System and methods for secure firmware validation

US 9,965,632 B2
Filed: 04/14/2016
Issued: 05/08/2018
Est. Priority Date: 12/22/2014
Status: Active Grant

First Claim

Patent Images

1. A dynamic transaction card comprising:

A EuroPay-MasterCard-Visa (EMV) processor storing existing firmware and version data associated with the existing firmware;

an EMV plate connectively coupled to the EMV processor;

a bootloader;

an input/output interface that receives an updated firmware program from a firmware provider system;

an applet comprising instructions that when executed, cause the EMV chip to perform a checksum validation; and

data storage storing a first checksum calculated using the stored firmware upon loading of the firmware, wherein firmware is validated on the dynamic transaction card by performing the following;

receiving at the EMV processor, a trigger that triggers checksum validation via the applet;

reading, via the applet, the firmware to determine data comprising the first checksum;

receiving at the EMV processor, the data comprising the first checksum;

calculating, using the EMV processor, a second checksum associated with the firmware;

comparing, using the EMV processor, the first checksum and the second checksum;

validating the updated firmware upon determining that the received checksum and the calculated checksum are equal; and

deleting at least a portion of data in the data storage and the EMV processor upon determining that the first checksum and the second checksum are not equal;

wherein the EMV processor receives, via contacts on the EMV plate, an update component associated with the updated firmware program transmitted from the firmware provider system during a secure communication with the firmware provider system via a secure terminal, wherein the update component is used to validate the received updated firmware program;

wherein, in response to the validation of the updated firmware program, the bootloader loads the updated firmware on the dynamic transaction card, executes the updated firmware program, which overwrites the existing firmware; and

wherein, in response to the bootloader loading and executing the updated firmware program, the EMV processor stores and uses the updated firmware program.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic device, such as a dynamic transaction card having an EMV chip, that acts as a TPM having a memory, an applet, and a cryptographic coprocessor performs secure firmware and/or software updates, and performs firmware and/or software validation for firmware and/or software that is stored on the electronic device. Validation may compare a calculated checksum with a checksum stored in EMV chip memory. If a checksum calculated for firmware and/or a software application matches a checksum stored in EMV chip memory of the transaction card, the transaction card may operate normally. If a checksum calculated for firmware and/or a software application does not match a checksum stored in EMV chip memory of the transaction card, the transaction card may freeze all capabilities, erase the memory of the transaction card, display data indicative of a fraudulent or inactive transaction card, and/or the like.

Citations

28 Claims

1. A dynamic transaction card comprising:
- A EuroPay-MasterCard-Visa (EMV) processor storing existing firmware and version data associated with the existing firmware;
  
  an EMV plate connectively coupled to the EMV processor;
  
  a bootloader;
  
  an input/output interface that receives an updated firmware program from a firmware provider system;
  
  an applet comprising instructions that when executed, cause the EMV chip to perform a checksum validation; and
  
  data storage storing a first checksum calculated using the stored firmware upon loading of the firmware, wherein firmware is validated on the dynamic transaction card by performing the following;
  
  receiving at the EMV processor, a trigger that triggers checksum validation via the applet;
  
  reading, via the applet, the firmware to determine data comprising the first checksum;
  
  receiving at the EMV processor, the data comprising the first checksum;
  
  calculating, using the EMV processor, a second checksum associated with the firmware;
  
  comparing, using the EMV processor, the first checksum and the second checksum;
  
  validating the updated firmware upon determining that the received checksum and the calculated checksum are equal; and
  
  deleting at least a portion of data in the data storage and the EMV processor upon determining that the first checksum and the second checksum are not equal;
  
  wherein the EMV processor receives, via contacts on the EMV plate, an update component associated with the updated firmware program transmitted from the firmware provider system during a secure communication with the firmware provider system via a secure terminal, wherein the update component is used to validate the received updated firmware program;
  
  wherein, in response to the validation of the updated firmware program, the bootloader loads the updated firmware on the dynamic transaction card, executes the updated firmware program, which overwrites the existing firmware; and
  
  wherein, in response to the bootloader loading and executing the updated firmware program, the EMV processor stores and uses the updated firmware program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The dynamic transaction card of claim 1, wherein the EMV processor comprises a cryptographic coprocessor.
  - 3. The dynamic transaction card of claim 1, wherein the updated firmware program is transmitted during and/or at the end of an EMV transaction.
  - 4. The dynamic transaction card of claim 1, wherein the updated firmware program is transmitted via secure transaction tokens.
  - 5. The dynamic transaction card of claim 1, wherein the updated firmware program comprises a cryptographic key to decrypt the updated firmware.
  - 6. The dynamic transaction card of claim 1, wherein the updated firmware program comprises a checksum associated with the updated firmware.
  - 7. The dynamic transaction card of claim 1, further comprising data storage for cryptographic keys, checksums, and/or validation data associated with the firmware stored on the dynamic transaction card.
  - 8. The dynamic transaction card of claim 1, wherein upon determining that the updated firmware validation failed, the EMV processor executes an erase script to erase at least a portion of memory of the dynamic transaction card and/or deactivates the card.
  - 9. The dynamic transaction card of claim 1, further comprising at least one plastic jumper which connects electrical components of the dynamic transaction card, wherein upon tampering with the dynamic transaction card, the at least one plastic jumper dissolves to break the connection between the electrical components.
  - 10. The dynamic transaction card of claim 1, wherein upon determining that the updated firmware validation failed, the EMV processor transmits a notification to the firmware provider system, a mobile device paired with the dynamic transaction card, and/or a third party system.
  - 11. The dynamic transaction card of claim 1, wherein upon determining that the first checksum and the second checksum are not equal, the EMV processor executes an erase script to erase at least a portion of memory of the dynamic transaction card and/or deactivates the card.
  - 12. The dynamic transaction card of claim 1, wherein upon determining that the first checksum and the second checksum are not equal, the EMV processor transmits a notification to the firmware provider system, a mobile device paired with the dynamic transaction card, and/or a third party system.
  - 13. The dynamic transaction card of claim 1, further comprising at least one plastic jumper which connects electrical components of the dynamic transaction card, wherein upon tampering with the dynamic transaction card, the at least one jumper dissolves to break the connection between the electrical components.
  - 14. The dynamic transaction card of claim 1, wherein the cryptographic coprocessor comprises a random number generator, a key generator, a hash generator, and/or an encryption/decryption engine.

15. A method for updating firmware on a dynamic transaction card comprising:
- storing existing firmware and version data associated with the existing firmware in a EuroPay-MasterCard-Visa (EMV) processor contained within the dynamic transaction card;
  
  receiving, at the EMV processor via an input/output interface connectively coupled to the EMV processor, an updated firmware program transmitted from a firmware provider system;
  
  receiving, at the EMV processor via an EMV plate connectively coupled to the EMV processor, an update component associated with the updated firmware program from the firmware provider system during a secure communication with the firmware provider system via a secure terminal;
  
  validating, using the EMV processor, the received updated firmware program an EMV processor storing existing firmware and version data associated with the existing firmware;
  
  loading, via a bootloader, the updated firmware, in response to validating the updated firmware;
  
  upon loading the firmware, calculating a first checksum using the stored firmware;
  
  storing the first checksum in data storage;
  
  receiving at the EMV processor, a trigger that triggers checksum validation via an applets;
  
  reading, via the applet, the firmware to determine data comprising the first checksum;
  
  receiving at the EMV processor, the data comprising the first checksum;
  
  calculating, using the EMV processor, a second checksum associated with the firmware;
  
  comparing using the EMV processor, the first checksum and the second checksum;
  
  validating the updated firmware upon determining that the received checksum and the calculated checksum are equal; and
  
  deleting at least a portion of data in the data storage and the EMV processor upon determining that the first checksum and the second checksum are not equal;
  
  executing the updated firmware;
  
  overwriting the existing firmware; and
  
  storing and using the updated firmware in response to the bootloader loading and executing the updated firmware.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The method for updating firmware on a dynamic transaction card of claim 15, wherein the EMV processor comprises a cryptographic coprocessor.
  - 17. The method for updating firmware on a dynamic transaction card of claim 15, further comprising transmitting the updated firmware program during and/or at the end of an EMV transaction.
  - 18. The method for updating firmware on a dynamic transaction card of claim 15, further comprising transmitting the updated firmware program via secure transaction tokens.
  - 19. The method for updating firmware on a dynamic transaction card of claim 15, wherein the updated firmware program comprises a cryptographic key to decrypt the updated firmware.
  - 20. The method for updating firmware on a dynamic transaction card of claim 15, wherein the updated firmware program comprises a checksum associated with the updated firmware.
  - 21. The method for updating firmware on a dynamic transaction card of claim 15, further comprising storing cryptographic keys, checksums, and/or validation data associated with the firmware stored on the dynamic transaction card.
  - 22. The method for updating firmware on a dynamic transaction card of claim 15, further comprising executing an erase script to erase at least a portion of memory of the dynamic transaction card and/or deactivating the card upon determining that the updated firmware validation failed.
  - 23. The method for updating firmware on a dynamic transaction card of claim 15, further comprising connecting electrical components of the dynamic transaction card with at least one plastic jumper, wherein upon tampering with the dynamic transaction card, dissolving the at least one plastic jumper to break the connection between the electrical components.
  - 24. The method for updating firmware on a dynamic transaction card of claim 15, further comprising transmitting a notification to the firmware provider system, a mobile device paired with the dynamic transaction card, and/or a third party system, upon determining that the updated firmware validation failed, the EMV processor.
  - 25. The method for updating firmware on a dynamic transaction card of claim 15, further comprising executing an erase script to erase at least a portion of memory of the dynamic transaction card and/or deactivating the card, upon determining that the first checksum and the second checksum are not equal.
  - 26. The method for updating firmware on a dynamic transaction card of claim 15, further comprising transmitting a notification to the firmware provider system, a mobile device paired with the dynamic transaction card, and/or a third party system, upon determining that the first checksum and the second checksum are not equal.
  - 27. The method for updating firmware on a dynamic transaction card of claim 15, further comprising connecting electrical components of the dynamic transaction card with at least one plastic jumper, wherein upon tampering with the dynamic transaction card, dissolving the at least one plastic jumper to break the connection between the electrical components.
  - 28. The method for updating firmware on a dynamic transaction card of claim 16, wherein the cryptographic coprocessor comprises a random number generator, a key generator, a hash generator, and/or an encryption/decryption engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Zarakas, James, Wurmfeld, David, York, Brennon, Locke, Tyler
Primary Examiner(s)
Deng, Anna
Assistant Examiner(s)
Wu, Junchun

Application Number

US15/099,048
Publication Number

US 20160306977A1
Time in Patent Office

754 Days
Field of Search

717168
US Class Current
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 21/72   in cryptographic circuits

G06F 21/77   in smart cards

G06F 2221/033   Test or assess software

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2153   Using hardware token as a s...

G06F 8/65   Updates security arrangemen...

G06F 8/654   using techniques specially ...

G06F 9/4401   Bootstrapping security arra...

G06K 19/0723   the record carrier comprisi...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

System and methods for secure firmware validation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for secure firmware validation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links