Transaction Verification on RFID Enabled Payment and Transaction Instruments

Abstract

A display enabled RFID tag (DERT) receives transaction details from the reader. DERT verifies that the details match their counterparts in the reader public key certificate. The process is aborted in case of a mismatch. DERT extracts and displays user-verifiable data. It then enters a countdown stage that lasts for a predetermined duration. A user observes the transaction information and, if the transaction amount and other details are deemed correct, presses an accept button provided on the DERT before the timer runs out. DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT.

Description

RELATED APPLICATIONS[0001]The present application is related to U.S. patent application Ser. No. 13 / 286,154, filed on Oct. 31, 2011, which is incorporated herein by reference and to which priority is claimed pursuant to 35 USC 120.STATEMENT OF GOVERNMENT SUPPORT[0002]This invention was made with government support under grant 0831526 awarded by the National Science Foundation. The government has certain rights in the invention.BACKGROUND[0003]1. Field of the Technology[0004]The disclosure relates to the field of methods of using RFID tags in secure transactions and communications.[0005]2. Description of the Prior Art[0006]Recent emergence of RFID tags capable of performing public key operations has enabled some new applications in commerce (e.g., RFID-enabled credit cards) and security (e.g., ePassports and access control badges). While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particu...

AI Technical Summary

Benefits of technology

This patent describes a method for securely verifying and approving transportation fare charges using RFID-enabled devices. The method involves displaying a random number on a device with a PIN, allowing the user to change the random number to the PIN using a reader keypad. The device then performs a matching algorithm to verify the PIN. This method ensures reliable user-to-tag authentication even with limited input from the user. The patent also describes a wireless device adapted for communication with a reader that includes a display, random number generator, memory, and processor for performing the matching algorithm. This results in an RFID tag with improved security against spgoing.

Problems solved by technology

In such settings, a reader can easily be maliciously used to mislead the tag into signing or authorizing a transaction different from the one that is communicated to, or intended by, the user.

This is possible because there is no direct channel from a tag to its user (i.e., no secure user interface) on regular RFID tags and the only information a user gets (e.g., a receipt, or an amount displayed on the cash register) is under the control of a potentially malicious reader.

Thus, it seems impossible for a user to verify (in real time) transaction details, e.g., the amount or the currency.

This problem becomes especially important with current electronic credit cards.

However, as mentioned earlier this doesn't solve problem and arguably make it even worse by triggering false sense of trust.

However, small amount frauds are very easy to miss on those statements since this information is available at least few days or more after the transaction and it is hard for users to remember and verify all those transactions listed on a statement.

Images