GB2571301A - Security of data tags - Google Patents
Security of data tags Download PDFInfo
- Publication number
- GB2571301A GB2571301A GB1802929.8A GB201802929A GB2571301A GB 2571301 A GB2571301 A GB 2571301A GB 201802929 A GB201802929 A GB 201802929A GB 2571301 A GB2571301 A GB 2571301A
- Authority
- GB
- United Kingdom
- Prior art keywords
- data
- reader
- data tag
- sensors
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/0716—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising a sensor or an interface to a sensor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/0723—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
- G06K19/07318—Means for preventing undesired reading or writing from or onto record carriers by hindering electromagnetic reading or writing
Abstract
The invention relates to a data tag 10a (e.g. a payment card) having a memory (32) for storing a data set and a contactless interface (26, 28) for supplying data from the memory to a remote reader. The contactless interface is configured to be interrogated through an electromagnetic field (22) from the reader. The data tag further comprises a plurality of sensors 50 which are spatially separated and which are configured to sense the interrogating electromagnetic field, and a processing device (54) configured to receive outputs from the sensors representative of the interrogating field and to: enable supply of data through the contactless interface if the variability of the sensed outputs is sufficient to indicate that the reader and the data tag are in close proximity; and to disable supply of data if said variability indicates otherwise (see Figs 6a,b,c). The sensors could detect magnetic field strength using the Hall-effect. The device could also monitor variation of the sensor outputs over time. The invention is aimed at preventing unwanted reading from distant readers (skimming).
Description
SECURITY OF DATA TAGS
The present invention is concerned with data tags, which may take the form of contactless cards or RFID tags. In particular the invention is concerned with data security measures to be implemented in such devices.
The term contactless as used herein in relation to a card or other form of electronic tag implies that data carried by the card is able to be read through a wireless interface. Known contactless cards may be interrogated through close proximity inductive coupling and/or through propagating electromagnetic waves, and the term contactless card must be understood to encompass, without limitation, both or either of these possibilities. Protocols used for transmission of data in this context at the time of writing include the near-field communication (NFC) protocol and other protocols applied in relation to radio-frequency identification (RFID) but the term contactless does not - as used herein - refer to any specific communications protocol. Some contactless cards do have electrical contacts which provide an alternative means of reading data from the card. At the time of writing contactless payment cards commonly have two interfaces - a contactless interface and a set of contacts for making a direct electrical connection to a reader. These are nonetheless contactless in the relevant sense that data carried by the card is able to be read through a wireless interface.
Contactless cards are widely used for a variety of purposes. Importantly, many payment cards issued by banks, credit card companies and other financial institutions have a contactless interface for use at a point of sale, for purposes including authorisation of the transfer of funds. This is highly convenient for the purchaser, who can effect payment merely by presenting a card to a reader at the point of sale. Other applications of contactless cards include:
access management, where access barriers such as turnstiles or doors have a reader and a user is required to present a suitable card to obtain access. Hotel room keys provide one example;
verification of identity, where a bearer of a contactless card is taken to be the person identified by data on the card;
verification of attendance - some institutions of learning, for example, use contactless cards to verify students' attendance at lessons, seminars etc.;
access to resources, such as public transport, bike rentals etc.
This is far from being an exhaustive list.
It will be apparent that if a malfeasor is able to obtain unauthorised access to data from a contactless card, that data may be put to a variety of illegitimate uses. In the case of payment cards, this misappropriated data may be used to steal money from a financial account. A cloned hotel key card bearing the misappropriated data may be used for a burglary. The malfeasor may use such data to access confidential data intended for the bearer of the card, and so on.
Whereas contact-based interfaces can be interrogated only if access is available to the card itself, contactless cards suffer from the fundamental vulnerability that they can be interrogated remotely. Hence subject to whatever security precautions are taken, there is the possibility of a malfeasor reading the card without having direct physical access to it. An individual with a suitable reader may for example collect card data in a public place from passers-by.
Barring the use of suitable security measures, the technical and practical barriers to this type of abuse are not large. Cards' wireless interfaces typically conform to publicly available standards. The ISO/IEC 7816 standard which is widely adopted in relation to payment cards at the time of writing is also implemented for example in door-entry systems, car park barriers, hotel room locks, gymnasia, electricity and gas meters. The know-how required to interrogate cards using these standards is widely available, as is the hardware. One existing range of card chips and readers is sold at the time of writing under the trade mark MIFARE, owned by NXP Semiconductors, who state that 150 million readers have been sold. The contactless cards issued by financial institutions to make transactions do have a slightly different level of security from the cards used in hotels and transport networks, requiring additional vendor specific steps to translate received data into human readable form, but the additional security provided thereby is minimal. The information needed to extract customer and account information from a contactless payment card can be found in the public EMV standard which was originally developed by Mastercard (RTM) and Visa (RTM) in the early nineties.
Devices exist within the criminal fraternity that can harvest data from contactless payment cards at a rate of approximately 15 cards per second, and that remain undetectable by the typical card holder. But specialist equipment is not required. Many modern smartphones and tablets contain RFID/NFC readers, so that a standard device with a suitable application can be used to collect data from contactless cards. Applications can even be downloaded from mainstream app stores that are capable of reading data from contactless cards.
As to the range over which information can be misappropriated, a typical payment card operating in the 13.56 MHz range needs to be placed within a few centimetres of a legitimate reader for data to be exchanged. But it is also possible to read these cards from over a metre away with the correct equipment, and from a much larger distance using a specialised antenna and related circuitry. Other frequencies can be used. For instance some standards use 125KHz.
So for example where contactless cards are carried in public by users in coat pockets, trouser pockets or non-shielded wallets and purses there is a risk that data from the cards may be misappropriated. Fraudsters may use handheld readers for the purpose in crowded areas such as lifts (elevators), escalators, turnstiles, public transport and so on.
Fraud in relation to contactless cards is a real and current source of concern to consumers and to institutions using the technology.
Various security measures are available in this context.
One precaution that the user can take is to provide the card with a shield which blocks the signals used to exchange data. The card is placed in the shield when not in use and is intended to be removed from it only for use, e.g. at a point of sale. The shield may take the form of a sleeve to receive and surround the card. An electrically conductive layer can provide shielding, functioning in the manner of a Faraday cage. Wallets and purses claimed to screen radio frequency transmissions are commercially available. Shields provide an incomplete solution however. From the point of view of the institution issuing the card, the fact that not all users have adopted use of shields leaves them at risk. From the point of view of the end user, to be effective, a shield relies on that user manually taking the card out of the shield for use, and then returning it to the shield after use. This is potentially inconvenient for the user and there is the possibility that the card will not be returned to the shield after use, leaving it vulnerable.
US2013015955A (Verizon Patent and Licensing Inc. et al) discloses an RFID tag which may take the form of a credit card and which has a switch which is actuable by a user to change the tag from a first state in which it is not able to be activated by a carrier signal and a second state in which it is able to be activated by the carrier signal. In this way the card is disabled unless the user activates it by means of the switch. Other patent cases disclosing tags or cards whose interface is able to be activated using a switch are WO11067428A1 (Servicios Para Medios De Pago etal), US2003132301A (Massachusetts Institute of Technology), US2008011859A (Simon Phillips), US2006266831 (Douglas Kozlay), US8052052B (Intuit Inc.) and US7994920B (International Business Machines). In all these examples the card is reversibly activated/deactivated by some transient user input such as the application/withdrawal of a fingertip. Such devices add considerably to the complexity and cost of the card.
The present invention concerns a quite different approach to card security, and provides a data tag comprising:
a memory for storing a data set, a contactless interface for supplying data from the memory to a remote reader, the contactless interface being configured to be interrogated through an electromagnetic field from the reader, a plurality of sensors which are spatially separated and which are configured to sense the interrogating electromagnetic field, and a processing device configured to receive outputs from the sensors representative of the interrogating field and to enable supply of data from the data set through the contactless interface if variability of the sensed outputs is sufficient to indicate that the reader and the data tag are in close proximity, and to disable supply of data from the data set through the contactless interface if variability of the sensed outputs is not sufficient to indicate that the reader and the data tag are in close proximity.
Specific embodiments of the present invention will now be described, by way of example only, with reference to the accompanying drawings, in which:Figure 1 depicts the exterior of a typical contactless payment card, viewed from the front;
Figure 2 represents depicts the exterior of the same card, viewed from the rear;
Figure 3 is a simplified depiction of an interaction between a contactless payment card and a reader used to interrogate the card;
Figure 4 is a highly schematic representation of functional components of the circuitry of a contactless card;
Figure 5 is a highly schematic representation of a sensor array in a contactless card embodying the present invention;
Figures 6a - 6d represent an interaction between a card reader and a card embodying the present invention, showing magnetic field lines of an interrogating field;
Figure 7 is a highly schematic representation of functional components of the circuitry of a contactless card embodying the present invention.
Figures 1 and 2 depict a conventional contactless payment card 10 conforming to industry standards ISO/IEC 7816 and ISO/IEC 14443. The card carries visual data including an embossed 16 digit card number 12. Other human-readable visual data printed on a typical card is omitted for the sake of simplicity. This example card 10 is able to be electronically interrogated through any of three different devices:
a contact chip 14 having multiple exposed electrical contacts conforming to the EMV standard, often referred to by the names Chip and Pin or Chip and Signature, according to the method of authentication employed by the card issuer. To use this interface the card is normally inserted into a reader which makes physical connections to the contacts to interrogate the contact chip;
a contactless interface housed within the card, whose components are formed by an inner layer of the card not visible from its exterior and whose presence is indicated by a logo 16 on the card; and a magnetic strip 18 on the rear of the card, which is provided for the sake of backwards compatibility, being used in older point of sale devices.
The rear of the card also carries visible alphanumeric characters 19 representing a CVV or CVV2 code, which is used in some online and telephone transactions, and a signature strip 21.
In a contactless interaction the card 10 is read by a remote reader 20 (Figure 3) which may for example be a point of sale device used to authorise a financial transaction. The reader need not be in physical contact with the card 10. The reader 20 interrogates the card through an interrogating electromagnetic field 22. In response the card 10 transmits data to the reader 20 through a suitably modulated data transmission electromagnetic field 24.
Figure 4 is a highly simplified representation of the architecture of the electronics of the card 10 as they pertain to exchange of data through the contactless interface. This is presented by way of example and not limitation. Other architectures may be adopted in embodiments of the present invention. The card 10 has a contactless interface comprising an antenna 26, which is depicted in this example as an inductive element, and associated interface electronics 28. The card 10 is in this example of the passive type which runs on power harvested through the antenna 26 from the interrogating electromagnetic field 22 generated by the reader 20. The invention may however be implemented in active cards having an on-board power supply. The interface electronics 28 comprise a voltage regulator through which power received from the interrogating electromagnetic field 22 is supplied to the card's other circuitry, and an RF modulator/demodulator function. The technical implementation of these functions is known in the art and familiar to the skilled person.
Figure 4 is wholly schematic and does not purport to represent the physical layout of the relevant components. In a practical implementation the antenna 26 is typically formed as a conductive loop extending repeatedly around the card close to its perimeter.
In the present example the card 10 further comprises a processing unit 30 and associated memory 32, which may, without limitation, comprise read only memory, non-volatile random access memory and/or EEPROM (electrically erasable programmable read only memory). The memory 32 stores, among other items, a data set which the card 10 is able to transmit to the reader 20 through the contactless interface 26, 28. In the case of a payment card, this data set includes in particular the identity and security information needed for authorisation of a financial transaction. In this case its transmission to malfeasors would pose a security risk to the user. The data set typically includes data which is written to the card before its delivery to the end user.
Where a contactless card is used by its authorised bearer, the card 10 is typically presented to the reader 20 so that distance between the two is small. Existing point of sale devices of the inductive close coupled type, for example, typically require the card to be directly presented to or even touched against a reader. Unauthorised reading of the card is often carried out without the malfeasor being in physical possession of the card, and the distance between the reader 20 and the card 10 is therefore typically larger. By distinguishing these two situations it is possible, in accordance with the present invention, to distinguish between authorised and unauthorised attempts to access the card's data, and to control supply of that data accordingly.
The present embodiment uses a plurality of sensors which are spatially separated from another and which sense the interrogating electromagnetic field. In this way the degree of local inhomogeneity of the field is assessed on the basis of the sensor outputs, as an indicator of distance between the reader 20 and the card. A high degree of local inhomogeneity is expected where the distance is small. A lower degree of local inhomogeneity is expected where the distance is larger.
Figure 5 represents a contactless card 10a embodying the present invention, which has a set of field sensors 50 each configured to respond to the local electromagnetic interrogating field 22. The sensors 50 are spaced across a two-dimensional area of the card. They are in the present embodiment arranged in a grid, although other sensor arrangements may be adopted in other embodiments of the invention.
Figure 6 illustrates how local inhomogeneity of the interrogating field arises. The reader, which is the source of the interrogating field, is once more designated 20. Dotted lines 52 around it are the magnetic field lines of the interrogating field. The card 10a is viewed end-on, so that upper, middle and lower sensors 50a, 50b and 50c are visible. In Figure 6a, the card 50 is very close to the reader 20. In the region of middle sensor 50b, the lines of magnetic field run roughly parallel to the plane of the card 10a, in this example. In the regions of the upper and lower sensors 50a, 50c the magnetic field vectors are roughly perpendicular to the same plane. So variation of both (a) magnetic field strength and (b) magnetic field direction between the different sensors can be expected to be large. As the distance from the reader 20 to the card 10a increases (Figures 6b and 6c), the variation in field direction and strength across the sensor array decreases. If one considers the reader 20 to be at infinity (Figure 6d) then the magnetic field lines are straight and the field is constant across the sensor array.
This provides a means of distinguishing between (a) a case where the card 10a is interrogated by a reader 20 in close proximity to it, and (b) a case where the card 10a is interrogated by a reader 20 at a greater distance. Specifically, a large variation in measured field properties across the sensor array indicates that the distance is small, and a small variation in these properties indicates that the distance is large.
The sensors 50 may take any of a variety of different forms. They may in some embodiments have an isotropic response - that is, a field of a given strength will give the same sensor output regardless of its direction. In such embodiments the degree of inhomogeneity of the field strength of the interrogating field can be monitored. But in the present embodiment the sensors 50 have a directional response. That is, they respond preferentially to fields whose field vectors lie along a specific direction (or directions). In this way the sensor array 50 is able to respond to the variation in field vector direction represented in Figure 6.
The sensors 50 may in principle respond to the magnetic component of the interrogating field or to its electrical component, or both.
In the present embodiment, the sensors 50 are Hall-effect sensors. The operation of a Hall-effect sensor is very well known to the skilled person. Commercial Hall effect sensors are very widely available. Hence their operation will not be described in detail herein, but very briefly a Hall-effect sensor typically has a conductor supplied with an electrical current and exposed to a magnetic field. The magnetic field exerts a force on the moving charge carriers, creating a potential difference across the conductor which can be converted to the sensor's output. Hall-effect sensors are directional (anisotropic), responding preferentially to magnetic field vectors in certain directions.
Outputs from the sensors 50 are led to logic circuitry for processing. In some embodiments the same CPU 30 used to supply data through the contactless interface 26, 28 is also used to process the sensor outputs and control data supply in response to them. But the present embodiment (Figure 7) has a second logic device 54 from the CPU 32 to process the sensor outputs. The second logic device 54 and the array of sensors 50 are both powered from the same antenna 26 used for data exchange, so that they are activated and powered by the interrogating field 22. The second logic device 54 may be a programmed microprocessor, although simpler logic devices or indeed analogue processing circuitry may instead suffice in certain embodiments. Based on the sensor signals, delivery of the aforementioned data set through the contactless interface 26, 28 is either enabled or disabled. This may for example be achieved through a digital signal sent by the logic device 54 to the CPU 30 to enable/disable data delivery, or through a switch controlling supply of power to the CPU 30 and/or interface 26, 28 which is closed to enable data delivery.
The processing of the signals from the sensors 50 may include determination of signal variation as an indication of proximity of the card 10a to the reader 20. It may include determination of the degree of inhomogeneity of the field across the array of sensors 50.
The signal processing may also include determination of dynamic aspects of the sensor outputs as an indicator of proximity of the card to the reader. Moving the card 10a into a position close to the reader 20 is expected to produce dynamic variations in the field strengths experienced by the sensors 50. Hence variation of sensor outputs with time is large during such movement used in a legitimate transaction to position the card 10a on or adjacent the reader 20. These time variations in the sensor outputs can be detected to provide a further indication that the card is being read from a proximally situated reader.
Based on the outputs of the sensors 50, the second logic device 54 is configured to make a determination of whether supply of data from the data set should be enabled or disabled. In the case of a contactless payment card, enablement of data supply makes possible transfer of the card data needed to make a payment. Disablement of data supply prevents a transaction being made, and also of course serves to protect the card from being remotely read by a malfeasor. Typically the supply of data will be disabled by default, and enabled only in response to a suitable determination by the second logic device 54. Hence the card 10a is at most times (and save when being legitimately interrogated) prevented from supplying sensitive data through the contactless interface 26, 28.
In the present embodiment, following a determination that data supply is to be enabled, this enablement takes place for no more than a predetermined period. For example, a ten second window may be provided following enablement within which data supply is able to take place. After that period, the card returns to a state in which data supply is disabled. Since enablement takes place when the card has already received the interrogating signal, this limited window provides time for the required data supply to the reader 20. But it limits any opportunity for a fraudulent reading of the card data to take place during or immediately after a legitimate transaction.
Also according to the present embodiment data supply is disabled immediately after a legitimate reading of the card date has been completed, which further curtails any opportunity for fraudulent 5 reading of the card.
The present invention is especially suitable for implementation using cards but can be applied to data tags of any kind including wearable devices or portable computing devices.
Claims (16)
1. A data tag comprising:
a memory for storing a data set, a contactless interface for supplying data from the memory to a remote reader, the contactless interface being configured to be interrogated through an electromagnetic field from the reader, a plurality of sensors which are spatially separated and which are configured to sense the interrogating electromagnetic field, and a processing device configured to receive outputs from the sensors representative of the interrogating field and to enable supply of data from the data set through the contactless interface if variability of the sensed outputs is sufficient to indicate that the reader and the data tag are in close proximity, and to disable supply of data from the data set through the contactless interface if variability of the sensed outputs is not sufficient to indicate that the reader and the data tag are in close proximity.
2. A data tag as claimed in claim 1 which is a contactless card.
3. A data tag as claimed in claim 2 which is a payment card.
4. A data tag as claimed in claim 2 or claim 3 in which the sensors are spaced across a two dimensional area of the card.
5. A data tag as claimed in any preceding claim in which the sensors are arranged in a grid pattern.
6. A data tag as claimed in any preceding claim in which the sensors are directional.
7. A data tag as claimed in any preceding claim in which the sensors are sensitive to the magnetic field component of the interrogating electromagnetic field.
8. A data tag as claimed in any preceding claim in which the sensors are Hall-effect sensors.
9. A data tag as claimed in any preceding claim in which the processing device is configured to compare outputs from the plurality of sensors and to establish variability between the sensors as a basis for determination of proximity of the data tag to the reader.
10. A data tag as claimed in any preceding claim in which the processing device is configured to monitor variation of sensor outputs over time as a basis for determination of proximity of the data tag to the reader.
11. A data tag as claimed in any preceding claim in which the processing device is configured to enable supply of data if distance from the data tag to the reader is determined to be 10cm or less.
12. A data tag as claimed in any preceding claim in which the processing device is configured to enable supply of data if distance from the data tag to the reader is determined to be 1cm or less.
5
13. A data tag as claimed in any preceding claim in which the processing device is configured to enable supply of data if distance from the data tag to the reader is determined to be 2mm or less.
14. A portable device as claimed in any preceding claim which is configured to be driven by power harvested from the electromagnetic field used to interrogate the device.
15. A portable device as claimed in any preceding claim in which the processing device is configured
10 to enable supply of data from the data set through the contactless interface for a predetermined period only following a determination that the reader and the data tag are in close proximity.
16. A portable device as claimed in any preceding claim in which the processing device is configured to disable supply of data from the data set after the said data has been read.
Priority Applications (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB1802929.8A GB2571301B (en) | 2018-02-23 | 2018-02-23 | Security of data tags |
| US16/971,588 US20200387765A1 (en) | 2018-02-23 | 2019-02-21 | Security Measures in Relation to Data Tags and Contactless Cards |
| EP19710470.6A EP3756136A1 (en) | 2018-02-23 | 2019-02-21 | Security measures in relation to data tags and contactless cards |
| PCT/GB2019/050476 WO2019162674A1 (en) | 2018-02-23 | 2019-02-21 | Security measures in relation to data tags and contactless cards |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB1802929.8A GB2571301B (en) | 2018-02-23 | 2018-02-23 | Security of data tags |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB201802929D0 GB201802929D0 (en) | 2018-04-11 |
| GB2571301A true GB2571301A (en) | 2019-08-28 |
| GB2571301B GB2571301B (en) | 2020-07-22 |
Family
ID=61903115
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB1802929.8A Expired - Fee Related GB2571301B (en) | 2018-02-23 | 2018-02-23 | Security of data tags |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2571301B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005069195A1 (en) * | 2004-01-14 | 2005-07-28 | Matsushita Electric Industrial Co., Ltd. | Contactless card reader |
| US20100207730A1 (en) * | 2007-08-27 | 2010-08-19 | Gemalto Sa | Behavioural method and device for preventing the use of a contactless portable device without the bearer's authorization |
| EP2592584A1 (en) * | 2011-11-11 | 2013-05-15 | Giesecke & Devrient GmbH | Secure wireless transaction |
-
2018
- 2018-02-23 GB GB1802929.8A patent/GB2571301B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005069195A1 (en) * | 2004-01-14 | 2005-07-28 | Matsushita Electric Industrial Co., Ltd. | Contactless card reader |
| US20100207730A1 (en) * | 2007-08-27 | 2010-08-19 | Gemalto Sa | Behavioural method and device for preventing the use of a contactless portable device without the bearer's authorization |
| EP2592584A1 (en) * | 2011-11-11 | 2013-05-15 | Giesecke & Devrient GmbH | Secure wireless transaction |
Also Published As
| Publication number | Publication date |
|---|---|
| GB201802929D0 (en) | 2018-04-11 |
| GB2571301B (en) | 2020-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220318784A1 (en) | Multi-function electronic payment card and device system | |
| EP2171636B1 (en) | Appliance for financial transaction tokens | |
| EP2324445B1 (en) | Secure smart card system | |
| US7946502B2 (en) | Financial transaction token | |
| US20140195429A1 (en) | Method for protecting cardholder data in a mobile device that performs secure payment transactions and which enables the mobile device to function as a secure payment terminal | |
| JPWO2002086808A1 (en) | Information protection system and information protection method | |
| WO2013039395A1 (en) | Active matrix display smart card | |
| Hendry | Multi-application smart cards: technology and applications | |
| GB2564655A (en) | Biometric bank card | |
| US20200387765A1 (en) | Security Measures in Relation to Data Tags and Contactless Cards | |
| GB2571301A (en) | Security of data tags | |
| TWI435274B (en) | A composite chip card with a security interface and a method for controlling the same | |
| US11138486B1 (en) | Cardholder sleeve with selectable wireless communication capabilities | |
| US10628722B2 (en) | Method and apparatus to enhance the security of contact-less cards | |
| GB2571308A (en) | Security of contactless cards | |
| US20230297805A1 (en) | Finger-activated chip or contactless card | |
| GB2571303A (en) | Security of contactless cards and other tags | |
| CA2970007A1 (en) | The bioid nfc smart card | |
| KR20190007196A (en) | Apparatus and methods for providing card activation control and digital wallet exchange using card owner's identity verification | |
| GB2571310A (en) | Security of contactless cards | |
| KR100809941B1 (en) | System and Method for Processing Information, Devices for Processing Information and Program Recording Medium | |
| Sharma | Overview of Micro-payment Technology | |
| Laurie | Chip and spin | |
| Hansmann et al. | Smart Identification | |
| AU2012200019A1 (en) | Card security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20220223 |