Transaction Verification On Rfid-Enabled Payment And Transaction Instruments
- Technology Benefits
- This solution takes a proactive approach (instead of reacting to fraudulent transactions after they occur) and doesn’t allow any transactions to go through without user’s approval of its details (e.g, the amount for a credit card transaction). It is also important that users verify transaction details at the time of the transaction in our solution (not few days later).
- Technology Application
- RFID enabled payment instruments
- Detailed Technology Description
- RFID tags are commonly used as payment and transaction instruments (e.g., credit, debit, ATM and voting cards). In such settings, a malicious reader can easily mislead the tag into signing or authorizing a transaction different from the one that is communicated to, or intended by, the user. This is possible because there is no direct channel from a tag to its user (i.e., no secure user interface) on regular RFID tags and the only information a user gets (e.g., a receipt, or an amount displayed on the cash register) is under the control of a potentially malicious reader. Thus, it seems impossible for a user to verify (in real time) transaction details, e.g., the amount or the currency. This problem becomes especially important with current electronic credit cards. UCI researchers have developed an approach to transaction amount verification that is designed to work with any RFID-enabled payment instrument. Its primary goal is to provide simple, secure and usable transaction verification at a Point-of-Sale (PoS). The Protocol Display enabled RFID tag (DERT) receives transaction details from the reader (seller/merchant). DERT verifies that the details (e.g., issuing bank, account number, etc.) match their counterparts in the reader PKC. Protocol is aborted in case of a mismatch. DERT extracts and displays user-verifiable data, i.e, the amount and, optionally, the currency code. It then enters a countdown stage that lasts for a predetermined duration (e.g., 10 seconds). User observes transaction information and, if the transaction amount and other details are deemed correct, presses accept button on DERT before the timer runs out. At this point, DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT.
- Supplementary Information
- Patent Number: US20130179349A1
Application Number: US13782764A
Inventor: Tsudik, Gene | Uzun, Ersin
Priority Date: 9 Nov 2010
Priority Number: US20130179349A1
Application Date: 1 Mar 2013
Publication Date: 11 Jul 2013
IPC Current: G06Q002032
US Class: 705044
Assignee Applicant: The Regents of the University of California
Title: Transaction Verification on RFID Enabled Payment and Transaction Instruments
Usefulness: Transaction Verification on RFID Enabled Payment and Transaction Instruments
Summary: Method for securing communication of wireless interface-constrained device (claimed) with reader for banks, credit card companies and companies producing equipment for Radio-frequency identification (RFID) based voting systems.
Novelty: Method for securing communication of wireless interface-constrained device with reader for e.g. banks, involves completing transaction through reader if time-stamped transaction statement is authorized to be sent to reader
- Industry
- ICT/Telecom
- Sub Category
- Telecommunication
- Application No.
- 9443240
- Others
-
Related Technologies
Additional Technologies by these Inventors
Tech ID/UC Case
21364/2011-299-0
Related Cases
2011-299-0
- *Abstract
-
A new method that allows users to verify the transaction details (e.g., the amount being charged) and explicitly approve them on RFID enabled payment and transaction instruments.
- *IP Issue Date
- Sep 13, 2016
- *Principal Investigator
-
Name: Gene Tsudik
Department:
Name: Ersin Uzun
Department:
- Country/Region
- USA
For more information, please click Here
