Security tokens, such as smart cards, are widely accepted tools for making payments, and, more generally, for carrying out transactions which require an adequate protection of sensitive data. In particular, contactless smart cards have become increasingly popular, for example in the public transportation sector. Contactless smart cards may, among others, be read out by mobile devices—more specifically by mobile devices enabled for near field communication (NFC) such as smart phones and tablets—in order to support mobile transactions. An NFC-enabled mobile device may for instance facilitate an online purchase of a product, while a contactless smart card arranged to interact with said mobile device may be used for user authentication, in particular for the verification of user credentials. Examples of such scenarios have been described in the European patent application titled “Security token and authentication system”, filed by applicant NXP B.V. on 14 Feb. 2012 and published as EP 2 575 084 A1 on 3 Apr. 2013.
EP 2 575 084 A1 describes techniques for entering a secret into a security token using an embedded tactile sensing user interface with the purpose of verifying the secret against a stored representation of the same secret. In particular, an embodiment of the security token comprises a tactile sensing user interface being arranged to receive a user-encoded secret, a decoding unit being arranged to generate a decoded secret by decoding the user-encoded secret, a comparison unit being arranged to compare the decoded secret with a copy of the secret stored in the token in order to verify the authenticity of a user. Thereby, the security token provides on-card matching functionality.
In particular, in column 39, line 16 to column 40, line 15 and the corresponding FIGS. 62, 63, 64, of EP 2 575 084 A1, illustrative scenarios are described wherein an NFC-enabled mobile device interacts with the security token in order to facilitate and perform online transactions. More specifically, the smart phone depicted in FIG. 62 performs authentication for an online transaction. The security token is brought into close proximity of the smart phone, which is equipped with an NFC interface. A browser plug-in or a JAVA applet may enable access to the NFC interface and may enable authentication of an online payment application through the security token. For example, the security token may be configured to enter a four-character password. A request to attach the security token and to enter the authentication information may be displayed by a message on the smart phone's screen. The user may then place the security token on the smart phone. Subsequently, the security token may be powered up through the smart phone's NFC interface. The user may then enter required authentication information by a sequence of tactile patterns directly on the surface of the security token. The authentication information may be reassembled by a tactile pattern decoding unit of the security token based on the sequence of tactile patterns entered by the user. The authentication information may be verified directly on the security token by its security controller and the authentication result may be returned in encrypted form to the browser plug-in on the smart phone. As an alternative approach the authentication information may be sent in encrypted form through a browser plug-in directly to a remote service for decryption and verification. Accordingly, the user may utilize his personal security token without risking that secret information might be logged by an unauthorized process on the smart phone. FIG. 64 illustrates a similar scenario. In this scenario, a smart phone performs authentication for an online transaction by interacting with an electronic ID card with a tactile sensor user interface. Thus, in this scenario the security token is an electronic ID card with an embedded tactile sensor which may be used as a security proxy.
In these scenarios problems may emerge, because NFC-enabled mobile devices typically generate a relatively weak radio frequency (RF) field in order to minimize their power consumption and in order to avoid depletion of their internal battery. For authentication systems based on relatively complex security tokens, such as multi-chip smart cards, the strength of the RF field is typically too low to ensure a stable operation of the security tokens. Therefore, it is desirable to control the power consumption of said security tokens.
EP 2 541 995 A1 describes a technique for controlling the power consumption of a host device, for example a mobile device. Basically, an NFC device integrated in said host device selectively powers on and off operating components of the host device. In particular, EP 2 541 995 A1 describes an apparatus for harvesting and using power in a near field communications mode, which includes a host device with operating components. A first NFC device is contained in the host device and is configured to be selectively coupled to one of the operating components. The first NFC device harvests energy from a second NFC device and converts the harvested energy to electrical power. The first NFC device receives information from the second NFC device and powers on an operating component as a function of the information received from the second NFC device. The first NFC device transfers data to or from the operating component when the operating component is powered on. The first NFC device powers off the operating component when the transfer of data between the first NFC device and the operating component has been completed. Thus, EP 2 541 995 A1 describes a general technique for reducing battery depletion in electronic devices.
However, in the specific case of security tokens, which usually do not have an internal battery that may serve as a fall-back power supply in case the power consumption is not sufficiently reduced or stabilized, there may be a need for a more rigorous control of the power consumption.