Method to detect man-in-the-middle (MITM) or relay attacks

US 20090168997A1
Filed: 12/27/2007
Published: 07/02/2009
Est. Priority Date: 12/27/2007
Status: Active Grant

First Claim

Patent Images

1. A method for detecting a communication relay attack comprising the steps of:

establishing a communication link between a data transmitting device and a data receiving device;

transmitting a clock signal from said data receiving device to said data transmitting device for synchronizing data communication between said data transmitting device and said data receiving device;

transmitting data from said data transmitting device to said data receiving device, said data having a first predefined element and a second predefined element;

counting a number of clock cycles occurring in said clock signal between transmission of said first predetermined element of said data and transmission of said second predefined element of said data with said data transmission device;

counting a number of clock cycles occurring in said clock signal between receipt of said first predefined element of said data and receipt of said second predefined element of said data with said data receiving device; and

comparing said number of clock cycles counted by said data transmission device with said number of clock cycles counted by said data receiving device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for detecting a communication relay attack involves the steps of counting a number of clock cycles occurring in a clock signal between transmission of two predetermined elements of data with a data transmission device, counting a number of clock cycles occurring in the clock signal between receipt of the two predefined elements of data and comparing the number of clock cycles counted by the data transmission device with the number of clock cycles counted by the data receiving device.

Citations

20 Claims

1. A method for detecting a communication relay attack comprising the steps of:
- establishing a communication link between a data transmitting device and a data receiving device;
  
  transmitting a clock signal from said data receiving device to said data transmitting device for synchronizing data communication between said data transmitting device and said data receiving device;
  
  transmitting data from said data transmitting device to said data receiving device, said data having a first predefined element and a second predefined element;
  
  counting a number of clock cycles occurring in said clock signal between transmission of said first predetermined element of said data and transmission of said second predefined element of said data with said data transmission device;
  
  counting a number of clock cycles occurring in said clock signal between receipt of said first predefined element of said data and receipt of said second predefined element of said data with said data receiving device; and
  
  comparing said number of clock cycles counted by said data transmission device with said number of clock cycles counted by said data receiving device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as defined in claim 1, wherein said data transmitting device is a smart card.
  - 3. A method as defined in claim 1, wherein said data transmitting device is a mobile phone.
  - 4. A method as defined in claim 1, wherein said data transmitting device is a personal digital assistant (PDA).
  - 5. A method as defined in claim 1, wherein said communication link is wireless.
  - 6. A method as defined in claim 1, wherein said data receiving device is a payment terminal.
  - 7. A method as defined in claim 1, further comprising the steps of:
    - enciphering said number of clock cycles counted by said data receiving device; and
      
      transmitting said enciphered number to said data transmitting device, wherein said data transmitting device compares said received enciphered number with said number of clock cycles counted by said data transmitting device.
  - 8. A method as defined in claim 1, further comprising the steps of:
    - enciphering said number of clock cycles counted by said data transmitting device; and
      
      transmitting said enciphered number to said data receiving device, wherein said data receiving device compares said received enciphered number with said number of clock cycles counted by said data receiving device.
  - 9. A method as defined in claim 1, wherein said first and second predefined elements of said data are encrypted.
  - 10. A method as defined in claim 1, wherein said clock signal and said data are transmitted over separate channels.
  - 11. A method as defined in claim 1, wherein said first and second predefined elements are uniquely defined by said data transmitting device upon establishing said communication link.
  - 12. A method as defined in claim 1, wherein said first and second predefined elements are preset before establishing said communication link.
  - 13. A method as defined in claim 1, wherein said transmitted data includes an instruction for the data receiving device to reset a counter thereof.
  - 14. A method as defined in claim 1, wherein said first predefined element of said data includes an instruction for said data receiving device to start counting said clock cycles and said second predefined element of said data includes an instruction for said data receiving device to stop counting said clock cycles.

15. A system for detecting a communication relay attack comprising:
- a data transmitting device for transmitting data having a first predefined element and a second predefined element, said data transmitting device including a clock counter for counting a number of clock cycles occurring in a clock signal between transmission of said first predefined element of said data and said second predefined element of said data; and
  
  a data receiving device for receiving said data from said data transmitting device and including a clock for transmitting a clock signal to said data transmitting device and a clock counter for counting a number of clock cycles occurring in said clock signal between receipt of said first predefined element of said data and receipt of said second predefined element of said data,wherein at least one of said data transmitting device and said data receiving device further includes a comparator for comparing a number of clock cycles counted by said data transmitting device with a number of clock cycles counted by said data receiving device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A system as defined in claim 15, wherein said data transmitting device is a smart card.
  - 17. A system as defined in claim 15, wherein said data transmitting device is a mobile phone.
  - 18. A system as defined in claim 15, wherein said data transmitting device is a personal digital assistant (PDA).
  - 19. A system as defined in claim 15, wherein said data transmitting device and said data receiving device are adapted for wireless communication therebetween.
  - 20. A system as defined in claim 15, wherein said data receiving device is a payment terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Blythe, Simon

Granted Patent

US 8,117,449 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/34
CPC Class Codes

H04L 63/1466 Active attacks involving in...

Method to detect man-in-the-middle (MITM) or relay attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method to detect man-in-the-middle (MITM) or relay attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links