System and method for ensuring system integrity against, and detection of, rollback attacks for stored value data in mobile devices

摘要

Mobile device, e.g. a mobile telephone or smartphone, comprises: an Android (RTM) application AA; a trusted execution environment TEE; and a trusted application TA, e.g. a wallet application, adapted to run in the trusted execution environment. The trusted application comprises business logic to perform a transaction, e.g. a financial transaction. Each transaction comprises transformation of a first set of data, representing e.g. monetary value, stored in mobile device memory into an amended set of data stored in said memory. The trusted application requests the Android (RTM) application to generate a unique cryptographic signature for the transaction and to store the signature with the amended set of data in said memory. The Android (RTM) application may comprise a hardware backed key store HWBKS, used to generate the signature in the form of a public-private key pair. The cryptographic signature may be pre-generated prior to initiating the trusted application. Transactions may only be performed after confirming signature authenticity. May provide a standard chip used in a smartphone with the functionality of a prepaid stored value payment card which stores a data representation of a cash value and avoids rollback or backup attacks.