Most of the known authentication methods are based on exchange of secret keys, device identifiers or random numbers between a host device and a security module. The two examples below concern pairing mechanisms used for associating a security module to a given terminal and for securing data transmission between the security module and the terminal.
Document EP1078524B2 disclose a pairing mechanism between two devices such as a receiver and a security module based on the one hand on ciphering and deciphering the data exchanged between the receiver and the security module with a unique key stored in a memory of one of the two devices and on the other hand on a serial number of the receiver stored in the security module.
Document EP1529369B1 disclose another method of pairing two devices locally connected to one another. The first device is a security module containing a first encrypting key, as a private key of a pair of asymmetric encrypting keys. The second device is a receiver comprising at least one second encrypting key as a public key of the pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key. The security module generates a first random number, which is encrypted by the private key, then transmitted to the receiver, in which it is decrypted by means of the public key. The receiver generates a second random number, which is encrypted by the public key, then transmitted to the security module, in which it is decrypted by means of the private key. A session key used for safe data exchange is generated by a combination of the symmetric key and the random numbers generated and received by each of the devices.
In further authentication techniques, the terminal comprises means for distinguishing original cards from clones or emulators and is able to check authenticity of the card before starting any process implying sensitive data.
Document EP2091028A1 describes a method for authenticating micro-processor cards to determine whether a card is a genuine card, supplied by an authorized distributor, or a fake card, known as a clone, supplied by an unauthorized third party, by a checking program of at least one card reader terminal, said program sending to each card commands belonging to a standard and public set of commands. The method thus enables a verification of the authenticity of a chip card based on the recognition and/or processing by the chip card of a secret command different from standardized or public commands and transmitted by a card reader terminal. Since the secret command is pre-inserted into each genuine chip card, only a genuine chip card can correctly recognize and/or process said secret command when it is transmitted by a card reader terminal. The presence of a cloned card is therefore detected when a chip card cannot correctly recognize and/or process said secret command even if the cloned card reacts correctly to public commands.
Document WO2009103136A2 discloses a method and equipment to indicate adulteration in a card reading terminal, based on the identification of alterations in the electrical characteristics of the terminal. Such adulteration consists in the fraudulent installation, inside the terminal, of a collecting device which stores the information and the passwords of the cards that are processed by the terminal, where such data is subsequently used for cloning cards. The said electrical characteristics comprise, among others, alterations in the voltage values measured between certain pins of the external connector of the terminal, the said alterations being the consequence of the fraudulent installation of the said device. The equipment indicates the presence of the collecting device by means of activation of an indicator light, such as a LED.
The authenticity of a terminal and the applications installed therein may also be checked to ensure conformity of associated chip cards which send instructions to the terminal for verifying integrity of a particular application.
Document WO2004/059450A1 discloses a method of verifying the integrity of a software application that can be executed on a host terminal including steps of determining at least one series of control instructions forming an executable certificate for the software application, which can be executed by the host terminal during execution of the software application to be verified; on the host terminal, executing the software application to be verified, receiving the executable certificate determined during the first step and executing the series of control instructions for the certificate which can be executed in the memory context of the host terminal; comparing the result thus obtained through execution of the control instructions with the result expected from an authentic software application; and in the event of a positive comparison, continuing with the execution of the software application to be verified. According to another embodiment, in which the execution of the software application resorts to a smart card or any other secure circuit to operate, the series of control instructions is housed in the smart card and sent to the software application to be verified, the software application being capable of recovering and executing said series of control instructions thus sent with the data which it needs to operate. In practice, access to data transmitted by the smart card must be necessary to the software application to be verified for this to behave in an identical manner to an authentic application.
Document U.S. Pat. No. 6,308,270B1 discloses a method of validating execution of a software program. The method includes executing the software program on a computer, sending information from the computer to a smart card during execution of the software program, verifying in the smart card information received from the computer, and storing a signal in the smart card indicative of whether execution of the software program is certified as valid. One or more control values can be sent from the smart card to the computer in response to verifying the information received from the computer. A control value can be used to determine when subsequent information will be sent from the computer to the smart card during execution of the software program. The smart card can determine whether the software program responds correctly to the one or more control values. The frequency with which the computer sends information to the smart card can depend upon the control values. The smart card can also verify that the order in which information is received from the computer is correct.
Further techniques to prevent frauds and overload of communication channels or networks are based on measuring a quantity of data exchanged between a provider and a receiver such as a number of e-mail messages, transactions statistics, or an amount of downloaded and stored data. These techniques do not concern an authentication of a host unit where a security module monitors the host unit on which it is connected in order to avoid using cloned or non authorized host units.
Document EP1496655A2 discloses a system and method that facilitates detecting and preventing spam in a variety of networked communication environments. In particular, several techniques are provided for monitoring outgoing communications such as email, instant messaging, whisper-chat room, and/or chat room messages to identify potential spam senders, also referred to as spammers. Spammers often attempt to take advantage of legitimate Internet Service Providers (ISPs) or other messaging services by using such services to send their spam. This, however, can seriously increase the bandwidth of the ISPs as well as increase their support costs and decrease their reputation as a trusted source of messages which can impede their ability to get legitimate messages delivered. The system identifies potential spammers by examining users' outgoing messages—as opposed to incoming messages. One technique involves tracking sender message volumes and/or recipient counts. For example, the ISP server(s) called to send a message can keep a count of the number of messages sent by a particular user. Alternatively, the ISP server(s) can examine the “To” and “cc” (carbon copy) lines of a message to count the number of recipients for that particular message. These types of counts can be tracked over a period of time or a total count of messages the user ever sent can be obtained. This technique is particularly useful because most spammers send messages to a relatively large number of recipients while legitimate users usually send messages to a relatively small number of recipients.
Document WO97/00483A1 discloses a system and a process for inputting client transaction data for a particular industry, organizing client transactional data into a three dimensional array, generating statistical values for each entity-criterion over time by measuring Value (v), Normalcy (n) and Change (d), weighting each statistical value and summing all values to form a single entity-criterion score, weighting each entity-criterion score and summing all entity-criterion scores to form a single entity score, comparing the entity score to a pre-determined threshold, and displaying the entities so that those engaging in fraudulent behavior are easily identified.
Document WO2009/149965A2 discloses a system for monitoring a security-related system with a monitoring device on which a first process occurs, which generates a monitoring result which is transmitted to another device that forms at least part of the security-related system. A second monitored process of the security-related system returns the received monitoring result to the first process for testing in order to calculate a processing result.
Document EP1684206A2 discloses a system and/or a method that facilitate monitoring user account activity for suspicious behavior to mitigate storage abuse. More specifically, the system and method can impose a cost on the user (user account) when suspicious behavior is detected. Such behavior can be determined in part by measuring the outbound volume of stored data at any given time or over a period of time. When the volume of outbound stored data satisfies a threshold, a cost can be imposed on the user.