1. Field of the Invention
The invention relates to a method, a portable data carrier and a system for releasing a transaction or for preventing relay attacks using acceleration sensors and a structure on the data carrier.
2. Related Art
With portable data carriers, in particular contactless chip cards it is possible to carry out a so-called relay attack, also referred to as ghost-and-leech attack or wormhole attack. In its simplest form, this attack consists in expanding the communication area of a contactless chip card to a multiple of the original distance. In FIG. 1 there is outlined, for clarification, a possible setup with which a relay attack can be carried out. As a portable data carrier 1 there is shown a contactless chip card of a card holder. With this chip card, without said card holder's knowledge or consent, a communication is set up and a transaction is carried out at an end device 23 several meters away. This kind of transaction is basically not restricted. For example, such a transaction can be a payment transaction at a payment terminal 23.
This attack works because in today's contactless cards 1 there is no acknowledgement button and the card 1 only has to be presented to the end device 23 for payment. The attacker takes advantage of this property by sojourning, having a special terminal 26 also referred to as a leech terminal, close to the “authentic” contactless chip card 1 and amplifying the near-field communication 21 such that it still works over a distance of several meters. The attacker having a special data carrier 24, also referred to as a ghost, can thus pay, in a way, with the “authentic” chip card 1 from some distance. This attack can be expanded by the near-field communication 21 not only being amplified over some few meters, but being completely led via a separate network 27. The attack could happen in practice for example as follows: The first attacker sets up in an indoor swimming center or gym a communication 21 with a contactlessly working chip card in one of the lockers. If he can discover a contactless chip card 1, he connects it via an end device 26, for example a mobile phone, by means of a network 27 to a gateway 25 of a second attacker, who, almost any distance away, goes shopping with the ghost data carrier 24. The near-field communication 21 between the payment terminal 23 and the “authentic” chip card 1 is extended here via the mobile phone 26 and runs like an “authentic” transaction.
Cryptographic means cannot build a protection against this kind of attack. For solving this problem, for example a push-button could be mounted on the contactless card 1, which upon each transaction must be pressed for releasing the transaction. The push-button as a mechanical element severely wears out over the years in use, so that the functionality of the push-button is not permanently guaranteed. Alternatively, the contactless chip card 1 could also be kept in a shielded wallet. Both approaches quite reliably prevent an unnoticed communication with the contactless card 1, but have turned out to be not suitable for daily use. As a complementary defensive measure it would also be conceivable to analyze the time behaviour of each transaction made by the payment terminal 23, in order to recognize in this way the temporal delay caused by a passing on via the network 27. The reliability of this measure, however, strongly depends on the quality of the network 27, which, however, with the ongoing technical development becomes constantly better.