This invention relates generally to electronic security devices, and more particularly to token-based authentication technologies. The invention is particularly suited for use in situations where a high degree of security is required to protect confidential data such as, for example, electronic payments. The invention is suited for verifying the identity of an individual prior to allowing a computer-related operation to be performed.

Many operations require a user's identity to be verified before access is allowed to a controlled resource or process. Such controlled resources might include financial funds, a controlled building or area, a computing resource or network, or sensitive data. Various authentication techniques and devices are known, including security tokens. Various types of token are known, both hardware and software based. It is known for tokens to be implemented in a device carried by an individual so that the individual can verify his identity using the device. These may sometimes be referred to as 'hardware tokens', 'authentication tokens' or 'cryptographic tokens'. In essence, the security token serves as an electronic key to unlock access to the controlled resource. In addition to possession of the token, other forms of authentication may sometimes be required before the user is allowed to perform the operation such as password or PIN entry, or verification of biometric data associated with the user. However, without (physical) access to the token the user is not able to authenticate with the client system.

During use, the token sends a key to the client system or device so that the client knows that the token can be trusted. The token is provided with hardware and/or software to enable it to communicate with the client. For example, some tokens might include a USB connector for physical connection to the client while others might include RFID

capabilities or a Bluetooth interface so that the key sequence can be transmitted wirelessly to a client within close proximity, or to a nearby access point.

Wireless tokens which do not need to be physically connected to the client device to transfer data have proved popular because they offer convenience of use. They may be used, for example, with keyless entry systems and also with electronic payment arrangements. One such payment system is the Mobil Speedpass which uses RFID to transmit authentication data from a token provided on a keychain. However, such tokens have known disadvantages. For example, Bluetooth tokens function when the token is within 10 meters or so of the client device. For some applications, this range may not be appropriate. Furthermore, if Bluetooth connectivity is not available the token is rendered unusable. One solution to this has been to incorporate a USB interface into some Bluetooth tokens so that the token can operate in both a connected and a disconnected state. The token is inserted into a USB input device when a Bluetooth connection cannot be established. Therefore, this solution defaults back to a physical connection between the token and the client and so the convenience of wireless/contactless operation is lost. As such, known tokens suffer from the disadvantage that they are configured for use with only one form of wireless communication technology.

Thus, it is desirable to provide a token-based authentication solution which provides a variety of wireless connectivity capabilities. Such a solution would ideally enable the token to use a variety of wireless communication protocols and technologies so that a variety of communication techniques can be utilised by the same device, providing more connectivity options than currently available on single prior art tokens. Such a solution would be agnostic to the type of communication protocol used by the client because the token would be able to select and use whichever transmission technology is appropriate for a particular client. Such a solution would reduce complexity and costs for service providers such as banks and merchants.

It is also desirable to provide a solution which overcomes or at least alleviates the problem of short battery life associated with known security tokens.

Ideally, such a solution would also provide one or more mechanisms to ensure that the security of the data stored, processed and transmitted by the token is maintained. Also, such a solution would implement continuous, persistent authentication such that proximity of the token with the client device is required in order for a process (e.g.

verification) to be maintained. Upon loss of proximity between the token and the device, the process is terminated.

Such an improved solution has now been devised. Thus, in accordance with the present invention there is provided an arrangement as defined in the appended claims.

Therefore, in accordance with the invention there is provided a security token comprising: a secure processor; and

a plurality of hardware and/or software components arranged to enable communication using a plurality of wireless communication technologies.

The may token provide an authentication device for verifying the identity of an individual prior to and/or while permitting an operation to be performed, and/or permitting access to a controlled resource such as a building, financial resources or a computer-based resource such as hardware or software.

Thus, the invention provides a highly secure authentication solution wherein the security token is able to communicate wirelessly via more than one type of wireless communication technology. This is an advantage over prior art arrangements which provide the ability to communicate via only one wireless protocol. Therefore, in one sense, the invention may provide a solution which combines the functionalities of various prior art arrangements into an integrated device. The invention provides protocol interoperability so that existing communication techniques (e.g NFC, Bluetooth, RFID) can be extended, to support devices where these techniques are not supported or are inaccessible.

The inclusion of a secure processor also provides enhanced security over prior art tokens which would not comprise such a feature.

The plurality of wireless communication technologies may enable the token device to communicate wirelessly with another device without the need for insertion of the token into the client device via a physical interface. This other device may be a computer implemented device which may be referred to as a 'client'. The client device may be a payment processing device, a card reading terminal, a door entry system or any other device/system which requires authentication of a user before permitting an operation to be performed. The client device may comprise software, such as an app, arranged for execution of a transaction, such as a financial payment.

The communication between the token and the other device may be one or two directional. In other words, the token may be arranged to send and/or receive data.

The token may be arranged to select and utilise one of the plurality of communication technologies during an authentication process. The token may be arranged to detect which wireless communication technology is appropriate for communication with a particular client device, and then select and use the appropriate wireless technology from the plurality so as to communicate with the client. Thus, the token is able to communicate with a greater variety of client devices than prior art tokens which are designed to communicate using one particular type of wireless protocol.

The security token may be used to verify a user's identity during an authentication process. The authentication process may be a continuous (or 'persistent') authentication process meaning that the continuing presence of the token is required in or for the process to continue. The process may terminate if the token is not within range of the client.

Therefore, continuous or repeated monitoring for the token may be performed. The monitoring may be performed by software executing on the client.

The authentication process may comprise, for example, verification of the user prior to completing a financial transaction. The authentication process may be initiated by the client device or some other device. Without the presence of the token the authentication process may fail. One or more further authentication techniques may be employed in conjunction with the use of the token. For example, the user may be required to provide authentication data such as a password, PIN, biometric data or other unique identifier in order to complete the authentication process. The authentication data may be verified by the token, the client device and/or some other device.

The plurality of wireless communication technologies may be selected such that communication is only possible when the token is within a predetermined range from a client device. In some embodiments the token may be arranged and configured such that it can only communicate with other devices via a wireless connection. In other

embodiments, however, the token may be arranged and configured for communication via a wired interface in addition to wireless communication. The token may comprise contact, contactless or hybrid interface technologies.

The token may be arranged to determine which communication technology is appropriate for communication with a particular client device. Therefore, the token may be arranged to determine which form of communication protocol/technology is required for

communication with the other device, and then select and/or use the relevant technology from the plurality provided on the token to establish and a communication channel with the other device. For example, the token may detect that the other device has Bluetooth connectivity, and thus the token may use its own Bluetooth capabilities to establish a Bluetooth connection with the other device. If, on the other hand, it detects that the other device is an NFC enabled device it may establish an NFC connection.

The token may be arranged to provide and/or enable persistent authentication of a user with a client device such that authentication of the user fails unless a wireless connection is maintained. The token or other device may be arranged to monitor a connection between the token and the other device. A continuous connection may be required so that the user can access the other device or some software provided thereon, or complete an operation such as user authentication.

The secure processor may be a cryptoprocessor. It may be a secure cryptoprocessor. It may comprise anti-tamper sensors, full Encryption mechanisms and/or capabilities to create a RSA key. Secure memory may be associated with the secure processor. By incorporating a secure processor into the token, the token's communications may be secured. This provides a significant advantage over prior art arrangements which do not offer the enhanced security provided by a secure processor. For applications involving financial payments and transactions, for example, the need for high security is an important factor.

The plurality of wireless communication technologies incorporated into the token may include Near Field Communication (NFC), Bluetooth, ZigBee, RFID, iBeacon and/or Ultra- wideband. However, other wireless technologies may be employed instead of or in addition to these. Essentially, any wireless communication technology may be employed. The more technologies that are incorporated into the token, the greater the choice of client device that the token is able to communicate with.

The plurality of wireless protocols may include one or more proximity protocols. The proximity protocols may require the token and client device to be within the same locality or range. Thus, the token may need to be co-located with (i.e. within the same location as) the client device in order for them to communicate. The token may be configured such that it is not capable of communication over a wide area network such as the internet or a telecommunications network. The token may be incapable of communication with another device unless it is (physical) proximity to the other device. The communication may be restricted to within a local region or area so as to maintain security because the user must be in possession of the token and within proximity of the client device in order to authenticate.

The plurality may include one or more medium to long range proximity protocols, such as Bluetooth, wherein the communication range may be substantially between 10m and 30m. However, the range may be shortened for security purposes.

Additionally or alternatively, one or more short range technologies may be included such as RFID capabilities. Such short range technologies may restrict communication between the token and the other device to a range of a few feet. Additionally or alternatively, one or more close range technologies may be included in the plurality of technologies, such as Near Field Communication (NFC). The one or more close range technologies may restrict communications to substantially within a few centimeters in range.

In some embodiments, the token may be paired with one or more electronic devices. This electronic device may be any form of computing device. For example, it could be a PC. It could be a mobile or portable device such as a laptop, a tablet computer, a smart phone etc. It may be the client device.

The pairing may be achieved using hardware and/or software. The pairing associates the particular token with a particular electronic device so that they are matched or linked. The device may then be 'known' to token and/or vice versa. The token may be arranged to be paired with a software application (app) installed on a mobile computing device such as a smartphone or tablet. The app may be arranged to facilitate performance of a transaction, such as a financial payment, which requires authentication of the user. The app may be a digital wallet.

The pairing may provide the ability to restrict which device(s) the token is able to communicate with. Preferably, as a result of the pairing the token is unable to

communicate with (ie transmit data to and/or receive data from) a device with which it is not paired. This provides the advantage that the user must be in proximity to the paired device as well as being in possession of the paired token, which increases the level of security provided by the invention. The invention is not intended to be limited with respect to the manner in which the pairing is performed.

The token may comprise one or more antennae to facilitate wireless communication between the token and the client device. The token may comprise one or more sensors. The sensors may enable the token to detect the presence of a transmitter, such as an iBeacon transmitter, within the vicinity of the token. Thus, the token may receive a signal from the transmitter via the sensor when the token is in proximity to the transmitter.

The token may comprise means for generating electricity. The means for generating electricity may be photovoltaic means. The token may comprise photovoltaic (solar) cells arranged to produce electricity from sun light. This can be used to recharge a battery provided in or on the token. Thus, the security token may further comprise a battery arranged to receive electricity generated by the photovoltaic means. The token may be portable. It may comprise a housing or body which has no external data ports or interface such as a USB interface. Therefore, the housing or body may be completely sealed. Thus, communication with the token may only be achieved via a non- physical interface. The token may comprise a smart card. The secure processor may be embedded in, or carried on, the card body.

The token may be configured for secure storage of data. For example, the token may comprise secure memory for the storage of virtual currency. The token may be configured to comprise, or communicate with, a digital wallet.

The token may be arranged to store financial data. The financial data may relate to a user's bank account, credit account or other financial resource associated with the user. The token may be arranged to communicate with and/or connect wirelessly to a digital wallet. The digital wallet may be provided on a portable computing device such as a smart phone or tablet computer. The token and the portable computing device may be paired, as detailed above. The token may be arranged to communicate with and/or connect wirelessly to an app stored and/or executed on a mobile device e.g. smart phone, tablet computer. The app may be configured to emulate the functional responses or operations of an NFC-enabled smart card. The app may be configured to access data relating to a smart card on a mobile computing device. The data may be stored in memory provided on the mobile device or the token. The token may be arranged to authenticate a Host Card Emulation (HCE) operation or transaction performed via a mobile device. The mobile device may be a smart phone or a tablet computer. The token may form part of a HCE system such that when a user taps the mobile device to initiate a transaction, the transaction may only be completed if the token is within proximity to the mobile device. This provides the benefit that in the event that the mobile device is lost or stolen, an unauthorised party cannot use the mobile device to complete a HCE transaction without access to the token as well.

According to another aspect of the invention there is provided a security token for authenticating a user and comprising photovoltaic means for generating electricity.

The token may further comprise a battery arranged to receive electricity generated by the photovoltaic means.

Also according to the invention there is provided an authentication method comprising the steps:

bringing a token according to any embodiment described above into proximity with a client device so that a wireless communication channel can be established between the token and the client device;

permitting a user to perform a process or transaction if, and only if, the wireless communication channel is established.

The process or transaction may be a payment. The process or transaction may be a Host Card Emulation transaction. The payment may be processed via a HCE software component arranged for execution on the client device. The client device may be a smart phone or a tablet computer. The method may further comprise the step of terminating the process or transaction if the communication channel is interrupted, lost or intercepted. Thus, the authentication method may be a persistent (or 'continuous') authentication method. The method may comprise the step of monitoring the communication channel between the token and the client device to determine whether the wireless connection between the devices has been lost or compromised.

The method may further comprise the step of pairing the token with the client device. It may also comprise the step of checking whether the token and client device are paired before and/or during the process or transaction.

The method may further comprise the step of making a payment from the token or a digital wallet provided on the client device. The invention also provides a payment system comprising:

a token according to any embodiment described above;

a portable computing device configured for wireless communication with the token; an electronic payment device configured for wireless communication with the portable computing device.

The portable computing device may be a smart phone or a tablet computer.

The token may be paired with the portable computing device. As above, the pairing can take a variety of forms but essentially the token is 'known' to the client device so that the authentication process is only successful when the paired token is in proximity with the device. A different (non paired) token will not be able to establish a connection with the device, and so the authentication process will fail.

The portable computing device may be configured to perform Host Card Emulation. The device may comprise suitably arranged software to perform the HCE functionality.

The portable computing device may comprise a digital wallet. A payment may be made from the token or the wallet. The electronic payment device may be a NFC enabled terminal or reader.

Any feature described above in relation to one aspect/embodiment of the invention may also be applicable to any other aspect/embodiment of the invention. Features described in relation the token device may also apply with respect to the method, and vice versa.

These and other aspects of the present invention will be apparent from and elucidated with reference to, the embodiment described herein. An embodiment of the present invention will now be described, by way of example only, and with reference to the accompany drawings, in which:

Figure 1 illustrates an exemplary embodiment of the present invention, showing a secure token comprising a secure processor and a plurality of wireless communication

capabilities.

Figure 2 is a flow chart illustrating one way in which the invention provides authentication of a user during performance of an operation or process e.g. a payment or other transaction. Turning to Figure 1, the invention provides a secure hardware token 1 which can be used to authenticate a user during a transaction. This transaction may be a financial transaction but it should be noted that the invention is not intended to be limited with regard to the type of transaction or process for which it can be used. In order to authenticate, the user must be in possession of the token 1, or at least be in the vicinity of it. Without the token the user is not able to authenticate with the client system/device.

The token comprises a secure processor such as a Maxim™ secure microcontroller 2 having cryptographic capabilities. Such a secure processor 2 might include any or all of the following security features:

• Unique 64-Bit Serial Number • Tamper Detection with Rapid Key/Data Destruction

• Secret Key Destruction on Tamper Events

• Permanent Loader Lockout Option

• Proprietary Code Scrambling Technique Using Random Keys

· Hardware Accelerators for AES, RSA, DSA, ECDSA, DES, 3DES, SHA-1, SHA- 224, SHA-256

• True Hardware Random-Number Generator

• Temperature and Voltage Sensors to Detect Attacks

• Two Self-Destruct Input Pins

The token may be provided in a variety of forms, including as a smart card. Smart card embodiments provide the advantage that they are slim, low cost to produce, and can be easily carried by a user in a physical wallet. Other embodiments may include keychain tokens.

The token 1 may provide continuous (also known as persistent) authentication. This is illustrated in Figure 2. Therefore, rather than the authentication being a single, discrete event the token's continued presence is required. The channel or connection established between the token and the client device is continuously monitored to check that connectivity has been maintained. If it is found that the connection between the token and the device has been lost or compromised, the authentication process fails. The user is not able to complete the desired operation and/or have access to the desired resource.

Branding or other printed information may be provided on one or more sides. The token comprises a battery and also solar cells to recharge the battery, thus prolonging its life.

The token is equipped with a variety of wireless communication capabilities. These would typically include Near Field Communication 3a, Bluetooth 3c, ZigBee, RFID 3b, iBeacon and/or Ultra- wideband components but other communication protocols may be used in addition or instead of these. The wireless protocols 3a, 3b, 3c enable the token 1 to communicate with another device which is in proximity to the token. Thus, the token and the other device are relatively close to each other when connected, rather than

communicating via a wide area network.

The token comprises one or more and antennae and sensors 4 to enable it to use certain communication technologies eg iBeacon.

In use, various scenarios may be supported, some of which are described below.

The token is able to connect to a mobile wallet via its Bluetooth 3c or other protocol 3a, 3b, enabling it to secure the transaction with the secure processor 2. A user may tap a card to the token to communicate with a mobile app which the user is engaging with in order to make a transaction. This enables the user to authenticate and perform an online/mobile transaction as if it were a "card present" transaction. There are significant benefits which flow from this, including increased security, reversal of liability and reduced costs.

The token could be in 'shop mode' and communicating wirelessly to a mobile device. The user selects items for purchase and subsequently passes through an RFID scanner. The items are immediately charged to the electronic wallet on the user's device. The user does not need to wait at a payment till.

The token can also validate card proximity during a mobile transaction to provide an additional security factor.

In some embodiments, the token may be used to verify a PIN or other identifier sent from a mobile app in order to gain authenticated access to the mobile computing/telephone device.

In some embodiments, the token provides (full or partial) PAN information for credit cards. This provides the advantage that such sensitive data does not need to be stored on an insecure device such as a mobile phone.

In use, the token can also serve as an intermediary device which transactions can be directed through in order to bridge the gap between different technologies at either end of the transaction flow. For example, in the financial world different banks, merchants, processors and consumers utilise different systems which are often unable to communicate with one another. Therefore, a payment or other transaction may not be possible between two technically incompatible parties. The present inventions solves this issue because, for example, a payment request can be received by the token using one type of protocol, but can be transmitted on from the token to a terminal using a different type of protocol. In this way, transactions can be completed between systems which use different types of communication technologies as the token provides a layer of protocol and implementation abstraction. For example, a NFC transaction can be completed over a Bluetooth connection. This provides a seamless and convenient solution which is simple to implement and removes the need for re-engineering of the transactional systems involved in the process.

The invention also provides significant advantages in relation to HCE systems. A disadvantage with existing HCE systems is that in the event of the user's mobile device being lost or stolen, it can be used to make transactions by unauthorised parties. As the HCE software replicates the user's physical smart card, the credit or debit account is debited upon completion of the HCE transaction. The invention provides a beneficial, additional layer of security because the physical presence of the token is required in order to complete the transaction. Therefore, the unauthorised party would need to gain access to the token as well as the mobile device in order to make a transaction.

For example, according to known techniques, a user may add payment card details to a mobile wallet app on a smart phone so as to make NFC payments via terminals provided at retailers' premises. This provides the user with a convenient way of making contactless payments using the phone instead of inserting the actual smart card into the reader. The HCE software on the phone emulates the user's physical smart card. The data received by the phone's NFC controller from the retailer's device is sent directly from the NFC controller to the processing app.

However, in accordance with the present invention, the transaction cannot be completed unless the token is in continued communication with the app. If the token is within proximity to the phone, a wireless communication channel can be established between the app and the token, and the transaction can proceed. However, if the channel cannot be established, or is lost or intercepted for some reason, the transaction cannot proceed and the user's account is not debited.

Thus, some of the advantages provided by the invention include:

• the provision of protocol and implementation abstraction between banks,

merchants, processors and consumers;

• provides continuous, persistent authentication;

· allows for these parties to make longer term decisions in a fast moving

technological area

• allows for dynamic firmware updates and provisioning to continually adapt and evolve as digital payments standards change

• Adds additional security measures for digital payments by adding security factors and reducing the sensitive information kept on insecure mobile devices

• Augments digital mobile payment applications to allow for secure storage and

identify validation

• The token serves as an intermediate between different / potentially competing

protocols to facilitate interoperability

· Smart card token is slim and can fit into a wallet, providing convenience and

portability

• Battery lasts for a year or longer

• Solar panel on non-branded side of card can be used to add battery charge

• Provides an additional layer of security for HCE systems and methods

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be capable of designing many alternative embodiments without departing from the scope of the invention as defined by the appended claims. In the claims, any reference signs placed in parentheses shall not be construed as limiting the claims. The word "comprising" and "comprises", and the like, does not exclude the presence of elements or steps other than those listed in any claim or the specification as a whole. In the present specification, "comprises" means "includes or consists of and "comprising" means "including or consisting of. The singular reference of an element does not exclude the plural reference of such elements and vice-versa. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.