Method and system for relay attack detection
US-2019373475-A1 · Dec 5, 2019 · US
Method and system for relay attack detection
US11432155B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11432155-B2 |
| Application number | US-201716477852-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 15, 2017 |
| Priority date | Mar 15, 2017 |
| Publication date | Aug 30, 2022 |
| Grant date | Aug 30, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method preventing relay attacks between first and second devices is disclosed. The method includes providing, by a first device, a command message, receiving a request message and providing a response message to a second device. The time period between the receipt of the command message and the transmission of the response message by the first device is compared to another time period between the time when the command message was sent and the response message was received by the second device. If those times substantially match, then the first device can have assurance that a relay attack is not occurring.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: generating and sending, by a first device, a command message to a second device in a transaction conducted between the first device and the second device, wherein the second device thereafter generates a first request message and transmits the first request message to the first device; receiving, by the first device, the first request message; generating, by the first device, a first response message; transmitting, by the first device, the first response message to the second device; receiving, by the first device, a data message from the second device, the data message comprising an encrypted value comprising a first time period in encrypted form, the first time period determined by the second device, and being associated with the command message, the first request message, or the first response message; decrypting, by the first device, the encrypted value to determine the first time period; comparing, by the first device, the first time period to a second time period determined by the first device, the second time period being associated with the command message or the first request message; when the first time period and the second time period are not within a predetermined threshold, recording that the first and second time periods are not within the predetermined threshold, and initiating a decline of the transaction; and when the first time period and the second time period are within the predetermined threshold, then recording that the first and second time periods are within the predetermined threshold, and allowing the transaction to proceed, the first time period is measured from a time when the command message is received by the second device and a time when the first request message is transmitted by the second device to the first device, and the second time period is measured from a time when the command message is transmitted by the first device to the second device and a time when the first request message is received by the first device. 2. The method of claim 1 , wherein the first request message is a time extension request message and the first response message is a time extension response message. 3. The method of claim 2 , wherein the predetermined threshold is a first predetermined threshold, and therein the method further comprises, after transmitting the first response message and before receiving the data message: receiving, by the first device, a second request message from the second device; generating, by the first device, a second response message; transmitting, by the first device, the second response message to the second device; and wherein the data message further comprises a third time period in encrypted form, the third time period determined by the second device and being measured from a time when the first response message is received by the second device and a time when the second request message is transmitted by the second device to the first device; and wherein the method further comprises: decrypting the encrypted third time period; comparing, by the first device, the decrypted third time period to a fourth time period determined by the first device and being measured from a time when the first response message was transmitted to the second device and a time when the second request message is received by the first device; when the compared third time period and the fourth time period are not within a second predetermined threshold, then recording that the third time period and the fourth time period are not within the predetermined threshold, and initiating a decline of the transaction; and when the compared third time period and the fourth time period are within the second predetermined threshold, then recording that the third time period and the fourth time period are within the predetermined threshold, and allowing the transaction to proceed. 4. The method of claim 3 , wherein the first request message is a first time extension request message, the first response message is a first time extension response message, the second request message is a second time extension request message, and the second response message is a second time extension response message. 5. The method of claim 3 , wherein the first time period and the third time period are different. 6. The method of claim 1 , wherein the first device is an access device and the second device is a portable device. 7. The method of claim 1 , wherein the encrypted value contains a number of request messages that have been sent from the second device to the first device in encrypted form. 8. The method of claim 1 , wherein the first request message comprises an unpredictable number, and wherein the encrypted value contains the unpredictable number in encrypted form. 9. The method of claim 1 , wherein the first request message comprises an unpredictable number, and wherein the encrypted value contains a concatenated value comprising the unpredictable number and the first time period in encrypted form. 10. A first device, the first device comprising: a processor; and a non-transitory computer readable medium, the non-transitory computer readable medium comprising code, executable by the processor to perform a method comprising: generating and sending a command message to a second device in a transaction conducted between the first device and the second device, wherein the second device thereafter generates a first request message and transmits the first request message to the first device; receiving the first request message; generating a first response message; transmitting the first response message to the second device; receiving a data message from the second device, the data message comprising an encrypted value comprising a first time period in encrypted form, the first time period determined by the second device, and being associated with the command message, the first request message or the first response message; decrypting the encrypted value to determine the first time period; comparing the first time period to a second time period determined by the first device, the second time period being associated with the command message or the first request message; when the first time period and the second time period are not within a predetermined threshold, recording that the first and second time periods are not within the predetermined threshold, and initiating a decline of the transaction; and when the first time period and the second time period are within the predetermined threshold, then recording that the first and second time periods are within the predetermined threshold, and allowing the transaction to proceed, the first time period is measured from a time when the command message is received by the second device and a time when the first request message is transmitted by the second device to the first device, and the second time period is measured from a time when the command message is transmitted by the first device to the second device and a time when the first request message is received by the first device. 11. The first device of claim 10 , wherein the first request message is a time extension request message and the first response message is a time extension response message. 12. The first device of claim 11 , wherein the predetermined threshold is a first predetermined threshold, and wherein the method further comprises, after transmitting the first response message and before receiving the data message: receiving a second request message; generating a second response message; transmitting the second response message to the second device; and wherein the data message further
Assignees
Inventors
Classifications
Time-dependent · CPC title
- H04W12/122Primary
Counter-measures against attacks; Protection against rogue devices · CPC title
of the control plane, e.g. signalling traffic · CPC title
using near field communication [NFC] or radio frequency identification [RFID] modules · CPC title
- G06Q20/352Primary
Contactless payments by cards · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11432155B2 cover?
- A method preventing relay attacks between first and second devices is disclosed. The method includes providing, by a first device, a command message, receiving a request message and providing a response message to a second device. The time period between the receipt of the command message and the transmission of the response message by the first device is compared to another time period between…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04W12/122. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 30 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).