MX2018007695A - Metodo y sistema para mejorar la seguridad de una transaccion. - Google Patents
Metodo y sistema para mejorar la seguridad de una transaccion.Info
- Publication number
- MX2018007695A MX2018007695A MX2018007695A MX2018007695A MX2018007695A MX 2018007695 A MX2018007695 A MX 2018007695A MX 2018007695 A MX2018007695 A MX 2018007695A MX 2018007695 A MX2018007695 A MX 2018007695A MX 2018007695 A MX2018007695 A MX 2018007695A
- Authority
- MX
- Mexico
- Prior art keywords
- cryptogram
- mobile application
- transaction
- computed
- compromised
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2365—Ensuring data consistency and integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Esta invención se relaciona con un método y sistema para mejorar seguridad de transacción en un Circuito Integrado simulado (ICC). La presente invención propone un método dirigido a proponer contramedidas contra el levantamiento de datos levantamiento de código por la biblioteca nativa enlazada dinámicamente de una aplicación móvil. El resultado del método de contramedidas implementado es usado como entrada para calcular un valor de contramedida que puede ser usado como entrada durante el cálculo del criptograma. Si la biblioteca nativa compartida se ve comprometida, el valor de contramedida calculado es calculado erróneamente. Con el criptograma calculado erróneamente, la transacción será rechazada en el lado de la computadora remota. Con la presente invención, no es insertada ninguna condición de interrupción en la aplicación móvil cuando la biblioteca nativa se ve comprometida. En su lugar, la ejecución de la aplicación móvil continua corrompiendo silenciosamente el cálculo del criptograma, el individuo malicioso no podrá comprender por qué y cuándo falló la generación del criptograma.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15307143.6A EP3185168A1 (en) | 2015-12-24 | 2015-12-24 | Method and system for enhancing the security of a transaction |
PCT/EP2016/082209 WO2017108971A1 (en) | 2015-12-24 | 2016-12-21 | Method and system for enhancing the security of a transaction |
Publications (1)
Publication Number | Publication Date |
---|---|
MX2018007695A true MX2018007695A (es) | 2018-08-01 |
Family
ID=55083318
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
MX2018007695A MX2018007695A (es) | 2015-12-24 | 2016-12-21 | Metodo y sistema para mejorar la seguridad de una transaccion. |
Country Status (4)
Country | Link |
---|---|
US (1) | US20190012664A1 (es) |
EP (2) | EP3185168A1 (es) |
MX (1) | MX2018007695A (es) |
WO (1) | WO2017108971A1 (es) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10911452B2 (en) * | 2016-11-22 | 2021-02-02 | Synergex Group (corp.) | Systems, methods, and media for determining access privileges |
ES2774104T3 (es) * | 2017-08-10 | 2020-07-16 | Siemens Ag | Procedimiento y equipo para proteger un software frente a una utilización no autorizada |
US11520913B2 (en) * | 2018-05-11 | 2022-12-06 | International Business Machines Corporation | Secure execution support for A.I. systems (and other heterogeneous systems) |
US10491404B1 (en) * | 2018-09-12 | 2019-11-26 | Hotpyp, Inc. | Systems and methods for cryptographic key generation and authentication |
BR112021010155A2 (pt) * | 2018-12-03 | 2021-08-24 | Nagravision S.A. | Implantação e operação segura de um sistema de plataforma virtual |
KR102364652B1 (ko) * | 2019-08-01 | 2022-02-21 | 한국전자통신연구원 | 화이트박스 암호화를 이용한 puf 기반 사물인터넷 디바이스 인증 장치 및 방법 |
CN111046440B (zh) * | 2019-12-13 | 2022-06-14 | 支付宝(杭州)信息技术有限公司 | 一种安全区域内容的篡改验证方法及系统 |
CN111639350B (zh) * | 2020-05-16 | 2023-01-31 | 中信银行股份有限公司 | 密码服务系统及加密方法 |
WO2024107078A1 (ru) * | 2022-11-18 | 2024-05-23 | Публичное Акционерное Общество "Сбербанк России" | Формирование статичного идентификатора мобильных устройств и выявление мошеннических транзакций |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040117262A1 (en) * | 2002-12-17 | 2004-06-17 | Berger Jeffrey Keith | System and method for conducting a monetary transaction |
US9501773B2 (en) * | 2010-02-02 | 2016-11-22 | Xia Dai | Secured transaction system |
CN115358746A (zh) * | 2013-09-20 | 2022-11-18 | 维萨国际服务协会 | 包括消费者认证的安全远程支付交易处理 |
CN105830107A (zh) * | 2013-12-19 | 2016-08-03 | 维萨国际服务协会 | 基于云的交易方法和系统 |
-
2015
- 2015-12-24 EP EP15307143.6A patent/EP3185168A1/en not_active Withdrawn
-
2016
- 2016-12-21 EP EP16819088.2A patent/EP3394788B1/en active Active
- 2016-12-21 US US16/065,794 patent/US20190012664A1/en not_active Abandoned
- 2016-12-21 MX MX2018007695A patent/MX2018007695A/es unknown
- 2016-12-21 WO PCT/EP2016/082209 patent/WO2017108971A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
WO2017108971A1 (en) | 2017-06-29 |
EP3394788A1 (en) | 2018-10-31 |
US20190012664A1 (en) | 2019-01-10 |
EP3185168A1 (en) | 2017-06-28 |
EP3394788B1 (en) | 2022-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
MX2018007695A (es) | Metodo y sistema para mejorar la seguridad de una transaccion. | |
MX2018005593A (es) | Metodo y sistema de procesamiento de transaccion de cadena de bloques en red de procesamiento de transaccion. | |
MY192409A (en) | Business processing method and apparatus | |
GB2525719A8 (en) | Method and system for providing a vulnerability management and verification service | |
PH12018500778A1 (en) | Message authentication | |
EP4354303A3 (en) | Systems, methods, and apparatuses for matrix add, subtract, and multiply | |
EP4242892A3 (en) | Code pointer authentication for hardware flow control | |
WO2017030625A3 (en) | Loading and virtualizing cryptographic keys | |
GB2571367A (en) | Tokenisation method and system for implementing exchanges on a blockchain | |
MX2019012571A (es) | Sistemas y metodos para verificacion y autenticacion de dispositivos. | |
EP2579817A4 (en) | IMPLANT COMPONENTS AND METHODS | |
NZ712430A (en) | Trusted terminal platform | |
GB2505601A (en) | Credential authentication methods and systems | |
WO2016122751A3 (en) | Using trusted execution environments for security of code and data | |
NZ725355A (en) | Authentication code entry system and method | |
SG10201900964QA (en) | Cloud-based transactions methods and systems | |
WO2017171987A8 (en) | System, apparatus and method for performing secure memory training and management in a trusted environment | |
BR112016024153A2 (pt) | método e sistema para implementar uma carteira digital sem fio | |
GB201216847D0 (en) | Effective testing of authorization logic of web components which utilize claims-based authorization | |
RU2013143484A (ru) | Система и способ обеспечения безопасности онлайн-транзакций | |
NZ701459A (en) | Systems and methods for secure processing with embedded cryptographic unit | |
MX2021003647A (es) | Toque para llenar automaticamente los datos de la tarjeta. | |
GB2497366B (en) | Phishing processing method and system and computer readable storage medium applying the method | |
MY189174A (en) | Network based management of protected data sets | |
WO2014182787A3 (en) | Systems and methods for high fidelity multi-modal out-of-band biometric authentication |