GB2571303A - Security of contactless cards and other tags - Google Patents

Security of contactless cards and other tags Download PDF

Info

Publication number
GB2571303A
GB2571303A GB1802941.3A GB201802941A GB2571303A GB 2571303 A GB2571303 A GB 2571303A GB 201802941 A GB201802941 A GB 201802941A GB 2571303 A GB2571303 A GB 2571303A
Authority
GB
United Kingdom
Prior art keywords
card
portable device
conductive connection
data
contactless
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1802941.3A
Other versions
GB201802941D0 (en
GB2571303B (en
Inventor
Meers Jason
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Equinox Card Ltd
Original Assignee
Equinox Card Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Equinox Card Ltd filed Critical Equinox Card Ltd
Priority to GB1802941.3A priority Critical patent/GB2571303B/en
Publication of GB201802941D0 publication Critical patent/GB201802941D0/en
Priority to EP19710470.6A priority patent/EP3756136A1/en
Priority to US16/971,588 priority patent/US20200387765A1/en
Priority to PCT/GB2019/050476 priority patent/WO2019162674A1/en
Publication of GB2571303A publication Critical patent/GB2571303A/en
Application granted granted Critical
Publication of GB2571303B publication Critical patent/GB2571303B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0723Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • G06K19/07345Means for preventing undesired reading or writing from or onto record carriers by activating or deactivating at least a part of the circuit on the record carrier, e.g. ON/OFF switches

Abstract

The invention relates to portable device in the form of a contactless card 50 (e.g. a payment card) or a data tag. The device comprises a memory (30) for storing data sets and a contactless interface (26, 28) for supplying data from the memory to a remote reader (20). An electrically conductive connection 52 is disposed on a surface of the portable device and is severable by a user. The device has two modes of operation: one in which supply of data through the contactless interface is enabled; and the other in which it is disabled. The device is configured to change which mode it operates in depending on whether the conductive connection is severed or unsevered. The conductive connection could take the form of a metallic film which can be removed by scratching, or a peelable sticker. Some embodiments may have plural conductive connections (Fig. 6a,b) where their selective breaking controls the data sent to the reader, or the amount payable by the card (52 a,b,c). The invention is aimed at preventing unwanted reading during transit of the card to the owner.

Description

SECURITY OF CONTACTLESS CARDS AND OTHER TAGS
The present invention is concerned with contactless cards and RFID tags, and with data security measures implemented in such devices.
The term contactless as used herein in relation to a card or other form of electronic tag implies that data carried by the card is able to be read through a wireless interface. Known contactless cards may be interrogated through close proximity inductive coupling and/or through propagating electromagnetic waves, and the term contactless card must be understood to encompass, without limitation, both or either of these possibilities. Protocols used for transmission of data in this context at the time of writing include the near-field communication (NFC) protocol and other protocols applied in relation to radio-frequency identification (RFID) but the term contactless does not - as used herein - refer to any specific communications protocol. Some contactless cards do have electrical contacts which provide an alternative means of reading data from the card. At the time of writing contactless payment cards commonly have two interfaces - a contactless interface and a set of contacts for making a direct electrical connection to a reader. These are nonetheless contactless in the relevant sense that data carried by the card is able to be read through a wireless interface.
Contactless cards are widely used for a variety of purposes. Importantly, many payment cards issued by banks, credit card companies and other financial institutions have a contactless interface for use at a point of sale, for purposes including authorisation of the transfer of funds. This is highly convenient for the purchaser, who can effect payment merely by presenting a card to a reader at the point of sale. Other applications of contactless cards include:
access management, where access barriers such as turnstiles or doors have a reader and a user is required to present a suitable card to obtain access. Hotel room keys provide one example;
verification of identity, where a bearer of a contactless card is taken to be the person identified by data on the card;
verification of attendance - some institutions of learning, for example, use contactless cards to verify students' attendance at lessons, seminars etc.;
access to resources, such as public transport, bike rentals etc.
This is far from being an exhaustive list.
It will be apparent that if a malfeasor is able to obtain unauthorised access to data from a contactless card, that data may be put to a variety of illegitimate uses. In the case of payment cards, this misappropriated data may be used to steal money from a financial account. A cloned hotel key card bearing the misappropriated data may be used for a burglary. The malfeasor may use such data to access confidential data intended for the bearer of the card, and so on.
Whereas contact-based interfaces can be interrogated only if access is available to the card itself, contactless cards suffer from the fundamental vulnerability that they can be interrogated remotely. Hence subject to whatever security precautions are taken, there is the possibility of a malfeasor reading the card without having direct physical access to it. An individual with a suitable reader may for example collect card data in a public place from passers-by.
Barring the use of suitable security measures, the technical and practical barriers to this type of abuse are not large. Cards' wireless interfaces typically conform to publicly available standards. The ISO/IEC 7816 standard which is widely adopted in relation to payment cards at the time of writing is also implemented for example in door-entry systems, car park barriers, hotel room locks, gymnasia, electricity and gas meters. The know-how required to interrogate cards using these standards is widely available, as is the hardware. One existing range of card chips and readers is sold at the time of writing under the trade mark MIFARE, owned by NXP Semiconductors, who state that 150 million readers have been sold. The contactless cards issued by financial institutions to make transactions do have a slightly different level of security from the cards used in hotels and transport networks, requiring additional vendor specific steps to translate received data into human readable form, but the additional security provided thereby is minimal. The information needed to extract customer and account information from a contactless payment card can be found in the public EMV standard which was originally developed by Mastercard (RTMO and Visa (RTM) in the early nineties.
Devices exist within the criminal fraternity that can harvest data from contactless payment cards at a rate of approximately 15 cards per second, and that remain undetectable by the typical card holder. But specialist equipment is not required. Many modern smartphones and tablets contain RFID/NFC readers, so that a standard device with a suitable application can be used to collect data from contactless cards. Applications can even be downloaded from mainstream app stores that are capable of reading data from contactless cards.
As to the range over which information can be misappropriated, a typical payment card operating in the 13.56 MHz range needs to be placed within a few centimetres of a legitimate reader for data to be exchanged. But it is also possible to read these cards from over a metre away with the correct equipment, and from a much larger distance using a specialised antenna and related circuitry.
So for example where contactless cards are carried in public by users in coat pockets, trouser pockets or non-shielded wallets and purses there is a risk that data from the cards may be misappropriated. Fraudsters may use handheld readers for the purpose in crowded areas such as lifts (elevators), escalators, turnstiles, public transport and so on.
Another potential danger is that malware running on a user's own smartphone or tablet may be used to read that user's card and transmit its data to a malfeasor. A user's card and their mobile device may often be juxtaposed, e.g. because the user puts both in a pocket or handbag. The malware is thus able to use the mobile device's NFC/RFID interface to read the card, and its mobile (cellular) or WiFi data transmission capability to transmit the data to a malfeasor. Malware which propagates widely can in this way be used to obtain large volumes of card data without those responsible being in geographical proximity to the victims.
Fraud in relation to contactless cards is a real and current source of concern to consumers and to institutions using the technology.
A particular risk arises during delivery of a contactless card to its end user. Where a contactless card is delivered by a postal service or delivery agent, there is the risk that the card may be read - even without the package in which it is contained being opened - during the delivery process, giving a malfeasor access to data from the card. There is also the risk that data may be harvested from the card for illegitimate purposes at some point in its manufacture. Interception of data on a large scale is possible by siting a reader at a suitable point in the manufacturing line, or at any suitable point in the route for packing, despatch, sorting and delivery of the cards.
Various security measures are available in this context.
One precaution that the user can take is to provide the card with a shield which blocks the signals used to exchange data. The card is placed in the shield when not in use and is intended to be removed from it only for use, e.g. at a point of sale. The shield may take the form of a sleeve to receive and surround the card. An electrically conductive layer can provide shielding, functioning in the manner of a Faraday cage. Wallets and purses claimed to screen radio frequency transmissions are commercially available. Shields provide an incomplete solution however. From the point of view of the institution issuing the card, the fact that not all users have adopted use of shields leaves them at risk. From the point of view of the end user, to be effective, a shield relies on that user manually taking the card out of the shield for use, and then returning it to the shield after use. This is potentially inconvenient for the user and there is the possibility that the card will not be returned to the shield after use, leaving it vulnerable.
US2013015955A (Verizon Patent and Licensing Inc. et al) discloses an RFID tag which may take the form of a credit card and which has a switch which is actuable by a user to change the tag from a first state in which it is not able to be activated by a carrier signal and a second state in which it is able to be activated by the carrier signal. In this way the card is disabled unless the user activates it by means of the switch. Other patent cases disclosing tags or cards whose interface is able to be activated using a switch are WO11067428A1 (Servicios Para Medios De Pago etal), US2003132301A (Massachusetts Institute of Technology), US2008011859A (Simon Phillips), US2006266831 (Douglas Kozlay), US8052052B (Intuit Inc.) and US7994920B (International Business Machines). In all these examples the card is reversibly activated/deactivated by some transient user input such as the application/withdrawal of a fingertip. Such devices add considerably to the complexity and cost of the card.
According to the present invention there is a portable device in the form of a contactless card or a data tag, the portable device comprising a memory for storing a data set, a contactless interface for supplying data from the memory to a remote reader, and an electrically conductive connection which is disposed on a surface of the portable device and which is severable by a user, the device having two modes of operation:
a first mode in which supply of data from the data set through the contactless interface is enabled; and a second mode in which supply of data from the data set through the contactless interface is disabled, and being configured to operate in one of the two modes of operation when the conductive connection is unsevered, and to operate in the other of the two modes of operation when the conductive connection is severed.
Specific embodiments of the present invention will now be described, by way of example only, with reference to the accompanying drawings, in which:Figure 1 depicts the exterior of a typical contactless payment card, viewed from the front;
Figure 2 represents depicts the exterior of the same card, viewed from the rear;
Figure 3 is a simplified depiction of an interaction between a contactless payment card and a reader used to interrogate the card;
Figure 4 is a highly schematic representation of an electronic circuit implemented on the card;
Figures 5a and 5b each depict an electronic payment card embodying the present invention, viewed from the front, along with a user's fingertip;
Figures 6a and 6b each depict a further electronic payment card embodying the present invention, viewed from the front, along with a user's fingertip;
Figure 7 is a highly schematic representation of an electronic circuit implemented on a contactless payment card embodying the present invention;
Figure 8 is a highly schematic representation of an electronic circuit implemented on a further contactless payment card embodying the present invention; and
Figure 9 is a highly schematic representation of an electronic circuit implemented on yet a further contactless payment card embodying the present invention.
Figures 1 and 2 depict a conventional contactless payment card 10 conforming to industry standards ISO/IEC 7816 and ISO/IEC 14443. The card carries visual data including an embossed 16 digit card number 12. Other human-readable visual data printed on a typical card is omitted for the sake of simplicity. This example card 10 is able to be electronically interrogated through any of three different devices:
a contact chip 14 having multiple exposed electrical contacts conforming to the EMV standard, often referred to by the names Chip and Pin or Chip and Signature, according to the method of authentication employed by the card issuer. To use this interface the card is normally inserted into a reader which makes physical connections to the contacts to interrogate the contact chip;
a contactless interface housed within the card, whose components are formed by an inner layer of the card not visible from its exterior and whose presence is indicated by a logo 16 on the card; and a magnetic strip 18 on the rear of the card, which is provided for the sake of backwards compatibility, being used in older point of sale devices.
The rear ofthe card also carries visible alphanumeric characters 19 representing a CVV or CVV2 code, which is used in some online and telephone transactions, and a signature strip 21.
In a contactless interaction the card 10 is read by a remote reader 20 (Figure 3) which may for example be a point of sale device used to authorise a financial transaction. The reader need not be in physical contact with the card 10. The reader 20 interrogates the card through an interrogating electromagnetic field 22. In response the card 10 transmits data to the reader 20 through a suitably modulated data transmission electromagnetic field 24.
Figure 4 is a highly simplified representation of the architecture of the electronics of the card 10 as they pertain to exchange of data through the contactless interface. This is presented by way of example and not limitation. Other architectures may be adopted in embodiments of the present invention. The card 10 has a contactless interface comprising an antenna 26, which is depicted in this example as an inductive element, and associated interface electronics 28. The card 10 is in this example of the passive type which runs on power harvested through the antenna 26 from the interrogating electromagnetic field 22 generated by the reader 20. The invention may however be implemented in active cards having an on-board power supply. The interface electronics 28 comprise a voltage regulator through which power received from the interrogating electromagnetic field 22 is supplied to the card's other circuitry, and an RF modulator/demodulator function. The technical implementation of these functions is known in the art and familiar to the skilled person.
Figure 4 is wholly schematic and does not purport to represent the physical layout of the relevant components. In a practical implementation the antenna 26 is typically formed as a conductive loop extending repeatedly around the card close to its perimeter.
In the present example the card 10 further comprises a processing unit 30 and associated memory 32, which may, without limitation, comprise read only memory, non-volatile random access memory and/or EEPROM (electrically erasable programmable read only memory). The memory 32 stores, among other items, a data set which the card 10 is able to transmit to the reader 20 through the contactless interface 26, 28. In the case of a payment card, this data set includes in particular the identity and security information needed for authorisation of a financial transaction. In this case its transmission to malfeasors would pose a security risk to the user. The data set typically includes data which is written to the card before its delivery to the end user.
Figure 5a depicts a contactless card 50 which embodies the present invention, which has in the present embodiment the features of appearance, architecture and function described above with reference to Figures 1 to 5, and which additionally comprises an electrically conductive connection 52 disposed on an exterior face of the card 50. The conductive connection 52 controls access to the aforementioned data set through the contactless interface.
The conductive connection 52 is formed in a manner which enables it to be severed by a user. In the present embodiment it comprises a metal layer applied to the front face of the card 50. The metal layer is able to be scratched away using for example a coin 54 or a fingernail 56. In this way a path through the conductive connection between electronic components of the card 50 is severed - see
Figure 5b, showing the state of the card after severing of the conductive connection 52.
In another possible embodiment the conductive connection 52 comprises a self-adhesive peel-off sticker with an electrically conductive connection which bridges contacts on the card 50 when present, so that removal of the sticker severs the electrical connection.
Severing of the conductive connection 52 in both of these examples involves its total or partial removal. In the case of a metal film, the material of the film is to be scratched away and so removed from the card 50. In the case of a sticker, the conductor forming the conductive connection 52 is removed along with the sticker.
The severing of the conductive connection 52 may be irreversible, in the sense that the physical process by which it is carried out cannot be undone. This is the case for example where the conductive connection 52 is formed by a metal film, which cannot be reconstituted once it has been scratched away.
According to whether the conductive connection 52 is severed or unsevered, the card 50 operates in one of two different modes:
a first mode in which supply of data from the data set through the contactless interface is enabled; and a second mode in which supply of data from the data set through the contactless interface is disabled.
This makes possible a variety of different security functions.
To address the problem referred to above of data being misappropriated during delivery of the card 50, it may be initially configured in the second mode, in which the data set cannot be read through the contactless interface. In such an embodiment the conductive connection 52 is initially unsevered and the card 50 is thereby maintained in the second mode, making harvesting of data during delivery impossible. To activate the card following its delivery the end user simply severs the conductive connection 52, placing the card in the first mode and so making it ready for use. Alternatively if the user does not intend to use the contactless interface 26, 28 then he/she may choose never to sever the conductive connection 52.
When the card 50 has been packaged for delivery (e.g. in an envelope), severing the conductive connection 52 necessarily entails opening the package to gain access to the card. The tampering with the package, and the absence of the conductive connection 52, would then be apparent to the end user upon delivery.
The card 50 may alternatively be maintained in the first mode while the conductive connection 52 is unsevered, and changed to the second mode by severing of the connection. This gives the end user a means of selectively disabling the delivery of the data set through the contactless interface 26, 28. In the case of a payment card, for example, the end user may choose to sever the conductive connection 52 to deactivate the contactless function, after which the card would not be capable of use in contactless transactions. The user might then rely on the card's Chip and Pin interface 14 and its magnetic strip 18.
The card may have more than one severable electrically conductive connection 52. Figures 6a and 6b depict an example. Here, the user is able to select one of several different limits on the value of transactions that can be made using the contactless interface. The card 50a depicted in these drawings has three separate conductive connections 52a, 52b, 52c, each corresponding to a different limit on transaction value. When the card 50a is delivered to the user, all three are intact as depicted in Figure 6a and the delivery of the data set through the contactless interface 26, 28 is disabled, making the card secure during its manufacture and delivery. The user must sever at least one of the conductive connections 52a, 52b, 52c to ready the card for use. By choosing which connection to sever, the user selects a value limit. In a simple case, severing of a given conductive connection 52a, 52b, 52c enables transactions up to a corresponding value limit. So severing first conductive connection 52a in this example enables transactions up to $100. Severing second conductive connection 52b enables transactions up to $500. Severing third conductive connection 52c enables transactions up to $1000. An alternative is that different permutations of severed and unsevered connections may represent different value limits. So for example severing two connections may enable transactions up to the sum of the values they represent. In Figure 6b the first and second conductive connections 52a, 52b have been severed and the value limit is the sum of the values they represent - i.e. $100 + $500 = $600.
In order to implement the variable limit on transaction value, the card 50a stores multiple data sets, delivery of which is selectively inhibited. In the simplest case, each of these data sets encodes a specific transaction value limit.
As to the manner in which the electrically conductive connection 52 controls the delivery of the data set through the contactless interface 26, 28, there are various possibilities. The conductive connection 52 may directly control supply of power to the card's electronics, e.g. being in series connection in a line through which power is supplied to drive the card's electronics, as depicted in Figure 7. The conductive connection 52 may instead apply a binary signal to an input of the processing unit 30, which controls output of the data set in dependence on this input - see Figure 8.
In other embodiments the electrical connection 52 may serve to short circuit elements of the antenna 26. It may for example be connected in parallel with the antenna 26 as depicted in Figure 9. Whilst 5 unsevered, the electrical connection 52 thus impairs the antenna's function. In particular it may alter the resonant frequency of the antenna, making the card 50 unresponsive to the interrogating field.
The above described embodiments serve as examples only of the manner in which the present invention can be implemented. Numerous possible variants and alternatives will be apparent to the skilled reader. In particular, while the embodiments described all take the form of cards, the invention 10 could be packaged in portable devices taking other forms including portable fobs to be carried e.g. on a lanyard.

Claims (13)

1. A portable device in the form of a contactless card or a data tag, the portable device comprising a memory for storing a data set, a contactless interface for supplying data from the memory to a remote reader, and an electrically conductive connection which is disposed on a surface of the portable device and which is severable by a user, the device having two modes of operation:
a first mode in which supply of data from the data set through the contactless interface is enabled; and a second mode in which supply of data from the data set through the contactless interface is disabled, and being configured to operate in one of the two modes of operation when the conductive connection is unsevered, and to operate in the other of the two modes of operation when the conductive connection is severed.
2. A portable device as claimed in claim 1 which is a payment card.
3. A portable device as claimed in claim 1 or claim 2 in which a conductor forming the conductive connection is removable from the card to sever the connection.
4. A portable device as claimed in any preceding claim in which severing of the conductive connection is irreversible.
5. A portable device as claimed in any preceding claim in which the electrically conductive connection comprises a conductive layer able to be scratched away by a user to sever the connection.
6. A portable device as claimed in claim 5 in which the conductive layer comprises a metal film.
7. A portable device as claimed in any preceding which is configured to operate in the second mode when the conductive connection is unsevered so that supply of the data set through the contactless interface is disabled until the conductive connection has been severed.
8. A portable device as claimed in any of claims 1 to 6 which is configured to operate in the second mode when the conductive connection is severed so that by severing the conductive connection a user is able to inhibit supply of the data set through the contactless interface.
9. A portable device as claimed in any preceding claim in which the conductive connection is configured to control supply of electrical power to the contactless interface.
10. A portable device as claimed in any preceding claim which is configured to be driven by power harvested from an electromagnetic field used to interrogate the device.
11. A portable device as claimed in any preceding claim in which the conductive connection is connected in series or in parallel with an antenna of the contactless interface.
5
12. A portable device as claimed in any preceding claim which comprises two or more conductive connections each severable by a user, and a processor configured to control supply of multiple data sets through the contactless interface in dependence on the states of the conductive connections.
13. A portable device as claimed in any preceding claim which is a payment card comprising two or more conductive connections each severable by a user, the card being configured to control a value 10 limit on financial transactions in dependence on the states of the conductive connections.
GB1802941.3A 2018-02-23 2018-02-23 Security of contactless cards and other tags Expired - Fee Related GB2571303B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
GB1802941.3A GB2571303B (en) 2018-02-23 2018-02-23 Security of contactless cards and other tags
EP19710470.6A EP3756136A1 (en) 2018-02-23 2019-02-21 Security measures in relation to data tags and contactless cards
US16/971,588 US20200387765A1 (en) 2018-02-23 2019-02-21 Security Measures in Relation to Data Tags and Contactless Cards
PCT/GB2019/050476 WO2019162674A1 (en) 2018-02-23 2019-02-21 Security measures in relation to data tags and contactless cards

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1802941.3A GB2571303B (en) 2018-02-23 2018-02-23 Security of contactless cards and other tags

Publications (3)

Publication Number Publication Date
GB201802941D0 GB201802941D0 (en) 2018-04-11
GB2571303A true GB2571303A (en) 2019-08-28
GB2571303B GB2571303B (en) 2020-09-02

Family

ID=61903299

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1802941.3A Expired - Fee Related GB2571303B (en) 2018-02-23 2018-02-23 Security of contactless cards and other tags

Country Status (1)

Country Link
GB (1) GB2571303B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1647920A1 (en) * 2003-07-17 2006-04-19 HONDA MOTOR CO., Ltd. Ic card and information storage/transmitter
JP2006209226A (en) * 2005-01-25 2006-08-10 Primotech:Kk Contactless ic card product
US20080011859A1 (en) * 2006-07-17 2008-01-17 Simon Phillips Method and apparatus for personalizing contactless card with switch
GB2455312A (en) * 2007-12-04 2009-06-10 Intellident Ltd Controllable rf id tag

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1647920A1 (en) * 2003-07-17 2006-04-19 HONDA MOTOR CO., Ltd. Ic card and information storage/transmitter
JP2006209226A (en) * 2005-01-25 2006-08-10 Primotech:Kk Contactless ic card product
US20080011859A1 (en) * 2006-07-17 2008-01-17 Simon Phillips Method and apparatus for personalizing contactless card with switch
GB2455312A (en) * 2007-12-04 2009-06-10 Intellident Ltd Controllable rf id tag

Also Published As

Publication number Publication date
GB201802941D0 (en) 2018-04-11
GB2571303B (en) 2020-09-02

Similar Documents

Publication Publication Date Title
Lacmanović et al. Contactless payment systems based on RFID technology
US11657384B2 (en) Apparatus and method for emulating transactional infrastructure with a digital transaction processing unit (DTPU)
US6021494A (en) Electronic micro identification circuit that is inherently bonded to someone or something
US9396467B2 (en) Transaction card with security code generator and the method of the same
JPWO2002086808A1 (en) Information protection system and information protection method
US7083085B1 (en) Verifying financial services card transactions using tags
WO2013039395A1 (en) Active matrix display smart card
US20190354986A1 (en) Dynamically generating verification values using electronic ink and power derived from external source
GB2522905A (en) Management of multiple identities in a transaction infrastructure
CN103164795A (en) Electronic trading and logistics system
KR20010009217A (en) A mobile station combined with payment apparatus and a method providing service for the same
CN104091263A (en) NFC (near field communication) payment method and system
US20200387765A1 (en) Security Measures in Relation to Data Tags and Contactless Cards
Wadii et al. Nfc technology for contactless payment echosystems
TW201800995A (en) Apparatus and method for communicating with a digital transaction processing unit (DTPU)
Qadeer et al. A novel scheme for mobile payment using RFID-enabled smart SIMcard
GB2571303A (en) Security of contactless cards and other tags
Farrell Smartcards become an international technology
US11010743B2 (en) Enabling card and method and system using the enabling card in a POS
US10628722B2 (en) Method and apparatus to enhance the security of contact-less cards
GB2571308A (en) Security of contactless cards
Kim et al. Smart cards: Status, issues, and US adoption
WO2015163771A1 (en) Payment systems
GB2571301A (en) Security of data tags
CN102054184A (en) System and method for realizing real-time transaction data information display of double-interface smart card

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20220223