System and methods for secure firmware validation
First Claim
1. A dynamic transaction card comprising:
- a EuroPay-MasterCard-Visa (EMV) processor storing existing firmware and version data associated with the existing firmware;
an EMV chip connectively coupled to the EMV processor;
a bootloader;
an input/output interface that receives an updated firmware program from a firmware provider system;
an applet comprising instructions that when executed, cause the EMV chip to perform a checksum validation; and
data storage storing a first checksum calculated using the stored firmware upon loading of the firmware,wherein the dynamic transaction card is configured to validate firmware on the dynamic transaction card by;
receiving, at the EMV processor, a trigger that triggers checksum validation via the applet;
reading, via the applet, the firmware to determine data comprising the first checksum;
calculating, using the EMV processor, a second checksum associated with the firmware;
comparing, using the EMV processor, the first checksum and the second checksum;
validating, in response to the EMV processor determining that the first checksum and the second checksum are equal, the updated firmware; and
wherein the dynamic transaction card is configured to delete at least a portion of data in the data storage and the EMV processor upon determining that the first checksum and the second checksum are not equal.
2 Assignments
0 Petitions
Accused Products
Abstract
An electronic device, such as a dynamic transaction card having an EMV chip, that acts as a TPM having a memory, an applet, and a cryptographic coprocessor performs secure firmware and/or software updates, and performs firmware and/or software validation for firmware and/or software that is stored on the electronic device. Validation may compare a calculated checksum with a checksum stored in EMV chip memory. If a checksum calculated for firmware and/or a software application matches a checksum stored in EMV chip memory of the transaction card, the transaction card may operate normally. If a checksum calculated for firmware and/or a software application does not match a checksum stored in EMV chip memory of the transaction card, the transaction card may freeze all capabilities, erase the memory of the transaction card, display data indicative of a fraudulent or inactive transaction card, and/or the like.
-
Citations
18 Claims
-
1. A dynamic transaction card comprising:
-
a EuroPay-MasterCard-Visa (EMV) processor storing existing firmware and version data associated with the existing firmware; an EMV chip connectively coupled to the EMV processor; a bootloader; an input/output interface that receives an updated firmware program from a firmware provider system; an applet comprising instructions that when executed, cause the EMV chip to perform a checksum validation; and data storage storing a first checksum calculated using the stored firmware upon loading of the firmware, wherein the dynamic transaction card is configured to validate firmware on the dynamic transaction card by; receiving, at the EMV processor, a trigger that triggers checksum validation via the applet; reading, via the applet, the firmware to determine data comprising the first checksum; calculating, using the EMV processor, a second checksum associated with the firmware; comparing, using the EMV processor, the first checksum and the second checksum; validating, in response to the EMV processor determining that the first checksum and the second checksum are equal, the updated firmware; and wherein the dynamic transaction card is configured to delete at least a portion of data in the data storage and the EMV processor upon determining that the first checksum and the second checksum are not equal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
wherein, in response to the validation of the updated firmware program, the bootloader loads the updated firmware on the dynamic transaction card and executes the updated firmware program, overwriting the existing firmware; and wherein, in response to the bootloader loading and executing the updated firmware program, the EMV processor stores the updated firmware program.
-
-
3. The dynamic transaction card of claim 1, wherein the EMV processor comprises a cryptographic coprocessor.
-
4. The dynamic transaction card of claim 1, wherein the updated firmware program is transmitted during and/or at the end of an EMV transaction.
-
5. The dynamic transaction card of claim 1, wherein the updated firmware program is transmitted via secure transaction tokens.
-
6. The dynamic transaction card of claim 1, wherein the updated firmware program comprises a cryptographic key to decrypt the updated firmware.
-
7. The dynamic transaction card of claim 1, wherein the updated firmware program comprises a checksum associated with the updated firmware.
-
8. The dynamic transaction card of claim 1, further comprising data storage for at least one from among cryptographic keys, checksums, and validation data associated with the firmware stored on the dynamic transaction card.
-
9. The dynamic transaction card of claim 1, wherein the EMV processor is further configured to, upon determining that the updated firmware validation failed, execute an erase script to erase at least a portion of memory of the dynamic transaction card and/or deactivate the card.
-
10. The dynamic transaction card of claim 1, further comprising at least one plastic jumper which connects electrical components of the dynamic transaction card, wherein the at least one plastic jumper is configured to at least partially dissolve in response to tampering with the dynamic transaction card.
-
11. The dynamic transaction card of claim 2, wherein the EMV processor is further configured to, upon determining that the updated firmware validation failed, transmit a notification to at least one from among the firmware provider system, a mobile device paired with the dynamic transaction card, and a third party system.
-
12. The dynamic transaction card of claim 2, wherein the EMV processor is further configured to, upon determining that the first checksum and the second checksum are not equal, execute an erase script to erase at least a portion of memory of the dynamic transaction card and/or deactivate the card.
-
13. The dynamic transaction card of claim 2, wherein the EMV processor is further configured to, upon determining that the first checksum and the second checksum are not equal, transmit a notification to at least one from among the firmware provider system, a mobile device paired with the dynamic transaction card, and a third party system.
-
14. The dynamic transaction card of claim 2, further comprising at least one plastic jumper which connects electrical components of the dynamic transaction card, wherein the at least one plastic jumper is configured to at least partially dissolve in response to tampering with the dynamic transaction card.
-
15. The dynamic transaction card of claim 2, wherein the cryptographic coprocessor comprises a random number generator, a key generator, a hash generator, and/or an encryption/decryption engine.
-
16. A firmware provider system, comprising a communication interface that transmits the updated firmware program to the dynamic transaction card of claim 1.
-
17. The firmware provider system of claim 16, wherein the communication interface transmits the updated firmware program to a point of sale terminal.
-
18. The dynamic transaction card of claim 1, wherein the dynamic transaction card is configured to delete at least a portion of data in the data storage and the EMV processor upon determining that the first checksum and the second checksum are not equal.
Specification