Secure Card Solution With Rotating Keys

Our patent-pending* solution leverages the principles of assumption of breach and zero-trust as core principles of its design while relying on existing commodity technologies already in use in production environments.

*Patent Application US 62/923,025

What Is The Need?

On October 1, 2015, all all point of sale (POS) terminals in the United States were required to begin using EMV IC smart cards. Billions of dollars were spent upgrading POS terminals and issuing new cards to customers. However, IC cards were not a new technology. Put in perspective, if it was a person, it would have been old enough to have earned a college degree in 2015.

Since then, security researchers have demonstrated methods to circumvent the new standard. While smart cards are more difficult to compromise, new vulnerabilities will surely be found. What’s more, the new cards were several times more expensive than other solutions. Why had the United States implemented such dated technology instead of leading the world with the next-generation of payment cards? With such an expensive rollout complete, is there a way to deploy a more secure solution without requiring another costly upgrade?

Our solution provides just that – a highly-secure physical authentication device using inexpensive commodity hardware which is compatible with existing readers (including mobile devices). What’s more, this solution has use-cases beyond payment cards including applications in access control, authentication and authorization, and more.

Authenticity and Integrity

Two core principles of any physical security device are authenticity and integrity. In this context, authenticity refers to the guarantee that the device is unique and has not been cloned or duplicated. Integrity refers to the condition of the device and whether or not it has been tampered with or compromised.

While modern devices implement mechanisms to ensure that they remain secure, they all rely on either authenticity or integrity alone at the expense of the other. This results in a security device that can be modified, corrupted, duplicated, or spoofed by bad-actors. Only our patent-pending solution is able to guarantee both authenticity and integrity of the device itself by upholding the principles of assumption of breach and zero trust.

FALSE: It Is Impossible to Clone Smart Cards

While technology such as smart cards and U2F tokens were once thought to be impossible to clone, security researchers and hackers have discovered new methods to bypass their security again and again . . . and again (in 2019!) While they do largely eliminate the threat of skimming, they are not tamper- or clone-proof. When relying on static devices, it is only a matter of time before they are compromised, and pen testers have always maintained that direct physical access to a device means “game over.” It is impossible to ensure the authenticity of static security keys with complete certainty. Once these devices are inevitably compromised or duplicated, how can it be detected?

PROBLEM: IC Cards Are Expensive and Not Mobile-Friendly

The average cost of an EMV IC smart card is $3-4. Dual-interface cards add at least $1 to the price. New biometric dual-interface cards are likely to be much more expensive, and the delicate fingerprint sensors may be more easily damaged (leading to more frequent replacements). Additionally, none of these solutions are inherently compatible with mobile devices and require small businesses to purchase additional expensive hardware. Our solution can be implemented on lower cost devices such as NFC cards that are mobile-friendly while still providing superior security compared to IC cards.

FALSE: Physical Security Devices Will Soon Be Replaced

Despite the rise of smartphones, biometrics, and behavioral analytics, there will always be a need for physical security devices for high-security applications such as payment processing, access control, authentication, etc. There are two primary reasons why this is true. First, connected devices like smartphones pose an inherent risk of being remotely compromised. Second, physical devices are one of the three factors of authentication – something you have (physical devices), something you know (passwords, etc), and something you are (biometrics). There will always be situations where a physical device is required. However, there is generally no way of ensuring that malicious users have not tampered with or compromised static security devices.

PROBLEM: Short-Range Wireless Poses Security Risk

On their own, short-range wireless technologies such as NFC, RFID, and Bluetooth cannot be secured. There is ALWAYS a way to remotely intercept and read signals from such devices. While security measures can be taken to prevent compromise, relying on contactless technology alone opens the door for numerous attacks from malicious users. As banks and companies consider issuing contactless and dual-interface cards to their users, adding an additional mechanism to ensure their authenticity is a growing necessity.

Our Solution

By way of analogy, our solution is similar to web authentication. When logging into a website, an authentication cookie is created based on a username and password. This piece of data is stored on the user’s computer and used by the browser to determine if a user is logged into the website or not. If this cookie is copied from one device to another, a malicious user can gain access to the website without detection by the user or website.

To solve this issue, many sites add a secondary rotating session cookie. This piece of data is stored on a user’s computer and is regularly checked and updated by the website’s servers as the user accesses their account. When a user logs in with a new device, the website will create and maintain a new session cookie that is unique to that device. This allows the website to manage and detect new devices accessing the account. However, since the session cookie is regularly updated, if it is intercepted or copied to a new device, the session cookie from one device will become invalid as soon as it is used on another device. This provides a mechanism to determine when an account may have been compromised.

Similarly, standard authentication devices such as smart cards, U2F tokens, and NFC cards rely on static data/circuitry much like a simple authentication cookie. If the device is somehow duplicated or data is intercepted, malicious access is impossible to detect. Our patented process employs the use of a rotating key on authentication devices similar to the session cookies used by a website. As a result, duplication and compromises can be easily detected and thwarted.

Possible Implementations

Our process leverages any device with at least two forms of data being stored/presented and at least one of these being writable. This provides nearly limitless combinations of technologies which could be utilized to implement our process on any given device. However, due to the accessibility and ubiquitous presence of certain technologies in existing markets, we suggest the following implementations.

NFC Card and QR Code

One of our suggested platforms is an NFC card imprinted with a QR code. With this configuration, the QR code serves as an encryption key to decrypt the data stored on the NFC card. This configuration provides several advantages:

Cards must be visually seen AND read to access data.
Rotating keys provide a mechanism to detect duplication/compromise with each successive card use.
Additional rotating keys and layers of encryption may be added by including a PIN, biometrics, etc.
NFC and QR codes can already be scanned by nearly all POS systems as well as mobile devices.
Could also be implemented on a smartphone using on-board NFC and a QR code on the display.

Dual-Interface IC and NFC Card

Another suggested platforms is a dual-interface IC smart card with NFC capabilities. With this configuration, the NFC chip is used to store an authentication token generated during the challenge/response of the IC authentication process. By including a rotating token, IC smart cards are further strengthened against compromise. This configuration could have several applications:

Dual-interface smart cards are the standard form factor of Common Access Cards (CACs) used by the government and large businesses.
Modern POS systems include chip readers in conjunction with NFC scanners.

The addition of a PIN, QR code, or even a QR-styled security hologram could be used to further strengthen the security of the device.

Potential Use Cases

There is no limit to the applications of our secure card. What’s more, many systems currently in use could be adapted to utilize our card as a drop-in solution due to its use of existing technologies. Below are just a handful of examples for how our technology could be leveraged across a variety of markets.

Point of Sale

While smart cards are an improvement over magnetic stripe cards, it is a dated technology with new attack vectors being uncovered. Our solution legerages barcode, smart card, and NFC readers already present in existing terminals to avoid the need for expensive hardware upgrades. Consumers are then protected by the device’s built-in resistence to duplication, interception, and theft.

Access Control

High-security locations such as government facilities and datacenters require the best security available. However, Common Access Cards and other devices provide no mechanism to detect if a card has been duplicated. By utilizing the rotating keys on our card, successive scans by duplicate keys will cause a mismatch allowing systems to lock cards, deny access, and alert security.

Authentication & Authorization

Access to digital systems is just as important as access to physical locations. Though hardware tokens provide increased security for authentication and authorization, their static nature introduces the possibility of duplication. Furthermore, those which require being connected to the system can potentially be used to spread malware or be compromised. Our solution reduces or eliminates both of these risks while improving the overall security of digital systems.

Auditable Supply Chain Management

Sensitive products and shipments require precise tracking throughout a supply chain network. Many warehouses already utilize RFID and QR codes for tracking, but these elements are static and risk becoming corrupted. Our solution provides a mechanism to record an auditable trail of inventory movements for high-priority items.

Device Syncing & Pairing

It is no secret that technologies such as Bluetooth have numerous vulnerabilities. These days, short-range wireless connections are used for more than just headphones and are becoming common on sensitive medical devices like insulin pumps. By implementing an additional visual mechanism required for authentication, the risks of improper access are significantly reduced.

Working Proof of Concept

Our current demonstration and POC platform utilizes a Honeywell Metrologic MS7820 Solaris barcode scanner and a MIFARE NFC card imprinted with a QR barcode. This system is fully-functional and successfully demonstrates the working principle of our solution. Additionally, we are exploring the development of a POC utilizing a dual-interface smart card to demonstrate how our solution can be implemented with a smart card that utilizes both an IC and NFC.

Interested? Let’s Talk!

We’re currently looking for interested parties to partner with us and bring our device to market. Are you the manufacturer of access control systems and hardware? Are you involved in the PCI industry and looking for the next generation of physical payment devices that wouldn’t require deploying new, expensive hardware? We’d love to discuss different application possibilities and how our technology can provide solutions for you and your customers.