Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit
First Claim
1. A method to protect data stored in a secure data circuit of a telecommunication device equipped with a near-field communication (NFC) router, a microcontroller, and the secure data circuit, the method comprising:
- for all messages received with the NFC router, parsing each message to retrieve a communication pipe identifier and an instruction code;
comparing the communication pipe identifier and the instruction code to corresponding information in a filter table that is separate from a routing table of the NFC router; and
when the instruction code of a particular message is an instruction to modify a communication pipe associated with the retrieved communication pipe identifier by reassigning one end of the communication pipe associated with the retrieved communication pipe identifier from a port of the NFC router to a different circuit, blocking the particular message from reaching the secure data circuit when the instruction code is not authorized in the filter table and permitting passage of the particular message to the secure data circuit when the instruction code is authorized in the filter table,wherein comparing the communication pipe identifier and the instruction code to corresponding information in the filter table includes comparing a format of data of the particular message with authorized formats stored in the filter table.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and associated circuits protect data stored in a secure data circuit of a telecommunication device equipped with a near-field communication (NFC) router, a microcontroller, and the secure data circuit. In the method, each message received with the NFC router is parsed to retrieve a communication pipe identifier and an instruction code. The communication pipe identifier and the instruction code are compared to corresponding information in a filter table. Instruction codes of particular messages that attempt to modify a communication pipe by reassigning one end of the communication pipe from the port of the NFC router to a different circuit are acted upon. These messages are blocked from reaching the secure data circuit when the instruction code is not authorized in the filter table, and these messages are permitted when the instruction code is authorized in the filter table.
57 Citations
31 Claims
-
1. A method to protect data stored in a secure data circuit of a telecommunication device equipped with a near-field communication (NFC) router, a microcontroller, and the secure data circuit, the method comprising:
-
for all messages received with the NFC router, parsing each message to retrieve a communication pipe identifier and an instruction code; comparing the communication pipe identifier and the instruction code to corresponding information in a filter table that is separate from a routing table of the NFC router; and when the instruction code of a particular message is an instruction to modify a communication pipe associated with the retrieved communication pipe identifier by reassigning one end of the communication pipe associated with the retrieved communication pipe identifier from a port of the NFC router to a different circuit, blocking the particular message from reaching the secure data circuit when the instruction code is not authorized in the filter table and permitting passage of the particular message to the secure data circuit when the instruction code is authorized in the filter table, wherein comparing the communication pipe identifier and the instruction code to corresponding information in the filter table includes comparing a format of data of the particular message with authorized formats stored in the filter table. - View Dependent Claims (2, 3, 4)
-
-
5. A method to protect data stored in a secure data circuit of a telecommunication device equipped with a near-field communication (NFC) router, a microcontroller, and the secure data circuit, the method comprising:
-
for all messages received with the NFC router, parsing each message to retrieve a communication pipe identifier and an instruction code; comparing the communication pipe identifier and the instruction code to corresponding information in a filter table that is separate from a routing table of the NFC router; and when the instruction code of a particular message is an instruction to modify a communication pipe associated with the retrieved communication pipe identifier by reassigning one end of the communication pipe associated with the retrieved communication pipe identifier from a port of the NFC router to a different circuit, blocking the particular message from reaching the secure data circuit when the instruction code is not authorized in the filter table and permitting passage of the particular message to the secure data circuit when the instruction code is authorized in the filter table, wherein the NFC router includes a plurality of filter tables, each one of the plurality of filter tables associated with a different secure data circuit. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A device, comprising:
-
a secure data circuit; a microcontroller; and a contactless front-end (CLF) router communicatively arranged between the secure data circuit and the microcontroller, the device arranged to form a communication pipe between a port of the secure data circuit and a port of the CLF router, wherein the CLF router is configured to; receive a plurality of messages; parse the plurality of messages to retrieve a channel identifier of the communication pipe and an instruction code for each parsed message; and when a particular instruction code is an instruction to divert a particular communication pipe by reassigning one end of the particular communication pipe from the port of the CLF router to a different circuit, the CLF router is configured to compare the respective channel identifier and the respective instruction code to corresponding information in a filter table that is separate from a routing table of the CLF router, and based on the comparison, the CLF router is arranged to block the respective message from reaching the secure data circuit when the instruction code is not authorized in the filter table and the CLF router is arranged to permit passage of the respective message to the secure data circuit when the instruction code is authorized in the filter table, wherein comparison between the respective channel identifier and the respective instruction code to corresponding information in the filter table includes comparison between a format of the instruction code to authorized formats stored in the filter table. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A device, comprising:
-
a secure data circuit; a microcontroller; and a contactless front-end (CU) router communicatively arranged between the secure data circuit and the microcontroller, the device arranged to form a communication pipe between a port of the secure data circuit and a port of the CLF router, wherein the CLF router is configured to; receive a plurality of messages; parse the plurality of messages to retrieve a channel identifier of the communication pipe and an instruction code for each parsed message; and when a particular instruction code is an instruction to divert a particular communication pipe by reassigning one end of the particular communication pipe from the port of the CLF router to a different circuit, the CLF router is configured to compare the respective channel identifier and the respective instruction code to corresponding information in a filter table that is separate from a routing table of the CLF router and based on the comparison, the CLF router is arranged to block the respective message from reaching the secure data circuit when the instruction code is not authorized in the filter table and the CLF router is arranged to permit passage of the respective message to the secure data circuit when the instruction code is authorized in the filter table, wherein the CLF router is formed in at least one of a universal serial bus (USB) key, a bank teller terminal, and an adhesive device. - View Dependent Claims (16, 17, 18)
-
-
19. A device comprising:
-
a secure data circuit; a microcontroller; and a contactless front-end (CLF) router communicatively arranged between the secure data circuit and the microcontroller, the device arranged to form a communication pipe between a port of the secure data circuit and a port of the CLF router, wherein e CLF router is configured to; receive a plurality of messages; parse the plurality of messages to retrieve a channel identifier of the communication pipe and an instruction code for each parsed message; and when a particular instruction code is an instruction to divert a particular communication pipe by reassigning one end of the particular communication pipe from the port of the CLF router to a different circuit, the CLF router is configured to compare the respective channel identifier and the respective instruction code to corresponding information in a filter table that is separate from a routing table of the CLF router, and based on the comparison, the CLF router is arranged to block the respective message from reaching the secure data circuit when the instruction code is not authorized in the filter table and the CLF router is arranged to permit passage of the respective message to the secure data circuit when the instruction code is authorized in the filter table, wherein the CLF router includes memory that stores a plurality of filter tables, each one of the plurality of filter tables associated with a different secure data circuit. - View Dependent Claims (20, 21, 22)
-
-
23. A method performed in a device, comprising:
-
forming a communication pipe between a secure data circuit and a near-field communication (NFC) router; receiving a message with the NFC router; filtering the message by isolating an instruction code in the message and a channel identifier, wherein the instruction code is an instruction to modify the communication pipe by reassigning one end of the communication pipe from a port of the NFC router to a different circuit; and either blocking the message from reaching the secure data circuit when the channel identifier identifies the communication pipe and when the instruction code is not authorized to act on the communication pipe based at least in part on comparison of the instruction code with information in a filter table that is separate from a routing table of the NFC router, or passing the message toward the secure data circuit when the channel identifier identifies the communication pipe and when the instruction code is authorized to act on the communication pipe, wherein comparison between the instruction code with the information in the filter table includes comparison between a format of data of the message and authorized formats stored in the filter table. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
-
Specification