
remote server
location
biometric data
identifying
security system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0903829A
Other versions
GB0903829D0 (en
Inventor
Timothy John Bell
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0903829A priority Critical patent/GB2468349A/en
Publication of GB0903829D0 publication Critical patent/GB0903829D0/en
Publication of GB2468349A publication Critical patent/GB2468349A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • G07C9/00126
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/23Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B13/00Burglar, theft or intruder alarms
    • G08B13/02Mechanical actuation
    • G08B13/14Mechanical actuation by lifting or attempted removal of hand-portable articles
    • G08B13/1409Mechanical actuation by lifting or attempted removal of hand-portable articles for removal detection of electrical appliances by detecting their physical disconnection from an electrical system, e.g. using a switch incorporated in the plug connector
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B13/00Burglar, theft or intruder alarms
    • G08B13/02Mechanical actuation
    • G08B13/14Mechanical actuation by lifting or attempted removal of hand-portable articles
    • G08B13/1409Mechanical actuation by lifting or attempted removal of hand-portable articles for removal detection of electrical appliances by detecting their physical disconnection from an electrical system, e.g. using a switch incorporated in the plug connector
    • G08B13/1418Removal detected by failure in electrical connection between the appliance and a control centre, home control panel or a power supply
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Abstract

A security system for a networked device 101-106 comprises location-sensing means, communication means, memory and a processor. The processor is configured to obtain, via the location-sensing means, a location of the device; send, via the communication means, the location and an identification of the device to a remote server 112; receive an indication from the remote server 112 that the device 101-106 is located outside the boundary of a pre-determined geographical area; and prevent use of the device 101-106. The location sensing means is preferably a GPS receiver or a global navigation satellite system. The location of the device 101-106 can be checked every time the device is switched on and if it is outside the pre-determined area, the device 101-106 can be switched off. If no network communication is possible, then position and time-stamp information can be stored and sent when the network becomes available. Offline operations may be completed when the network connection is not available. A biometric sensor may also be used to identify a user of the device. The device is preferably a card payment terminal. A further embodiment uses only biometric data from the user to control the use of a device. Biometric data is sent to a remote server where it is compared to stored biometric data. Use of the device is prevented if there is no match.

Description

Securing Devices
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to preventing unauthorised use of a networked device.
2. Description of the Related Art
As electronics get smaller and more efficient, electronic devices are becoming more common in everyday use. Some of these devices are configured for standalone operation, and some are suitable for performing online operations, such as financial transactions, submission of medical data, and so on. For example, mobile telephones and PDAs are designed to sHowed communication; card terminals, known as "chip and PIN" terminals, require only a customer's card and PIN number to debit money from the customer's debit or credit account; networked registration devices are becoming common in schools; medical devices are networked to share information; and so on.
Whatever their use, all electronic devices are, by their very nature, easy to steal and often expensive to replace. In particular, when card terminals are stolen they can be used to make many fraudulent transactions before the theft is noticed. Although sophisticated ways of authenticating card terminals exist, there is currently no way of authenticating the user of a card terminal.
BRIEF SUMMARY OF THE INVENTION
According to a first aspect of the present invention, there is provided a security system for a device according to claim 1.
According to a second aspect of the present invention, there is provided a security system for a device according to claim 22.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
Figure 1 shows an environment suitable for use of the invention; Figure 2 illustrates a first card terminal shown in Figure 1; Figure 3 is an illustration of an embodiment of the invention; Figure 4 details steps carried out by the card terminal shown in Figure 2; Figure 5 details steps carried out in Figure 4 out to install the card terminal shown in Figure 2; Figure 6 details steps carried out in Figure 4 to check security of the card terminal shown in Figure 2; Figure 7 details steps carried out in Figure 6 to perform offline operations; Figure 8 illustrates a second card terminal shown in Figure 1; Figure 9 details steps carried out by the card terminal shown in Figure 8; Figure 10 details steps carried out in Figure 9 to check security of the card terminal shown in Figure 8; and Figure 11 details steps carried out in Figure 10 to perform offline operations.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Figure 1 An environment in which a preferred embodiment of the invention may be implemented is shown in Figure 1. Devices 101, 102, 103, 104, 105 and 106 are all connected to the Internet 107. In addition, each device comprises a receiver suitable for receiving location data from a global navigation satellite system 108.
In this example, devices 101 and 102 are card terminals configured to process financial transactions using a customer's credit or debit card, device 103 is a laptop computer, device 104 is a class registration device for use in schools, device 105 is a portable medical device for use in a hospital and device 106 is a personal medical device for use in the home. However, this invention is suitable for use with any electronic device that includes a processor, memory, a communication means such as a network card and a location-sensing device such as a global navigation satellite system receiver.
In this example also, global navigation satellite system 108 is the Global Positioning System, but any navigation system may be used.
As an example, medical device 105 might not, in its normal production, be networked. However, the processing capabilities of this device means that it could easily be altered to allow communication over the Internet. Registration device 104 would normally communicate with a local network, but could easily be configured to communicate over the Internet. Laptop computer 103 is normally configured to communicate over the Internet. None of the devices 101 to 106 would normally be produced with a GPS receiver, but the processing capabilities of these devices mean that it would be possible to include such a receiver during manufacture. The term "networked device" as used herein therefore includes devices that are not normally networked but can be provided with a network capability. Although the invention described herein is inherently suitable for small portable devices that are easily stolen, it can be used for any electronic device.
Devices 101 to 106 and servers 109 to 112 may be connected to Internet 107 in many different ways that will not be described in detail here.
However, communication may be wired or wireless, via an ISP, via a LAN, via GSM, or any other connection method.
The embodiment described herein will be described primarily with reference to card terminals. Card terminals 101 and 102 communicate, via Internet 107, with card processing server 109, which in turn communicates with bank servers 110 and 111 which hold details of customers' accounts.
Security server 112 provides authentication of the devices 101 to 106 when required.
Figure 2 Card terminal 101 is illustrated in Figure 2. It is of the type known as "chip-and-PIN", and includes a display 201, keypad 202 and card slot 203. A power button (not shown) is on the back. When a financial transaction is to be made between a vendor and a customer, the customer's credit or debit card 204, which carries a chip 205, is inserted into slot 203. Following instructions on display 201, the vendor may enter the amount to be debited or terminal 101 may be connected to an electronic till. The customer is then invited to enter his Personal Identification Number (PIN) using keypad 202.
Card terminal 101 then communicates over Internet 107 with card processing server 109 using information obtained from chip 205. Following communication between card processing server 109 and bank server 110 or bank server 111, card terminal 101 receives a message from card processing server 109 either authenticating or declining the transaction.
If card terminal 101 is stolen from the vendor it can be used fraudulently. Terminal 101 can quite easily be used to generate false transactions, including refunds, thereby transferring funds into an account.
Until it is known that the terminal is stolen, such transactions are likely to be authenticated. Current security measures revolve around public key encryption of communications between a terminal and a card processing server and include authentication of a terminal as valid. There is no way of validating the user of the terminal.
Figure 3 Figure 3 illustrates the invention in use. Card terminal 101 is installed in the building 301 of a vendor. Card terminal 101 identifies its location by communicating with global navigation satellite system 108 and sends its location to security server 112 for storage. A predetermined geographical area 302 is identified and stored by security server 112. In its simplest form, area 302 is a small circle centred on building 301.
When card terminal 101 is powered down, for example at the end of the working day, it clears its location from memory. When it is powered up again it identifies its location by communicating with global navigation satellite system 108. It then requests authentication from security server 112, identifying its location. Security server 112 notes that its location is within geographical area 302 and authenticates it. Card terminal 101 then loads its operating system as normal and is available for use.
Card terminal 101 is then stolen, as illustrated by arrow 302, and taken to another location. When it is powered up it identifies its location by communicating with global navigation satellite system 108. It then requests authentication from security server 112, identifying its new location. Security server 112 notes that its location is outside geographical area 302 and sends a non-authentication message back. Card terminal immediately powers off. If the thief powers it up again, the same process will be repeated. Card terminal 101 is therefore unavailable for use and fraudulent transactions cannot be made.
Further, the location of the terminal when it was powered up has been passed to the security server, which may assist in identifying the thief.
Further, terminal 101 may be configured such that after such a non-authentication event, the terminal powers down but the global navigation satellite system receiver remains powered up, thus providing a tracking device to retrieve the terminal and identify the thief.
Because this security system makes a stolen card terminal unusable and potentially trackable, it will also provide a deterrent to thieves.
The geographical area associated with a card terminal can be of any size and shape. It may be a simple circle as shown in Figure 3, or it may be a complicated shape based on a number of co-ordinates. For example, a country park with a number of retail outlets may wish to define the boundary of the park as the boundary of the geographic area. A mobile terminal used by a train manager might have a geographic area covering only the railway line on which the terminal is used. The geographic area may even comprise a number of unconnected areas, which might be suitable for a person with a mobile card terminal who makes transactions at a number of separate locations; for example a mobile hairdresser can set up a geographical area that includes each of her clients' houses but does not include the area between them.
Alternatively the area could be a single co-ordinate, although this might lead to false non-authentication events due to small inaccuracies in location identification.
This security system is also suitable for other devices. For example, laptop 103 may belong to a company and should not be taken off site. To prevent this, it can be registered with security server 112 with a geographical area covering the company's premises. This means that if it is stolen, any data held on it cannot be accessed, and since it cannot be powered on it is worthless. Class registration device 104 can be registered with security server 112 with a geographical area covering the school. This means that if it is stolen, children's personal details cannot be accessed. Medical devices 105 106 can be registered with security server 112 with a geographical area covering the hospital or the house in which it is used. Devices 105 and 106 may not contain any data but may be expensive and therefore liable to theft.
The security system will deter theft because the device cannot be resold if it cannot be powered on. A service may be offered whereby the owner of personal medical device 106 can temporarily suspend the security system, for example if travelling, and restart the service with a different geographical area for the duration of a holiday.
Figure 4 Figure 4 details steps carried out by the processor of card terminal 101.
Similar steps are carried out by the processors in card terminal 102 and devices 103 to 106. At step 401 installation of the terminal is carried out, and at step 402 operations are performed. For the card terminal, these operations are financial transactions using cards, but for other devices the operations would differ according to normal use of the device.
At step 403 the device is powered down and at step 404 the terminal is powered on, The security of the terminal is checked at step 405, and at step 406 a question is asked as to whether the outcome of this step was that the terminal is secure, If this question is answered in the negative then control is returned to step 403 and the terminal is powered down. Alternatively, if the question is answered in the affirmative control is returned to step 402 and operations are performed.
Figure 5 Figure 5 details installation step 401 At step 501 the location of the terminal is identified using the GPS receiver and at step 502 an encrypted connection is established with security server 112. At step 503 the location is registered along with a unique identifier of card terminal 101, and at step 504 the location is stored in a memory cache. This cache is wiped every time the terminal is powered off so that the location must be re-identified every time it is powered on.
Figure 6 Figure 6 details the security check carried out at step 405 following a switch on of card terminal 101. At step 601 the location of the terminal is identified using the GPS receiver and stored in the cache. At step 602 a question is asked as to whether a network connection is present. It may be the case that the terminal cannot communicate with security server 112 for innocent reasons, such as the failure of a telephone line, downtime at the ISP, and so on. However, if the question is answered in the affirmative, to the effect that there is a network connection, then at step 603 a message containing the identified location and the unique identifier of the card terminal is sent to security server 112. If there is any stored position data, as will be described with reference to Figure 7, then the message also contains an indicator that it has been offline.
When security server 112 receives such a message, it checks whether the identified location is within the geographical area set for the identified card terminal. If it is, then it sends an authenticating reply. If it is not, then it sends a non-authenticating reply. If there was an indicator that the terminal has been offline in the message, it also requests all offline data.
At step 604 a question is asked as to whether a reply has been received, and if this question is answered in the negative control is returned to step 603 and the information is sent again. If this question is answered in the affirmative then at step 605 a further question is asked as to whether the reply authenticated the terminal, If this question is answered in the affirmative then any saved position data and offline transactions are sent to security server 112 at step 606 before a full start-up is performed at step 607. Alternatively, the question is answered in the negative, the terminal is considered insecure at step 608 and the question asked at step 406 is answered in the negative, leading to the terminal powering down.
If the question asked at step 602 is answered in the negative, to the effect that no network connection is present, then at step 609 position data is stored, comprising a timestamp and the location identified at step 601. This data is stored in memory, not in the cache, so that it is not wiped if the terminal powers down. This position data identifies the time and location where the card terminal was powered on, so that if it is later powered down without ever making a network connection its location has been logged.
A question is then asked at step 610 as to whether offline operations are possible. This depends on the type of device and the setup. A card terminal may well be permitted to perform offline operations, particularly a mobile terminal such as that used by a train manager. Alternatively, devices 103, 104, 105 and 106 are unlikely to be permitted to perform offline operations because most of their functionality is offline. Therefore, if the question is answered in the affirmative, a limited start-up is performed at step 611, as will be described further in Figure 7. Alternatively, the terminal is considered insecure at step 612.
Figure 7 Step 611, at which a limited start-up is performed, is detailed in Figure 7. At step 701 offline operations are performed. For a card terminal, this means that card details are taken along with the PIN number, but no connection has been made with card processing server 109 and the transaction must be authenticated later. Allowing offJine transactions does not pose a risk to the security of card terminal 101. If a vendor is happy to take the risk of the transaction being declined, then a vendor who has temporarily lost Internet connection may well perform such offline transactions in order to avoid losing money. However, if the terminal is being used fraudulently then no goods are actually changing hands and no actual money is transferred until an online connection is made, at which point the offline transactions can be cancelled if necessary.
At step 702 a question is asked as to whether a network connection is present yet. If this question is answered in the negative then control is returned to step 701. The question is asked periodically until it is answered in the affirmative, at which point the location of the card terminal is identified and stored in the cache at step 703. At step 704 the unique identifier of card terminal 101, the present location and an indicator that the terminal has been offline are sent to security server 112.
Security server then examines the location against the stored geographical area and authenticates or does not authenticate the terminal. In addition, in response to the offline indicator, it requests that the terminal pass offline data to it.
The procedure then proceeds similarly to that described in Figure 6. At step 705 a question is asked as to whether a reply has been received from security server 112, and if this question is answered in the negative control is returned to step 704 and the information is sent again. If this question is answered in the affirmative then at step 706 a further question is asked as to whether the reply authenticated the terminal. If this question is answered in the affirmative then a full start-up is performed at step 708 after all the stored position data and details of offline operations have been sent to security server 112. Alternatively, the question is answered in the negative, stored position data and offline transaction details are sent to security server 112 at step 710, and the terminal is considered insecure at step 711.
Thus at the end of step 611 the terminal has either performed a full start-up or been considered insecure. Alternatively, if the question asked at step 702 is not answered in the affirmative before the terminal is shut down, then the time and location of the power-up have been saved so that the next time the terminal is powered up the offline transactions and position data can be sent to security server 112, either at step 606 or at step 707. If the terminal is repeatedly powered up while there is no connection available then there may be a large number of position data and offline transactions to send.
Security server 112, when it receives details of the offline transactions, authenticates each one. For each transaction, the position data having the latest time before the time of the transaction is identified. If the location in this position data is within the geographical area, then the transaction is sent to the card processing server. If the location was outside the geographical area, then the transaction is flagged as an exception. It is then manually processed, which might lead to it being sent to the card processing system but most likely it was an attempt at fraud and can therefore be useful for tracking the thief of the card terminal.
Figure 8 A second embodiment of the security system is shown in Figure 8. This embodiment may be instead of the system described with respect to Figures 2 to 7 or in addition to it.
Card terminal 102, illustrated in Figure 8, includes a fingerprint reader 801. This is used to require a fingerprint from a user whenever the terminal is powered on. If the fingerprint does not match a fingerprint of an authorised user stored on security server 112, then terminal 102 is powered down and cannot be used.
Each of devices 101 to 106 may perform all the steps described in both embodiments, although obviously they would not be performed separately but integrated into a single system.
Figure 9 Figure 9 details steps carried out by the processor of card terminal 102.
Similar steps may be carried out by the processors in devices 101 and 103 to 106.
Previous to the steps in Figure 9 being carried out, the index fingerprint of at least one authorised user is stored on security server 112. Other biometric data may be used instead, such as retinal scans, DNA fingerprinting, and so on. The terminal may be configured to take the biometric data and simply send it to security server 112, as is the case in this embodiment where the biometric data is an image of a fingerprint. Alternatively, the terminal may be configured to do preliminary processing on the biometric data and send some form of processed data to security server 112. Thus when an indication of biometric data is sent to the server, it can be the data itself, or other data derived from obtained biometric data.
At step 901 the terminal is powered on. The security of the terminal is checked at step 902, and at step 903 a question is asked as to whether the outcome of this step was that the terminal is secure, If this question is answered in the negative then control is directed to step 905 and the terminal is powered down. Alternatively, if the question is answered in the affirmative operations are performed at step 904, and the terminal is eventually powered down at step 905. Control is returned to step 901 when the terminal is powered up again.
Figure 10 Figure 10 details the security check carried out at step 905 following a power on of card terminal 102. At step 1002 biometric data is obtained using fingerprint reader 801 and an indication of the data is stored in the cache. At step 1002 a question is asked as to whether a network connection is present.
It may be the case that the terminal cannot communicate with security server 112 for innocent reasons, such as the failure of a telephone line, downtime at the ISP, and so on. However, if the question is answered in the affirmative, to the effect that there is a network connection, then at step 1003 a message containing the indication of the biometric data and the unique identifier of the card terminal is sent to security server 112. If there is any stored biometric data, as will be described with reference to Figure 11, then the message also contains an indicator that it has been offline.
When security server 112 receives such a message, it checks whether the received indication of biometric data matches stored biometric data for any of the authorised users of terminal 102. If it does, then it sends an authenticating reply. If it does not, then it sends a non-authenticating reply. If there was an indicator that the terminal has been offline in the message, it also requests all offline data.
At step 1004 a question is asked as to whether a reply has been received, and if this question is answered in the negative control is returned to step 1003 and the information is sent again. If this question is answered in the affirmative then at step 1005 a further question is asked as to whether the reply authenticated the terminal. If this question is answered in the affirmative then any saved position data and offline transactions are sent to security server 112 at step 1006 before a full start-up is performed at step 1007.
Alternatively, the question is answered in the negative, the terminal is considered insecure at step 1008 and the question asked at step 906 is answered in the negative, leading to the terminal powering down.
If the question asked at step 1002 is answered in the negative, to the effect that no network connection is present, then at step 1009 user data is stored, comprising a timestamp and the indication of biometric data obtained at step 1001. This data is stored in memory, not in the cache, so that it is not wiped if the terminal powers down. This user data identifies the time and user when the card terminal was powered on, so that if it is later powered down without ever making a network connection its user has been logged.
A question is then asked at step 1010 as to whether offline operations are possible. If the question is answered in the affirmative, a limited start-up is performed at step 1011, as will be described further in Figure 11. Alternatively, the terminal is considered insecure at step 1012.
Figure 11 Step 1011, at which a limited start-up is performed, is detailed in Figure 12. At step 1101 offline operations are performed. At step 1102 a question is asked as to whether a network connection is present yet. If this question is answered in the negative then control is returned to step 1101. The question is asked periodically until it is answered in the affirmative, at which point biometric data of the user is obtained and an indication of it stored in the cache at step 1103. At step 1004 the unique identifier of card terminal 102, the indication of the biometric data and an indicator that the terminal has been offline are sent to security server 112.
Security server then examines the biometric data against the stored biometric data and authenticates or does not authenticate the terminal. In addition, in response to the offline indicator, it requests that the terminal pass offline data to it.
The procedure then proceeds similarly to that described in Figure 10. At step 1105 a question is asked as to whether a reply has been received from security server 112, and if this question is answered in the negative control is returned to step 1104 and the information is sent again. If this question is answered in the affirmative then at step 1106 a further question is asked as to whether the reply authenticated the terminal. If this question is answered in the affirmative then a full start-up is performed at step 1108 after all the stored user data and details of offline operations have been sent to security server 112. Alternatively, the question is answered in the negative, stored user data and offline transaction details are sent to security server 112 at step 710, and the terminal is considered insecure at step 711.
Thus at the end of step 1011 the terminal has either performed a full start-up or been considered insecure. Alternatively, if the question asked at step 1002 is not answered in the affirmative before the terminal is shut down, then the time of the power-up and the biometric data obtained have been saved so that the next time the terminal is powered up the offline transactions and user data can be sent to security server 112, either at step 1006 or at step 1107. If the terminal is repeatedly powered up while there is no connection available then there may be a large number of user data and offline transactions to send.
Security server 112, when it receives details of the offline transactions, authenticates each one. For each transaction, the user data having the latest time before the time of the transaction is identified. If the indication of biometric data in this user data matches stored biometric data, then the transaction is sent to the card processing server. If the biometric data does not match then the transaction is flagged as an exception. It is then manually processed, which might lead to it being sent to the card processing system but most likely it was an attempt at fraud and can therefore be useful for identifying the thief of the card terminal.

Claims (41)

  1. Claims 1. A security system for a networked device, comprising: location-sensing means; communication means; memory; and a processor; wherein said processor is configured to: obtain, via said location-sensing means, a location of said device; send, via said communication means, said location and an identification of said device to a remote server; receive an indication from said remote server that said device is located outside the boundary of a pre-determined geographical area; and prevent use of said device.
  2. 2. A security system according to claim 2, wherein said location-sensing means is a global navigation satellite system receiver.
  3. 3. A security system according to either of claims I or 2, wherein said processor is configured to prevent use of said device by switching it off.
  4. 4. A security system according to any of claims I to 3, wherein said processor is configured to perform the tasks detailed in claim I whenever the device is powered on.
  5. 5. A security system according to any of claims I to 4, wherein said processor is configured to carry out the step of sending said location and said identification of said device to said remote server by: identifying a condition to the effect that said communication means is unable to communicate with said remote server; storing position data in said memory, wherein said position data comprises said location and a timestamp; periodically checking whether said communication means is able to communicate with said server; identifying a condition to the effect that said communication means is able to communicate with said server; obtaining, via said location-sensing means, a second location of said device; sending, via said communication means, said position data, said second location data and said identification of said device to said remote server.
  6. 6. A security system according to claim 5, wherein said device is configured to carry out online operations and said processor is configured to allow said device to carry out offline operations while said communication means is unable to communicate with said server.
  7. 7. A security system according to claim 6, wherein said processor is further configured to send, via said communication means, details of said offline operations to said remote server.
  8. 8. A security system according to claim 7, wherein said details of offline operations include, for each offline operation, the time at which said operation took place and the location of said device at said time.
  9. 9. A security system according to any of claims I to 9, further comprising biometric reading means, wherein said processor is further configured to: obtain, via said biometric reading means, biometric data of a user; send, via said communication means, an indication of said biometric data to said remote server; receive an indication from said remote server that said biometric data does not match stored biometric data; and prevent use of said device.
  10. 10. A security system according to any of claims I to 9, wherein said device is a card payment terminal.
  11. 11. A method of preventing unauthorised use of a networked device, comprising: at said device, identifying the location of said device; sending said location from said device to a remote server; at said remote server, identifying a condition to the effect that said device is outside the boundary of a pre-determined geographical area; sending a message from said remote server to said device; and at said device, preventing use of said device.
  12. 12. A method according to claim 11, wherein said location is identified using a global navigation satellite system receiver.
  13. 13. A method according to either of claims 11 or 12, wherein said step of preventing use of said device comprises switching the device off.
  14. 14. A method according to any of claims 11 to 13, wherein wherein said step of sending said location and said identification of said device to said remote server comprises, at said device: identifying a condition to the effect that communication with said remote server is not possible; storing position data, wherein said position data comprises said location and a timestamp; identifying a condition to the effect that communication with said remote server is possible; identifying a second location of said device; sending said position data, said second location data and said identification of said device to said remote server.
  15. 15. A method according to claim 14, including the step of periodically checking whether communication with said remote server is possible.
  16. 16. A method according to either of claims 14 or 15, wherein said device is configured to carry out online operations, further including the step of carrying out offline operations while communication with said server is not possible.
  17. 17. A method according to claim 16, further including the step of sending details of said offline operations to said remote server, including the last-identified location of the device at the time of each of said offline operations.
  18. 18. A method according to claim 17, further including the steps of, at said remote server: for each of said offline operations, either: a) identifying a condition to the effect that the last-identified location of the device was within the boundary of said pre-determined geographical area, and identifying said offline operation as valid; or a) identifying a condition to the effect that the last-identified location of the device was outside the boundary of said pre-determined geographical area, and identifying said offline operation as invalid.
  19. 19. A method according to claim 18, wherein operations identified as valid are processed and operations identified as invalid are flagged for manual processing.
  20. 20. A method according to any of claims 11 to 19, further comprising the steps of: at said device, obtaining biometric data from a user; sending an indication of said biometric data from said device to said remote server; at said remote server, identifying a condition to the effect that said biometric data does not match stored biometric data; and preventing use of said device.
  21. 21. A computer-readable medium having computer-readable instructions executable by a computer, such that when executing said instructions a computer will perform the steps of any of claims 12 to 20.
  22. 22. A security system for a networked device, comprising: biometric reading means; communication means; memory; and a processor; wherein said processor is configured to: obtain, via said biometric reading means, biometric data of a user of said device; send, via said communication means, an indication of said biometric data and an identification of said device to a remote server; receive an indication from said remote server that said biometric data does not match stored biometric data; and prevent use of said device.
  23. 23. A security system according to claim 23, wherein said biometric reading means is a fingerprint reader.
  24. 24. A security system according to either of claims 22 or 23, wherein said processor is configured to prevent use of said device by powering it down.
  25. 25. A security system according to any of claims 22 to 24, wherein said processor is configured to perform the steps detailed in claim 22 whenever the device is powered on.
  26. 26. A security system according to any of claims 22 to 25, wherein said processor is configured to carry out the step of sending said indication of said biometric data and said identification of said device to said remote server by: identifying a condition to the effect that said communication means is unable to communicate with said remote server; storing user data in said memory, wherein said user data comprises said indication of said biometric data and a timestamp; periodically checking whether said communication means is able to communicate with said server; identifying a condition to the effect that said communication means is able to communicate with said server; obtaining, via said biometric reading means, second biometric data; sending, via said communication means, said user data, an indication of said second biometric data and said identification of said device to said remote server.
  27. 27. A security system according to claim 26, wherein said device is configured to carry out online operations and said processor is configured to allow said device to carry out offline operations while said communication means is unable to communicate with said server.
  28. 28. A security system according to claim 27, wherein said processor is further configured to send, via said communication means, details of said offline operations to said remote server.
  29. 29. A security system according to claim 28, wherein said details of offline operations include, for each offline operation, the time at which said operation took place and the location of said device at said time.
  30. 30. A security system according to any of claims 22 to 29, wherein said device is a card payment terminal.
  31. 31. A method of preventing unauthorised use of a networked device, comprising: at said device, obtaining biometric data of a user of said device; sending an indication of said biometric data from said device to a remote server; at said remote server, identifying a condition to the effect that said biometric data does not match stored biometric data; sending a message from said remote server to said device; and at said device, preventing use of said device.
  32. 32. A method according to claim 31, wherein said biometric data is obtained using a fingerprint reader.
  33. 33. A method according to either of claims 31 or 32, wherein said step of preventing use of said device comprises powering the device down.
  34. 34. A method according to any of claims 31 to 33, wherein wherein said step of sending said indication of said biometric data and said identification of said device to said remote server comprises the steps of: identifying a condition to the effect that communication with said remote server is not possible; storing user data, wherein said user data comprises said indication of said biometric data and a timestamp; identifying a condition to the effect that communication with said remote server is possible; obtaining, via said biometric reading means, second biometric data; sending said user data, an indication of said second biometric data and said identification of said device to said remote server.
  35. 35. A method according to claim 34, including the step of periodically checking whether communication with said remote server is possible.
  36. 36. A method according to either of claims 34 or 35, wherein said device is configured to carry out online operations, further including the step of carrying out oftline operations while communication with said server is not possible.37. A method according to claim 35, further including the step of sending details of said offline operations to said remote server, including an indication of the last-obtained biometric data at the time of each of said offline operations.
  37. 37. A method according to claim 36, further including the steps of, at said remote server: for each of said offline operations, either: a) identifying a condition to the effect that the last-obtained biometric data matches stored biometric data, and identifying said offline operation as valid; or a) identifying a condition to the effect that the last-obtained biometric data at the time of said offline operation does not match stored biometric data, and identifying said offline operation as invalid.
  38. 38. A method according to claim 37, wherein operations identified as valid are processed and operations identified as invalid are flagged for manual prOcessing.
  39. 39. A computer-readable medium having computer-readable instructions executable by a computer, such that when executing said instructions a computer will perform the steps of any of claims 32 to 38.
  40. 40. A security system for a networked device substantially as herein described with reference to the accompanying Figures.
  41. 41. A method of preventing unauthorised use of a device substantially as herein described with reference to the accompanying Figures.
GB0903829A 2009-03-06 2009-03-06 Securing devices against unauthorized use Withdrawn GB2468349A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0903829A GB2468349A (en) 2009-03-06 2009-03-06 Securing devices against unauthorized use

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0903829A GB2468349A (en) 2009-03-06 2009-03-06 Securing devices against unauthorized use

Publications (2)

Publication Number Publication Date
GB0903829D0 GB0903829D0 (en) 2009-04-22
GB2468349A true GB2468349A (en) 2010-09-08

Family

ID=40600573

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0903829A Withdrawn GB2468349A (en) 2009-03-06 2009-03-06 Securing devices against unauthorized use

Country Status (1)

Country Link
GB (1) GB2468349A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2481074A (en) * 2010-06-07 2011-12-14 Alan Wyn-Davies System for controlling an electrical asset in response to a change in movement
US20230093267A1 (en) * 2020-02-03 2023-03-23 Anagog Ltd. Distributed Content Serving

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113268788B (en) * 2021-04-29 2023-01-10 山东英信计算机技术有限公司 Anti-theft control and management system, method and medium for high-confidentiality server

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5790074A (en) * 1996-08-15 1998-08-04 Ericsson, Inc. Automated location verification and authorization system for electronic devices
WO1999051038A2 (en) * 1998-03-31 1999-10-07 Piccionelli Greg A Communication network based on geographic location
WO2001075830A1 (en) * 2000-03-31 2001-10-11 British Telecommunications Public Limited Company Secured appliance
WO2002058022A2 (en) * 2001-01-19 2002-07-25 Intel Corporation Theft prevention using location determination
WO2002060209A1 (en) * 2001-01-24 2002-08-01 Worldpay Limited Date source authentication comprising transmission of positional information
US20030073448A1 (en) * 2001-10-17 2003-04-17 Minolta Co., Ltd. Terminal device and termainal device operation management system and operation management method
WO2003032551A1 (en) * 2001-10-05 2003-04-17 Litronic, Inc. Computer network activity access apparatus incorporating user authentication and positioning system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5790074A (en) * 1996-08-15 1998-08-04 Ericsson, Inc. Automated location verification and authorization system for electronic devices
WO1999051038A2 (en) * 1998-03-31 1999-10-07 Piccionelli Greg A Communication network based on geographic location
WO2001075830A1 (en) * 2000-03-31 2001-10-11 British Telecommunications Public Limited Company Secured appliance
WO2002058022A2 (en) * 2001-01-19 2002-07-25 Intel Corporation Theft prevention using location determination
WO2002060209A1 (en) * 2001-01-24 2002-08-01 Worldpay Limited Date source authentication comprising transmission of positional information
WO2003032551A1 (en) * 2001-10-05 2003-04-17 Litronic, Inc. Computer network activity access apparatus incorporating user authentication and positioning system
US20030073448A1 (en) * 2001-10-17 2003-04-17 Minolta Co., Ltd. Terminal device and termainal device operation management system and operation management method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2481074A (en) * 2010-06-07 2011-12-14 Alan Wyn-Davies System for controlling an electrical asset in response to a change in movement
US20230093267A1 (en) * 2020-02-03 2023-03-23 Anagog Ltd. Distributed Content Serving

Also Published As

Publication number Publication date
GB0903829D0 (en) 2009-04-22

Similar Documents

Publication Publication Date Title
US11405781B2 (en) System and method for mobile identity protection for online user authentication
US8839394B2 (en) Systems and methods for authenticating a user of a computer application, network, or device using a wireless device
US9456348B2 (en) Systems and methods for authenticating a user of a computer application, network, or device using a wireless device
US9154952B2 (en) Systems and methods for authenticating a user of a computer application, network, or device using a wireless device
US20040088551A1 (en) Identifying persons seeking access to computers and networks
US20130087612A1 (en) Method and devices for the production and use of an identification document that can be displayed on a mobile device.
TW201528028A (en) Apparatus and methods for identity verification
WO2004079499A2 (en) System and method for verifying user identity
US10440572B2 (en) Systems and methods for authenticating a user of a computer application, network, or device using a wireless device
US20150235226A1 (en) Method of Witnessed Fingerprint Payment
TWI745891B (en) Authentication system, authentication terminal, user terminal, authentication method, and program product
JP2003242428A (en) Cellular phone with card function and cellular phone with settlement function
JP2007094874A (en) Financial service providing system
US8931080B2 (en) Method and system for controlling the execution of a function protected by authentification of a user, in particular for the access to a resource
GB2468349A (en) Securing devices against unauthorized use
WO2011004401A2 (en) Cardless banking
JP5855217B1 (en) Smart card with fingerprint authentication and payment method using the same
KR101173109B1 (en) Withdrawal System for small some of money using mobile phone and method for operating in ATM
JP2007272813A (en) Authentication system, authentication server, authentication method and computer-readable authentication control program
JP2010286936A (en) Semiconductor element, authentication device, and authentication system
JP2006053808A (en) Operator authentication management system
JP2011035622A (en) Position notification system using display device changing display with time
JP2003122875A (en) Mobile ticket system and system control method
JP2003187170A (en) Authentication processing system and authentication processing method using cellular phone
JP2002324219A (en) Card authentication system

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)