US 12,254,466 B1
Skimmer and shimmer identification and prevention system
Abhijit Behera, Hyderabad Telengana (IN); Maneesh Kumar Sethia, Hyderabad Telangana (IN); Rajasekhar Madala, Hyderabad Telangana (IN); and Ajay Kumar Gowni, Hyderabad Telangana (IN)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Jun. 6, 2024, as Appl. No. 18/735,419.
Int. Cl. G06Q 20/38 (2012.01); G01D 5/24 (2006.01); G06Q 20/34 (2012.01); G07F 19/00 (2006.01); H04L 9/06 (2006.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01)
CPC G06Q 20/382 (2013.01) [G01D 5/24 (2013.01); G06Q 20/3567 (2013.01); G07F 19/2055 (2013.01); H04L 9/0631 (2013.01); H04L 9/302 (2013.01); H04L 9/3271 (2013.01)] 21 Claims
OG exemplary drawing
 
1. An apparatus for dynamic multi-level detection of compromised transaction receivers, the apparatus including:
a sensor communication module (“SCM”) configured to monitor a transaction between a card and a card reader, the SCM including:
a sensor module including one or more capacitive and magnetic sensors, the sensor module installed in the card reader; and
a communication module configured to receive and transmit sensor data transmitted from the one or more capacitive and magnetic sensors; and
a terminal software module (“TSM”) configured to:
receive the sensor data transmitted from the communication module;
compare the sensor data with data included in a threshold lookup table; and
based on the comparison, output a threshold status, the threshold status indicating:
a threshold violation in response to a determination that the sensor data fails to conform with the data included in the threshold lookup table; or
a threshold confirmation in response to a determination that the sensor data conforms with the data included in the threshold lookup table; and
a dynamic mutual cryptographic authenticator (“DMCA”) configured to:
receive the threshold status;
in response to receipt of the threshold violation terminate the transaction;
in response to receipt of the threshold confirmation, initiate an encrypted challenge response communication module (“ECRCM”), the ECRCM configured to initiate a challenge response protocol through the communication module, the challenge response protocol configured to:
trigger the card reader to transmit a first challenge to the card;
in response to receipt of the first challenge, the card is configured to:
encrypt the first challenge at the card using a first private key included in the card; and
transmit the encrypted first challenge from the card to the card reader;
in response to receipt of the encrypted first challenge, the card reader is configured to decrypt the encrypted first challenge using a second private key included in the card reader;
in response to receipt of a first confirmation confirming decryption of the encrypted first challenge by the card reader, the card is configured to transmit a second challenge to the card reader, the second challenge being encrypted with a first public key included in the card; and
in response to receipt of the second challenge, the card reader is configured to:
decrypt the second challenge using the second private key;
re-encrypt the second challenge using a second public key included in the card reader; and
transmit the re-encrypted second challenge to the card; and
in response to receipt of a second confirmation confirming decryption of the re-encrypted second challenge by the card, authenticate the transaction.