CONTACTLESS SMARTCARD AUTHENTICATION

US 20100224682A1
Filed: 03/01/2010
Published: 09/09/2010
Est. Priority Date: 03/03/2009
Status: Active Grant

First Claim

Patent Images

1. A method of contactless smartcard authentication, comprising:

detecting the presence of a contactless smartcard at a card reader;

measuring an impulse response of the card reader to the presence of the contactless smartcard; and

authenticating the contactless smartcard based on the measured impulse response of the card reader.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for authenticating a contactless smartcard in a card processing system are disclosed. A card reader measures an impulse response associated with the contactless smartcard during outbound modulation of an RF carrier and compares measured impulse data to reference impulse data. The reference impulse data can be stored at the card reader or obtained from the contactless smartcard in an encrypted form. Optionally, the card reader issues one or more challenges to the contactless smartcard in connection with a card transaction and verifies a response to the one or more challenges using calibration data. The card reader can determine the card'"'"'s authenticity based on the impulse data, the response to one or more challenges, or a combination thereof.

50 Citations

View as Search Results

29 Claims

1. A method of contactless smartcard authentication, comprising:
- detecting the presence of a contactless smartcard at a card reader;
  
  measuring an impulse response of the card reader to the presence of the contactless smartcard; and
  
  authenticating the contactless smartcard based on the measured impulse response of the card reader.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - obtaining an identifier of the contactless smartcard at the card reader;
      
      determining an expected impulse response of the card reader based on the identifier;
      
      comparing the expected impulse with the measured impulse response of the card reader; and
      
      determining whether the contactless smartcard is authentic based on a result of comparing the impulse responses.
  - 3. The method of claim 2, further comprising obtaining expected impulse response data from a storage of the contactless smartcard.
  - 4. The method of claim 2, further comprising obtaining expected impulse response data from a storage of the card reader in response to detecting the presence of the contactless smartcard at the card reader.
  - 5. The method of claim 1, further comprising:
    - continuing a transaction with the contactless smartcard in response to determining that the contactless smartcard is authentic; and
      
      aborting the transaction with the contactless smartcard in response to determining that the contactless smartcard is not authentic.
  - 6. The method of claim 1, further comprising:
    - generating an alert if the contactless smartcard is not successfully authenticated to the card reader.
  - 7. The method of claim 2, wherein the expected impulse response of the card reader is associated with a predetermined separation distance between the card reader and the contactless smartcard.
  - 8. The method of claim 1, further comprising:
    - obtaining calibration data for the contactless smartcard;
      
      determining at least one challenge for the contactless smartcard based on the calibration data; and
      
      detecting a response of the contactless smartcard to the at least one challenge,wherein the contactless smartcard is authenticated based on a result of comparing the impulse responses and the response to the at least one challenge.
  - 9. The method of claim 8, wherein the calibration data comprises at least one of a timing variation, an amplitude variation, and a protocol variation relative to a communication protocol of the contactless smartcard.
  - 10. The method of claim 9, further comprising:
    - comparing an expected response based on the calibration data with the response of the contactless smartcard to the at least one challenge.

11. A card reader, comprising:
- a transmitter configured to modulate an RF carrier with a transmit data signal for communicating with a contactless smartcard;
  
  a receiver configured to detect receive data corresponding to a modulation of the RF carrier by the contactless smartcard;
  
  a processor configured to vary the transmit data signal in relation to standards of a communication protocol of the contactless smartcard in one or more challenges; and
  
  a memory configured to store calibration data relating to operating characteristics of the contactless smartcard,wherein the processor is configured to authenticate the contactless smartcard based on the calibration data and receive data associated with the one or more challenges.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 12. The card reader of claim 11, wherein the one or more challenges comprise at least one of varying a pulse timing of the transmit data signal in relation to the standards of the communication protocol of the contactless smartcard, varying a pulse spacing of the transmit data signal in relation to the standards of the communication protocol of the contactless smartcard, and varying a modulation depth of the transmit data signal in relation to the standards of the communication protocol of the contactless smartcard.
  - 13. The card reader of claim 11, wherein the processor is configured to add a noise signal to modulation of the RF carrier in connection with the one or more challenges.
  - 14. The card reader of claim 11, wherein the processor is configured to obtain the calibration data from the contactless smartcard.
  - 15. The card reader of claim 11, wherein the processor is configured to detect an identifier of the contactless smartcard in the receive data and to obtain the calibration data from a non-volatile storage of the card reader based on the identifier.
  - 16. The card reader of claim 15, wherein the memory is configured to store a hot-list and the processor updates the hot-list with the identifier of the contactless smartcard when the contactless smartcard is not successfully authenticated.
  - 17. The card reader of claim 11, wherein the processor is configured to determine an impulse response of the card reader to the contactless smartcard.
  - 18. The card reader of claim 17, wherein the memory is configured to store an expected impulse response for the contactless smartcard and the processor is configured to compare the impulse response of the card reader to the expected impulse response in connection with authenticating the contactless smartcard.
  - 19. The card reader of claim 11, wherein the processor is configured to generate an alert when the contactless smartcard is not successfully authenticated.
  - 20. The card reader of claim 11, wherein the processor is configured to abort a transaction with the contactless smartcard when the contactless smartcard is not successfully authenticated.
  - 21. The card reader of claim 11, wherein the processor is configured to select the one or more challenges in a random fashion.
  - 22. The card reader of claim 11, wherein the calibration data corresponds to a group of contactless smartcards having similar operating characteristics.
  - 23. The card reader of claim 11, wherein the calibration data comprises a plurality of entries each with calibration data for a different contactless smartcard.

24. A method of contactless smartcard authentication, comprising:
- detecting a contactless smartcard at a card reader;
  
  obtaining an identifier of the contactless smartcard;
  
  determining one or more challenges for the contactless smartcard based on the identifier;
  
  varying a transmit signal in relation to standards of a communication protocol of the contactless smartcard to issue the one or more challenges;
  
  determining at the card reader a response of the contactless smartcard to the one or more challenges; and
  
  authenticating the contactless smartcard at the card reader based on the response to the one or more challenges.

25. A contactless smartcard, comprising:
- an antenna configured to detect modulation of an RF carrier at an operating frequency of the contactless smartcard;
  
  an integrated circuit configured to modulate the RF carrier according to a contactless smartcard communication (CSC) protocol; and
  
  a storage accessible to the integrated circuit and configured to hold calibration data relating to operating characteristics of the contactless smartcard,wherein the integrated circuit is configured to send the calibration data by modulating the RF carrier in response to a card reader command.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The contactless smartcard of claim 25, wherein the calibration data comprises at least one of a tolerance of the contactless smartcard to variations in pulse timing, a tolerance of the contactless smartcard to variations in pulse spacing, a tolerance of the contactless smartcard to variations in modulation depth, and a tolerance of the contactless smartcard to variations in the CSC protocol.
  - 27. The contactless smartcard of claim 25, wherein the calibration data is obtained when the contactless smartcard is manufactured.
  - 28. The contactless smartcard of claim 25, wherein the storage comprises impulse response data corresponding to a measured effect of the smartcard on a receiver of a card reader.
  - 29. The contactless smartcard of claim 25, wherein the calibration data comprises a tolerance of the smartcard to noise in the RF carrier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cubic Corporation
Original Assignee
Cubic Corporation
Inventors
Busch-Sorensen, Thomas

Granted Patent

US 8,240,561 B2
Time in Patent Office

Days
Field of Search
US Class Current

235/380
CPC Class Codes

G06K 7/0008 General problems related to...

H04L 9/3278 using physically unclonable...

CONTACTLESS SMARTCARD AUTHENTICATION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

CONTACTLESS SMARTCARD AUTHENTICATION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links