首页>
外国专利>
System and method for ensuring system integrity against, and detection of, rollback attacks for stored value data in mobile devices
System and method for ensuring system integrity against, and detection of, rollback attacks for stored value data in mobile devices
展开▼
机译:用于确保针对移动设备中的储值数据的回滚攻击和检测系统完整性的系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
Mobile device, e.g. a mobile telephone or smartphone, comprises: an Android (RTM) application AA; a trusted execution environment TEE; and a trusted application TA, e.g. a wallet application, adapted to run in the trusted execution environment. The trusted application comprises business logic to perform a transaction, e.g. a financial transaction. Each transaction comprises transformation of a first set of data, representing e.g. monetary value, stored in mobile device memory into an amended set of data stored in said memory. The trusted application requests the Android (RTM) application to generate a unique cryptographic signature for the transaction and to store the signature with the amended set of data in said memory. The Android (RTM) application may comprise a hardware backed key store HWBKS, used to generate the signature in the form of a public-private key pair. The cryptographic signature may be pre-generated prior to initiating the trusted application. Transactions may only be performed after confirming signature authenticity. May provide a standard chip used in a smartphone with the functionality of a prepaid stored value payment card which stores a data representation of a cash value and avoids rollback or backup attacks.
展开▼