In certain technical environments, a trusted device and an untrusted device are required to securely share information. As used herein, trust is defined with respect to the perspective of an observer, such as the manufacturer of a device, and relates to a level of confidence held by that observer as to how secure a system is. Generally, a manufacturer will be able to assure that the devices they produce are trusted, but cannot have the same level of confidence in devices produced by unrelated third parties. Therefore, the manufacturer must consider the possibility that data stored in the memory of an untrusted device can be monitored and extracted without the permission of the operator of that untrusted device.
A specific example of one of the technical environments mentioned above is illustrated in FIG. 1. A secure card reader 100 can be paired with a smartphone 101, or other device, for purposes of processing a payment. Secure card readers that are configured for use with standard smartphones and tablets are appealing from a user convenience perspective because of the flexibility they provide and the division of labor between a low-cost task-specific device and a more complex user interface device that is already widely available. Standard secure card readers that are available today will obtain sensitive data from a payment card 102 and encrypted it internally. The secure card reader can then transmit the encrypted data to a payment processor 103. In this situation, the untrusted device (i.e., smartphone 101) is never in contact with unencrypted sensitive data, and instead merely provides a means for interfacing with the user. The term user input device is used herein to refer to the smartphone tablet, or other discrete device that is operating in tandem with the secure card reader to communicate with a user and process a payment.
In certain payment flows, sensitive data is provided from a user via both the card reader and the separate user input device. For example, as shown in the bottom half of FIG. 1, secure card reader 100 could be used to obtain a personal account number (PAN) from a magnetic stripe or chip on a debit card, while smartphone 101 is used to obtain a personal identification number (PIN) from the card holder using a touch screen. In this situation, both secure card reader 100 and smartphone 101 will need to encrypt the data they receive to maintain the required level of security associated with processing payments.
Secure card readers are widely available, but the ability to receive a “PIN on glass” via the touch screen of any given smartphone is a functionality that is not widely available due to industry difficulties with extending standards-based security to an arbitrary smartphone. Therefore, because of the difficulty of sharing secure data and encryption keys with an unsecure or untrusted device, payment flows involving the entry of a pin on a smartphone are generally not supported by the convenient combination of a secure card reader and smartphone.
Secure communication between devices is often achieved through an exchange of keys such as those used for symmetric or asymmetric encryption. In the system of FIG. 1, one solution that could mitigate security concerns would be to encrypt the PIN on smartphone 101 using a key 105 previously provided from the secure card reader 100 over line 104. However, the untrusted nature of smartphone 101 complicates this approach. As mentioned previously, a key shared with an untrusted device could essentially be exposed when it is stored or used by an untrusted device. In an extreme case, an attacker could have the ability to monitor the execution of code on the untrusted device and extract the key. This extraction could be achieved by directly stealing the key data, monitoring the intermittent values generated in memory during an encryption process and extrapolating the key data, or monitoring the input-output of the encryption process over many samples to extrapolate the key data.