Media.Player

Transaction Verification On Rfid-Enabled Payment And Transaction Instruments

技术优势

This solution takes a proactive approach (instead of reacting to fraudulent transactions after they occur) and doesn’t allow any transactions to go through without user’s approval of its details (e.g, the amount for a credit card transaction). It is also important that users verify transaction details at the time of the transaction in our solution (not few days later).

技术应用

RFID enabled payment instruments

详细技术说明

RFID tags are commonly used as payment and transaction instruments (e.g., credit, debit, ATM and voting cards). In such settings, a malicious reader can easily mislead the tag into signing or authorizing a transaction different from the one that is communicated to, or intended by, the user. This is possible because there is no direct channel from a tag to its user (i.e., no secure user interface) on regular RFID tags and the only information a user gets (e.g., a receipt, or an amount displayed on the cash register) is under the control of a potentially malicious reader. Thus, it seems impossible for a user to verify (in real time) transaction details, e.g., the amount or the currency. This problem becomes especially important with current electronic credit cards. UCI researchers have developed an approach to transaction amount verification that is designed to work with any RFID-enabled payment instrument. Its primary goal is to provide simple, secure and usable transaction verification at a Point-of-Sale (PoS). The Protocol Display enabled RFID tag (DERT) receives transaction details from the reader (seller/merchant). DERT verifies that the details (e.g., issuing bank, account number, etc.) match their counterparts in the reader PKC. Protocol is aborted in case of a mismatch. DERT extracts and displays user-verifiable data, i.e, the amount and, optionally, the currency code. It then enters a countdown stage that lasts for a predetermined duration (e.g., 10 seconds). User observes transaction information and, if the transaction amount and other details are deemed correct, presses accept button on DERT before the timer runs out. At this point, DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT.

*Abstract

A new method that allows users to verify the transaction details (e.g., the amount being charged) and explicitly approve them on RFID enabled payment and transaction instruments.

*IP Issue Date

Sep 13, 2016

*Principal Investigation

Name: Gene Tsudik

Department:

Name: Ersin Uzun

Department:

附加资料

Patent Number: US20130179349A1
Application Number: US13782764A
Inventor: Tsudik, Gene | Uzun, Ersin
Priority Date: 9 Nov 2010
Priority Number: US20130179349A1
Application Date: 1 Mar 2013
Publication Date: 11 Jul 2013
IPC Current: G06Q002032
US Class: 705044
Assignee Applicant: The Regents of the University of California
Title: Transaction Verification on RFID Enabled Payment and Transaction Instruments
Usefulness: Transaction Verification on RFID Enabled Payment and Transaction Instruments
Summary: Method for securing communication of wireless interface-constrained device (claimed) with reader for banks, credit card companies and companies producing equipment for Radio-frequency identification (RFID) based voting systems.
Novelty: Method for securing communication of wireless interface-constrained device with reader for e.g. banks, involves completing transaction through reader if time-stamped transaction statement is authorized to be sent to reader

主要类别

信息和通信技术/电信

细分类别

电信

申请号码

9443240

其他

Related Technologies

• RFID Reader Revocation Checking Using Low Power Attached Displays

Additional Technologies by these Inventors

• RFID Reader Revocation Checking Using Low Power Attached Displays

Tech ID/UC Case

21364/2011-299-0

Related Cases

2011-299-0

国家/地区

美国