WO2016209343A1 - Secured credential aggregator - Google Patents

Secured credential aggregator Download PDF

Info

Publication number
WO2016209343A1
WO2016209343A1 PCT/US2016/028559 US2016028559W WO2016209343A1 WO 2016209343 A1 WO2016209343 A1 WO 2016209343A1 US 2016028559 W US2016028559 W US 2016028559W WO 2016209343 A1 WO2016209343 A1 WO 2016209343A1
Authority
WO
WIPO (PCT)
Prior art keywords
secured
credential
credentials
display
secured credentials
Prior art date
Application number
PCT/US2016/028559
Other languages
French (fr)
Inventor
Patrick Koeberl
Nikhil Deshpande
Anand Rajan
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to EP16814850.0A priority Critical patent/EP3314810A4/en
Priority to CN201680030495.XA priority patent/CN107660292A/en
Publication of WO2016209343A1 publication Critical patent/WO2016209343A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/227Payment schemes or models characterised in that multiple accounts are available, e.g. to the payer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3572Multiple accounts on card
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing

Definitions

  • This disclosure relates generally to secured credentials. Specifically, this disclosure relates to aggregating secured credentials onto a single device.
  • FIG. 1 is a block diagram of a system for aggregating secured credentials
  • FIG. 2 is a block diagram of an EMV card aggregation device
  • FIG. 3 is a process flow diagram of a method for aggregating multiple secured credentials on one device
  • Fig. 4 is a process flow diagram of a method for performing a cryptocurrency transaction with a secured credential aggregator; and [0008] Fig. 5 is a process flow diagram of a method for performing an EMV transaction with a secured credential aggregator.
  • EMV Europay, MasterCard® and Visa®
  • Chip and PIN describes the two-factor authentication model used to validate transactions, the two factors being something owned, and something known, i.e., the embedded chip on a smartcard, and the PIN.
  • EMV cards leverage smartcard technology, which embeds a secure computing device into the card.
  • known card aggregation devices are dependent on magnetic stripe technology. As the U.S. transitions to EMV to align with Europe and Asia, aggregation devices based on magnetic stripe technology will become obsolete.
  • Fig. 1 is a block diagram of a system 100 for aggregating secured credentials.
  • the system 100 includes a device 102, third parties 104, and a reader- writer 1 06.
  • the device 102 is a credit-card form factor device onto which multiple third parties 1 04 may securely provision their secured credentials using the reader- writer 106. Additionally, the device 102 may emulate the secured credential, for reading by the reader-writer 106.
  • the reader-writer 106 may communicate with the device 102 through a physical, or a wireless, connection.
  • the credentials stored on EMV-compliant cards are a specific type of third party secured credentials. These cards are issued by a third party, typically a financial institution. However, other institutions interested in security may also use secured credentials. For example, a corporate security department may issue secured credentials to enable secure logons in a corporate network. Thus, while the techniques of aggregating third-party secured credentials are discussed with respect to EMV-compliant cards, other types of third-party secured credentials may be aggregated as described herein.
  • the device 102 is EMV-compliant.
  • EMV-compliant card aggregation raises some challenges.
  • the smartcard technology on which EMV is deployed is inherently cloning resistant. These anti-cloning features pose a particular challenge for aggregating multiple EMV cards on a single device. It is not possible to simply use a magnetic card reader to read cards and store or replay the data on the device 102. Instead, the secured credential associated with each third party 104 is provisioned onto the device 1 02 with the cooperation of the third party 104.
  • Cryptocurrency is a digital currency, issued as tokens, where the medium of exchange uses cryptography to secure transactions.
  • Bitcoin is one well-known cryptocurrency, but other cryptocurrencies also exist.
  • the credential is not provisioned by a third party, but by the owner of the cryptocurrency.
  • Cryptocurrency tokens are typically secured in a digital wallet, or a digital vault. Provisioning cryptocurrency tokens onto the device 102 involves moving the tokens out of the digital wallet or vault.
  • the device 102 includes a processor 108, a memory 1 10, a user interface 1 12, a display 1 14, a credential interface 1 1 6, a power source 1 1 8, and physical security 120.
  • the processor 108 may be a set of circuits embedded into the device, such as with a smartcard.
  • the memory 1 10 may be storage elements, such as static random access memory (SRAM), and flash memory.
  • SRAM static random access memory
  • the memory includes secure, non-volatile storage for security critical parameters such as EMV credentials, cryptographic keys, or cryptocurrency.
  • the processor 1 08 executes instructions stored in, and accesses data stored in, the memory 1 10.
  • the memory 1 10 includes secured credentials 122 and a credential manager 124.
  • the secured credentials 122 of multiple card issuers are isolated from each other.
  • the credential manager 124 communicates with the third party 104 to obtain, and emulate, the secured credentials 122.
  • the user interface 1 12 enables a user to select one of the secured credentials 122 for emulation.
  • the user interface 1 12 is a button.
  • the credential manager 124 displays an image associated with one of the secured credentials 1 22, i.e., a credit card image.
  • each secured credential 122 may be scrolled in sequence on the display 1 14.
  • the display 1 14 enables the third party's brand, or other identifier, to be vibrantly displayed when their secured credential 122 is selected.
  • the reader-writer 106 communicates with the device 102 through the credential interface 1 16.
  • the credential interface 1 1 6 may be a contact, or contactless, interface.
  • a contact interface may include contact pads, such as on a smartcard.
  • a contactless interface may be a wireless interface, such as an antenna embedded in the device 102 for low energy wireless communication.
  • the power source 1 18 may be a battery, with a lifetime that is compliant to the IS07816 smart card standard.
  • the power source is a rechargeable lithium polymer battery.
  • the physical security 120 protects the card in ways that may help satisfy security requirements of the third parties 104, and the owner of the device 102. More specifically, the physical security 120 gives assurance that a credentials are stored securely on the device with negligible probability of compromise through non-invasive, semi-invasive and fully-invasive attacks on the device 102. Sophisticated hardware security measures may raise the difficulty of cloning attacks to uneconomic levels.
  • the physical security 120 may include anti-decapsulation detectors, defenses against clock and voltage glitch attacks, and fault-induction attacks, anti-probing defenses, glue logic layout, dummy logic, and side-channel mitigations. Anti-decapsulation detectors operate by changing the circuit behavior when attempts are made to remove the encapsulation material within which the device die is embedded.
  • Transistor junctions operating as photoelectric diodes are randomly placed within the overall device, and when activated by incident light, cause zeroing or overwriting of the data in non-volatile storage under active power or when power is next applied. Alternatively, other disabling functions may be used to render the device inoperative. Fault injection attacks based on clock manipulation may be mitigated by using an on-die Phase Locked Loop to detect clock glitches and stopped or slow clocks. Additionally, an on-die ring oscillator is used as a reference against which to detect overclocking of the device. Fault induction on the power supply network, for example, by voltage glitching, is mitigated by on-die voltage regulation which decouples the on-die power supply network from the external power source.
  • Fault inductions attacks are mitigated by ensuring single- or multi-bit flips in security critical regions of the circuit caused by thermal or electromagnetic incident radiation cannot affect a disabling or manipulation of security features or critical data. This is achieved by using multi-bit or redundant encoding schemes for control and data functions.
  • Anti-probing defenses protect against invasive attacks using a combination of dense metal routing stacks. Metal routing stacks are metal routings that vertically span the metal stack thus ensuring that circuit behavior is disabled as the attacker removes metal layers. Additionally, using fine metal linewidths for security critical features, and avoiding large metal structures that could act as probe points for the attacker can mitigate physical attacks.
  • a glue logic layout means that the circuitry for the processor 108 is laid out in a non-hierarchical, randomized way.
  • the dummy logic refers to dummy circuitry in the processor. This dummy circuitry serves as a decoy to attackers looking for vulnerabilities in the device 102.
  • Side- channel mitigations are clock- and data-randomization techniques which serve to obfuscate the power- and EM-signatures that the device emits when performing security functions. These mitigations are implemented at the micro-architectural level. Other side-channels such as timing- and cache-side channels are mitigated at the software level.
  • Fig. 2 is a block diagram of an EMV card aggregation device 200.
  • the EMV card aggregation device 200 is a credit-card form factor device which operates as an active smartcard, i.e., it is powered by battery 202, such as a lithium polymer battery.
  • the device allows multiple third parties 104 to securely provision their EMV credentials onto the device 200 through a wireless interface, such as wireless low energy (LE).
  • LE wireless low energy
  • the device 200 assumes the form factor of a standard dual-interface smartcard, includes the contact pads 204 for contact readers, and an embedded antenna 206 for contactless operation.
  • the embedded antenna 206 is a low energy wireless antenna.
  • the device 200 implements the IS014443 protocol used for smartcard contactless payment with the embedded antenna 206 and the antenna subsystem. Alternatively, other wireless connectivity standards capable of meeting the power budget may be used.
  • the antenna 206 provides wireless connectivity for device management, EMV credential provisioning, and proximity detection to other mobile devices for the same user.
  • the device 200 is an active smartcard, i.e., the device 200 includes its own power supply in the form of the battery 202.
  • the battery 202 provides power to the device when not inserted into a card reader.
  • the battery may be a non- rechargeable lithium polymer battery, or a rechargeable lithium polymer battery.
  • the rechargeable battery is recharged using smartcard contacts, wireless charging, and energy harvesting.
  • the card reader may be a contact reader or contactless, if the power budget permits.
  • the device 200 may include a DC switchover mechanism that allows the card to be powered from a card reader thus saving battery power when used in contact readers.
  • the device also includes a system on a chip (SoC) 208.
  • SoC system on a chip
  • the SoC 208 provides general compute capability for the device 200. Functions include hosting multiple emulated smartcards, and managing input-output (I/O).
  • I/O input-output
  • the SoC 208 has 5V tolerant I/O to meet the 5V electrical signaling requirements used by smartcards. Additional features provided by the SoC 208 are embedded SRAM and flash, or other non-volatile memory, and may include application-specific hardware peripherals such as, display driver circuitry and security accelerators.
  • the SoC 208 may also have a number of integrated features: 3DES (Triple Data Encryption Standard) symmetric and RSA (Rivest Shamir Adleman) asymmetric cryptographic hardware accelerators, and a biometric hardware accelerator.
  • the biometric hardware accelerator is used with a biometric sensor that provides strong user authentication preventing unauthorized users from using the card.
  • the SoC 208 may integrate lightweight isolated execution and memory protection to enable hardware-enforced separation of EMV application code and data.
  • the SoC 208 may integrate secure non-volatile storage for security critical parameters such as EMV credentials, cryptographic keys, or cryptocurrency tokens, and display driver circuitry for an organic, light-emitting diode (OLED) thin-film display 210.
  • the antenna subsystem is integrated into the SoC 208. Further, the wireless LE subsystem could also be integrated into the SoC 208.
  • the display 21 0 is a low-power, thin-film, color display that provides for device output to the user such as, displaying which EMV card is currently selected, and providing user feedback for device configuration.
  • the display 210 is a thin-film organic led (OLED) display.
  • the display driver circuitry may be a monolithic chip or integrated into the SoC 208.
  • the SoC 208 implements defenses against non-invasive, semi- invasive and fully-invasive attacks. These defenses include one or more anti- decapsulation detectors taking the form of a photo-diode. Should light be detected due to a decapsulation attempt, EMV credentials are actively wiped, or wiped on next power-up. Defenses also include an anti-probing top layer metal shield which, when compromised, initiates wiping of EMV credentials.
  • the SoC 208 also includes mitigations against software, timing, power and EM side channels. Additionally, defenses may include on-die voltage regulation used as a defense against power- side channel analysis. The physical design uses a non-hierarchical, randomized layout as a defense.
  • the physical design also employs dummy structures to increase the difficulty of reverse engineering. Additionally, fault induction attacks are mitigated by the device 1 02 by ensuring that no single point of failure can be exploited.
  • the device 200 also includes external flash memory 214.
  • the external flash memory 214 is used for bulk storage of non-critical data.
  • the smartcard issuer may provide bitmaps for display when their smartcard is selected. These bitmaps may be stored in the external flash memory 214.
  • This external flash memory 214 can also be used for encrypted storage where data is encrypted or decrypted by the SoC 208.
  • the device 200 includes a button 216.
  • the button 216 is used to cycle through the set of provisioned EMV cards stored on the device 200, and also to bring the device 200 out of sleep mode. In one embodiment, the button 216 also cycles through any other types of secured credentials stored on the device 200, such as cryptocurrencies.
  • the wireless low energy (WLE) unit 218 provides wireless connectivity to the device 102 for device management, EMV credential provisioning, and proximity detection to user mobile devices.
  • the WLE unit 218 is Bluetooth Low Energy (BLE).
  • BLE Bluetooth Low Energy
  • Other wireless connectivity standards capable of meeting the power budget may also be appropriate.
  • the WLE unit 218 could also be integrated into the SoC 208.
  • the biometric sensor 220 provides strong user authentication to prevent unauthorized users from using the device 200.
  • Fig. 3 is a process flow diagram of a method 300 for aggregating multiple secured credentials on one device.
  • the method 300 is performed by the credential manager 1 24, and begins at block 302 where a plurality of secured credentials is provisioned on the device 102.
  • the credentials may be provisioned by a third party, or by the user of the device 102.
  • the secured credentials are isolated from each other in memory.
  • a selected secured credential is emulated for a transaction.
  • the emulation is the same as would be provided by a smart card, for example. In the case of cryptocurrencies, a method of emulation is described with respect to Fig. 4.
  • Fig. 4 is a process flow diagram of a method 400 for performing a cryptocurrency transaction with a secured credential aggregator.
  • a cryptocurrency transaction is a financial transaction where the payment is made using a cryptocurrency.
  • the method 400 begins at block 402, where the cryptocurrency tokens are selected.
  • pushing a user interface, such as the button 216 cycles through the secured credentials stored on the card.
  • An image associated with each credential is shown on the display 21 0.
  • the user may indicate a selection with a double press of the button 216. Further presses of the button 216 in response to images shown on the display 210 allow the user to select the number of cryptocurrency tokens required.
  • the credential manager 1 24 instantiates an isolated execution environment.
  • the isolated execution environment provides hardware- underpinned security guarantees for the credentials 122 by ensuring that all code and data associated with the transaction cannot be accessed by other code in the system. In this way, any undetected security vulnerabilities in the system software are effectively contained.
  • the selected cryptocurrency tokens are fetched from nonvolatile storage.
  • the fetched cryptocurrency tokens are placed in volatile storage.
  • the credential manager 124 establishes an authenticated, secure channel with a reader-writer 106.
  • the authenticated, secure channel may be encrypted to prevent any eavesdropping.
  • the credential manager 124 transmits the selected cryptocurrency tokens over the secure channel.
  • the credential manager clears the selected cryptocurrency tokens from volatile and non-volatile storage.
  • Fig. 5 is a process flow diagram of a method 500 for performing an EMV transaction with a secured credential aggregator. The method begins at block 502, where the EMV card is selected. At block 504, the credential manager 1 24 instantiates an isolated execution environment.
  • the EMV credential for the selected EMV is fetched, along with a card state.
  • the card state encompasses all state associated with the selected card that is necessary to successfully resume emulation of the EMV card.
  • the card state provides persistent data to be used during the emulation.
  • a card state may be needed from the most previous use of the card. For example, the card state may provide a transaction count, or a timestamp of the last transaction.
  • the credential and card state are loaded into the isolated execution environment.
  • the isolated execution environment provides hardware- underpinned security guarantees for the credentials and card state by ensuring that all code and data associated with the transaction cannot be accessed by other code in the system. In this way, any undetected security vulnerabilities in the system software are effectively contained.
  • the credential manager 124 emulates the EMV protocol using the selected EMV credential and card state.
  • the credential manager 1 24 clears volatile storage. Additionally, the credential manager 124 writes the card state and selected credential back to non-volatile storage.
  • An example apparatus aggregates secured credentials.
  • the apparatus includes a processor and a memory.
  • the memory includes code causing the processor to provision a plurality of secured credentials on the apparatus. Additionally, the code causes the processor to isolate the secured credentials from each other in the memory. Further, the code causes the processor to emulate a selected secured credential from the secured credentials for a transaction.
  • An example apparatus includes a display and a user interface.
  • the user interface enables selection of the selected secured credential.
  • the user interface includes a button. Pressing the button when the apparatus is asleep wakes the apparatus. Subsequent button presses display a representation of each of the secured credentials.
  • An example apparatus includes a biometric sensor that prevents an unauthorized user from using the apparatus.
  • An example apparatus includes a credential interface.
  • the credential interface is used for provisioning the secured credentials, and emulating the selected secured credential.
  • the credential interface includes smartcard contacts.
  • the credential interface includes an embedded antenna.
  • An example apparatus of claim 1 includes a power source and a DC switchover mechanism.
  • the power source includes a rechargeable battery.
  • the DC switchover mechanism enables the apparatus to be powered from a card reader.
  • An example method aggregates secured credentials on an apparatus.
  • the method includes provisioning a plurality of secured credentials on the apparatus.
  • the method also includes isolating the secured credentials from each other in the memory. Further, the method includes emulating a selected secured credential from the secured credentials for a transaction.
  • the apparatus includes a display and a user interface.
  • the user interface enables selection of the selected secured credential.
  • the method includes waking the apparatus in response to a selection using the user interface.
  • the method additionally includes displaying a representation of each of the secured credentials in response to subsequent button presses.
  • An example method uses a biometric sensor to prevent an unauthorized user from using the apparatus.
  • the apparatus comprises a power source comprising a rechargeable battery.
  • the method also includes recharging the rechargeable battery using a DC switchover mechanism that enables the apparatus to be powered from a card reader.
  • the apparatus includes the DC switchover mechanism.
  • the apparatus comprises a display.
  • the method additionally includes displaying, on the display, an image associated with the selected secured credential in response to a user selection.
  • An example system aggregates secured credentials.
  • the system includes means to provision a plurality of secured credentials on the system.
  • the system also includes means to isolate the secured credentials from each other in the memory. Further, the system includes means to emulate a selected secured credential from the secured credentials for a transaction.
  • the system includes a display, and a user interface.
  • the user interface enables selection of the selected secured credential.
  • the user interface includes a button. Pressing the button when the system is asleep wakes the system. Subsequent button presses display a representation of each of the secured credentials.
  • An example system includes a biometric sensor that prevents an unauthorized user from using the system.
  • An example system includes a credential interface.
  • the credential interface is used for provisioning the secured credentials, and emulating the selected secured credential.
  • the credential interface includes smartcard contacts.
  • the credential interface includes an embedded antenna.
  • An example system includes a power source.
  • the power source is a rechargeable battery.
  • the example system includes a DC switchover mechanism that enables the system to be powered from a card reader.
  • An example computer-readable medium aggregates secured credentials on an apparatus.
  • the computer-readable medium includes code to direct a processor to provision a plurality of secured credentials on the apparatus.
  • the code directs the processor to isolate the secured credentials from each other in a memory of the apparatus. Additionally, the code directs the processor to emulate a selected secured credential from the secured credentials for a transaction.
  • the apparatus includes a display and a user interface.
  • the user interface enables selection of the selected secured credential.
  • the user interface includes a button. Pressing the button when the apparatus is asleep wakes the apparatus. Subsequent button presses display a representation of each of the secured credentials.
  • the apparatus includes a biometric sensor that prevents an unauthorized user from using the apparatus.
  • the apparatus includes a credential interface.
  • the credential interface is used for provisioning the secured credentials, and emulating the selected secured credential.
  • the credential interface includes smartcard contacts.
  • the credential interface includes an embedded antenna.
  • the apparatus includes a power source.
  • the power source includes a rechargeable battery.
  • the apparatus includes a DC switchover mechanism that enables the apparatus to be powered from a card reader.
  • the apparatus includes a processor and a memory.
  • the memory includes code causing the processor to provision a plurality of secured credentials on the apparatus.
  • the code causes the processor to isolate the secured credentials from each other in the memory.
  • the code causes the processor to emulate a selected secured credential from the secured credentials for a transaction.
  • apparatus includes a credential interface used for provisioning the secured credentials, and emulating the selected secured credential.
  • An example apparatus includes a display and a user interface.
  • the user interface enables selection of the selected secured credential.
  • the user interface includes a button. Pressing the button when the apparatus is asleep wakes the apparatus. Subsequent button presses display a representation of each of the secured credentials.
  • An example apparatus includes a biometric sensor that prevents an unauthorized user from using the apparatus.
  • the credential interface includes smartcard contacts.
  • the credential interface includes an embedded antenna.
  • An example apparatus includes a power source.
  • the power source includes a rechargeable battery.
  • the apparatus includes a DC switchover mechanism that enables the apparatus to be powered from a card reader.
  • each system shown in a figure the elements in some cases may each have a same reference number or a different reference number to suggest that the elements represented could be different and/or similar.
  • an element may be flexible enough to have different implementations and work with some or all of the systems shown or described herein.
  • the various elements shown in the figures may be the same or different. Which one is referred to as a first element and which is called a second element is arbitrary.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Storage Device Security (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

An apparatus for aggregating secured credentials is described herein. The apparatus includes a processor and a memory. The memory includes code causing the processor to provision a plurality of secured credentials on the apparatus. The code causes the processor to isolate the secured credentials from each other in the memory. The code also causes the processor to emulate a selected secured credential from the secured credentials for a transaction.

Description

SECURED CREDENTIAL AGGREGATOR
CROSS REFERENCE TO RELATED APPLICATION
[0001] The present application claims the benefit of the filing date of United States Patent Application No. 14/750,992, filed June 25, 201 5 by Patrick Koeberl, et al., which is incorporated herein by reference.
TECHNICAL FIELD
[0002] This disclosure relates generally to secured credentials. Specifically, this disclosure relates to aggregating secured credentials onto a single device.
BACKGROUND
[0003] Consumers today typically possess a number of credit, debit, gift, loyalty, and membership cards. This is inconvenient, and results in bulky wallets and purses. The majority of credit cards in the U.S. today are based on magnetic stripe technology, which is vulnerable to card cloning, or skimming. Skimming involves reading a card's stored data, and writing this data to another card. Although the ease with which a magnetic stripe can be cloned is a security liability, some companies have exploited this property to provide card aggregators that allow consumers to aggregate multiple magnetic swipe cards into a single credit card sized device. The underlying technology is magnetic stripe emulation which allows the device to replay a number of pre-stored magnetic stripes.
BRIEF DESCRIPTION OF THE DRAWINGS
[0004] Fig. 1 is a block diagram of a system for aggregating secured credentials;
[0005] Fig. 2 is a block diagram of an EMV card aggregation device;
[0006] Fig. 3 is a process flow diagram of a method for aggregating multiple secured credentials on one device;
[0007] Fig. 4 is a process flow diagram of a method for performing a cryptocurrency transaction with a secured credential aggregator; and [0008] Fig. 5 is a process flow diagram of a method for performing an EMV transaction with a secured credential aggregator.
[0009] In some cases, the same numbers are used throughout the disclosure and the figures to reference like components and features. Numbers in the 1 00 series refer to features originally found in Fig. 1 ; numbers in the 200 series refer to features originally found in Fig. 2; and so on.
DESCRIPTION OF THE EMBODIMENTS
[0010] In the following description, numerous specific details are set forth, such as examples of specific types of processors and system configurations, specific hardware structures, specific architectural and micro architectural details, specific register configurations, specific instruction types, specific system components, specific measurements/heights, specific processor pipeline stages and operation etc. in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that these specific details need not be employed to practice the present invention. In other instances, well known components or methods, such as specific and alternative processor architectures, specific logic circuits/code for described algorithms, specific firmware code, specific interconnect operation, specific logic configurations, specific manufacturing techniques and materials, specific compiler implementations, specific expression of algorithms in code, specific power down and gating techniques/logic and other specific operational details of the computer system haven't been described in detail in order to avoid unnecessarily obscuring the present invention.
[0011] Although the following embodiments may be described with reference to energy conservation and energy efficiency in specific integrated circuits, such as in computing platforms or microprocessors, other embodiments are applicable to other types of integrated circuits and logic devices. Similar techniques and teachings of embodiments described herein may be applied to other types of circuits or semiconductor devices that may also benefit from better energy efficiency and energy conservation. Moreover, the methods and systems described herein are not limited to physical computing devices, but may also relate to software optimizations for energy conservation and efficiency. As will become readily apparent in the description below, the embodiments of methods, apparatus', and systems described herein (whether in reference to hardware, firmware, software, or a combination thereof) are vital to a 'green technology' future balanced with performance considerations.
[0012] As a response to the problem of skimming, the credit card and banking industry in Europe and Asia deployed EMV (Europay MasterCard® and Visa®) in the mid 2000's. This was launched as, "Chip and PIN," which describes the two-factor authentication model used to validate transactions, the two factors being something owned, and something known, i.e., the embedded chip on a smartcard, and the PIN. EMV cards leverage smartcard technology, which embeds a secure computing device into the card. However, known card aggregation devices are dependent on magnetic stripe technology. As the U.S. transitions to EMV to align with Europe and Asia, aggregation devices based on magnetic stripe technology will become obsolete.
[0013] Fig. 1 is a block diagram of a system 100 for aggregating secured credentials. The system 100 includes a device 102, third parties 104, and a reader- writer 1 06. The device 102 is a credit-card form factor device onto which multiple third parties 1 04 may securely provision their secured credentials using the reader- writer 106. Additionally, the device 102 may emulate the secured credential, for reading by the reader-writer 106. The reader-writer 106 may communicate with the device 102 through a physical, or a wireless, connection.
[0014] The credentials stored on EMV-compliant cards are a specific type of third party secured credentials. These cards are issued by a third party, typically a financial institution. However, other institutions interested in security may also use secured credentials. For example, a corporate security department may issue secured credentials to enable secure logons in a corporate network. Thus, while the techniques of aggregating third-party secured credentials are discussed with respect to EMV-compliant cards, other types of third-party secured credentials may be aggregated as described herein.
[0015] In one embodiment, the device 102 is EMV-compliant. EMV-compliant card aggregation raises some challenges. The smartcard technology on which EMV is deployed is inherently cloning resistant. These anti-cloning features pose a particular challenge for aggregating multiple EMV cards on a single device. It is not possible to simply use a magnetic card reader to read cards and store or replay the data on the device 102. Instead, the secured credential associated with each third party 104 is provisioned onto the device 1 02 with the cooperation of the third party 104.
[0016] It is also possible to use the device 102 to aggregate cryptocurrency. Cryptocurrency is a digital currency, issued as tokens, where the medium of exchange uses cryptography to secure transactions. Bitcoin is one well-known cryptocurrency, but other cryptocurrencies also exist. With regard to cryptocurrencies, the credential is not provisioned by a third party, but by the owner of the cryptocurrency. Cryptocurrency tokens are typically secured in a digital wallet, or a digital vault. Provisioning cryptocurrency tokens onto the device 102 involves moving the tokens out of the digital wallet or vault.
[0017] The device 102 includes a processor 108, a memory 1 10, a user interface 1 12, a display 1 14, a credential interface 1 1 6, a power source 1 1 8, and physical security 120. The processor 108 may be a set of circuits embedded into the device, such as with a smartcard. The memory 1 10 may be storage elements, such as static random access memory (SRAM), and flash memory. The memory includes secure, non-volatile storage for security critical parameters such as EMV credentials, cryptographic keys, or cryptocurrency. The processor 1 08 executes instructions stored in, and accesses data stored in, the memory 1 10.
[0018] The memory 1 10 includes secured credentials 122 and a credential manager 124. In the memory 1 10, the secured credentials 122 of multiple card issuers are isolated from each other. The credential manager 124 communicates with the third party 104 to obtain, and emulate, the secured credentials 122.
[0019] The user interface 1 12 enables a user to select one of the secured credentials 122 for emulation. In one embodiment, the user interface 1 12 is a button. In response to a button press, the credential manager 124 displays an image associated with one of the secured credentials 1 22, i.e., a credit card image. By repeatedly pressing the button, each secured credential 122 may be scrolled in sequence on the display 1 14. The display 1 14 enables the third party's brand, or other identifier, to be vibrantly displayed when their secured credential 122 is selected.
[0020] The reader-writer 106 communicates with the device 102 through the credential interface 1 16. The credential interface 1 1 6 may be a contact, or contactless, interface. A contact interface may include contact pads, such as on a smartcard. A contactless interface may be a wireless interface, such as an antenna embedded in the device 102 for low energy wireless communication.
[0021] The power source 1 18 may be a battery, with a lifetime that is compliant to the IS07816 smart card standard. In one embodiment, the power source is a rechargeable lithium polymer battery.
[0022] The physical security 120 protects the card in ways that may help satisfy security requirements of the third parties 104, and the owner of the device 102. More specifically, the physical security 120 gives assurance that a credentials are stored securely on the device with negligible probability of compromise through non-invasive, semi-invasive and fully-invasive attacks on the device 102. Sophisticated hardware security measures may raise the difficulty of cloning attacks to uneconomic levels. The physical security 120 may include anti-decapsulation detectors, defenses against clock and voltage glitch attacks, and fault-induction attacks, anti-probing defenses, glue logic layout, dummy logic, and side-channel mitigations. Anti-decapsulation detectors operate by changing the circuit behavior when attempts are made to remove the encapsulation material within which the device die is embedded. Transistor junctions operating as photoelectric diodes are randomly placed within the overall device, and when activated by incident light, cause zeroing or overwriting of the data in non-volatile storage under active power or when power is next applied. Alternatively, other disabling functions may be used to render the device inoperative. Fault injection attacks based on clock manipulation may be mitigated by using an on-die Phase Locked Loop to detect clock glitches and stopped or slow clocks. Additionally, an on-die ring oscillator is used as a reference against which to detect overclocking of the device. Fault induction on the power supply network, for example, by voltage glitching, is mitigated by on-die voltage regulation which decouples the on-die power supply network from the external power source. Fault inductions attacks are mitigated by ensuring single- or multi-bit flips in security critical regions of the circuit caused by thermal or electromagnetic incident radiation cannot affect a disabling or manipulation of security features or critical data. This is achieved by using multi-bit or redundant encoding schemes for control and data functions. Anti-probing defenses protect against invasive attacks using a combination of dense metal routing stacks. Metal routing stacks are metal routings that vertically span the metal stack thus ensuring that circuit behavior is disabled as the attacker removes metal layers. Additionally, using fine metal linewidths for security critical features, and avoiding large metal structures that could act as probe points for the attacker can mitigate physical attacks. A glue logic layout means that the circuitry for the processor 108 is laid out in a non-hierarchical, randomized way. This increases the difficulty for attackers to map device functions to areas on the die, knowledge which could better inform an invasive- or semi-invasive attack strategy. The dummy logic refers to dummy circuitry in the processor. This dummy circuitry serves as a decoy to attackers looking for vulnerabilities in the device 102. Side- channel mitigations are clock- and data-randomization techniques which serve to obfuscate the power- and EM-signatures that the device emits when performing security functions. These mitigations are implemented at the micro-architectural level. Other side-channels such as timing- and cache-side channels are mitigated at the software level.
[0023] Once provisioned, the user can select the desired credential by cycling through the secured credentials 1 22 using the interface 1 1 6. A thin-film display such as a flexible OLED display provides visual feedback as to the currently selected credential. The display 1 14 allows card issuers, or other third parties 104, to ensure that the appropriate branding is clearly visible, and provides for display of other data such as, account number (or some subset of the number), expiration dates, signature, photo of the credential owner, or other information. In addition, the device 102 may also be used as a secure storage device, or wallet, for cryptocurrency tokens. [0024] Fig. 2 is a block diagram of an EMV card aggregation device 200. The EMV card aggregation device 200 is a credit-card form factor device which operates as an active smartcard, i.e., it is powered by battery 202, such as a lithium polymer battery. The device allows multiple third parties 104 to securely provision their EMV credentials onto the device 200 through a wireless interface, such as wireless low energy (LE).
[0025] The device 200 assumes the form factor of a standard dual-interface smartcard, includes the contact pads 204 for contact readers, and an embedded antenna 206 for contactless operation. In one embodiment, the embedded antenna 206 is a low energy wireless antenna. The device 200 implements the IS014443 protocol used for smartcard contactless payment with the embedded antenna 206 and the antenna subsystem. Alternatively, other wireless connectivity standards capable of meeting the power budget may be used. The antenna 206 provides wireless connectivity for device management, EMV credential provisioning, and proximity detection to other mobile devices for the same user.
[0026] The device 200 is an active smartcard, i.e., the device 200 includes its own power supply in the form of the battery 202. The battery 202 provides power to the device when not inserted into a card reader. The battery may be a non- rechargeable lithium polymer battery, or a rechargeable lithium polymer battery. In one embodiment, the rechargeable battery is recharged using smartcard contacts, wireless charging, and energy harvesting. The card reader may be a contact reader or contactless, if the power budget permits. Additionally, the device 200 may include a DC switchover mechanism that allows the card to be powered from a card reader thus saving battery power when used in contact readers.
[0027] The device also includes a system on a chip (SoC) 208. The SoC 208 provides general compute capability for the device 200. Functions include hosting multiple emulated smartcards, and managing input-output (I/O). In one embodiment, the SoC 208 has 5V tolerant I/O to meet the 5V electrical signaling requirements used by smartcards. Additional features provided by the SoC 208 are embedded SRAM and flash, or other non-volatile memory, and may include application-specific hardware peripherals such as, display driver circuitry and security accelerators. [0028] The SoC 208 may also have a number of integrated features: 3DES (Triple Data Encryption Standard) symmetric and RSA (Rivest Shamir Adleman) asymmetric cryptographic hardware accelerators, and a biometric hardware accelerator. The biometric hardware accelerator is used with a biometric sensor that provides strong user authentication preventing unauthorized users from using the card. Additionally, the SoC 208 may integrate lightweight isolated execution and memory protection to enable hardware-enforced separation of EMV application code and data. Further, the SoC 208 may integrate secure non-volatile storage for security critical parameters such as EMV credentials, cryptographic keys, or cryptocurrency tokens, and display driver circuitry for an organic, light-emitting diode (OLED) thin-film display 210. In one embodiment, the antenna subsystem is integrated into the SoC 208. Further, the wireless LE subsystem could also be integrated into the SoC 208.
[0029] The display 21 0 is a low-power, thin-film, color display that provides for device output to the user such as, displaying which EMV card is currently selected, and providing user feedback for device configuration. In one embodiment, the display 210 is a thin-film organic led (OLED) display. The display driver circuitry may be a monolithic chip or integrated into the SoC 208.
[0030] Further, the SoC 208 implements defenses against non-invasive, semi- invasive and fully-invasive attacks. These defenses include one or more anti- decapsulation detectors taking the form of a photo-diode. Should light be detected due to a decapsulation attempt, EMV credentials are actively wiped, or wiped on next power-up. Defenses also include an anti-probing top layer metal shield which, when compromised, initiates wiping of EMV credentials. The SoC 208 also includes mitigations against software, timing, power and EM side channels. Additionally, defenses may include on-die voltage regulation used as a defense against power- side channel analysis. The physical design uses a non-hierarchical, randomized layout as a defense. The physical design also employs dummy structures to increase the difficulty of reverse engineering. Additionally, fault induction attacks are mitigated by the device 1 02 by ensuring that no single point of failure can be exploited. [0031] The device 200 also includes external flash memory 214. The external flash memory 214 is used for bulk storage of non-critical data. For example, the smartcard issuer may provide bitmaps for display when their smartcard is selected. These bitmaps may be stored in the external flash memory 214. This external flash memory 214 can also be used for encrypted storage where data is encrypted or decrypted by the SoC 208. Additionally, the device 200 includes a button 216. The button 216 is used to cycle through the set of provisioned EMV cards stored on the device 200, and also to bring the device 200 out of sleep mode. In one embodiment, the button 216 also cycles through any other types of secured credentials stored on the device 200, such as cryptocurrencies.
[0032] The wireless low energy (WLE) unit 218 provides wireless connectivity to the device 102 for device management, EMV credential provisioning, and proximity detection to user mobile devices. In one embodiment, the WLE unit 218 is Bluetooth Low Energy (BLE). Other wireless connectivity standards capable of meeting the power budget may also be appropriate. The WLE unit 218 could also be integrated into the SoC 208. The biometric sensor 220 provides strong user authentication to prevent unauthorized users from using the device 200.
[0033] Fig. 3 is a process flow diagram of a method 300 for aggregating multiple secured credentials on one device. The method 300 is performed by the credential manager 1 24, and begins at block 302 where a plurality of secured credentials is provisioned on the device 102. The credentials may be provisioned by a third party, or by the user of the device 102. At block 304, the secured credentials are isolated from each other in memory. At block 306, a selected secured credential is emulated for a transaction. The emulation is the same as would be provided by a smart card, for example. In the case of cryptocurrencies, a method of emulation is described with respect to Fig. 4.
[0034] Fig. 4 is a process flow diagram of a method 400 for performing a cryptocurrency transaction with a secured credential aggregator. A cryptocurrency transaction is a financial transaction where the payment is made using a cryptocurrency. The method 400 begins at block 402, where the cryptocurrency tokens are selected. In one embodiment, pushing a user interface, such as the button 216, cycles through the secured credentials stored on the card. An image associated with each credential is shown on the display 21 0. When the image associated with the cryptocurrency is displayed, the user may indicate a selection with a double press of the button 216. Further presses of the button 216 in response to images shown on the display 210 allow the user to select the number of cryptocurrency tokens required.
[0035] At block 404, the credential manager 1 24 instantiates an isolated execution environment. The isolated execution environment provides hardware- underpinned security guarantees for the credentials 122 by ensuring that all code and data associated with the transaction cannot be accessed by other code in the system. In this way, any undetected security vulnerabilities in the system software are effectively contained.
[0036] At block 406, the selected cryptocurrency tokens are fetched from nonvolatile storage. The fetched cryptocurrency tokens are placed in volatile storage.
[0037] At block 408, the credential manager 124 establishes an authenticated, secure channel with a reader-writer 106. The authenticated, secure channel may be encrypted to prevent any eavesdropping.
[0038] At block 41 0, the credential manager 124 transmits the selected cryptocurrency tokens over the secure channel. At block 412, the credential manager clears the selected cryptocurrency tokens from volatile and non-volatile storage.
[0039] Fig. 5 is a process flow diagram of a method 500 for performing an EMV transaction with a secured credential aggregator. The method begins at block 502, where the EMV card is selected. At block 504, the credential manager 1 24 instantiates an isolated execution environment.
[0040] At block 506, the EMV credential for the selected EMV is fetched, along with a card state. The card state encompasses all state associated with the selected card that is necessary to successfully resume emulation of the EMV card. The card state provides persistent data to be used during the emulation. In one embodiment, to correctly emulate the card, a card state may be needed from the most previous use of the card. For example, the card state may provide a transaction count, or a timestamp of the last transaction.
[0041] At block 508, the credential and card state are loaded into the isolated execution environment. The isolated execution environment provides hardware- underpinned security guarantees for the credentials and card state by ensuring that all code and data associated with the transaction cannot be accessed by other code in the system. In this way, any undetected security vulnerabilities in the system software are effectively contained.
[0042] At block 510, the credential manager 124 emulates the EMV protocol using the selected EMV credential and card state. At block 512, the credential manager 1 24 clears volatile storage. Additionally, the credential manager 124 writes the card state and selected credential back to non-volatile storage.
[0043] EXAMPLES
[0044] An example apparatus aggregates secured credentials. The apparatus includes a processor and a memory. The memory includes code causing the processor to provision a plurality of secured credentials on the apparatus. Additionally, the code causes the processor to isolate the secured credentials from each other in the memory. Further, the code causes the processor to emulate a selected secured credential from the secured credentials for a transaction.
[0045] An example apparatus includes a display and a user interface. The user interface enables selection of the selected secured credential. The user interface includes a button. Pressing the button when the apparatus is asleep wakes the apparatus. Subsequent button presses display a representation of each of the secured credentials.
[0046] An example apparatus includes a biometric sensor that prevents an unauthorized user from using the apparatus. An example apparatus includes a credential interface. The credential interface is used for provisioning the secured credentials, and emulating the selected secured credential. The credential interface includes smartcard contacts. The credential interface includes an embedded antenna. [0047] An example apparatus of claim 1 includes a power source and a DC switchover mechanism. The power source includes a rechargeable battery. The DC switchover mechanism enables the apparatus to be powered from a card reader.
[0048] An example method aggregates secured credentials on an apparatus. The method includes provisioning a plurality of secured credentials on the apparatus. The method also includes isolating the secured credentials from each other in the memory. Further, the method includes emulating a selected secured credential from the secured credentials for a transaction.
[0049] In an example method, the apparatus includes a display and a user interface. The user interface enables selection of the selected secured credential. The method includes waking the apparatus in response to a selection using the user interface. The method additionally includes displaying a representation of each of the secured credentials in response to subsequent button presses.
[0050] An example method uses a biometric sensor to prevent an unauthorized user from using the apparatus. In an example method, the apparatus comprises a power source comprising a rechargeable battery. The method also includes recharging the rechargeable battery using a DC switchover mechanism that enables the apparatus to be powered from a card reader. The apparatus includes the DC switchover mechanism.
[0051] In an example method, the apparatus comprises a display. The method additionally includes displaying, on the display, an image associated with the selected secured credential in response to a user selection.
[0052] An example system aggregates secured credentials. The system includes means to provision a plurality of secured credentials on the system. The system also includes means to isolate the secured credentials from each other in the memory. Further, the system includes means to emulate a selected secured credential from the secured credentials for a transaction.
[0053] Additionally, the system includes a display, and a user interface. The user interface enables selection of the selected secured credential. The user interface includes a button. Pressing the button when the system is asleep wakes the system. Subsequent button presses display a representation of each of the secured credentials.
[0054] An example system includes a biometric sensor that prevents an unauthorized user from using the system. An example system includes a credential interface. The credential interface is used for provisioning the secured credentials, and emulating the selected secured credential. The credential interface includes smartcard contacts. The credential interface includes an embedded antenna.
[0055] An example system includes a power source. The power source is a rechargeable battery. The example system includes a DC switchover mechanism that enables the system to be powered from a card reader.
[0056] An example computer-readable medium aggregates secured credentials on an apparatus. The computer-readable medium includes code to direct a processor to provision a plurality of secured credentials on the apparatus. The code directs the processor to isolate the secured credentials from each other in a memory of the apparatus. Additionally, the code directs the processor to emulate a selected secured credential from the secured credentials for a transaction.
[0057] In an example computer-readable medium, the apparatus includes a display and a user interface. The user interface enables selection of the selected secured credential. The user interface includes a button. Pressing the button when the apparatus is asleep wakes the apparatus. Subsequent button presses display a representation of each of the secured credentials.
[0058] In an example computer-readable medium, the apparatus includes a biometric sensor that prevents an unauthorized user from using the apparatus. The apparatus includes a credential interface. The credential interface is used for provisioning the secured credentials, and emulating the selected secured credential. The credential interface includes smartcard contacts. The credential interface includes an embedded antenna.
[0059] In an example computer-readable medium, the apparatus includes a power source. The power source includes a rechargeable battery. The apparatus includes a DC switchover mechanism that enables the apparatus to be powered from a card reader. [0060] In an example apparatus for aggregating secured credentials, the apparatus includes a processor and a memory. The memory includes code causing the processor to provision a plurality of secured credentials on the apparatus. The code causes the processor to isolate the secured credentials from each other in the memory. Additionally, the code causes the processor to emulate a selected secured credential from the secured credentials for a transaction. Further, apparatus includes a credential interface used for provisioning the secured credentials, and emulating the selected secured credential.
[0061] An example apparatus includes a display and a user interface. The user interface enables selection of the selected secured credential. The user interface includes a button. Pressing the button when the apparatus is asleep wakes the apparatus. Subsequent button presses display a representation of each of the secured credentials.
[0062] An example apparatus includes a biometric sensor that prevents an unauthorized user from using the apparatus. The credential interface includes smartcard contacts. The credential interface includes an embedded antenna.
[0063] An example apparatus includes a power source. The power source includes a rechargeable battery. The apparatus includes a DC switchover mechanism that enables the apparatus to be powered from a card reader.
[0064] Not all components, features, structures, characteristics, etc., described and illustrated herein need be included in a particular embodiment or embodiments. If the specification states a component, feature, structure, or characteristic "may", "might", "can" or "could" be included, for example, that particular component, feature, structure, or characteristic is not required to be included. If the specification or claim refers to "a" or "an" element, that does not mean there is only one of the element. If the specification or claims refer to "an additional" element, that does not preclude there being more than one of the additional element.
[0065] It is to be noted that, although some embodiments have been described in reference to particular implementations, other implementations are possible according to some embodiments. Additionally, the arrangement and/or order of circuit elements or other features illustrated in the drawings and/or described herein need not be arranged in the particular way illustrated and described. Many other arrangements are possible according to some embodiments.
[0066] In each system shown in a figure, the elements in some cases may each have a same reference number or a different reference number to suggest that the elements represented could be different and/or similar. However, an element may be flexible enough to have different implementations and work with some or all of the systems shown or described herein. The various elements shown in the figures may be the same or different. Which one is referred to as a first element and which is called a second element is arbitrary.
[0067] It is to be understood that specifics in the aforementioned examples may be used anywhere in one or more embodiments. For instance, all optional features of the computing device described above may also be implemented with respect to either of the methods or the computer-readable medium described herein. Furthermore, although flow diagrams and/or state diagrams may have been used herein to describe embodiments, the techniques are not limited to those diagrams or to corresponding descriptions herein. For example, the flow need not move through each illustrated box or state or in exactly the same order as illustrated and described herein.
[0068] The present techniques are not restricted to the particular details listed herein. Indeed, those skilled in the art having the benefit of this disclosure will appreciate that many other variations from the foregoing description and drawings may be made within the scope of the present techniques. Accordingly, it is the following claims including any amendments thereto that define the scope of the present techniques.

Claims

CLAIMS What is claimed is:
1 . An apparatus for aggregating secured credentials, the apparatus comprising:
a processor;
a memory comprising code causing the processor to:
provision a plurality of secured credentials on the apparatus;
isolate the secured credentials from each other in the memory; and emulate a selected secured credential from the secured credentials for a transaction.
2. The apparatus of claim 1 , comprising:
a display; and
a user interface that enables selection of the selected secured credential and the selected third party.
3. The apparatus of claim 2, wherein the user interface comprises a button, wherein pressing the button when the apparatus is asleep wakes the apparatus.
4. The apparatus of claim 3, wherein subsequent button presses display a representation of each of the secured credentials.
5. The apparatus of claims 1 -4, comprising a biometric sensor that prevents an unauthorized user from using the apparatus.
6. The apparatus of claims 1 -5, comprising a credential interface, wherein the credential interface is used for provisioning the secured credentials, and emulating the selected secured credential.
7. The apparatus of claim 6, wherein the credential interface comprises smartcard contacts.
8. The apparatus of claim 6, wherein the credential interface comprises an embedded antenna.
9. The apparatus of claims 1 -6, comprising a power source.
10. The apparatus of claim 9, comprising a DC switchover mechanism that enables the apparatus to be powered from a card reader, and the power source comprising a rechargeable battery.
1 1 . A method for aggregating secured credentials on an apparatus, the method comprising:
provisioning a plurality of secured credentials on the apparatus;
isolating the secured credentials from each other in the memory; and emulating a selected secured credential from the secured credentials for a transaction.
12. The method of claim 1 1 , the apparatus comprising:
a display; and
a user interface that enables selection of the selected secured credential and the selected third party.
13. The method of claim 12, comprising waking the apparatus in response to a selection using the user interface.
14. The method of claim 13, comprising displaying a representation of each of the secured credentials in response to subsequent button presses.
15. The method of claims 1 1 -14, comprising using a biometric sensor to prevent an unauthorized user from using the apparatus.
16. The method of claims 1 1 -1 5, wherein the apparatus comprises a power source comprising a rechargeable battery.
17. The method of claim 16, comprising recharging the rechargeable battery using a DC switchover mechanism that enables the apparatus to be powered from a card reader.
18. The method of claim 17, wherein the apparatus comprises the DC switchover mechanism.
19. The method of claims 1 1 -1 8, wherein the apparatus comprises a display.
20. The method of claim 19, comprising displaying, on the display, an image associated with the selected secured credential in response to a user selection.
21 . A system for aggregating secured credentials, the system comprising: means to provision a plurality of secured credentials on the system; means to isolate the secured credentials from each other in the
memory; and
means to emulate a selected secured credential from the secured
credentials for a transaction.
22. The system of claim 21 , comprising:
a display; and
a user interface that enables selection of the selected secured credential and the selected third party.
23. The system of claim 22, wherein the user interface comprises a button, wherein pressing the button when the system is asleep wakes the system.
24. The system of claim 23, wherein subsequent button presses display a representation of each of the secured credentials.
25. The system of claims 21 -24, comprising a biometric sensor that prevents an unauthorized user from using the system.
PCT/US2016/028559 2015-06-25 2016-04-21 Secured credential aggregator WO2016209343A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP16814850.0A EP3314810A4 (en) 2015-06-25 2016-04-21 Secured credential aggregator
CN201680030495.XA CN107660292A (en) 2015-06-25 2016-04-21 Protected voucher polymerizer

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/750,992 US20160379207A1 (en) 2015-06-25 2015-06-25 Secured credential aggregator
US14/750,992 2015-06-25

Publications (1)

Publication Number Publication Date
WO2016209343A1 true WO2016209343A1 (en) 2016-12-29

Family

ID=57586022

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/028559 WO2016209343A1 (en) 2015-06-25 2016-04-21 Secured credential aggregator

Country Status (5)

Country Link
US (1) US20160379207A1 (en)
EP (1) EP3314810A4 (en)
CN (1) CN107660292A (en)
TW (1) TWI726877B (en)
WO (1) WO2016209343A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200204991A1 (en) * 2018-12-21 2020-06-25 Micron Technology, Inc. Memory device and managed memory system with wireless debug communication port and methods for operating the same

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1560100A1 (en) * 2004-01-29 2005-08-03 Novell, Inc. Techniques for establishing and managing a distributed credential store
US20050188210A1 (en) * 2004-02-25 2005-08-25 Perlin Eric C. System and method facilitating secure credential management
US20080126260A1 (en) 2006-07-12 2008-05-29 Cox Mark A Point Of Sale Transaction Device With Magnetic Stripe Emulator And Biometric Authentication
US20100275259A1 (en) * 2003-06-16 2010-10-28 Uru Technology Incorporated Method and system for creating and operating biometrically enabled multi-purpose credential management devices
WO2011160203A2 (en) * 2010-06-21 2011-12-29 Mcalear James A Improved system, device and method for secure and convenient handling of key credential information
US20130030997A1 (en) 2010-03-02 2013-01-31 Spodak Douglas A Portable e-wallet and universal card
WO2013123079A1 (en) * 2012-02-13 2013-08-22 Xceedid Corporation Credential management system

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000025278A1 (en) * 1998-10-27 2000-05-04 Visa International Service Association Delegated management of smart card applications
US7716484B1 (en) * 2000-03-10 2010-05-11 Rsa Security Inc. System and method for increasing the security of encrypted secrets and authentication
CZ2005209A3 (en) * 2002-09-10 2005-12-14 Ivi Smart Technologies, Inc. Safe biometric verification of identity
WO2006039364A2 (en) * 2004-10-01 2006-04-13 Solidus Networks, Inc. D/B/A/ Pay By Touch System and method for electronic check verification over a network
US8601283B2 (en) * 2004-12-21 2013-12-03 Sandisk Technologies Inc. Method for versatile content control with partitioning
US8700729B2 (en) * 2005-01-21 2014-04-15 Robin Dua Method and apparatus for managing credentials through a wireless network
US20070043667A1 (en) * 2005-09-08 2007-02-22 Bahman Qawami Method for secure storage and delivery of media content
US7769395B2 (en) * 2006-06-20 2010-08-03 Seven Networks, Inc. Location-based operations and messaging
US20100138652A1 (en) * 2006-07-07 2010-06-03 Rotem Sela Content control method using certificate revocation lists
US20080034440A1 (en) * 2006-07-07 2008-02-07 Michael Holtzman Content Control System Using Versatile Control Structure
CA2667306A1 (en) * 2006-11-22 2008-12-04 Mark A. Cox Point 0f sale transaction device with magnetic stripe emulator and biometric authentication
JP5429952B2 (en) * 2008-03-05 2014-02-26 パナソニック株式会社 Electronic device, password deletion method and program
US8862872B2 (en) * 2008-09-12 2014-10-14 Qualcomm Incorporated Ticket-based spectrum authorization and access control
US20100078472A1 (en) * 2008-09-30 2010-04-01 Apple Inc. Group peer-to-peer financial transactions
US8213862B2 (en) * 2009-02-06 2012-07-03 Broadcom Corporation Headset charge via short-range RF communication
US8107927B2 (en) * 2009-06-18 2012-01-31 T-Mobile Usa, Inc. Dedicated memory partitions for users of a shared mobile device
EP2789137A4 (en) * 2011-12-06 2015-12-02 Seven Networks Inc A system of redundantly clustered machines to provide failover mechanisms for mobile traffic management and network resource conservation
US9292045B2 (en) * 2013-02-15 2016-03-22 Apple Inc. Apparatus and method for automatically activating a camera application based on detecting an intent to capture a photograph or a video
US9565181B2 (en) * 2013-03-28 2017-02-07 Wendell D. Brown Method and apparatus for automated password entry
US20150069126A1 (en) * 2013-09-09 2015-03-12 Omne Mobile Payments, Inc. Method and apparatus for enabling communication between two devices using magnetic field generator and magnetic field detector

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100275259A1 (en) * 2003-06-16 2010-10-28 Uru Technology Incorporated Method and system for creating and operating biometrically enabled multi-purpose credential management devices
EP1560100A1 (en) * 2004-01-29 2005-08-03 Novell, Inc. Techniques for establishing and managing a distributed credential store
US20050188210A1 (en) * 2004-02-25 2005-08-25 Perlin Eric C. System and method facilitating secure credential management
US20080126260A1 (en) 2006-07-12 2008-05-29 Cox Mark A Point Of Sale Transaction Device With Magnetic Stripe Emulator And Biometric Authentication
US20130030997A1 (en) 2010-03-02 2013-01-31 Spodak Douglas A Portable e-wallet and universal card
WO2011160203A2 (en) * 2010-06-21 2011-12-29 Mcalear James A Improved system, device and method for secure and convenient handling of key credential information
WO2013123079A1 (en) * 2012-02-13 2013-08-22 Xceedid Corporation Credential management system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3314810A4

Also Published As

Publication number Publication date
TW201706902A (en) 2017-02-16
US20160379207A1 (en) 2016-12-29
TWI726877B (en) 2021-05-11
CN107660292A (en) 2018-02-02
EP3314810A1 (en) 2018-05-02
EP3314810A4 (en) 2018-12-19

Similar Documents

Publication Publication Date Title
US20210117975A1 (en) Technical fallback infrastructure
ES2891366T3 (en) Wireless card reader with activation circuit
US9122964B2 (en) Batteryless stored value card with display
US8811959B2 (en) Bluetooth enabled credit card with a large data storage volume
US11321694B2 (en) Tamper detection using ITO touch screen traces
TW201248409A (en) Security architecture for using host memory in the design of a secure element
US9818004B1 (en) Anti-tamper circuit with internal local oscillator
JP2016509295A (en) A method for performing secure payment transactions and protecting cardholder data in a mobile device that allows the mobile device to function as a secure payment terminal
US20170364906A1 (en) Smart multi card, and method for issuing card data for smart multi card
ES2877522T3 (en) Method and system to improve the security of a transaction
CN205656721U (en) Based on intelligence POS safety circuit of android system
WO2017097042A1 (en) Secure chip, and nonvolatile storage control device and method for same
US9466057B2 (en) RF presentation instrument with sensor control
US11556917B2 (en) Authorizing a payment with a multi-function transaction card
KR20230002568A (en) Multi-Purpose Smart Card with User Trust Bonding
Akram et al. Trusted platform module for smart cards
CN205091758U (en) Card reader and CPU card transaction system
CN103530963B (en) Password safety protecting device and method of intelligent touch screen POS (point of sale) machine
US20160379207A1 (en) Secured credential aggregator
KR101680141B1 (en) Device with time limited use auto start application
US20150333903A1 (en) Method for Operating a Portable Data Carrier, and Such a Portable Data Carrier
Mahajan et al. Smart card: Turning point of technology
CN203057229U (en) POS cell phone having fingerprint identifying function
CN206402241U (en) ID authentication device based on intelligent terminal
KR100736379B1 (en) Smart card with one time password generation and display

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16814850

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE