1. Field of the Invention
The present invention relates to providing enhanced security for wireless telecommunications devices.
2. Description of Related Art
The use of portable electronic devices and telecommunication devices has increased rapidly in recent years. Likewise, the use of such devices to conduct short-range, contactless, wireless transactions is increasing. For example, Near Field Communication (NFC) or Radiofrequency Identification (RFID) technology enables the wireless exchange of data between devices over a short distance. This technology, for instance, allows for the exchange of credit card information with a merchant terminal by tapping or waving the NFC- or RFID-enabled device within a close proximity to the merchant terminal. The merchant terminal can then read and use the information to perform a commercial transaction.
Using wireless communication technology to exchange sensitive information may present security and privacy concerns. For example, an NFC or RFID device may include several features that may present vulnerabilities, e.g., the device may use an external power supply, communicate wirelessly, communicate unknowingly, include persistent state memory that can be modified by a reader during a transaction, and perform computation. These features may be used by attackers to perform tracking, scanning, and man-in-the-middle attacks.
A tracking attack may occur when a potentially legitimate merchant uses a wireless reader to extract data from a device. A scanning attack may be performed by practically anyone at any time, such as in a crowded subway car. In this attack, an unauthorized reader may be used to extract information from a device. A man-in-the-middle attack is possible when a device is able to successfully mimic end-point devices, e.g., a purchaser's device and/or a merchant terminal. Such an attack can result in the purchaser's device and the merchant device exchanging information without knowledge of a clandestine device intercepting and replaying, or relaying, potentially private information.
To help prevent such attacks, countermeasures can be taken to help ensure that a device exchanges information only when intended.