System and method for securing communication between a card reader device and a remote server

摘要

The present invention relates to the implementation of end-to-end security for communication between a low-cost card reader and a remote server. It is an object of the present invention to establish a secure channel between a card reader and a remote server via an untrusted communication device (eg a smart phone or tablet). This secure channel is inherently resistant to some fundamental differential side channel analysis while providing the following features in situations in which there is neither a secure random number generator nor an entropy source in the card reader Things:-Mutual authentication of card reader and server.-Secure channel based on session key. This makes it impossible to re-execute the key of the secure channel concerning the past transaction even if it is an authorized transaction, or the card reader can pre-calculate the session key of the future transaction , It will be impossible to reuse it later.