1. Field of the Invention
The invention generally relates to contactless smartcard technology; and in particular, the present invention relates to a security system for use with contactless smartcards.
2. Background of the Invention
Recent development in and standardization of smartcard technology is driving the wide-spread use of smartcards. Smartcards are credit card-sized plastic cards that contain embedded computer chips. Usually the computer chips are memory chips or microprocessor chips with internal memory. There are two categories of smartcards: contact smartcards or contactless smartcards. A contact smartcard requires physical contact between the computer chip on the card and a smartcard reader to conduct a transaction. Typically, a conductive module is provided on the surface of a contact smartcard for forming electrical contacts with the smartcard reader.
On the other hand, a contactless smartcard communicates with a smartcard reader via an electromagnetic interface when the contactless smartcard is brought in close proximity to the reader. FIG. 1 is a block diagram illustrating the operation of a conventional contactless smartcard and a smartcard reader. A smartcard reader 102 transmits radio frequency (RF) signals over its antenna while a conventional contactless smartcard 100, disposed with its own antenna, detects the RF signals when the card is brought within the detection distance of the reader. The communication frequency for contactless smartcards is set at 13.56 MHzxc2x17 kHz as defined by the ISO/IEC standard nos. 14443-2 and 15693-2, entitled xe2x80x9cIdentification cardsxe2x80x94Contactless integrated circuit(s) cardsxe2x80x9d for proximity cards and vicinity cards, respectively. In operation, a contactless smartcard derives operating power from the induced electromagnetic field transmitted by the smartcard reader. As shown in FIG. 1, the received signal is processed by RF interface 104 which is then provided to smartcard logic circuits 106 as the power source for the circuits. Smartcard logic circuits 106 are thus activated. Data is conveyed to and from the contactless smartcard through the RF signals transmitted and received by the antenna of the contactless smartcard.
The detection range of contactless smartcards is also defined by the aforementioned ISO standards. For instance, a proximity contactless smartcard has a minimum operating field of 1.5 A/m and a maximum operating field of 7.5 A/m (see ISO standard no. 14443-2). A vicinity card, on the other hand, has a minimum operating field of 150 mA/m and a maximum operating field of 5 A/m (see ISO standard no. 15693-2). Depending on the detection range required for the specific application, a contactless smartcard is constructed to operate within the detection ranges specified above.
Wide array of applications of both contact and contactless smartcards have been identified. For instance, smartcards are used in the financial sector and the health care sector throughout Europe and Asia. Smartcards can be used for storing important cardholder financial information. Smartcards have also been used as xe2x80x9celectronic pursesxe2x80x9d where the smartcards contain cash or other financial information of the cardholders. For example, a smartcard can contain information representing values such as electronic cash that is converted from paper cash or from a bank""s ATM. The electronic cash can be used at merchants for purchases, at vending machines, at pay telephones and at mass transit systems.
In some countries, health care programs provide health care smartcards to participants containing medical plan details and medical information of the card holder.
While contactless smartcards offer many advantages over the conventional magnetic strip cards as well as contact smartcards, such as providing a faster interface with card readers, the use of contactless smartcards poses serious security and privacy concerns. Because contactless smartcards is activated merely by bring the cards within the detection range of a card reader, contactless smartcards are susceptible to unauthorized and unknown interrogation. For example, xe2x80x9celectronic pick-pocketingxe2x80x9d is a security concern particular to contactless smartcards. Electronic pick-pocketing occurs when a contactless smartcard carried by a cardholder in his back pocket or backpack is interrogated by an unauthorized person without the cardholder""s knowledge and authorization. A person attempting xe2x80x9celectronic pick-pocketingxe2x80x9d only needs to bring a card reader sufficiently near the purse or backpack to activate the card. The person is then able to extract information off the card such as cash or valuable personal financial information, such as bank account numbers, during the unauthorized interrogation. The person may also conduct a transaction with the card, unbeknownst to the cardholder. For health care smartcards, the xe2x80x9cpick-pocketerxe2x80x9d can extract private and confidential health conditions and information about the cardholder.
Therefore, there is a need to secure contactless smartcards against unauthorized interrogations.
According to the present invention, a method for securing a contactless smartcard against unknown and unauthorized interrogations while the smartcard is being carried on the person of a cardholder is provided. The method includes: (a) providing an operating frequency in the contactless smartcard, the operating frequency being higher than a specified transmission frequency of contactless smartcards; (b) bringing the contactless smartcard within a detection range of a smartcard reader; and (c) maintaining the contactless smartcard in an inactive state as a result of the operating frequency being higher than the specified transmission frequency.
According to another embodiment of the present invention, the method further comprises: (d) applying a human body capacitance to the contactless smartcard, thereby activating the contactless smartcard for intended interrogations with the smartcard reader.
According to another aspect of the present invention, a method in a contactless smartcard is provided including: (a) providing a contactless smartcard having an operating frequency higher than a specified transmission frequency of contactless smartcards; (b) bringing the contactless smartcard within a detection range of a smartcard reader; (c) activating the contactless smartcard by applying human body capacitance to the contactless smartcard; and (d) deactivating the contactless smartcard by removing the human body capacitance from the contactless smartcard.
According to yet another aspect of the present invention, a contactless smartcard includes a first layer of dielectric material having a top surface, a second layer of dielectric material having a bottom surface, the first layer and second layer of dielectric material providing a laminate layer, an electronic circuit, a tuning circuit having an operating frequency, the tuning circuit being electrically coupled to the electronic circuit for providing power to the electronic circuit, and a conductive plate electrically coupled to the tuning circuit. The tuning circuit, the electronic circuit and the conductive plate are disposed between the first layer and the second layer of dielectric material. The operating frequency of the tuning circuit is higher than a specified transmission frequency of contactless smartcards.
The present invention is better understood upon consideration of the detailed description below and the accompanying drawings.