Method for managing a real-time clock in a portable tamper-resistant device
10664622 ยท 2020-05-26
Assignee
Inventors
Cpc classification
G06Q20/40
PHYSICS
International classification
G06Q20/40
PHYSICS
Abstract
A computer-implemented method for managing a real-time clock having a drift and being embedded in a portable tamper-resistant device, which receives applicative data when performing a banking transaction with another device. comprises a step of extracting a time from the applicative data, the method also includes a step of compensating the drift by updating the real-time clock based on said time.
Claims
1. A computer-implemented method for managing a real-time clock embedded in a portable tamper-resistant device, said real-time clock having a drift, wherein said portable tamper-resistant device comprises the real-time clock, a physical communication interface to communicate with an external device, a secure element, and a processing unit managing the real-time clock, the processing unit being distinct from the secure element, a spying link being set between the processing unit and the physical communication interface, wherein the method comprises: receiving, by the portable tamper-resistant device, through the physical communication interface, applicative data during a banking transaction with the external device and storing the received applicative data in the portable tamper-resistant device; detecting, by the processing unit of the portable tamper-resistant device, using the spying link, that the banking transaction occurs, by spying data exchanged between the secure element and the external device through the physical communication interface; retrieving, by the processing unit of the portable tamper-resistant device, a time reference from the real-time clock when the banking transaction is detected by the processing unit and associating the retrieved time reference to the received applicative data; extracting, by processing unit of the portable tamper-resistant device, a time from said received applicative data, and computing, by the processing unit of the portable tamper-resistant device, a corrective value using both said time extracted from said received applicative data and the time reference, then compensating said drift by updating the real-time clock with the corrective value.
2. The method according to claim 1, wherein the processing unit comprises a memory and wherein each time a banking transaction is detected by the processing unit, the processing unit generates a captured value reflecting the drift between the time extracted from the received applicative data and the time reference, then stores in its memory, a set comprising the generated captured value.
3. The method according to claim 2, wherein the captured value is a pair comprising the time extracted from received applicative data and the time reference retrieved from the real-time clock.
4. The method according to claim 2, wherein the captured value is the difference between the time extracted from the received applicative data and the time reference retrieved from the real-time clock.
5. The method according to claim 2, wherein the set comprises several captured values corresponding to as many detected banking transactions and wherein said processing unit computes the corrected value as an average value among captured values of the set.
6. The method according to claim 2, wherein the set comprises several captured values corresponding to as many detected banking transactions and wherein said processing unit compares each captured value of the set versus a maximum theoretical drift and discards every captured value having an aberrant value.
7. The method according to claim 1, wherein the secure element stores in a memory thereof a log comprising applicative data of the banking transaction, wherein the processing unit comprises a memory and wherein, each time a banking transaction is detected by the processing unit, the processing unit stores in its memory, a set comprising the time reference retrieved from the real-time clock, and wherein the processing unit accesses both the log in the memory of the secure element and the set in its own memory to compute the corrective value.
8. The method according to claim 7, wherein a communication link is set between the processing unit and the physical communication interface and wherein the processing unit accesses the log by sending a request to the secure element via the communication link.
9. A portable tamper-resistant device comprising a real-time clock having a drift, a physical communication interface to communicate with an external device, a secure element, and a processing unit managing the real-time clock, the processing unit being distinct from the secure element, wherein a spying link is set between the processing unit and the physical communication interface, wherein the secure element comprises a memory and a processor and instructions stored thereon that, when executed, cause said secure element to receive, through the physical communication interface, applicative data during a banking transaction with the external device and to store said received applicative data in the portable tamper-resistant device; wherein the processing unit of the portable tamper-resistant device comprises a processor unit and instructions stored thereon that, when executed, cause said processing unit to; detect, using the spying link, that the banking transaction occurs, by spying data exchanged between the secure element and the external device through the physical communication interface; retrieve a time reference from the real-time clock when the banking transaction is detected by the processing unit of the portable tamper-resistant device and associate the retrieved time reference to the received applicative data; extract a time from said received applicative data; and compute a corrective value using both said time extracted from the received applicative data and the time reference then compensate the drift by updating the real-time clock with the corrective value.
10. The portable tamper-resistant device according to claim 9, wherein the processing unit of the portable tamper-resistant device comprises a memory and wherein each time a banking transaction is detected by the processing unit, the processing unit generates a captured value reflecting the drift between the time extracted from the received applicative data and the time reference, then stores in its memory, a set comprising the generated captured value.
11. The portable tamper-resistant device according to claim 10, wherein the captured value is a pair comprising both the time extracted from the received applicative data and the time reference retrieved from the real-time clock.
12. The portable tamper-resistant device according to claim 9, wherein the portable tamper-resistant device is a bank smart card.
13. The portable tamper-resistant device to claim 8, wherein the captured value is the difference between the time extracted from the received applicative data and the time reference retrieved from the real-time clock.
14. The portable tamper-resistant device according to claim 8, wherein the set comprises several captured values corresponding to as many detected banking transactions and wherein the processing unit computes the corrective value as an average value among the captured values of the set.
15. The portable tamper-resistant device according to claim 10, wherein the set comprises several captured values corresponding to as many detected banking transactions and wherein the processing unit compare each captured value of the set versus a maximum theoretical drift and discards every captured value having an aberrant value.
16. The portable tamper-resistant device according to claim 9, wherein the secure element stores in its memory a log comprising applicative data of the banking transaction, wherein the processing unit comprises a memory and wherein, each time a banking transaction is detected by the processing unit, the processing unit stores in its memory, a set comprising the time reference retrieved from the real-time clock, and wherein the processing unit accesses both the log in the memory of the secure element and the set in its own memory to compute the corrective value.
17. The portable tamper-resistant device according to claim 16, wherein a communication link is set between the processing unit and the physical communication interface and wherein the processing unit accesses the log by sending a request to the secure element via the communication link.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1) Other characteristics and advantages of the present invention will emerge more clearly from a reading of the following description of a number of preferred embodiments of the invention with reference to the corresponding accompanying drawings in which:
(2)
(3)
(4)
(5)
(6)
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
(7) The invention may apply to any type of portable tamper-resistant device intended to carry out banking transactions comprising a time stamp in clear (plain value). Such portable tamper-resistant devices may be a smart card, a contactless token, a USB token, a smartphone or a wearable device (like a smart watch or a ring) for example.
(8) The invention relies on the fact that, when running a banking transaction, the portable tamper-resistant device receives banking applicative data which comprise a reliable time.
(9)
(10) In this example, the portable tamper-resistant device 20 is a bank smart card.
(11) The portable tamper-resistant device 20 comprises a chip 23 (also called secure element), a battery 95, a display 26, a keyboard 27, a RTC 10 and a processing unit 24 (also named processor unit).
(12) The processing unit 24 is connected to the battery 95, the display 26, the keyboard 27 and the RTC 10. The processing unit 24 is in charge of managing output of data through the display 26, input of data through the keyboard 27. The processing unit 24 is able to retrieve the current time from the RTC, to provide power (coming from the battery 95) to the RTC 10 and to set (synchronize) a new time in the RTC 10.
(13) The chip 23 comprises a physical communication interface 25 able to communicate with a smart card reader (not shown) and allowing communication with the server 40 through a smart card reader. In this example, the communication interface 25 is designed to communicate through ISO-7816 protocols. Alternatively, it may be designed to communicate through a wireless protocol. The chip 23 comprises a processing unit 21 and a non-volatile memory (NVM) 22.
(14) The non-volatile memory 22 comprises a banking application 60 which is designed to carry out banking transactions with the server 40. The banking application 60 is a customary banking application able to store, in the NVM 22, a log 83 comprising applicative data related to banking transactions.
(15) In a preferred embodiment the chip 23 complies with Specifications from EMV-CO, EMV 4.2 BOOK3 June 2008.
(16) Alternatively, the chip 23 may comply with Electronic PURSE MONEO PME specifications version DSI9A wherein the Debit command contains the transaction time with under the YY MM DD HH MM SS format.
(17) In one example, a spying link 29 (shown in dotted line) is set between the processing unit 24 and the physical communication interface 25. Thanks to the spying link 29, the processing unit 24 can spy all data exchanged between the chip 23 and the external device 40 (i.e. server, reader or any connected machine). The processing unit 24 comprises an updating agent 70 which is configured to analyze the spied data retrieved via the spying link 29 in order to get the applicative data 30 exchanged between the chip 23 and the external device 40. In addition, the updating agent is able to identify a time 50 from the spied applicative data 30 and to detect that the corresponding banking transaction has been successfully run.
(18) According to an example of EMV transaction, data exchanged through the chip 23 and the external device 40 stay contain the following:
(19) TABLE-US-00001 ....... Verify PIN: 0x0020008008 Data In: 241234FFFFFFFFFF SW: 0x9000 Generate Application cryptogram: 0x80AE400020 Data In: 0x00000000000100000000000208400000000000084012030200123 45678235901 Data Out: 0x771E9F2701409F360200019F26082EB366E1F1ECDD529F1007060 10A03940000 SW: 0x9000 ...... wherein the date of the transaction is 12/03/02 and time of the transaction is 23:59:01.
(20) In another example, the processing unit 24 can be adapted to spy the communication between the external device 40 (server or reader) add the chip 23 (or to spy the physical communication interface 25) in order to detect the beginning of a banking transaction. Once the banking transaction is completed successfully (e.g. response 0x9000 sent by the chip 23), the processing unit 24 gets the timestamp from the applicative data exchanged during the transaction.
(21) The updating agent 70 is configured to gets a time reference 51 from the RTC 10 when a banking transaction is detected thanks to the spying link 29. The updating agent 70 is configured to store, in a set 80, a captured value reflecting the drift between the spied time 50 and the time reference 51. For instance the captured value may be the pair: (spied time 50, time reference 51). Alternatively, the captured value may be the measured drift (difference between spied time 50 and time reference 51).
(22) It is to be noted that the processing unit 24 has access to its own non-volatile memory area for storing the set 80.
(23) The updating agent 70 is configured to store as many captured values as spied banking transactions. The content of the set 80 may be deleted after a successful synchronization of the RTC.
(24) The updating agent 70 is configured to analyze the set 80 when a preset event occur. The preset event may be the detection of a banking transaction, the detection of the nth banking transaction or a predefined date reached by the RTC.
(25) The occurrence of a banking transaction may be detected in several ways. For instance, the processing unit 24 can be adapted to detect a banking transaction based on the presence of a RF field, the presence of power provided to the physical communication interface 25 or data exchanged through the physical communication interface 25.
(26) The updating agent 70 is configured to analyze the set 80 according to a preset rule for generating a corrective value 90 intended to be applied to the RTC.
(27) For instance, the updating agent 70 may compute the corrective value 90 as the average drift (i.e. Average value among all pairs stored in the set 80.)
(28) In a variant, the updating agent 70 may compare each pair of the set 80 versus a maximum theoretical drift (based on hardware characteristics of the RTC). Thus the updating agent 70 may discard pairs having an aberrant value.
(29) Preferably, the updating agent 70 may be implemented as a software program. Alternatively the updating agent 70 may be a hardware component.
(30) In another example, a communication link 28 (shown in plain line) is set between the processing unit 24 and the physical communication interface 25. Thanks to the communication link 28, the processing unit 24 can exchange data with the chip 23. In particular, the processing unit 24 can retrieve data from the log 83. The processing unit 24 and the chip 23 may communicate through ISO-7816 protocol (the processing unit 24 acting as a reader), through SWP (Single Wire Protocol) or any relevant protocol.
(31) Advantageously, the processing unit 24 is able to provide the chip 23 with power by using the battery 95.
(32) The processing unit 24 comprises an updating agent 70 which is configured to detect the occurrence of a banking transaction carried out by the chip 23. For instance, the processing unit 24 may use the spying link 29 as described above to detect a banking transaction between the chip 23 and the external device 40. The chip 23 is assumed to store, in a log 83, applicative data 30 corresponding to the backing transaction. The updating agent 70 is configured to get a time reference 51 from the RTC when a banking transaction is detected. The updating agent 70 is configured to associate the retrieved time reference 51 with the applicative data 30 and to store the time reference 51 in a set 81. For instance, the association may be made thanks to the recording order of the data stored in the log 83 and the set 81. Alternatively, a specific identifier or flag may be used to associate a time 50 with its corresponding time reference 51.
(33) The processing unit 24 is adapted to retrieve the time reference 51 when the banking transaction occurs (or just after the end of the transaction) so that the time 50 and the time reference 51 are assumed to have been captured in a very short time window.
(34) It is to be noted that the processing unit 24 has access to its own non-volatile memory area for storing the set 81.
(35) The updating agent 70 is configured to store as many time reference as detected banking transactions.
(36) The updating agent 70 is configured to analyze both the log 83 and the set 81 when a preset event occur. The preset event may be the detection of a banking transaction, the detection of the nth banking transaction or a predefined date reached by the RTC.
(37) The updating agent 70 is configured to analyze the log 83 and the set 81 according to a preset rule for generating a corrective value 90 intended to be applied to the RTC. The updating agent 70 is adapted to retrieve the time in the relevant applicative data stored in the log 83. For instance, the updating agent 70 may access the log 83 through a request (or command) sent to the chip 23 via the communication link 28. By retrieving each measured time 50 from the log 83 and the associated time reference 51 from the set 81, the updating agent 70 can get the pair(s) (time 50, time reference 51) and compute the drift. The updating agent 70 can then compute the corrective value 90 from these pairs.
(38) Although the processing unit 24 and the chip 23 have been described has separated components in the above-presented example, they also may be merged in a single hardware component, like a microcontroller. For instance, the secure element (chip) 23 may include the processing unit 24.
(39)
(40) At first step S1, the portable tamper-resistant device 20 receives applicative data 30 from another device 40 (e.g. a server or a reader) when performing a banking transaction with this other device 40.
(41) At step S2, the portable tamper-resistant device 20 extracts a time 50 from the received applicative data 30.
(42) Then at step S3, the portable tamper-resistant device 20 updates the real-time clock 10 using the extracted time 50. For instance, the portable tamper-resistant device 20 computes a corrective value 90 based on the time 50 and updates the real-time clock 10 thanks to the corrective value 90.
(43)
(44) This flow corresponds to the case where the processing unit 24 spies the applicative data thanks to the spying link 29 as described at
(45) The first step S1 is similar to the one described at
(46) Steps S31 and S33 correspond to step S3 of
(47) At step S31, the portable tamper-resistant device 20 analyzes the content of the set 80 and applies a preset rule for generating a corrective value 90.
(48) For example, the preset rule may specify that the corrective value 90 is computed as the average drift among all stored pairs. In another example, the lowest drift and the higher drift may be discarded for computing the average drift. In another example, the preset rule may check that the corrective value 90 is compatible with the maximum drift acceptable for the RTC by taking into account the time elapsed since the last synchronization operation and the characteristics of the hardware components of the RTC.
(49) Advantageously, the preset rule may take into account the time zone in which the banking transaction occurred so as to compute drifts which share a common time base.
(50) In another example, the preset rule may check that the set 80 comprises at least a predetermined number of acceptable (i.e. non aberrant) drift values to perform the calculation of the corrective value 90.
(51) Then at step S33, the portable tamper-resistant device 20 updates the real-time clock 10 thanks to the corrective value 90.
(52)
(53) This flow correspond to the case where the processing unit 24 communicates with the chip 23 to request the content of the log 83 using the communication link 28 as described at
(54) The first step S1 is similar to the one described at
(55) For example, the log 83 may comprise, for each banking transaction, applicative data which can be retrieved by the processing unit 24 using the following command:
(56) TABLE-US-00002 Read Record: 0x00B2016415 Data Out: 0x000000000001400840084012030200002359010001 SW: 9000 where the Transaction Date is 12/03/02 and the Transaction Time is 23h 59mn 01s.
(57) At step S22, a predefined event triggers the synchronization operation of the RTC 10. For instance, the predefined event may be the detection of the 10.sup.th successful banking transaction since the last synchronization of the RTC. For instance, the predefined event may be the fact that the measured drift reaches a preset threshold or that the timestamp of the transaction reaches a new month compared to the month of the last RTC synchronization.
(58) Step S23 shows a detailed step corresponding to the step S2 of
(59) For example, the preset rule may specify that the corrective value 90 is computed as the last measured drift. (I.e. the drift computed for the last pair)
(60) Then at step S33, the portable tamper-resistant device 20 updates the real-time clock 10 thanks to the corrective value 90.
(61)
(62) If no synchronization of the RTC is performed, the drift can grow over time as shown by the dotted line. It is to be noted that the growth of the drift is not necessary regular. It can speed up or slow down depending on the conditions of use of the portable device 20 or ageing of the RTC components.
(63) The dashed line shows evolution of the drift over time when the present invention is used. The drift is reduced to zero (or near zero) several times during the life of the RTC.
(64) Thanks to the invention it is possible to easily and smoothly synchronize the real-time clock of a portable secure device.
(65) It is to be noted that the portable tamper-resistant device can protect itself against attacks aiming at updating the RTC. In case of spying of data exchanged between the chip 23 and the external device 40, the processing unit 24 can take into account only valid transactions (i.e. ending with SW 0x9000) which comprise a successful PIN verification reflecting the user's agreement. In all cases, the processing unit 24 can estimate a normal drift and accept correction only if time/correction matches with an acceptable range compared to theoretical drift.
(66) The invention is not limited to the described embodiments or examples. In particular the described examples and embodiments may be combined. In particular, the portable device may collect a single time value or several time values before updating the RTC current time.
(67) It is to be noted that the banking transaction may be a payment transaction, a request for banking authorization or a re-credit for example.
(68) It is to be noted that the invention applies to any portable tamper-resistant device able to run a banking transaction and to receive related applicative data including a time intended to date the transaction.
(69) The invention is not limited to portable secure devices having a display or a keyboard. According to the invention, the corrective value may be computed using a timestamp extracted from applicative data coming from banking transaction which has not been successfully run.