A. Technical Field
The present invention relates generally to a smartcard reader, and more particularly, to systems, devices and methods of creating a card input/output interface that allows the smartcard reader to couple to a smartcard within a secure cavity. When the smartcard is inserted into the smartcard reader, sensitive data within the smartcard is protected from exposure to a tamper attempt and thus processed with an enhanced security level.
B. Background of the Invention
Nowadays, financial transactions are normally completed via an automatic teller machine (ATM) or a point-of-sale (POS) terminal, such as a credit card reader. The ATMs and POS terminal devices are hardwired to the telephone network or internet, and can read account information from a physical card carried by a customer. The ATMs or POS terminals contact the bank/credit card company and complete trusted transactions involving approved monetary amount. Such ATMs and secure POS terminals have been widely applied in banking, retailer, hospitality and transportation industries and largely replaced cash transactions.
Integrated circuit chips are sometimes embedded into the physical cards to provide identification, authentication, data storage and data processing. Such a card is referred as a smartcard or an integrated circuit cards (ICC). FIG. 1A illustrates a front side of a typical smartcard 120 that is embedded with an integrated circuit 10. When this smartcard is applied as a credit card or debit card, it normally incorporates another magnetic stripe on its backside for storing account or identification information as well. Although the magnetic stripe is a mature data storage format for financial transactions, the smartcard has started to be widely accepted for its enhanced security level and data processing capability.
When a customer inserts his or her payment card into the ATM or POS terminal devices, there is a window of opportunity for a criminal to detect and record confidential data by tampering a card interface. The card interface is situated at a paradoxical position where a physical open slot imposes a potential security threat to the secure terminals although it is necessary for card access. The criminal may gain access to electrical signals via the open slot at the card interface, and directly retrieve confidential data. Therefore, the card interface has to be carefully designed, assembled and integrated into the ATM or POS terminals to deter tamper attempts.
FIGS. 1B-1D illustrate an existing secure card interface solution 140, a side view of the enclosed card interface 160 and a smartcard inserted into the card interface, respectively. The card interface 140 relies on a cover 60 to make up an anti-tamper enclosure locally for a smartcard reader socket 30. Several mechanical contact pins 20 are extended outside the reader socket 30, but enclosed within the cover 60. When the smartcard is inserted into the card socket 30, the contact pins 20 directly land on electrical connectors on the smartcard, and thus, are further coupled to integrated circuits embedded in the smartcard. Inside the smartcard reader socket 30, these contact pins 20 are coupled via interconnects 40 to other internal integrated circuits (IC) for card reading. Data extracted from the smartcard is normally in plaintext, and subsequently, communicated to the internal card reading IC within the card interface for further processing including encryption. During this course of data extraction and transfer from the smartcard, confidential information in plaintext may be susceptible to tamper attacks at the contact pins 20 and interconnects 40.