Server-enabled chip card interface tamper detection

US 10,438,189 B2
Filed: 02/22/2017
Issued: 10/08/2019
Est. Priority Date: 02/22/2017
Status: Active Grant

First Claim

Patent Images

1. A payment reader for exchanging payment information with a chip card and having circuitry to identify an attempt to tamper with a chip card interface of the payment reader, comprising:

a chip card interface comprising at least a voltage interface, a reset interface, a clock interface, an input/output interface, a ground interface, and a programming interface;

a plurality of chip card lines, comprising;

a voltage line coupled to the voltage interface;

a reset line coupled to the reset interface;

a clock line coupled to the clock interface;

an input/output line coupled to the input/output interface;

a ground line coupled to the ground interface; and

a programming line coupled to the programming interface; and

a communication interface;

a memory having instructions stored thereon;

a processing unit coupled to the chip card interface via the plurality of chip card lines, coupled to the communication interface, and coupled to the memory to execute instructions to;

apply a non-standard signal to one or more of the plurality of chip card lines;

measure a response value for the non-standard signal;

transmit the response value to a payment service system via the communication interface;

determine whether one or more local tamper criteria are satisfied based on the response value, wherein the one or more local tamper criteria are based on one or more communications received from the payment service system; and

identify a tamper attempt when the one or more local tamper criteria are satisfied.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A payment processing device can implement a monitoring system to detect for tamper attempts at a physical interface such as a chip card interface. The monitoring system can establish local tamper criteria including a baseline when no chip card is present in the chip card interface, or in some embodiments, when it is known that an authentic chip card is present in the slot. During subsequent evaluations of the chip card interface by the monitoring system, a response received by the monitoring system that deviates from the local test criteria can indicate that a tamper attempt at the chip card interface may have occurred. The payment processing device may also communicate test results to a server for further testing, or for an update of the local test criteria.

Citations

30 Claims

1. A payment reader for exchanging payment information with a chip card and having circuitry to identify an attempt to tamper with a chip card interface of the payment reader, comprising:
- a chip card interface comprising at least a voltage interface, a reset interface, a clock interface, an input/output interface, a ground interface, and a programming interface;
  
  a plurality of chip card lines, comprising;
  
  a voltage line coupled to the voltage interface;
  
  a reset line coupled to the reset interface;
  
  a clock line coupled to the clock interface;
  
  an input/output line coupled to the input/output interface;
  
  a ground line coupled to the ground interface; and
  
  a programming line coupled to the programming interface; and
  
  a communication interface;
  
  a memory having instructions stored thereon;
  
  a processing unit coupled to the chip card interface via the plurality of chip card lines, coupled to the communication interface, and coupled to the memory to execute instructions to;
  
  apply a non-standard signal to one or more of the plurality of chip card lines;
  
  measure a response value for the non-standard signal;
  
  transmit the response value to a payment service system via the communication interface;
  
  determine whether one or more local tamper criteria are satisfied based on the response value, wherein the one or more local tamper criteria are based on one or more communications received from the payment service system; and
  
  identify a tamper attempt when the one or more local tamper criteria are satisfied.
- View Dependent Claims (2, 3)
- - 2. The payment reader of claim 1, wherein the processor further executes the instructions to:
    - receive, via the communication interface, a tamper determination message, wherein the tamper determination message is generated by the payment service system based on the response value; and
      
      identify the tamper attempt based on the tamper determination message.
  - 3. The payment reader of claim 1, wherein the processor further executes the instructions to:
    - receive, via the communication interface, a local tamper criteria update message, wherein the local tamper criteria update message is generated by the payment service system based on response values received from a plurality of payment readers; and
      
      update the local tamper criteria based on the local tamper criteria update message.

4. A transaction device for exchanging information and having circuitry for detecting an attempt to tamper with a contact interface of the transaction device, comprising:
- a contact interface comprising a plurality of pins;
  
  a plurality of contact lines coupled to the pins of the contact interface;
  
  a communication interface;
  
  a memory having instructions stored thereon; and
  
  a processing unit coupled to the contact interface via the plurality of contact lines, to the communication interface, and to the memory to execute the instructions to;
  
  apply a non-standard signal to one or more of the plurality of contact lines;
  
  measure a response value for the non-standard signal;
  
  transmit the response value to a payment service system via the communication interface;
  
  determine whether one or more local tamper criteria are satisfied based on the response value; and
  
  identify a tamper attempt when the one or more local tamper criteria are satisfied.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
- - 5. The transaction device of claim 4, wherein the one or more local tamper criteria are based on one or more communications received from the payment service system.
  - 6. The transaction device of claim 4, wherein the processor further executes the instructions to:
    - receive, via the communication interface, a tamper determination message, wherein the tamper determination message is generated by the payment service system based on the response value; and
      
      identify the tamper attempt based on the tamper determination message.
  - 7. The transaction device of claim 4, wherein the local tamper criteria comprise one or more baseline values, and wherein the determination whether one or more local tamper criteria are satisfied based on the response value is based on a comparison of the response value to the one or more baseline values.
  - 8. The transaction device of claim 4, wherein the processor further executes the instructions to:
    - receive, via the communication interface, a local tamper criteria update message, wherein the local tamper criteria update message is generated by the payment service system based on response values received from a plurality of transaction devices; and
      
      update the local tamper criteria based on the local tamper criteria update message.
  - 9. The transaction device of claim 4, wherein the non-standard signal is a capacitance measurement signal and the response value is a capacitance value associated with the capacitance measurement signal.
  - 10. The transaction device of claim 4, wherein the non-standard signal is a time-domain reflection signal and the response value is a time delayed reflection value associated with the time-domain reflection signal.
  - 11. The transaction device of claim 4, wherein the non-standard signal is an audio signal and the response value is an acoustic reflection value associated with the audio signal.
  - 12. The transaction device of claim 4, wherein the non-standard signal is a modified UART signal and the response value is a data response associated with the modified UART signal.

13. A method of detecting an attempt to tamper with a contact interface of a transaction device, the method comprising:
- providing a monitoring system of the transaction device coupled to a contact interface, wherein the monitoring system and the contact interface are coupled to a processing unit of the transaction device;
  
  sending, with the monitoring system, a non-standard signal to one or more components of the contact interface;
  
  measuring, by the monitoring system, a response value for the non-standard signal;
  
  transmitting, via a communication interface of the transaction device, the response value to a payment service system;
  
  determining, by the processing unit, whether one or more local tamper criteria are satisfied based on the response value; and
  
  identifying a tamper attempt when the one or more local tamper criteria are satisfied.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method of claim 13, wherein the one or more local tamper criteria are based on one or more communications received from the payment service system.
  - 15. The method of claim 13, further comprising:
    - receiving, via the communication interface, a tamper determination message, wherein the tamper determination message is generated by the payment service system based on the response value; and
      
      identifying the tamper attempt based on the tamper determination message.
  - 16. The method of claim 13, wherein the local tamper criteria comprise one or more baseline values, and wherein determining whether one or more local tamper criteria are satisfied based on the response value comprises comparing the response value to the one or more baseline values.
  - 17. The method of claim 13, further comprising:
    - receiving, via the communication interface, a local tamper criteria update message, wherein the local tamper criteria update message is generated by the payment service system based on response values received from a plurality of transaction devices; and
      
      updating the local tamper criteria based on the local tamper criteria update message.
  - 18. The method of claim 13, wherein the non-standard signal is a capacitance measurement signal and the response value is a capacitance value associated with the capacitance measurement signal.
  - 19. The method of claim 13, wherein the non-standard signal is a time-domain reflection signal and the response value is a time delayed reflection value associated with the time-domain reflection signal.
  - 20. The method of claim 13, wherein the non-standard signal is an audio signal and the response value is an acoustic reflection value associated with the audio signal.
  - 21. The method of claim 13, wherein the non-standard signal is a modified UART signal and the response value is a data response associated with the modified UART signal.

22. A non-transitory computer-readable storage medium comprising instructions stored therein, which when executed by one or more processors of a transaction device, cause the one or more processors to perform operations comprising:
- sending, via a monitoring system of the transaction device coupled to a contact interface, a non-standard signal to one or more components of the contact interface;
  
  measuring, via the monitoring system, a response value for the non-standard signal;
  
  transmitting, via a communication interface of the transaction device, the response value to a payment service system;
  
  determining whether one or more local tamper criteria are satisfied based on the response value; and
  
  identifying a tamper attempt when the one or more local tamper criteria are satisfied.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The non-transitory computer-readable storage medium of claim 22, wherein the one or more local tamper criteria are based on one or more communications received from the payment service system.
  - 24. The non-transitory computer-readable storage medium of claim 22, wherein the instructions further comprise instructions that cause the one or more processors to perform operations comprising:
    - receiving, via the communication interface, a tamper determination message, wherein the tamper determination message is generated by the payment service system based on the response value; and
      
      identifying a tamper attempt based on the tamper determination message.
  - 25. The non-transitory computer-readable storage medium of claim 22, wherein the instructions further comprise instructions that cause the one or more processors to perform operations comprising:
    - receiving, via the communication interface, a local tamper criteria update message, wherein the local tamper criteria update message is generated by the payment service system based on response values received from a plurality of transaction devices; and
      
      updating the local tamper criteria based on the local tamper criteria update message.
  - 26. The non-transitory computer-readable storage medium of claim 22, wherein the local tamper criteria comprise one or more baseline values, and wherein determining whether one or more local tamper criteria are satisfied based on the response value comprises comparing the response value to the one or more baseline values.
  - 27. The non-transitory computer-readable storage medium of claim 22, wherein the non-standard signal is a capacitance measurement signal and the response value is a capacitance value associated with the capacitance measurement signal.
  - 28. The non-transitory computer-readable storage medium of claim 22, wherein the non-standard signal is a time-domain reflection signal and the response value is a time delayed reflection value associated with the time-domain reflection signal.
  - 29. The non-transitory computer-readable storage medium of claim 22, wherein the non-standard signal is an audio signal and the response value is an acoustic reflection value associated with the audio signal.
  - 30. The non-transitory computer-readable storage medium of claim 22, wherein the non-standard signal is a modified UART signal and the response value is a data response associated with the modified UART signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Block, Inc. (f/k/a Square, Inc.)
Original Assignee
Square Inc (Block, Inc. (f/k/a Square, Inc.))
Inventors
Rezayee, Afshin, Smith, Malcolm, Yang, Yue, Wade, Jeremy, Guise, Max, Sharifi, Kamran
Primary Examiner(s)
Johnson, Sonji N

Application Number

US15/439,708
Publication Number

US 20180240103A1
Time in Patent Office

958 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G07F 19/2055   Anti-skimming aspects at ATMs

G07F 7/0813   Specific details related to...

G07F 7/0833   Card having specific functi...

G07F 7/0873   Details of the card reader

G07F 7/122   Online card verification

H04K 2203/20   for contactless carriers, e...

H04K 3/00   Jamming of communication; C...

H04K 3/822   by detecting the presence o...

H04K 3/825   by jamming

H04K 3/827   using characteristics of ta...

Server-enabled chip card interface tamper detection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Server-enabled chip card interface tamper detection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links