1. Field of the Invention
The invention relates to electronic security devices. More particularly, the invention relates to techniques limiting access to information transferred between the electronic security device and a host device.
2. Description of the Prior Art
Smart cards, and other similar electronic security devices, are known for their capabilities in storing information pertaining to a variety of applications relating to, e.g., stored funds, personal identification and other personal data, and for their ability to access certain host devices. In this disclosure, the term “smart card” is one type of “electronic security device”. International Organization for Standardization Standard 7816 (ISO7816), defines the layout and electrical design of smart cards and the associated electrical contacts. The term “electronic security device” also includes PCMIA cards.
Applications for smart cards include satellite receiver set-top boxes, MMDS and cable boxes, controlling personal access to restricted areas, providing access to bank accounts, phone cards, and a growing variety of other applications. Host devices typically have one particular electronic security card associated therewith. Alternatively, each user may have a separate smart card having selected entitlements or limitations, such that when one user's smart card is removed from a host device (e.g., set top box) and another user's smart card is inserted into the host device, the latter user can start using the same host device with their own personal programming entitlements.
The physical size of the electrical contacts and the associated interconnects, in ISO7816, is relatively small. Therefore, the emitted electromagenetic radiation generated by the electrical contacts is similarly small, and difficult to detect. This limiting the detection of electromagnetic radiation further enhances the security of smart cards.
Hackers attempt to gain unauthorized access to information contained in the electronic security device, or alternatively, tamper with the electronic security device in order to gain services without authorization or payment. In addition to gaining unauthorized access or receive unauthorized services, people may wish to modify information contained in a smart card and/or modify or view information transferred between the smart card and the host device. One technique that aids in this unauthorized access or modification of information is referred to as “hot-wiring” a smart card. This hot-wiring is accomplished by affixing a single distinct wire to each distinct electrical contact in the smart card “contact patch”. The smart card is then inserted into the host device and the host device begins to interact with the smart card with wires extending from the port, possibly permitting confidential information outside of the host device. Electronic circuitry can be connected to the wires outside of the port possibly leading to modification of either the information contained in the smart card or the modification of signals transmitted between the smart card and the host device. If a hacker uses suitable equipment outside the host device, the hacker can obtain much of the confidential information that is stored in the smart card, and can also produce a copy of the smart card.
Another technique to modify information contained in smart cards involves so-called paddleboards or smart card emulators. These paddleboards are actual physical portions of printed circuit boards that are approximately the same size as smart cards (although paddleboards are typically somewhat thicker than smartcards), and they contain a smart card “contact patch” with multiple electric contacts that are configured to interact with a host device. Paddleboards contain a computer chip that enables them to interact with host devices in a similar manner as a smart card would interact with host devices.
In this disclosure, hot-wiring, paddleboards, and any other system by which information stored in a smart card is accessed or changed, or information transferred between a smart card and a host device is accessed or modified is referred to in this specification as “modifying” the information or modifying the electronic security device.
Therefore, a need exists in the art for a device to limit smart card modification. This device will improve security associated therewith by preventing unauthorized use of access codes and breach of confidentiality, thereby improving user confidence in the system.