[go: up one dir, main page]

WO2016030893A2 - Dispositif, système et procédé d'utilisation d'un dispositif auxiliaire pour émuler une carte à puce - Google Patents

Dispositif, système et procédé d'utilisation d'un dispositif auxiliaire pour émuler une carte à puce Download PDF

Info

Publication number
WO2016030893A2
WO2016030893A2 PCT/IL2015/050860 IL2015050860W WO2016030893A2 WO 2016030893 A2 WO2016030893 A2 WO 2016030893A2 IL 2015050860 W IL2015050860 W IL 2015050860W WO 2016030893 A2 WO2016030893 A2 WO 2016030893A2
Authority
WO
WIPO (PCT)
Prior art keywords
smart
card
communication channel
mobile device
card reader
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IL2015/050860
Other languages
English (en)
Other versions
WO2016030893A3 (fr
Inventor
Guy Livneh
Amir EILAM
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
On Track Innovations Ltd
Original Assignee
On Track Innovations Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by On Track Innovations Ltd filed Critical On Track Innovations Ltd
Publication of WO2016030893A2 publication Critical patent/WO2016030893A2/fr
Publication of WO2016030893A3 publication Critical patent/WO2016030893A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10237Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves the reader and the record carrier being capable of selectively switching between reader and record carrier appearance, e.g. in near field communication [NFC] devices where the NFC device may function as an RFID reader or as an RFID tag
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/60Subscription-based services using application servers or record carriers, e.g. SIM application toolkits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • Embodiments of the invention relate to effecting smart-card communications at smart- card readers and devices and systems for effecting such communications.
  • Smart-card communication channels may be used for smart-cards to communicate with readers. Many smart-card readers use smart-card communication channels to interact with user devices. Smart-card readers are used for example in Europay MasterCard and Visa (EMV) Terminals (which can use contactless communication, contact communication or both), Mass Transport gates (e.g. MifareTM readers on gates to subway terminals), Physical Access Control systems, and Logical access control systems.
  • EMV Europay MasterCard and Visa
  • Mass Transport gates e.g. MifareTM readers on gates to subway terminals
  • Physical Access Control systems e.g. MifareTM readers on gates to subway terminals
  • Logical access control systems e.g. MifareTM readers on gates to subway terminals
  • NFC near field communication
  • mobile phones can communicate with smart-card readers to transmit data over a near field communication "NFC" channel, for example to conduct transactions.
  • the conduct of communications, e.g. transactions, in this way relies on the relatively good security offered by modern mobile device operating systems. While not comparable with the security provided by Secure Elements, the security provided by mobile devices is often considered "good enough" for certain applications.
  • a prominent example is EMVCo Tokenization Standard, which uses the flexibility and connectedness of mobile devices to compensate for the decrease in physical security by improving the logical security. This transition opens the way for using other channels - that may be found in mobile devices but not in smart-cards - for communicating with terminals such as smart-card readers.
  • some mobile devices e.g., the iPhone
  • controllers that allow communication over smart-card channels, such as NFC channels
  • operating systems that allow a mobile application to directly emulate a smart-card using the controller (e.g. Android prior to version 4.4).
  • mobile device may refer to any mobile communication device including hand held devices.
  • Smart-card may refer to a device with at least one built in microprocessor or integrated circuit having security features. Smart cards have various form factors including that of current payment (e.g., plastic) cards, subscriber identity module “SIM” cards, tags, fobs and more, and includes, but is not limited to devices having a generally planar or card-like form factor.
  • current payment e.g., plastic
  • SIM subscriber identity module
  • Smart-card “readers” are devices, sometimes referred to as terminals, which communicate with smart-cards using one or more smart-card communication channels, for example, including contactless channels, such as, near-field communication (NFC) channels and contact channels, such as, ISO-7816 contact channels. Smart card readers typically implement some application logic in addition to communicating with the smart card.
  • contactless channels such as, near-field communication (NFC) channels
  • contact channels such as, ISO-7816 contact channels.
  • Smart card readers typically implement some application logic in addition to communicating with the smart card.
  • smart-card channel and “smart-card communication channel” may refer to communication channels by which devices may directly communicate (e.g. without an intermediary device) with smart-cards and/or smart-card readers.
  • Smart-card channels may include contact channels (e.g., ISOMEC-7816 contact channels) and/or contactless channels (e.g., NFC, such as, ISO/IEC-14443 and ISO/IEC 18092).
  • non smart-card channel may refer to any other communication channel not commonly used for smart-card communications.
  • non smart-card channel may refer to a longer range communication channel, for example any communication channel other than NFC or IEC-7816 contact.
  • High-Level messages may refer to messages in the application layer which carry information relevant outside the channel, in contrast to messages in the transport layer or other low layers.
  • Smart-Card Emulation capability may refer to being able to act as a Smart-Card.
  • Smart-Card Transaction may refer to a series of requests sent by the smart-card reader to a smart-tag or card (or bridge) over the smart-card channel. Typically a transaction has a limited number of high-level messages. Often the purpose of the transaction is to authenticate the smart-card or the smart-card reader or to pass information between them. After the transaction, the smart-card reader, or its back-end system, may perform some operation, such as, open a gate, debit an account, etc.
  • Air- Audio may refer to sound emitted from a speaker in the air, in contrast with sound signals transmitted via the audio connector to a speaker or earphones. Preferably, these sounds are inaudible due to high-pitch, for example ultrasound. Communication systems using air-audio channels are available from http://www.dov-e.com/ for example.
  • Coupled may refer to near-field magnetic coupling.
  • a “Sub-Meter channel” may refer to a communication channel that typically only allows communication over short-range distances, for example, of less than a meter (3.28 feet).
  • a “sub- meter channel” may refer to a channel typically used for pairing, in which the identity or authenticity of one or both of the communicating devices are verified.
  • Load modulation is used in the transfer of data to a reader from a smart card in contactless communications.
  • This can be active load modulation "AML” or passive load modulation “PML” examples of which are described in “Battery powered tags for ISO/IEC 14443, actively emulating load modulation” by Klaus Finkenzeller in RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency, ISBN- 13: 978-0470695067.
  • Embodiments of the invention include devices, systems and methods comprising or using an add-on or auxiliary device, referred to herein as a "bridge", that may be operatively and/or physically coupled to a contact or contactless smart-card reader for bridging communication between mobile devices not capable of communicating over smart-card communication channels and smart-card readers that are capable of communicating over smart-card communication channels.
  • a bridge an add-on or auxiliary device, referred to herein as a "bridge”
  • a contact or contactless smart-card reader for bridging communication between mobile devices not capable of communicating over smart-card communication channels and smart-card readers that are capable of communicating over smart-card communication channels.
  • the auxiliary device may be configured to communicate with a smart-card reader using a first communication channel and to communicate with a mobile device using a second communication channel different from the first communication channel.
  • Some embodiments of the invention may provide an auxiliary device comprising: a non- smart-card communication module configured to communicate with a mobile device over a non- smart card communication channel; a smart-card communication module configured to communicate with the smart-card reader over a smart-card communication channel; and a processor configured to convert data received from the mobile device over the non-smart-card communication channel to be transmitted by the auxiliary device to the smart-card reader over the smart-card communication channel to emulate the mobile device as a contactless smart-card to the smart-card reader.
  • the auxiliary device may include a first antenna or smart-card contacts for communicating with the smart-card reader over a first "smart-card communication channel", such as, NFC (contactless), which includes ISO- 14443 and FeliCa, and ISO-7816 (contact), and a second antenna or transmitter or speaker or microphone for communicating with the mobile device over a second "non-smart-card communication channel", such as, BlueTooth low energy (BLE), BlueTooth, Wi-Fi, air-audio (a speaker and/or a microphone), optical channels (camera and/or a screen and/or a fixed image), sub-meter channels, or other short-range or long-range communication channels not used for or capable of communicating with the smart-card reader.
  • a first antenna or smart-card contacts for communicating with the smart-card reader over a first "smart-card communication channel", such as, NFC (contactless), which includes ISO- 14443 and FeliCa, and ISO-7816 (contact)
  • BLE BlueTooth low energy
  • a request from the mobile device using a non-smart-card channel may be received by the auxiliary device using the first antenna or smart-card contacts.
  • This request may include data that may be relevant for a communication session such as a transaction with the smart-card-reader.
  • the auxiliary device may then establish a connection with the smart-card-reader over the smart-card channel.
  • the smart-card-reader may then send a request message over the smart-card channel.
  • the auxiliary device may then convert the message received over the smart-card channel into a message that is transmitted using the second antenna or transmitter over the non-smart-card channel so that it may be received by the mobile device.
  • the mobile device may then send a response message over the non-smart-card channel.
  • the auxiliary device may then convert the message received over the non-smart-card channel into a message that is transmitted using the first antenna or smart-card- contacts over the smart-card channel.
  • the auxiliary device may convert, switch or bridge communication between the smart-card reader (communicating over the smart-card channel) and the mobile device (communicating over the non-smart-card channel).
  • the auxiliary device may thereby emulate, or cause the non- smart-card mobile device to emulate, a contact or contactless smart-card for communicating with the smart-card reader, for example to conduct transactions.
  • FIG. 1 schematically illustrates a conventional system including a smart-card reader communicating with a mobile device using a contactless smart-card communication channel;
  • FIG. 2 schematically illustrates a system including an auxiliary device or "bridge" for bridging communication between a smart-card reader and a non-smart-card mobile device not capable of smart-card communication according to some embodiments of the invention
  • FIG. 3 schematically illustrates the logical structure of a bridge or auxiliary device according to some embodiments of the invention
  • FIGs. 4A to 4D schematically illustrate a system in which a bridge is designed to be mounted for high coupling with a contactless (e.g. near-field inductive magnetic coupling) antenna of a smart-card reader according to some embodiments of the invention
  • FIGs. 5 A to 5C schematically illustrate a system in which a bridge is mounted for low coupling with a contactless (e.g. near-field inductive magnetic coupling) antenna of a smart-card reader according to some embodiments of the invention
  • FIG. 6 schematically illustrates a conventional smart-card reader according to some embodiments of the invention.
  • FIGs. 7A to 7D schematically illustrate a system in which the bridge is mounted onto a contact smart-card reader according to some embodiments of the invention
  • FIG. 8 schematically illustrates a system in which the bridge acts as a relay between the smart-card reader and the mobile device according to some embodiments of the invention
  • FIG. 9 schematically illustrates a system in which the bridge acts as a proxy of the mobile device to emulate a smart-card according to some embodiments of the invention
  • Fig. 10 is a sequence diagram of communications between the components of the system of Fig. 8 in which the bridge acts as a relay between the smart-card reader and mobile device according to some embodiments of the invention;
  • Fig. 11 is a sequence diagram of communications between the components of the system of Fig. 9 in which the bridge acts as a proxy of mobile device according to some embodiments of the invention.
  • Figs. 12-18 are circuit diagrams of a bridge according to some embodiments of the invention.
  • Fig. 19 schematically illustrates a system for making an Open-Loop payment using a host card emulation (HCE) phone;
  • HCE host card emulation
  • Fig. 20 schematically illustrates a system for making an Open-Loop payment using the bridge as a relay according to some embodiments of the invention
  • Fig. 21 schematically illustrates a system for making an Open- Loop payment using the bridge as a proxy according to some embodiments of the invention.
  • Embodiments of the invention may provide an auxiliary or add-on device, referred to herein as a "bridge", that may be coupled, mounted or operatively connected to a smart-card reader to enable the smart-card reader to communicate with mobile devices that are incapable of communicating over the reader's smart-card channels. According to some embodiments of the invention, this communication may be enabled without any changes to the software, hardware or back-office system of the reader.
  • the auxiliary device or "bridge” may bridge communication between personal electronic devices such as mobile devices and the smart-card reader by switching between smart-card channels (e.g. contactless or contact smart-card communication channels) and non-smart-card channels.
  • the bridge may communicate information received from a mobile device over non- smart-card communication channels, by passing the information to the smart-card reader using one or more smart-card channels.
  • the bridge may use the mobile device information to emulate a smart- card so that the smart-card reader operates as though it is communicating with a smart-card.
  • the smart-card reader may not require any additional components or software to communicate with the non-smart-card enabled mobile device.
  • the bridge may communicate with the personal electronic or mobile device using any non-smart-card communication channel (also referred to as "mobile-bridge-channel") supported by the device including, for example, BlueTooth low energy (BLE), Air- Audio, Wi-Fi, channels using quick response "QR" Codes, sub- meter channels, or other optical channels, or direct channels like USB, audio connector, Thunderbolt and/or Lightning.
  • BLE BlueTooth low energy
  • Air- Audio Air- Audio
  • Wi-Fi Wireless Fidelity
  • QR quick response
  • sub-meter channels or other optical channels
  • direct channels like USB, audio connector, Thunderbolt and/or Lightning.
  • Smart-cards and/or smart-card readers are typically incapable of communicating with smart-cards over non-smart-card communication channels without the auxiliary device.
  • Data transmitted over the mobile-bridge-channel may be encoded in various ways, e.g., encrypted, compressed, XORed, reversed, re-ordered, concatenated, trimmed, etc.
  • Such encoding methods may alter the format or manner in which the data, for example transaction data, is conveyed, but should not be considered as changing the data itself.
  • Either the mobile device or the bridge may initiate a connection.
  • the bridge may act as a server (passively receiving communication) and the mobile device may act as a client (actively initiating communication).
  • the auxiliary device may act as the client and the mobile device may act as a server, for example when it needs to perform a transaction or other communication session.
  • the bridge may be designed so as to avoid interfering with the normal operation of a smart-card reader, for example when the reader is performing other contactless communications with regular contactless smart-cards. For example, when a contactless smart-card is tapped on or brought near the smart-card reader, the bridge may be designed so as not interfere with the reader's radio frequency (RF) field.
  • RF radio frequency
  • Smart-Card detection The bridge may identify when a smart-card is entering the reader's contactless (e.g. NFC) RF field and for example respond in some way to mitigate any interference that might be caused by an antenna in the bridge.
  • Smart card detection may use various means not limited to one or more of the following: a) Proximity Sensor: A proximity sensor may detect a smart-card before it gets sufficiently close to noticeably alter the reader's contactless RF field. Upon such detection, the proximity sensor may cause the bridge to disable the signal from its first antenna system emulating communication with the mobile device.
  • the proximity detector may include, for example, a sensor that emits a field or beam over the smart-card channel and detects changes in the return field or signal to identify the presence of a contactless smart-card.
  • RF Field Change Sensing Another way to detect a contactless smart-card is for the bridge to sense changes in the reader's contactless RF field over the smart-card channel.
  • On-Demand Another approach would be to interfere with the contactless RF field used for a reader's smart-card channel only after the mobile device has formed a connection with the bridge and has requested that the bridge emulate a smart-card communication session. This method may be used, in some embodiments, unless the device uses the contactless field as a source of power.
  • Preventing interruption of the contactless RF field used for the smart-card channel a number of ways are available to mitigate interruption of the contactless, e.g. RF, field including but not limited to:
  • a) High coupling option one option is to have the bridge's first smart-card channel antenna highly coupled with the reader's smart-card channel antenna.
  • the bridge may be able to effectively disconnect its first antenna so that it does not affect the reader's RF field over the smart-card channel.
  • b) Low coupling option another option is to position the bridge's first smart-card channel antenna outside of the reader's smart-card channel field.
  • the bridge may use Active Load Modulation.
  • the bridge may be designed for use with a contact smart-card reader to perform contact communications such as transactions.
  • a bridge may include contacts (e.g., ISO/IEC-7816 contacts) that may touch the contacts in the smart-card reader.
  • contacts e.g., ISO/IEC-7816 contacts
  • the bridge may act as an adapter, occupying the reader's card slot and including a first contact surface to connect with the reader's contact surface.
  • the bridge may include an antenna or microphone or be otherwise configured to enable the bridge to communicate with a mobile device.
  • the bridge may include a card slot to receive smart-cards and a second contact surface to connect to contact surface of a regular contact smart-card.
  • the bridge may be left in place when the reader is to perform its usual function of communicating with contact smart-cards.
  • the communication between a regular contact card and the terminal may through direct wires or bridged by the bridge's controller.
  • the bridge may emulate a smart-card using the mobile device's data to communicate with the smart-card reader via the bridge's first contact surface.
  • the bridge may block or delay communications from the mobile device when a regular contact card is touching the bridge's second contact surface.
  • the smart-card reader may include a contactless (e.g., NFC) logo or identifier to prompt a user to tap a contactless smart-card near the reader's first contactless antenna. If mounting the bridge on the reader obscures the prompt, the bridge may include a contactless smart-card prompt (or may include a transparent region to make the reader's prompt visible) and/or an additional prompt for example for directing users to make transactions with mobile phones.
  • a contactless e.g., NFC
  • the bridge may include a contactless smart-card prompt (or may include a transparent region to make the reader's prompt visible) and/or an additional prompt for example for directing users to make transactions with mobile phones.
  • the bridge's first smart-card channel antenna may be mounted near, for example, and parallel to, the reader's smart-card channel antenna.
  • the bridge's first smart-card channel antenna is mounted on top of the reader's smart-card channel antenna so that the bridge's antenna is interposed between the reader's antenna and a mobile device performing a communication session.
  • the bridge's appearance may match the reader's appearance or be transparent.
  • the bridge On the low coupling option (e.g. as shown in Fig. 5), the bridge may be mounted in a less visible part of the reader that is not part of the user interaction.
  • Power Supply options There are various possibilities for supplying power to a bridge according to embodiments of the invention including but not limited to:
  • the bridge may receive its power from a battery. This option makes it easy to deploy.
  • the bridge may receive its power from an external source through a power cable. This option prevents power consumption limitations.
  • the bridge may receive power via wires or contacts from the smart-card reader when it is mounted.
  • the bridge may receive its power from the smart-card reader's RF field, e.g. over NFC or other communication channels. It is common for smart- cards to get the energy they need from the RF field of the smart-card reader. However, the bridge may use more power than a smart-card for communicating with the mobile device and, in some embodiments, detecting other cards or mobile devices. The needed power may be provided by charging a super-capacitor over time using power from the RF field and using that power in bursts for the other uses. The advantage of this approach is that installation is easy and there is no need to replenish batteries.
  • the store or environment where the smart-card reader is located may also install a separate BLE Beacon (e.g., iBeacon), or other beacon operating on a non smart-card communication channel, that may form part of a system according to embodiments of the invention.
  • the beacon may cause an application on the mobile device to prompt the user when it enters the area, for example to remind the user that smart card transactions using mobile devices may be performed. This prompt can include some discount or other benefit for the consumer.
  • Bridge Logic the bridge may have various types of logic including but not limited to the following two types:
  • the bridge does not interfere in the high-level message exchange of the smart-card communication. Whatever the bridge is asked by the smart-card terminal, the bridge will relay the message to the mobile device and get a response (using its second antenna or transmitter over the non-smart-card channel), and return that response to the smart-card reader (using its first antenna over the smart-card channel).
  • the bridge may autonomously handle the low-level (contactless e.g. ISO- 14443 or contact e.g. ISO-7816) transport layer communication with the Terminal.
  • Example messaging flows using relay logic are described with reference to Fig. 8 and Fig. 10.
  • the bridge may transparently pass message content such as transaction information, without altering the message content itself, only altering the communication channel.
  • the bridge may process and alter the message content before passing it between the mobile device and smart-card reader to conform data from one channel to another channel, for example, by adding/ removing encryption, security information, header information, etc.
  • the mobile device may use BlueTooth communication in which data is encrypted, while an NFC reader may use NFC communication in which data is not encrypted. Therefore, the bridge may decrypt data from the mobile device before sending it over NFC to the NFC reader and may encrypt data from the smart-card reader before sending it over BlueTooth to the mobile device.
  • Example Relay Transaction Once the user has indicated to the mobile application that she wants to pay, the mobile device connects to the bridge over a non-smart- card communication channel (e.g., short-range such as BLE or long-range such as cellular) using the bridge's second or non smart-card antenna or transmitter and requests to perform a transaction.
  • the bridge may connect to the smart-card reader using the bridge's first antenna and respond to the smart-card reader activation commands.
  • the smart-card reader Once a connection has been established (e.g. NFC ISO 14443 anti- collision), the smart-card reader may initiate sending requests and expecting responses.
  • the bridge may then relay the requests to the mobile device through the short-range communication channel and relay the mobile device's response to the smart-card reader through the smart-card communication channel.
  • Proxy in this mode, the bridge may manages a communication session such as a smart- card transaction autonomously once it connects to the smart-card reader, without the mobile device.
  • the bridge receives the required information from the mobile device before starting the smart-card reader connection.
  • Example messaging flows using proxy logic are described with reference to Figs. 9 & 11.
  • Proxy transactions may be useful in situations where the bridge is not able to act as a relay. For example, imagine a slightly different bridge that supports mobile devices without BLE connection by passing data over audio using the mobile device's speaker in inaudible ultrasonic frequencies. Such channel may support only one-way communication - from the mobile device to the bridge, and this communication may be relatively slow.
  • the bridge in order for the bridge to perform a smart-card transaction (e.g. with an EMV terminal), the bridge may have all the account details, including for example Primary Account Number (or Payment Token) and a CVC3 Key.
  • Example Proxy Transaction (1) A mobile application identifies the bridge of the terminal using a pairing method.
  • the mobile application's server encrypts the application's account information, including for example keys, a short timeout, a timestamp and a message counter using the specific bridge's public key (and optionally error correction code (ECC)).
  • ECC error correction code
  • the bridge decrypts the data, validates that the timeout did not elapse and that the counter is higher than in the last message it received.
  • the bridge performs a smart-card transaction with the smart-card terminal where the bridge itself performs the required calculations and logic based on account parameters received from the mobile device.
  • the mobile device may run a mobile application to communicate with the bridge and/or smart-card reader. Once a communication session begins, the mobile device may receive and send messages as if it was communicating directly with the smart- card reader (e.g., as with host card emulation (HCE)), but may send the messages to the bridge using non-smart-card (e.g. short-range) communication channels.
  • HCE host card emulation
  • an application running on the mobile device may process a part of data received from the bridge to generate data emulating smart-card data.
  • the device may then send at least part of the emulated smart-card data over the non- smart-card communication channel to the bridge for relaying the emulated smart-card data to the contact or contactless smart-card reader over a smart-card communication channel.
  • the mobile device may authenticate the auxiliary device using information received over the non-smart-card communication channel, and securely send data over the non-smart-card communication channel to the auxiliary device for the auxiliary device to act as a proxy of the mobile device to emulate a smart-card over a smart-card communication channel.
  • a system may be configured for verifying the identity of a unique device, e.g. mobile device, with which to communicate.
  • a unique device e.g. mobile device
  • smart-card communication channels mobile device holders know they are transacting with the smart-card reader they tap.
  • non- smart-card communication channels such as, BLE
  • a mobile device may be unintentionally transacting with an unauthorized bridge mounted nearby or a different device in the same area, such as, a malicious device designed to steal credit card data.
  • One solution to ensure the mobile device is communicating with the intended device would be to use a non-smart-card communication channel for pairing, such as, QR- code or Air- Audio ("sub-meter" channels).
  • the mobile device may send a data block to the bridge.
  • the bridge may later prove knowledge of that data block to authenticate its identity to the mobile device.
  • the proving stage may occur on a longer-range channel than the pairing channel, such as,
  • Example 1 - Air Audio the user brings her mobile device near the bridge.
  • the mobile device and bridge communicate through audio sounds (preferably inaudible due to high-pitch). Since audio sounds weaken significantly with distance, especially with the mobile device's small speaker, this channel gives good guaranties that the mobile device is indeed communicating with the nearby smart-card reader.
  • Example 2 - QR-Code the user brings her mobile device near the bridge, showing the mobile device's screen to a camera on the bridge.
  • the screen shows a QR- Code (or other optical machine readable code) of the unpredictable number for authentication.
  • Geo-location Pairing can be done based on geo-location data. For example, the mobile device may use geo-location information to identify the store, bridge or the smart-card reader. The mobile device may receive from its server data encrypted with the bridge's unique key. Then the bridge may prove knowledge of that data. Geo-location may be aided by a BLE Beacon that may be separate from the bridge. In some embodiments, multiple types of geo-location information may be cross-checked (e.g. BLE Beacon, Wi-Fi network location data, GPS data, cell tower location data, etc.), for example, in case the security of any of these types of location data is inaccurate or compromised.
  • User Selection The user may select the name of the store and/or the smart-card reader number from a list preloaded in the mobile device application.
  • an auxiliary device or bridge may communicate over three distinct communication channels: • a first smart-card channel for communicating with the smart-card reader;
  • Authentication Transforming a smart-card (e.g., contact or NFC) system to communicate with a non- smart-card (e.g., BLE) system may cause the system to lose the important aspect of proximity that contact or NFC ensures. In these cases the system may if desired employ different means to ensure authenticity and user-intent including, for example: i) Smart-Card Reader Authenticity: should be based on pairing (e.g., as described above) and/or additional security, such as, cryptographic authentication and/or secure channels (such as, secure sockets layer (SSL))
  • SSL secure sockets layer
  • ii) User Authenticity With smart-card payment, a vending machine may release the purchased product immediately after payment transaction, knowing the card-holder is right next to it. With BLE the user may be standing in the back of the line. However, the user is not likely to initiate a transaction until he is the first in line. So as long as the user-experience is clear, no problem should occur.
  • the bridge may include a Secure Element for storing sensitive information such as keys including the bridge's unique key or a session, e.g. transaction key.
  • the Secure Element may also manage the smart-card session in the proxy use-case.
  • Low-level smart-card communication details the bridge may handle Low-Level smart-card communication details on its own, for example, without requiring information from the mobile device. Examples of such details may include:
  • Activation for example, as described in ISO/IEC 14443-3 or ISO-7816, may be handled by the bridge when starting a communication session, e.g. transaction. When it does not start a transaction, it may sense activation requests from the smart-card reader, but does not respond to them.
  • the bridge may require a longer time to respond than a regular smart-card since it relays the request to the mobile device.
  • the bridge may ask the smart-card reader, for additional time using the Wait- Time-Extension message on each message.
  • Removal smart-card transactions often include a way for the smart-card reader to signal to the card that a transaction is complete. This may be achieved, for example, by ISO/IEC- 14443-4 command Deselect or by briefly stopping the smart-card channel's RF field (e.g., for at least 5 milliseconds to emit an electro-magnetic signal). The bridge may use this signal, or other session end signal to indicate to the mobile device that the session has ended and to subsequently terminate the Mobile-bridge-Channel, vii) Transport Layer: the bridge may handle the smart-card transport layer (e.g., ISO/IEC 14443-4) on its own.
  • the smart-card transport layer e.g., ISO/IEC 14443-4
  • Fig. 1 shows schematically a communication system in which a mobile device 101 communicates with a smart-card reader 102 in a manner known in the art.
  • the mobile device 101 establishes a communication channel 103, for example an NFC channel 103 with the smart-card reader 102.
  • the mobile device 101 is able to conduct communication sessions with the smart-card reader 102, for example using application 105.
  • the application 105 may be supported from a mobile application server 107 with which the mobile device is in communication.
  • the smart-card reader 102 may be supported by a reader backing system 109 which may include one or more servers. In prior art systems the back-end system 109 is optional.
  • the smart-card reader 102 may accept, e.g. communicate with, smart-cards which are disconnected from a server.
  • Fig. 2 shows schematically a communication system in which a mobile device 201 communicates with a smart-card reader 102 according to some embodiments of the invention.
  • the smart-card reader and the smart-card back-end system may be the same as those shown in Fig. 1 in which the back-end system 109 is optional.
  • the reader 102 is enabled to communicate over one or more particular channels, e.g. known smart-card communication channels.
  • the mobile device 201 is different from device 101 and is not capable of communicating over those particular channels, in other words not capable of communicating directly with the smart-card reader 102.
  • a bridge 204 is provided to enable communication between the smart-card reader and the mobile device.
  • the bridge 204 may be mounted on the smart-card reader 102.
  • the bridge 204 may communicate with the smart-card reader 102 over a smart-card channel, for example an NFC channel 209, for example in the same manner that the mobile device 101 of Fig. 1 communicates with the smart-card reader 101.
  • the bridge 204 is configured for a contact smart-card reader and includes contacts for contacting contacts in the reader 102.
  • the bridge 204 is able to communicate with the smart-card reader 102 over multiple channels including for example NFC and contact.
  • the bridge 204 may include an NFC antenna and/or contacts for communication between the reader 102 and the bridge 204.
  • the bridge 204 and the mobile device 205 may communicate with each other using different technology and/or protocols from those used for communication between the smart-card reader 102 and the bridge 204.
  • a channel 203 not normally used for smart-cards, such as BLE may be used for communication between the bridge 204 and the mobile device 201.
  • the bridge may be connected to software operating on the mobile device 201 such as application 205 which may be supported by an application server 207.
  • Figure 3 is a schematic block diagram showing logic components that may be included in a bridge such as bridge 204 according to some embodiments of the invention.
  • the bridge illustrated in Fig. 3 includes:
  • Communication modem 301 this is a module or component or a group of components configured to handle communication with the mobile device 201.
  • the communication modem 301 may allow communication over one channel or multiple channels, e.g. non-smart card channels, e.g. BLE and Air- Audio.
  • Smart-card communication front end 305 also referred to as smart-card controller
  • Front end 305 may include, for example, NFC devices or ISOMEC 7816 contact devices for communication with smart-card reader 102.
  • Processor 303 may include one or more processors implementing one or more programs or algorithms to perform various operations including the exchange of information between the mobile device 201 and the smart-card reader 102 via the communication modem 301 and the smart-card communication front end 305.
  • the processor 303 may be configured to convert data received from the mobile device via the non-smart-card communication channel to data for communication to the smart- card reader over the smart-card communication channel, and vice versa.
  • Pairing communication 307 this indicates module including a component or group of components for communication with the mobile device 201 according to some embodiments of the invention. Pairing communication differs from communication modem 301 in that it has a sub- meter (less than or equal to one meter) range (to ensure pairing) and may be a limited channel e.g., one-way only, or relatively slow communication.
  • a bridge 204 according to embodiments of the invention may include either or both of pairing communication module 307 and communication modem 301. Both provide an interface via which the mobile device 101 communicates with the processor 303.
  • Proximity detector 309 - this may be provided as part of a bridge 204 according to some embodiments of the invention and may be used in various ways including but not limited to detecting another device being brought into proximity to the smart-card reader 102.
  • Secure Element 311 one or more of these may be provided according to some embodiments of the invention, for example in the form of an integrated circuit "IC" chip, and may be used for increased security in communications between the bridge 204 and the mobile device 201 or smart-card reader 102.
  • the bbridge 204 may include a Secure Element chip in order to allow it to communicate with certain mobile operating systems (e.g., made for iPhone "Mfi" chip).
  • a bridge according to embodiments of the invention may include a power unit
  • the 315 for example connected to the processor 303, and may be powered by a battery 313 or external source such as mains.
  • a supercapacitor 317 may be provided between communication front end 305 and power unit 315 whereby power may be provided by charging the super-capacitor 305 using power from the RF field and using that power in bursts for other uses.
  • Figs. 4A-4D and 5A-5D show two examples of physical design and configuration of the bridge 204 shown schematically in Figs. 2 and 3 according to some embodiments of the invention, and use of the bridge in conjunction with a contactless smart-card reader.
  • FIGs 4 A and 4B are two perspective views of a bridge 400 according to some embodiments of the invention designed to be mounted on and fitted over the antenna of a contactless smart-card reader 410 shown in Figs. 4C and 4D, without and with the bridge 400 fitted, respectively.
  • the reader is shown as having a front face including a key pad 415 and a smart-card channel antenna region 416 bearing the words "tap here".
  • the bridge 400 includes a central generally planar portion 420, designed to be positioned on the front face of the card reader 410 overlying the antenna region 416, and side portions or holders 421, 422 extending generally perpendicular to the central portion and being designed to grip the sides of the card reader 410 adjacent the antenna region 416.
  • An antenna 430 is provided on the central portion 420.
  • the central portion may be in the form of a substrate on which the antenna 430 is formed.
  • the bridge 400 includes the electronic components shown in Fig. 3, for example in the form of an IC chip 440 positioned in the illustrated example on one side portion 421.
  • the bridge antenna 430 is used to establish a smart-card communication channel, e.g. NFC, between the bridge 400 and the smart-card reader 410.
  • the bridge further includes a second antenna 460 for use in establishing communication with a mobile device over a second e.g. non smart-card communication channel.
  • the second antenna 460 is positioned at the side of antenna 430, for example on a side portion 421.
  • the bridge includes a further component for establishing a pairing with the mobile device 205 using a non-smart-card channel, in this example a microphone 450 positioned on side portion 421 adjacent to IC chip 440 for use in audio communication with the mobile device.
  • an audio channel may be used as the main channel for communication between the mobile device and the bridge, for example in conducting secure transactions.
  • the bridge shown in Figs. 4A and 4B is designed to achieve high coupling between the bridge 400 and the reader 410.
  • the term "coupling" may refer to magnetic RF coupling between smart-card channel antennas 416, 430 (e.g. NFC antennas) of the smart-card reader 410 and the bridge 400.
  • the shape of the bridgesmart-card channel antenna 430 of the bridge 400 may or may not exactly match the antenna 416, e.g. radio frequency "RF" antenna, of the reader 410 as shown in Figs. 4A, 4B and 4D. For example, since some smart-card channels such as NFC communication can work with partial coupling this exact matching may not be required.
  • a bridge 400 may be designed to operate with smart-card readers that have various antenna shapes and sizes, so that for example it is not necessary to provide a different design for each design of smart-card reader.
  • the bridge may harvest energy from the RF field of the smart-card reader 410.
  • the coupling between reader 410 and bridge 400 should be as high as possible, for example, by maximizing the overlap and minimizing the distance between the bridge and reader antennas 430 and 416. If the bridge uses the smart-card channel antenna 430 for communication only, the coupling may be reduced.
  • Figs. 5A to 5C show a possible design of bridge according to some embodiments of the invention that is not designed for maximum RF coupling.
  • the bridge 500 shown in these figures comprises a generally planar item that in the illustrated embodiment is small enough to be attached to a side surface of the smart-card reader 410 as shown in Fig. 4C.
  • the bridge 500 comprises a first antenna 530, second antenna 560 and electronics chip 540, similar to chip 440, positioned on the same surface of the bridge 500 with a microphone 550 positioned between them.
  • the components of the bridge shown in figs. 5A to 5C operate in a similar manner to the components of the bridge shown in figs. 4A to 4D.
  • the low coupling between the bridge and reader antennas may still be high enough to allow the bridge to communicate with the reader using Passive Load Modulation.
  • the bridge may use Active Load Modulation. This allows lower coupling, but requires more energy from the bridge.
  • FIG. 6 shows a contact smart-card reader 600 in normal operation with a contact -bearing smart-card 610.
  • the smart-card reader 600 has a slot 620 for receiving the smart-card 610. With the card 610 inserted, contacts inside the slot 620 make contact with smart-card contacts 630 which may for example be on the surface of the smart-card.
  • Fig. 7A shows a bridge 700 in cross section along the line A-A in Fig. 7B and Fig. 7B shows the bridge in perspective view.
  • the bridge has a body 705 in which a slot 704 is provided for receiving a card bearing contacts which in use connect with contacts 703 inside the slot 704.
  • Extending from the body 705 is a generally planar portion 702 designed to plug the slot 620 in smart-card reader 600.
  • the planar portion or plug 702 is provided with contacts 701 arranged to make contact with contacts inside slot 620 of the smart-card reader 600.
  • the bridge also includes electronic components, for example provided as an IC chip 706, which may be situated at any suitable location on the bridge, and optionally a microphone 707 for pairing.
  • the bridge 700 further comprises an antenna 708, for example a BLE antenna for use in communicating with a mobile device.
  • an antenna 708 for example a BLE antenna for use in communicating with a mobile device.
  • an audio channel or another non smart-card channel such as BLE may be used to communicate information between the bridge and the mobile device.
  • the slot 704 is optional but is useful in enabling the smart-card reader to be used in its normal mode of operation without the need to remove the bridge 700.
  • Fig. 7C shows the bridge 700 positioned with the plug 702 about to be inserted into the slot 620 of the smart-card reader 600.
  • Fig. 7D shows the bridge with the plug 702 fully inserted into the smart-card reader 600.
  • a bridge such as that illustrated in any of Figs. 2-7 may be used to relay communication between a mobile device and a smart-card reader.
  • fig. 8 shows a communication system similar to Fig. 1 including possible messaging flows between components of the system, in this example for conducting a transaction.
  • the principles used in this example may also be used in other kinds of communication session.
  • a request 801, 1006 will be sent from the mobile device transaction application 205 to the bridge 204 via channel 203 to start a transaction.
  • a bridge-reader communication channel is then established in message flows 802, 1008, following which the reader 102 responds with transactions requests 803 which are simply relayed by the bridge 204 to the mobile application 205 in messaging flow 804.
  • Transaction responses 805 from the mobile application 205 are simply relayed by the bridge 204 to the smart-card reader 102 in message flow 806. This is shown in more detail in Fig. 10 where high level requests 1...N from the smart-card reader are relayed by the bridge to the mobile device, the mobile device responds to each with a high level response, and the high level responses 1...N are relayed by the bridge from the mobile device to the reader.
  • Each request may for example comprise a request for transaction details for example relating to the mobile device user, such as may be required in verifying and authorizing a transaction.
  • the message flow in Fig. 10 may end with the termination of the smart-card channel at operation 1010, for example after removal of the card, and termination of the non-smart-card channel at operation 1012.
  • bidirectional communication takes place between the bridge and the reader and the bridge and the mobile device.
  • Figs. 9 and 11 illustrate, in an analogous manner to Figs. 8 and 10, an example embodiment of a proxy use of a bridge according to embodiments of the invention. This embodiment is more suitable when the mobile-bridge channel is a one way channel. Dedicated security protocols may be used.
  • the messaging flow commences with the establishment of a communication channel by message exchange 1102 and authentication and key agreement by message exchange 1104. Although shown as two way communications these may be one way only from the mobile device to the bridge.
  • a request 901, 1106 is then sent from the mobile application 205 to the bridge 204 for the commencement of a communication session, in this example a transaction. In this case the initial request 901, 1106 contains information relating to the transaction.
  • the bridge 204 does not then need to relay requests from the smart-card reader 102 to the mobile application 205.
  • Each request may for example comprise a request for transaction details for example relating to the mobile device user, such as may be required in verifying and authorizing a transaction.
  • the message flow in Fig. 11 may end with the termination of the smart-card channel at operation 1110, for example after removal of the card, and termination of the non-smart-card channel at operation 1112.
  • the bridge may relay some but not all requests from the smart-card reader to the mobile device, for example depending on the nature of the request and what has been supplied to the bridge by the mobile device.
  • the bridge may be configured to wait until after the mobile device has formed a connection with the bridge, and possibly also and requested to perform a transaction before connecting or increasing power to the antenna that will communicate with the mobile device.
  • Figs. 12-18 are circuit diagrams for possible bridge circuit configurations according to embodiments of the invention. These are provided merely by way of example and other configurations are possible, for example using different combinations of features from the examples in the figures. Some or all of the illustrated components, for example those shown within the dotted rectangle, may be provided as a complete integrated circuit. In Figs. 12-18 the following abbreviations are used:
  • Vcc IC Power-Supply Pin
  • Fig. 12 shows a possible circuit configuration for a bridge for use with a contactless smart-card reader, for example a reader using an NFC channel.
  • the bridge-mobile device communication modem is a BLE modem 1201 connected to antenna 1202.
  • the circuit is battery powered using power supply 1215 and is designed for passive or active load modulation amplitude "LMA".
  • the circuit includes a processor 1203, smart-card controller in the form of an LMA IC 1205, proximity detector 1219 and secure element 1211, all intended to function in an analogous way to the corresponding components described with reference to Fig. 3.
  • the circuit also includes a smart-card channel antenna 1206 connected to the smart-card front controller 1205.
  • the chip 1205 may be either a passive LMA chip or an active LMA chip depending on how the device is to be used.
  • passive LMA the bridge may receive energy from the electromagnetic field of the reader.
  • active LMA the bridge is able to use its own power supply, e.g. battery, which enables it to improve the communication range and stability. Both are commonly available and are pre- installed for example in some mobile devices.
  • a field sensor is schematically indicated by reference 1207 arranged to sense a proximate RF field and in response selectively disconnect or reduce power to the antenna 1206.
  • the smart-card controller 120 may have Field Sense (FS) capability in which case sensor 1207 may not be required. In this case, it may send indications to the processor (uP) 1203 about field change through their bidirectional communication (BDC), and the FS line going into the processor 1203 will not be needed.
  • the power supply voltage Vcc for the secure element (SE) 1211 may come from the processor 1203 or from the smart-card controller 1205.
  • the secure element may be connected to processor (uP) 1203 only (Power (Vcc) + BDC) and not to the smart-card controller 1205, especially for an implementation such as some using BLE where security is needed for pairing with the mobile device and not for the smart-card communication.
  • a switch 1204 is positioned between the controller 1205 and antenna 1206. This switch is closed (switched ON) when the bridge wants to start communicating with a reader. Switching it ON emulates arrival of a smart-card to the smart-card reader. Switching it OFF emulates removal of the smart-card from the smart-card reader. It is provided so that the bridge can remain on the smart- card reader all the time.
  • Fig. 13 shows an alternative circuit configuration, similar to Fig. 12, designed to use NFC charging, or other RF charging, depending on the smart-card channel, instead of being battery powered.
  • This embodiment includes supercapacitor 1317 and trickle charger 1318 to enable the bridge to derive power from the NFC RF field.
  • the operation of the circuit shown in Fig. 13 is the same as that shown in Fig. 12.
  • Fig. 14 shows an alternative circuit configuration, similar to fig. 12, designed to use Air- Audio as the non-smart-card communication channel.
  • the bridge in this embodiment includes a microphone 1420 for receiving incoming messages and data from the mobile device.
  • the microphone 1420 is connected to a microphone interface 1422 which in turn is connected to an analog input of the processor 1413.
  • Outgoing messages and data from the processor 1403 are output from an analog output of the processor 1403 via speaker interface 1424 to speaker 1426.
  • the operation of the circuit shown in Fig. 14 is the same as that shown in Fig. 12.
  • Figure 15 shows an alternative circuit configuration, similar to Fig. 12, having both BLE and Air-Audio channels available for communication with the mobile device.
  • the appropriate channel might be selected according to the capability of the mobile device.
  • one channel may be used for pairing the mobile device with the bridge and the other may be used to conduct a communication session.
  • the circuit of Fig. 15 includes both Air-Audio components 1520. 1522, 1524, 1526, similar to components 1420, 1422, 1424, 1426 and BLE components 1502 and 1501 similar to components 1202 and 1201.
  • Both circuits shown in Figs. 14 & 15, which are designed to use an Air-Audio channel, include a battery. However it is possible that they might use a super capacitor in the manner shown in Fig. 13.
  • Figs. 16-18 show alternative circuit configurations designed for use with a contact smart-card reader. Each of the circuits includes components similar to those shown in Figs. 12-15 which are not described further. The circuits of figs. 16-18 do not require controller chips such as controller 1205.
  • the circuits each include a card presence switch, e.g. a micro-switch 1630, 1730, 1830 for sensing whether a card is inserted into the slot, e.g. slot 704 of Fig. 7C, reader contact plug contacts 1632, 1732, 1832 corresponding to contacts 701 in Fig. 7A and card slot receptacle contacts 1633, 1733, 1833 corresponding to contacts 703 in Fig. 7A.
  • a card presence switch e.g. a micro-switch 1630, 1730, 1830 for sensing whether a card is inserted into the slot, e.g. slot 704 of Fig. 7C
  • FIG. 16 this shows a possible bridge configuration BLE and Air-Audio, for communication with the mobile device, battery power, and ISO-7816 direct contact with a smart- card reader.
  • the circuit of Fig. 16 may operate as follows: When a smart-card is inserted into the bridge, the smart-card's contacts are directly connected to a card-slot-receptacle contact surface of the bridge making contact with contacts 1633, and a reader-contact-plugs 1632 on a contact surface of the bridge are directly connected to the smart-card reader's contacts.
  • the bridge forms a direct electrical connection between its card-slot-receptacle contacts 1633 and its reader-contact -plug contacts 1632, thereby allowing the smart-card to communicate with the smart-card reader as though the smart-card was inserted directly into the reader.
  • the bridge's microprocessor (uP) 1603 can communicate with the smart-card reader through the bridge's reader-contact -plug contacts 1632. The bridge may then emulate a smart-card, using data received from the mobile phone.
  • the circuit of Fig. 17 is configured for BLE and Air-Audio communication with a mobile device, battery power, and ISO-7816 indirect contact with a smart-card reader.
  • This circuit may operate as follows: A micro-switch 1720 senses whether a card is inserted into the bridge's slot. When a smart-card is inserted, the bridge's processor 1703 is configured to relay communication between the smart-card and the smart-card reader. When no smart-card is inserted, the bridge may communicate with the smart-card reader based on data received from the mobile device.
  • the circuit of Fig.18 is configured for BLE and Air- Audio communication with the mobile device, indirect contact e.g. ISO-7816 with the smart-card reader and possibility of charging using supercapacitor 1817 and trickle charger 1818.
  • the bridge may draw power from the smart- card reader and store it in the super-capacitor 181 for powering the bridge.
  • the bridge may receive power through the ISO-7816 lines.
  • Fig. 19 shows message flows in a conventional Open Loop Payment using an HCE capable Mobile device.
  • a mobile device will send a token, as well as a code such as a CVV3 code and signature, generated for example in response to user personal identification number "PIN" entry, to the smart- card reader.
  • a payment application on the mobile device which may be supported by a back end server indicated as a wallet server which in turn communicates with a token server.
  • Communication between the mobile device and the smart-card server may use an NFC channel.
  • the token, code signature and additionally the payment amount are communicated to a payment network for example via one or more processors and computing systems at an acquirer bank.
  • the payment network will query the token server for authorisation of the token and the token service provider will typically respond with the token authorisation and a personal account number "PAN".
  • PAN personal account number
  • the PAN, token authorisation and amount are then sent from the payment network to the issuer bank, e.g. the customer/mobile device owner's bank, from where the payment is processed, e.g. issued.
  • Fig. 20 shows a message flow similar to Fig. 19 in which a bridge according to embodiments of the invention is used.
  • the bridge is simply used to relay messages between the mobile device and the smart-card reader in the manner shown in Fig. 10.
  • the message flow is the same as that shown in Fig. 19.bridge
  • Fig. 21 shows a message flow similar to Figs. 19 and 20 in which the bridge is used according to embodiments of the invention as a proxy for the mobile device.
  • a more secure, e.g. authenticated, channel is established between the mobile device and the bridge is supplied with additional information by the mobile device, such as a transaction key, so that the bridge can respond to queries from the smart-card reader in the manner shown in Fig. 11 without needing to refer back to the mobile device.
  • BLE Modems and Antennas shown in the Figures may be replaced with other modems.
  • the bridge may be configured to communicate over include multiple non-smart- card channels, for example by comprising multiple different communication units, e.g., both BLE modem and Air- Audio communication units.
  • embodiments of the invention describe communicating with mobile device that are not capable of communicating using smart-card communication channels such as NFC or contact channels, embodiments of the invention may also apply to mobile device that are capable of such communication, but which have components for smart-card communication temporarily disabled or otherwise occupied, are unable to transmit or receive over smart-card channels for example due to RF interference at the smart-card terminal, are exhibiting security issues over smart- card channels, or are otherwise unable to be used.
  • a "contactless" smart-card reader is a smart-card reader that is capable of communication via a contactless smart-card communication channel and a “contact” smart-card reader is a smart-card reader that is capable of communication via a contact smart-card communication channel.
  • contactless smart-card reader may also include contact communication interfaces and contact smart-card reader may also include contactless communication interfaces.
  • Contactless smart-card reader may also include other communication interfaces.
  • Embodiments of the invention may be software-implemented using dedicated instruction(s) or, alternatively, hardware-implemented using designated circuitry and/or logic arrays in each of the mobile devices, mobile applications or application servers, auxiliary units (bridges) or smart-card readers or terminals.
  • Embodiments of the invention may include an article such as a computer or processor readable transitory or non-transitory storage medium in each of the mobile device, mobile application or application server, auxiliary unit (bridge) and/or smart-card reader, such as for example a memory, a disk drive, or a USB flash memory, for encoding, including or storing instructions which when executed by a processor or controller, carry out methods disclosed herein.
  • auxiliary unit bridge
  • smart-card reader such as for example a memory, a disk drive, or a USB flash memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Toxicology (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • General Health & Medical Sciences (AREA)
  • Electromagnetism (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Devices For Checking Fares Or Tickets At Control Points (AREA)

Abstract

L'invention concerne des dispositifs, des systèmes et des procédés d'utilisation d'un dispositif auxiliaire avec contact ou sans contact relié à un lecteur de carte à puce avec contact ou sans contact. Le dispositif auxiliaire sans contact peut comprendre une première antenne permettant de communiquer avec le lecteur de carte à puce sans contact à l'aide d'un canal de carte à puce, une seconde antenne permettant de communiquer avec un dispositif mobile à l'aide d'un canal de carte sans puce et un processeur permettant de convertir des données reçues sur un canal pour une transmission sur l'autre canal en vue d'émuler une carte à puce sans contact. Le dispositif auxiliaire avec contact peut comprendre une surface de contact permettant de se connecter avec une surface de contact du lecteur de carte à puce, une antenne ou un émetteur permettant de communiquer avec un dispositif mobile à l'aide d'un canal de carte sans puce, et un processeur permettant de convertir des données reçues à partir du dispositif mobile à l'aide du canal de carte sans puce en données transmises au lecteur de carte à puce avec contact sur le canal de carte à puce avec contact pour émuler une carte à puce avec contact.
PCT/IL2015/050860 2014-08-28 2015-08-27 Dispositif, système et procédé d'utilisation d'un dispositif auxiliaire pour émuler une carte à puce Ceased WO2016030893A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201462043116P 2014-08-28 2014-08-28
US62/043,116 2014-08-28

Publications (2)

Publication Number Publication Date
WO2016030893A2 true WO2016030893A2 (fr) 2016-03-03
WO2016030893A3 WO2016030893A3 (fr) 2016-04-21

Family

ID=55400773

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2015/050860 Ceased WO2016030893A2 (fr) 2014-08-28 2015-08-27 Dispositif, système et procédé d'utilisation d'un dispositif auxiliaire pour émuler une carte à puce

Country Status (1)

Country Link
WO (1) WO2016030893A2 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017152186A3 (fr) * 2016-03-04 2018-07-26 Visa International Service Association Interactions de lecteur médial
EP3410331A1 (fr) * 2017-05-29 2018-12-05 OneSpan International GmbH Système et procédé de transfert de données vers un dispositif d'authentification
US20230401116A1 (en) * 2022-06-08 2023-12-14 Oracle International Corporation Logical java card runtime environment
US12073278B2 (en) * 2019-11-21 2024-08-27 Banks And Acquirers International Holding Electronic payment terminal and corresponding method for optimising operation and computer program
US12216769B2 (en) 2022-04-29 2025-02-04 Oracle International Corporation Secure element enforcing a security policy for device peripherals

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8355670B2 (en) * 2010-06-22 2013-01-15 At&T Mobility Ii Llc Near field communication adapters
US9154190B2 (en) * 2011-02-15 2015-10-06 Blackberry Limited Master mobile wireless communications device with near field communication (NFC) capabilities to send media content to slave mobile wireless communications devices and associated methods
US20130207778A1 (en) * 2012-02-13 2013-08-15 Xceedid Corporation Accessory for a mobile device

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017152186A3 (fr) * 2016-03-04 2018-07-26 Visa International Service Association Interactions de lecteur médial
KR20210107142A (ko) * 2016-03-04 2021-08-31 비자 인터내셔날 써비스 어쏘시에이션 미드레인지 판독기 상호작용
KR102381224B1 (ko) 2016-03-04 2022-04-01 비자 인터내셔날 써비스 어쏘시에이션 미드레인지 판독기 상호작용
US11308478B2 (en) 2016-03-04 2022-04-19 Visa International Service Association Mid-range reader interactions
US12033132B2 (en) 2016-03-04 2024-07-09 Visa International Association Service Mid-range reader interactions
EP3410331A1 (fr) * 2017-05-29 2018-12-05 OneSpan International GmbH Système et procédé de transfert de données vers un dispositif d'authentification
EP3410332A1 (fr) * 2017-05-29 2018-12-05 OneSpan International GmbH Système et procédé de transfert de données vers un dispositif d'authentification
US12073278B2 (en) * 2019-11-21 2024-08-27 Banks And Acquirers International Holding Electronic payment terminal and corresponding method for optimising operation and computer program
US12216769B2 (en) 2022-04-29 2025-02-04 Oracle International Corporation Secure element enforcing a security policy for device peripherals
US20230401116A1 (en) * 2022-06-08 2023-12-14 Oracle International Corporation Logical java card runtime environment
US12197974B2 (en) * 2022-06-08 2025-01-14 Oracle International Corporation Logical java card runtime environment

Also Published As

Publication number Publication date
WO2016030893A3 (fr) 2016-04-21

Similar Documents

Publication Publication Date Title
US20240303625A1 (en) Method, device, add-on and secure element for conducting a secured financial transaction on a device
KR101632465B1 (ko) 무선 주파수 신호의 증폭
TWI496025B (zh) 配件、配件介面系統及方法
WO2016162535A1 (fr) Transactions de distributeur automatique
CN109314545B (zh) 具有辅助天线的无线通信系统
JP7783874B2 (ja) 電話から電源カード、電話のBluethooth通信へのNFCフィールドの使用
CN103268547A (zh) 具有指纹认证机制的nfc手机支付系统
CN104123793B (zh) 基于nfc功能的取款系统及其取款方法以及取款机
JP2016500173A (ja) モバイル装置および電源付きディスプレイカードを用いた、安全な遠隔アクセスおよび遠隔支払いのためのシステムおよび方法。
WO2016030893A2 (fr) Dispositif, système et procédé d'utilisation d'un dispositif auxiliaire pour émuler une carte à puce
EP2874111B1 (fr) Alimentation sans fil pour permettre une transaction de paiement
CN104123644B (zh) 一种能与电容触摸屏通信的ic卡及其系统和方法
CN102930643B (zh) 具有圈存借贷记业务数据接口的ic卡及其实现圈存的方法
KR101695097B1 (ko) 오티피카드를 이용한 계좌이체 기반 간편결제 방법
CN204155313U (zh) 一种能与电容触摸屏通信的ic卡及其系统
KR101674812B1 (ko) 오티피카드를 이용한 계좌이체 결제 방법
KR101721479B1 (ko) Ic 접촉식 카드 리더와 rf 카드 간의 통신을 지원하는 인터페이스 장치
CN105809426A (zh) 移动支付处理方法及装置
CN106326790A (zh) 一种账户验证装置和方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15836172

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15836172

Country of ref document: EP

Kind code of ref document: A2