Protecting data stored in a chip card interface device in the event of compromise

US 9,038,188 B2
Filed: 07/30/2010
Issued: 05/19/2015
Est. Priority Date: 01/15/2010
Status: Active Grant

First Claim

Patent Images

1. A chip card interface device (CCID) configured for protecting data stored at the CCID in the event of a compromise, the CCID comprising:

a housing;

a memory device disposed within the housing, the memory for storing data, the data comprising sensitive data and non-sensitive data, and wherein the sensitive data is stored in a sensitive data location that is separate and distinct from a non-sensitive data location in which the sensitive data is stored;

a compromise detection system, the compromise detection system comprising;

one or more detection devices configured for detecting a compromise of the housing, the compromise detection system configured for continuously or periodically generating a detection signal that, when a compromise of the housing is detected, indicates the detected compromise, the one or more detection devices comprising one or more motion sensors configured to measure acceleration of the CCID; and

a data protection system coupled with the compromise detection system, the data protection system configured for;

receiving the detection signal indicating the compromise; and

protecting the data stored in the memory based at least in part on the received detection signal indicating the compromise of the housing, the protecting comprising;

erasing the sensitive data; and

retaining the non-sensitive data;

a personal identification number (PIN) entry device (PED) configured for receiving a cardholder current PIN and a cardholder desired new PIN from a cardholder;

a chip card input/output device configured for communicating a verify command to a chip card of the CCID including data corresponding to the received cardholder current PIN, the chip card input/output device also configured for receiving a verification message from the chip card, wherein the chip card generates the verification message by validating the received cardholder current PIN by comparing it with the current PIN stored on the chip card; and

a processing device for determining that the verification message from the chip card indicates that authentication of the cardholder current PIN was successful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A chip card interface device (CCID) is configured for protecting data stored at the CCID in the event of a compromise. The CCID has a housing and a compromise detection system including one or more detection devices configured for detecting a compromise of the housing. The compromise detection system is configured for generating a detection signal indicating the detected compromise. A data protection system is coupled with the compromise detection system and includes a memory device and a processing device coupled with the compromise detection system. The processing device is for receiving the detection signal and erasing data stored on the memory device based on the detection signal in some embodiments. In some embodiments, the processing device also activates a locking function for rendering itself inoperable based on the detection signal.

20 Citations

View as Search Results

46 Claims

1. A chip card interface device (CCID) configured for protecting data stored at the CCID in the event of a compromise, the CCID comprising:
- a housing;
  
  a memory device disposed within the housing, the memory for storing data, the data comprising sensitive data and non-sensitive data, and wherein the sensitive data is stored in a sensitive data location that is separate and distinct from a non-sensitive data location in which the sensitive data is stored;
  
  a compromise detection system, the compromise detection system comprising;
  
  one or more detection devices configured for detecting a compromise of the housing, the compromise detection system configured for continuously or periodically generating a detection signal that, when a compromise of the housing is detected, indicates the detected compromise, the one or more detection devices comprising one or more motion sensors configured to measure acceleration of the CCID; and
  
  a data protection system coupled with the compromise detection system, the data protection system configured for;
  
  receiving the detection signal indicating the compromise; and
  
  protecting the data stored in the memory based at least in part on the received detection signal indicating the compromise of the housing, the protecting comprising;
  
  erasing the sensitive data; and
  
  retaining the non-sensitive data;
  
  a personal identification number (PIN) entry device (PED) configured for receiving a cardholder current PIN and a cardholder desired new PIN from a cardholder;
  
  a chip card input/output device configured for communicating a verify command to a chip card of the CCID including data corresponding to the received cardholder current PIN, the chip card input/output device also configured for receiving a verification message from the chip card, wherein the chip card generates the verification message by validating the received cardholder current PIN by comparing it with the current PIN stored on the chip card; and
  
  a processing device for determining that the verification message from the chip card indicates that authentication of the cardholder current PIN was successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The CCID of claim 1, wherein the memory device is configured for:
    - erasing some or all the stored data based at least in part on the received detection signal indicating the compromise.
  - 3. The CCID of claim 2, wherein theprocessing device is further configured for:
    - receiving the detection signal from the compromise detection system;
      
      analyzing the detection signal to determine whether the detection signal indicates a compromise; and
      
      instructing the memory device to erase some or all data stored at the memory device based at least in part on a determination that the detection signal indicates a compromise.
  - 4. The CCID of claim 3, wherein:
    - the processing device is further configured for;
      
      conditioning the received detection signal before analyzing.
  - 5. The CCID of claim 3, wherein:
    - the memory device is collocated with the processing device on a chip.
  - 6. The CCID of claim 3, wherein:
    - the processing device is disposed on a chip; and
      
      the memory device is not disposed on the chip.
  - 7. The CCID of claim 2, wherein the memory device is coupled with the compromise detection system, the memory device further configured for:
    - receiving the detection signal generated by the compromise detection system, the detection signal including a command to erase some or all the data stored in the memory device; and
      
      following the command by erasing some or all the data.
  - 8. The CCID of claim 2, wherein the processing device comprises the memory device.
  - 9. The CCID of claim 8, wherein the processing device is disposed on a chip.
  - 10. The CCID of claim 8, wherein the memory device is configured for:
    - storing sensitive data; and
      
      erasing the sensitive data in response to the detection signal indicating the compromise.
  - 11. The CCID of claim 10, wherein the memory device is further configured for:
    - storing non-sensitive data in a non-sensitive data location distinct from a sensitive data location where the sensitive data is stored;
      
      erasing the sensitive data in response to the detection signal indicating the compromise; and
      
      retaining the non-sensitive data.
  - 12. The CCID of claim 10, wherein the sensitive data comprises PIN data or key data.
  - 13. The CCID of claim 11, wherein the non-sensitive data comprises application data or log data.
  - 14. The CCID of claim 1, wherein the data protection system comprises:
    - a processing device coupled with the compromise detection system, the processing device configured for;
      
      receiving the detection signal indicating the compromise; and
      
      activating a locking function configured for rendering the processing device inoperable, based at least in part on the received detection signal.
  - 15. The CCID of claim 14, wherein the processing device further comprises:
    - after receiving the detection signal, analyzing the detection signal to determine whether the detection signal indicates a compromise.
  - 16. The CCID of claim 15, wherein the compromise detection system further comprises a detection processing device coupled with the one or more detection devices, the detection processing device configured for:
    - receiving, from the one or more detection devices, a raw signal indicating a compromise; and
      
      generating the detection signal indicating the compromise, based at least in part on the raw signal.
  - 17. The CCID of claim 16, wherein the detection processing device is further configured for:
    - generating the detection signal indicating the compromise, the detection signal comprising instructions for activating the locking function configured for rendering the processing device of the data protection system inoperable.

18. A method for protecting data stored at a chip card interface device (CCID) in the event of a compromise, the method comprising:
- detecting, by one or more detection devices of a compromise detection system, a compromise of a housing of the CCID, the compromise detection system comprising one or more motion sensors configured to measure acceleration of the CCID;
  
  continuously or periodically generating, by the compromise detection system, a detection signal that, when a compromise of the housing is detected, indicates the detected compromise;
  
  receiving, at a data protection system, the detection signal indicating the compromise; and
  
  protecting, by the data protection system, data stored in a memory device disposed within the housing based at least in part on the received detection signal indicating the compromise of the housing, the protecting comprising;
  
  erasing sensitive data stored in a sensitive data memory location; and
  
  retaining non-sensitive data that is stored in a non-sensitive data memory location, wherein the non-sensitive data memory location is separate and distinct from the sensitive data memory location;
  
  receiving, at a personal identification number (PIN) entry device (PED), a cardholder current PIN and a cardholder desired new PIN from a cardholder;
  
  communicating, by a chip card input/output device, a verify command to a chip card of the CCID including data corresponding to the received cardholder current PIN, the chip card input/output device also being configured for receiving a verification message from the chip card, wherein the chip card generates the verification message by validating the received cardholder current PIN by comparing it with the current PIN stored on the chip card; and
  
  determining, by a processing device of the data protection system, that the verification message from the chip card indicates that authentication of the cardholder current PIN was successful.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The method of claim 18, wherein protecting the data stored in the memory device comprises:
    - erasing, by the memory device, some or all the stored data based at least in part on the received detection signal indicating the compromise.
  - 20. The method of claim 19, further comprising:
    - receiving, at a processing device of the data protection system, the detection signal from the compromise detection system;
      
      analyzing, by the processing device, the detection signal to determine whether the detection signal indicates a compromise; and
      
      instructing, by the processing device, the memory device to erase some or all data stored at the memory device based at least in part on a determination that the detection signal indicates a compromise.
  - 21. The method of claim 20, further comprising:
    - conditioning, by the processing device, the received detection signal before analyzing.
  - 22. The method of claim 20, wherein:
    - the memory device is collocated with the processing device on a chip.
  - 23. The method of claim 20, wherein:
    - the processing device is disposed on a chip; and
      
      the memory device is not disposed on the chip.
  - 24. The method of claim 19, further comprising:
    - receiving, at the memory device, the detection signal generated by the compromise detection system, the detection signal including a command to erase some or all the data stored in the memory device; and
      
      following, by the memory device, the command by erasing some or all the data.
  - 25. The method of claim 19, wherein the processing device comprises the memory device.
  - 26. The method of claim 25, wherein the processing device is disposed on a chip.
  - 27. The method of claim 25, further comprising:
    - storing, at the memory device, sensitive data; and
      
      erasing, by the memory device, the sensitive data in response to the detection signal indicating the compromise.
  - 28. The method of claim 27 further comprising:
    - storing, at the memory device, non-sensitive data in a non-sensitive data location distinct from a sensitive data location where the sensitive data is stored;
      
      erasing, by the memory device, the sensitive data in response to the detection signal indicating the compromise; and
      
      retaining, at the memory device, the non-sensitive data.
  - 29. The method of claim 27, wherein the sensitive data comprises PIN data or key data.
  - 30. The method of claim 28, wherein the non-sensitive data comprises application data or log data.
  - 31. The method of claim 18, further comprising:
    - receiving, at a processing device coupled with the compromise detection system, the detection signal indicating the compromise; and
      
      wherein protecting comprises;
      
      activating, by the processing device, a locking function configured for rendering the processing device inoperable, based at least in part on the received detection signal.
  - 32. The method of claim 31, whereinafter receiving the detection signal, analyzing, by the processing device, the detection signal to determine whether the detection signal indicates a compromise.
  - 33. The method of claim 32, further comprising:
    - receiving from the one or more detection devices, at a detection processing device of the compromise detection system, the detection processing device coupled with the one or more detection devices, a raw signal indicating a compromise; and
      
      generating, by the detection processing device, the detection signal indicating the compromise, based at least in part on the raw signal.
  - 34. The method of claim 33, wherein generating the detection signal indicating the compromise, the detection signal comprises instructions for activating the locking function configured for rendering the processing device of the data protection system inoperable.

35. A computer program product comprising a non-transitory computer-readable medium comprising computer-readable instructions for execution by a chip card interface device (CCID), the instructions configured for protecting data stored in the CCID in the event of a compromise, the instructions comprising:
- instructions for detecting, by one or more detection devices of a compromise detection system, a compromise of a housing of the CCID, the compromise detection system comprising one or more motion sensors configured to measure acceleration of the CCID;
  
  instructions for generating, continuously or periodically and by the compromise detection system, a detection signal that, when a compromise of the housing is detected, indicates the detected compromise;
  
  instructions for receiving, at a data protection system, the detection signal indicating the compromise; and
  
  instructions for protecting, by the data protection system, data stored in a memory device disposed within the housing based at least in part on the received detection signal indicating the compromise of the housing, the protecting comprising;
  
  erasing sensitive data stored in a sensitive data memory location; and
  
  retaining non-sensitive data that is stored in a non-sensitive data memory location, wherein the non-sensitive data memory location is separate and distinct from the sensitive data memory location;
  
  instructions for receiving, at a personal identification number (PIN) entry device (PED), a cardholder current PIN and a cardholder desired new PIN from a cardholder;
  
  instructions for communicating, by a chip card input/output device, a verify command to a chip card of the CCID including data corresponding to the received cardholder current PIN, the chip card input/output device also being configured for receiving a verification message from the chip card, wherein the chip card generates the verification message by validating the received cardholder current PIN by comparing it with the current PIN stored on the chip card; and
  
  instructions for determining, by a processing device of the data protection system, that the verification message from the chip card indicates that authentication of the cardholder current PIN was successful.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 36. The computer program product of claim 35, wherein the instructions for protecting the data stored in the memory device comprise:
    - instructions for erasing, by the memory device, some or all the stored data based at least in part on the received detection signal indicating the compromise.
  - 37. The computer program product of claim 36, the instructions further comprising:
    - instructions for receiving, at a processing device of the data protection system, the detection signal from the compromise detection system;
      
      instructions for analyzing, by the processing device, the detection signal to determine whether the detection signal indicates a compromise; and
      
      instructions for instructing, by the processing device, the memory device to erase some or all data stored at the memory device based at least in part on a determination that the detection signal indicates a compromise.
  - 38. The computer program product of claim 37, the instructions further comprising:
    - instructions for conditioning, by the processing device, the received detection signal before analyzing.
  - 39. The computer program product of claim 36, wherein the instructions further comprise:
    - instructions for receiving, at the memory device, the detection signal generated by the compromise detection system, the detection signal including a command to erase some or all the data stored in the memory device; and
      
      instructions for following, by the memory device, the command by erasing some or all the data.
  - 40. The computer program product of claim 36, the instructions for storing comprising:
    - instructions for storing, at the memory device, sensitive data; and
      
      wherein the instructions for erasing comprise;
      
      instructions for erasing, by the memory device, the sensitive data in response to the detection signal indicating the compromise.
  - 41. The computer program product of claim 40, the instructions for storing comprising:
    - instructions for storing, at the memory device, non-sensitive data in a non-sensitive data location distinct from a sensitive data location where the sensitive data is stored; and
      
      instructions for retaining, at the memory device, the non-sensitive data.
  - 42. The computer program product of claim 35, the instructions further comprising:
    - instructions for receiving, at a processing device coupled with the compromise detection system, the detection signal indicating the compromise; and
      
      wherein the instructions for protecting comprise;
      
      instructions for activating, by the processing device, a locking function configured for rendering the processing device inoperable, based at least in part on the received detection signal.
  - 43. The computer program product of claim 42, wherein the instructions further comprise:
    - instructions for, after receiving the detection signal, analyzing, by the processing device, the detection signal to determine whether the detection signal indicates a compromise.
  - 44. The computer program product of claim 43, the instructions further comprising:
    - instructions for receiving from the one or more detection devices, at a detection processing device of the compromise detection system, the detection processing device coupled with the one or more detection devices, a raw signal indicating a compromise; and
      
      instructions for generating, by the detection processing device, the detection signal indicating the compromise, based at least in part on the raw signal.
  - 45. The computer program product of claim 44, wherein the instructions for generating the detection signal indicating the compromise, the detection signal comprises instructions for activating the locking function configured for rendering the processing device of the data protection system inoperable.

46. A chip card interface device (CCID) configured for protecting data stored at the CCID in the event of a compromise, the CCID comprising:
- a housing;
  
  a compromise detection system, the compromise detection system comprising;
  
  one or more detection devices configured for detecting a compromise of the housing, the compromise detection system configured for continuously or periodically generating a detection signal that, when a compromise of the housing is detected, indicates the detected compromise of the housing, and the one or more detection devices comprising one or more motion sensors configured to measure acceleration of the CCID; and
  
  a data protection system coupled with the compromise detection system, the data protection system comprising;
  
  a processing device coupled with the compromise detection system, the processing device configured for;
  
  receiving the detection signal indicating the compromise; and
  
  activating a locking function configured for rendering the processing device inoperable, based at least in part on the received detection signal indicating the compromise of the housing; and
  
  a memory device disposed within the housing configured for;
  
  storing some or all the data, the data comprising sensitive data and non-sensitive data, and wherein the sensitive data is stored in a sensitive data location that is separate and distinct from a non-sensitive data location in which the sensitive data is stored;
  
  erasing the sensitive data based at least in part on the received detection signal indicating the compromise of the housing; and
  
  retaining the non-sensitive data based at least in part on the received detection signal indicating the compromise of the housing;
  
  a personal identification number (PIN) entry device (PED) configured for receiving a cardholder current PIN and a cardholder desired new PIN from a cardholder;
  
  a chip card input/output device configured for communicating a verify command to a chip card of the CCID including data corresponding to the received cardholder current PIN, the chip card input/output device also configured for receiving a verification message from the chip card, wherein the chip card generates the verification message by validating the received cardholder current PIN by comparing it with the current PIN stored on the chip card; and
  
  a processing device for determining that the verification message from the chip card indicates that authentication of the cardholder current PIN was successful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Adams, Amanda Jane, Woodward, Richard John
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US12/847,366
Publication Number

US 20110179494A1
Time in Patent Office

1,754 Days
Field of Search
US Class Current

726/26
CPC Class Codes

G07F 7/1008 Active credit-cards provide...

Protecting data stored in a chip card interface device in the event of compromise

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting data stored in a chip card interface device in the event of compromise

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links