GB2551907A

GB2551907A - Increased security through ephemeral keys for software virtual contactless card in a mobile phone

Info

Publication number: GB2551907A
Application number: GB1708573.9A
Authority: GB
Inventors: Smith Matthew; Nirosha Bandula Dayan
Original assignee: Silverleap Tech Ltd
Current assignee: Silverleap Tech Ltd
Priority date: 2016-05-30
Filing date: 2017-05-29
Publication date: 2018-01-03
Anticipated expiration: 2037-05-29
Also published as: CN109417481A; GB201708573D0; PH12018502545A1; GB2551907B; EP3465980A1; GB201609460D0; WO2017208063A1

Abstract

Allowing a Trusted Application (TA) on a mobile device to perform a transaction with a reader device by obtaining a transient identifier (IDn) for the mobile by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit and a software related component, such as a time stamp, emitting the IDn to a provisioning server; calculating, using the master key (MK) on the server and the IDn, a transient derived key (DKn); sending the DKn from the server to the mobile, allowing the TA to securely communicate with a reader during a time interval. Also, allowing a TA to securely communicate using Near Field Communication (NFC) which are secured by symmetric cryptography, comprising: obtaining an IDn as above and transmitting it a server; calculating a DKn as above and sending it from the server to the mobile; sending the IDn to the reader device which checks the validity by reviewing the software related component; and, if valid, the DKn is calculated in the reader device using the MK and the IDn, and used to send an encrypted message to the mobile; the message is decrypted to authenticate the mobile and, if successful, allows secure reader-mobile communications.

Description

(56) Documents Cited:

TW 201525759 A US 20100121990 A1 (58) Field of Search:

INT CL G06F, H04W

Other: WPI, EPODOC, INSPEC, XPI3E, IP.COM, SPRINGER (71) Applicant(s):

Silverleap Technology Limited 1302 Yue Shing Commercial Building,

15-16 Queen Victoria Street, Central, Hong Kong, China (72) Inventor(s):

Matthew Smith Dayan Nirosha Bandula (74) Agent and/or Address for Service:

Murgitroyd & Company

Scotland House, 165-169 Scotland Street, GLASGOW, G5 8PL, United Kingdom (54) Title of the Invention: Increased security through ephemeral keys for software virtual contactless card in a mobile phone

Abstract Title: Method and system for providing a symmetric key pair with a master key and a transient derived key (57) Allowing a Trusted Application (TA) on a mobile device to perform a transaction with a reader device by obtaining a transient identifier (IDn) for the mobile by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit and a software related component, such as a time stamp, emitting the IDn to a provisioning server; calculating, using the master key (MK) on the server and the IDn, a transient derived key (DKn); sending the DKn from the server to the mobile, allowing the TA to securely communicate with a reader during a time interval. Also, allowing a TA to securely communicate using Near Field Communication (NFC) which are secured by symmetric cryptography, comprising: obtaining an IDn as above and transmitting it a server; calculating a DKn as above and sending it from the server to the mobile; sending the IDn to the reader device which checks the validity by reviewing the software related component; and, if valid, the DKn is calculated in the reader device using the MK and the IDn, and used to send an encrypted message to the mobile; the message is decrypted to authenticate the mobile and, if successful, allows secure reader-mobile communications.

At least some of the priority details shown above were added after the date of filing of the application.

Intellectual

Property

Office

Application No. GB1708573.9

RTM

Date :25 October 2017

The following terms are registered trade marks and should be read as such wherever they occur in this document:

Desfire

NXP

Android

Intellectual Property Office is an operating name of the Patent Office www.gov.uk/ipo

METHOD AND SYSTEM FOR PROVIDING A SYMMETRIC KEYPAIR WITH A MASTER KEY AND A TRANSIENT DERIVED KEY

Field of Invention

The invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using an adapted communication protocol, such as Near Field Communication (NFC) protocol.

The invention can be used to increase the security of software emulations of contactless smartcards in NFC (Near Field Communication) mobile phones. The introduction of HCE (Host Card Emulation) into NFC phones allowed software to emulate contactless smartcards, rather than depending on physical smartcard chips or suitable USIM cards to be physically installed in the phone. This software-based approach significantly reduced the complexity of distributing virtual contactless cards to NFC mobile phones.

It is widely recognised that the default security of standard NFC enabled mobile phones, specifically Android based devices, is not high. The evidence being that it is relatively straightforward to remove the imposed operation system security of an Android phone by ‘rooting’ the device which, once realised, allows an attacker to read out any data from the phone. This weakness potentially compromises any cryptographic keys used in a software virtual contactless card that uses only standard security in a mobile phone. However, the utility and commercial interest of having virtual cards in a mobile phone remains compelling.

Contactless cards are typically used in mass transit tickets for automatic fare collection. As such, substantial amounts of money are transacted using these cards and so their security is very important. If the keys of a transport card system are compromised then it becomes very expensive for the transport scheme owner to replace the cards and stop the potential losses from fraud. Hence the focus on security for the physical smartcard based contactless cards.

New security features are regularly implemented in the newer generations of mobile phones. For example, the Trusted Execution Environment (TEE) provides a secure execution and storage environment in suitably enabled phones and has been shown to be resistant to software based attacks. However, it is potentially vulnerable to advance hardware attacks. Additionally, there are new software based mechanisms called “white-box” cryptography compilers, which can successfully hide data and application software internals from potential attackers. Attacks on these software methods are proposed and are currently being analysed. All new security features have strengths and weaknesses.

The objective of all these security measures is either to defeat an attacker who wishes to access cryptographic keys in a device or, failing this, to render a successful attack infeasibly long to complete in terms of time and required resources.

Public Transit Scheme operators often use modern symmetric key contactless RFID cards to handle automatic fare collection within their transport networks. They are used to dealing with very high levels of security assurance when they use physical contactless cards, such as commercial products based on Desfire EV1 smartcard chips from NXP.

Through exhaustive analysis these commercial products have been shown to be highly resistant to attackers. In order to assist in approaching the same level of assurance in additional security measures, execution and storage of the virtual card are proposed in addition to simply using the security features described above.

When using a TEE or white-box cryptography, or other security features to store and execute a virtual contactless card, the risk for the transit operator would be the extraction of the keys of the virtual card from the mobile phone. This process would take a non-negligible amount of time due to the physical and logical complexity, and nature of the attack itself. This means that if a key is actually extracted from a phone then it could potentially be used to perform fraudulent transactions on the transport infrastructure. Therefore, a method for easily limiting the valid life of keys in a virtual card would be beneficial, so that even if they were extracted, they could not be used.

For such an invention to be useful it needs to be compatible and implementable in existing contactless based environments, with minimal impact in terms of changes to software infrastructures. In addition, the validity needs to be independent of any network connection of the mobile phone, since there is no guarantee that the phone will have access to a network at the start of a contactless transaction.

Object of Invention

According to a first aspect of the invention, the invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using Near Field Communication (NFC) protocol, the method comprising:

- obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,

- emitting the first transient identifier (ID n) for the mobile device to the provisioning server,

- calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device,

- sending the calculated first transient derived key (DKn) to the mobile device to allow the Trusted Application (TA) of the mobile device to securely communicate with a reader provided with the master key (MK), using said first transient derived key (DKn) during a determined time interval.

According to a second aspect of the invention, the invention relates to a method for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the reader device comprising a master key and the mobile device comprising a derived key, wherein the method comprises:

- emitting the first transient identifier (IDn) for the mobile device to the provisioning server, the provisioning server comprising the master key (MK),

- sending the calculated first transient derived key (DKn) to the mobile device, sending, by means of the mobile device, the first transient identifier (IDn) to the reader device,

- checking in the reader device the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn),

- if the first transient identifier (IDn) is valid, calculating, in the reader device by means of the master key and the first transient identifier (IDn), the first transient derived key (DKn),

- using the first transient derived key (DKn) in the reader device to send an encrypted message to the mobile device, decrypting the encrypted message in the mobile device to thereby authenticate the identity of the mobile device, and

- if the identity of the mobile device is authenticated, allowing the mobile device to securely communicate with the reader device using Near Field Communication protocol

According to a third aspect of the invention, the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using an adapted communication protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises:

- an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,

- means for emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises:

- means for calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device,

- means for sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device, the mobile device further comprising:

- means for receiving and storing the first transient derived key (DKn) to allow the mobile device to securely communicate with a reader device using an adapted communication protocol.

According to a fourth aspect of the invention, the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises:

- means for emitting the first transient identifier (IDn) for the mobile device to the provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises:

- means for sending the calculated first transient derived key (DKn) to the mobile device, the mobile device further comprising:

- means for sending the first transient identifier (IDn) to the reader device, using NFC protocol, wherein the reader device comprises:

- means for reviewing the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn), and

- means for calculating, if the first transient identifier (IDn) is valid, by using the master key and the first transient identifier (IDn), the first transient derived key (DKn),

- means for encrypting a message using the first transient derived key (DKn), means for sending the encrypted message to the mobile device, the mobile device comprising:

- means for decrypting the encrypted message received from the reader device to thereby authenticate the identity of the mobile device, and

- means to allow, if the identity of the mobile device is authenticated, the mobile device to securely communicate with the reader device using Near Field Communication protocol.

Detailed description of the Invention

This invention proposes a mechanism for limiting the validity of the keys of a virtual contactless card installed in a mobile phone, as a means of limiting the time window for which a particular key is vulnerable. The implication is that by using this method in conjunction with additional system based security features, such as a TEE or white-box cryptography, an attacker who successfully extracts a key from a phone would not be able to use it because the validity of that key would have expired.

According to the invention communication is possible between a mobile device and a reader device only if the reader device comprises a valid ID and a valid derived key, wherein the reader device comprises a master key and means to check the validity of the ID and the derived key of the mobile device.

To increase the security of the communication between the mobile device and the reader device, the time window for which a derived key (on a virtual card) can be used in combination with a master key (on a reader) is limited. This means that the mobile device first receives a first transient derived key (DKn) which is valid for a determined time interval. At the end of the validity of the first transient derived key (DKn), the mobile device can no longer communicate with the reader device using the first transient derived key (DKn). To allow the mobile device to communicate with the reader device the mobile device receives a further transient derived key (DKn+1) which replaces the first transient derived key (DKn). The further transient derived key (DKn+1) can be used until the end of its validity or until it is replaced by yet a further transient derived key (DKn+2).

In order to allow the mobile device to receive a sequence of derived keys (DKn, DKn+1, DKn+2, etc.) the mobile device should be able to generate a sequence of unique ID’s for the mobile device. According to the invention the mobile device comprises an application to generate transient identifiers (ID), each transient identifier (ID) having a determined an limited time period wherein the transient identifier (ID) is valid.

The application in the mobile device will generate a first transient identifier (IDn) by combining a hardware component for the transient identifier with a software component for the transient identifier. The hardware component of the transient identifier is, for instance, the Unique Identifier (UID) of the integrated circuit (IC) used in the mobile device. The software component is, for instance, a time stamp.

The advantage of using both a hardware component and a software component is, that for a single mobile device a sequence of unique transient identifiers (IDn, IDn+1, IDn+2, etc.) can be generated. The software related part of the transient identifier (ID) can be used to check the validity of the transient identifier (ID). This checking of the validity of the transient identifier (ID) is, for instance, executed in the reader device. The checker in the reader device can, for instance, determine whether the transient identifier (IDx) is valid, for instance, by checking whether the transient identifier (IDx) is in accordance with the other transient identifiers in an array of identifiers (IDx-2, IDx-1, IDx). If the validity of the transient ID can not be established, the reader device can abort the communication with the mobile device.

According to an embodiment the invention comprises the following parts:

• A mobile phone containing one or more security features protecting software for the virtual contactless card execution, including cryptographic keys and other sensitive data;

• A specific structure of a transient ID of the virtual card, combined with a derived key in the virtual card;

• A reader device having validity checker included into the reader terminal software that checks the validity of the transient ID of the virtual card;

• A provisioning server that calculates new transient ID’s and derived keys for a virtual card and sends them to the virtual card using one or more additional security features of the mobile phone.

• A mobile phone with NFC, capable of supporting HCE transactions and equipped with one or more security features protecting the installed virtual card software application.

There is a part of the application that provides user interface and network communication (amongst other functions) and runs in the open Android operating system environment. The other part of the application is protected by one or more additional security features, which protect the execution of the virtual card emulation and store the cryptographic keys and other sensitive data.

The invention is based on the creation of a special transient ID for the virtual card, and an associated derived key for the virtual card. This ID structure contains within it the details of the validity of the ID itself. This data is used by a validity checker in the reader terminal that reads the virtual card, extracts the validity data of the transient ID, and assesses the validity of the virtual card prior to processing any financial transaction.

According to an embodiment of the invention the following procedure can be followed to obtain a transient identifier (ID).

The transient identifier (ID) is made up of two adjoining parts to form a UID of 7 Bytes:

Subscription Account Number:

Bytes • Calculated Timestamp: 4 Bytes

The validity checker in the reader terminal analyses the data encapsulated in the transient identifier (ID) and makes the following checks:

• Is the Subscription Account Number Valid?

• Is the Calculated Timestamp in the correct range?

The Subscription Account Number is a sequential reference number representing the account of the subscriber owning the particular virtual card, and can verified by using standard account number verification such as black list and white list checking provided by a server to the reader checker, or potentially a separate check digit.

The Calculated Timestamp is the number of seconds expired since the 1^st January 2015 until the point at which the transient identifier (ID) for that virtual card was created. The check for whether the Calculated Timestamp is in the correct range uses a ‘time to live’ value stored in the reader. This time to live value defines the validity period of a transient identifier (ID) from the moment it is created. A typical value for a time to live parameter is one day.

The reader checker then calculates the ‘Current Timestamp’ as the number of seconds since 1^st January 2015 until that moment. If the sum of the transient identifier (ID) Calculated Timestamp, plus the time to live value is greater than the Current Timestamp then the transient identifier (ID) is deemed valid.

If the Subscriber Account Number and the transient identifier (ID) are both valid, the checker hands the virtual card processing to the next stage of the reader terminal acceptance software. Otherwise the virtual card is rejected and the processing stops.

The transient identifier (ID) is provided by the mobile phone when it is placed in the NFC field of the reader terminal. When this occurs, the phone behaves according to the ISO 14443 protocol standard. As part of this standard the phone must provide a transient identifier (ID) to the reader during the ‘anti-collision’ phase so that the reader can correctly continue the transaction. The standard suggests that the reader assumes that the transient identifier (ID) provided by the phone in this phase is random and should not be used for additional processing. This means that the reader must first request the real transient identifier (ID) of the virtual card or that the transient identifier (ID) is passed some other way.

In an embodiment of this invention the virtual card application will provide the unique identifier (UID) together with some other control data such as:

• Virtual Card Issuer ID • Major version of the virtual card • Minor version of the card • Processing Instructions

This data together with the transient identifier (ID) for the virtual card is passed to the reader in response to the ‘Select AID’ command, which is sent by the reader terminal in the form of an ISO 7816 compliant APDU (application packet data unit). This response, which is a Status response APDU, can then be used as the input for the check process in the reader terminal.

In a full embodiment of the invention the transient identifier (ID) and derived key are provided by a provisioning sever to the mobile phone based application protected by one or more additional security features.

A typical key diversification scheme for a general symmetric key based contactless system works along the follows lines, although other methods are available and the present invention also functions with such other methods.

1. Each card has a Unique Identification number (UID).

2. This UID is encrypted using a master key, to generate a new key - diversified key. This is done in a secure location.

3. The derived key is then injected into the contactless card and used to encrypt the contents of the card.

4. When the card is used at a reader terminal it presents its UID to the reader.

5. The reader uses a locally stored master key and the provided UID from the card to recreate the derived key of the card.

6. The reader then uses the diversified key to read and update the card.

The present invention functions in a similar way, with the addition of the following points:

In step 1, the server calculates a transient identifier (ID) for the virtual card based on the structure described above.

Step 2 is the same in that the transient derived key for the virtual card is generated using the diversification algorithm for the card scheme and the calculated transient identifier (ID). This is performed on the provisioning server in a secure environment, such as an HSM.

In Step 3, the transient identifier (ID) and the derived key are passed securely to the virtual card in the TEE of the mobile phone, using standard secure transmission methods. This occurs each time the transient identifier (ID) validity lifetime of a particular virtual card expires. The lifetime of the transient identifier (ID)s in the virtual cards can either be tracked by the server or by the mobile phone. If it is tracked by the server, a new transient identifier (ID) is generated and sent to the phone. If it is tracked by the phone, the phone requests a new transient identifier (ID) key combination from the provisional server.

The transient identifier (ID) checker installed in the contactless reader, as described above, performs the validity checks between steps 4 and 5. This transient identifier (ID) checker requires a small amount of software code to implement, and is independent of any other business logic implemented in the reader. In this way, the reader can check the validity of the virtual card very easily at the beginning of the acceptance process, and stop if the transient identifier (ID) of the virtual card has expired.

Claims

1. Method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using an adapted communication protocol, the method comprising:

- emitting the first transient identifier (IDn) for the mobile device to a provisioning server,

- sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device to allow the Trusted Application (TA) of the mobile device to securely communicate with a reader provided with the master key (MK), using said first transient derived key (DKn) during a determined time interval.

2. Method according to claim 1, wherein the Trusted Application (TA) and the reader device are adapted to securely communicate using said master key (MK) and said derived key (DK) using Near Field Communication (NFC) protocol.

3. Method according to claim 1, wherein the Trusted Application (TA) and the reader device are adapted to securely communicate using said master key (MK) and said derived key (DK) using Bleutooth ®.

4. Method according to claim 1,2 or 3, comprising:

- obtaining a further transient identifier (IDn+1) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp,

- emitting the further transient identifier (ID n+1) for the mobile device to the provisioning server,

- calculating, using the master key (MK) and the further transient identifier (IDn+1) of the mobile device, a further transient derived key (DKn+1) for the mobile device,

- sending the calculated further transient derived key (DKn+1) to the mobile device,

- replacing the first transient derived key (DKn) by the further transient derived key (DKn+1) to allow the Trusted Application (TA) of the mobile device to securely communicate with a reader provided with the master key (MK), using said further transient derived key (DKn+1) during a determined time interval.

5. Method according to any of the claims 1 to 4, wherein the first transient identifier (IDn) and the further transient identifier (IDn+1) comprise business data provided by the Trusted Application (TA).

6. Method according to any of the claims 1 to 5, wherein the Trusted Application (TA) is run in the Trusted Execution Environment (TEE) of the mobile device.

7. Method according to any of the preceding claims, wherein the Trusted Application (TA) is a wallet application and the transaction with the reader comprises a transfer of a monetary value.

8. Method for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the reader device comprising a master key and the mobile device comprising a derived key, wherein the method comprises:

- emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK),

- sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device,

- sending, by means of the mobile device, the first transient identifier (IDn) to the reader device,

- using the first transient derived key (DKn) in the reader device to send an encrypted message to the mobile device,

- decrypting the encrypted message in the mobile device to thereby authenticate the identity of the mobile device, and

- if the identity of the mobile device is authenticated, allowing the mobile device to securely communicate with the reader device using Near Field Communication protocol.

9. Method according to claim 8, comprising:

- replacing the first transient derived key (DKn) by the further transient derived key (DKn+1).

10. Method according to claim 8 or 9, wherein the first transient identifier (IDn) and the further transient identifier (IDn+1) comprise business data provided by the Trusted Application (TA).

11. Method according to any of the claims 8 to 10, wherein the Trusted Application (TA) is run in the Trusted Execution Environment (TEE) of the mobile device.

12. Method according to any of the claims 8 to 11, wherein the Trusted Application (TA) is a wallet application and the transaction with the reader comprises a transfer of a monetary value.

13. System for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using an adapted communication protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises:

14. System for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises:

- means for encrypting a message using the first transient derived key (DKn),

- means for sending the encrypted message to the mobile device, the mobile device comprising

- means to allow, if the identity of the mobile device is authenticated, the mobile 5 device to securely communicate with the reader device using Near Field

Communication protocol.

Intellectual

Property

Office

GB1708573.9

1-14

Application No: Claims searched: