WO2016137307A1 - Attestation by proxy - Google Patents
Attestation by proxy Download PDFInfo
- Publication number
- WO2016137307A1 WO2016137307A1 PCT/KR2016/002020 KR2016002020W WO2016137307A1 WO 2016137307 A1 WO2016137307 A1 WO 2016137307A1 KR 2016002020 W KR2016002020 W KR 2016002020W WO 2016137307 A1 WO2016137307 A1 WO 2016137307A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- server
- electronic device
- attestation
- payment
- token
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/085—Payment architectures involving remote charge determination or related payment systems
- G06Q20/0855—Payment architectures involving remote charge determination or related payment systems involving a third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/24—Credit schemes, i.e. "pay after"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3226—Use of secure elements separate from M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/363—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
Definitions
- Embodiments of this disclosure relate generally to secure communications. More specifically, embodiments of this disclosure relate to attestation by proxy.
- consumer electronic device as a means of payment for a payment transaction is popular and convenient for consumers.
- the sensitive secrete credit card payment information artifacts e.g., account numbers, tokens, keys, etc.
- TSP card network token service provider
- Attestation is the process where a device provides device measurement data signed with a trusted key. Device measurement data from the device is reliable for a short period of time after a nonce creation as the device can be compromised.
- Embodiments of this disclosure provide examples of attestation by proxy.
- a first embodiment of this disclosure provides a method for attestation by proxy.
- the method includes retrieving, by the electronic device, secure device data of the electronic device.
- the method also includes performing, by an electronic device, attestation with an attestation server using a proxy server.
- a validation result of the device is generated based on the secure device data.
- the method also includes communicating payment information with an application server when the validation result is trusted.
- a second embodiment of this disclosure provides an electronic device for performing attestation by proxy.
- the electronic device comprises at least one processor configured to retrieve, by the electronic device, secure device data of the electronic device.
- the at least one processor is also configured to perform attestation with an attestation server using a proxy server.
- a validation result of the electronic device is generated based on the secure device data.
- the at least one processor is also configured to communicate payment information with an application server when the validation result is trusted.
- a third embodiment of this disclosure provides a non-transitory computer readable medium containing computer readable program code that, when executed, causes at least one processing device of a mobile device to retrieve, by the electronic device, secure device data of the electronic device.
- the computer readable program code also causes the at least one processing device to perform attestation with an attestation server using a proxy server.
- a validation result of the electronic device is generated based on the secure device data.
- the computer readable program code also causes the at least one processing device to communicate payment information with an application server us when the validation result is trusted.
- Couple and its derivatives refer to any direct or indirect communication between two or more elements, whether or not those elements are in physical contact with one another.
- transmit and “communicate,” as well as derivatives thereof, encompass both direct and indirect communication.
- the term “or” is inclusive, meaning and/or.
- controller means any device, system or part thereof that controls at least one operation. Such a controller may be implemented in hardware or a combination of hardware and software and/or firmware. The functionality associated with any particular controller may be centralized or distributed, whether locally or remotely.
- phrases “at least one of,” when used with a list of items, means that different combinations of one or more of the listed items may be used, and only one item in the list may be needed.
- “at least one of: A, B, and C” includes any of the following combinations: A, B, C, A and B, A and C, B and C, and A and B and C.
- various functions described below can be implemented or supported by one or more computer programs, each of which is formed from computer readable program code and embodied in a computer readable medium.
- application and “program” refer to one or more computer programs, software components, sets of instructions, procedures, functions, objects, classes, instances, related data, or a portion thereof adapted for implementation in a suitable computer readable program code.
- computer readable program code includes any type of computer code, including source code, object code, and executable code.
- computer readable medium includes any type of medium capable of being accessed by a computer, such as read only memory (ROM), random access memory (RAM), a hard disk drive, a compact disc (CD), a digital video disc (DVD), or any other type of memory.
- ROM read only memory
- RAM random access memory
- CD compact disc
- DVD digital video disc
- a “non-transitory” computer readable medium excludes wired, wireless, optical, or other communication links that transport transitory electrical or other signals.
- a non-transitory computer readable medium includes media where data can be permanently stored and media where data can be stored and later overwritten, such as a rewritable optical disc or an erasable memory device.
- FIG. 1 illustrates an example computing system according to this disclosure
- FIGS. 2 and 3 illustrate example devices in a computing system according to this disclosure
- FIG. 4 illustrates a flow diagram of an attestation by proxy operation according to various embodiments
- FIG. 5 illustrates an example system for attestation by proxy according to this disclosure
- FIG. 6 illustrates a flow diagram of a token use operation based on electronic device attestation in accordance with various embodiments of the present disclosure
- FIG. 7 illustrates a flow diagram of a token use operation based on electronic device attestation in an electronic device according to various embodiments
- FIG. 8 illustrates a flow diagram of a token update operation based on token attestation in an electronic device according to various embodiments
- FIG. 9 illustrates a process for attestation by an electronic device in accordance with various embodiments of the present disclosure.
- FIG. 10 illustrates a process for attestation by proxy server in accordance with various embodiments of the present disclosure.
- FIGS. 1 through 10 discussed below, and the various embodiments used to describe the principles of the present invention in this patent document are by way of illustration only and should not be construed in any way to limit the scope of the disclosure. Those skilled in the art will understand that the principles of this disclosure may be implemented in any suitably arranged device or system.
- FIG. 1 illustrates an example computing system 100 according to this disclosure.
- the embodiment of the computing system 100 shown in FIG. 1 is for illustration only. Other embodiments of the computing system 100 could be used without departing from the scope of this disclosure.
- the system 100 includes a network 102, which facilitates communication between various components in the system 100.
- the network 102 may communicate Internet Protocol (IP) packets, frame relay frames, Asynchronous Transfer Mode (ATM) cells, or other information between network addresses.
- IP Internet Protocol
- ATM Asynchronous Transfer Mode
- the network 102 may include one or more local area networks (LANs), metropolitan area networks (MANs), wide area networks (WANs), all or a portion of a global network such as the Internet, or any other communication system or systems at one or more locations.
- the network 102 facilitates communications between various servers 103 and 104 and various client devices 106-114.
- Each server 104 includes any suitable computing or processing device that can provide computing services for one or more client devices.
- Each server 104 could, for example, include one or more processing devices, one or more memories storing instructions and data, and one or more network interfaces facilitating communication over the network 102.
- Each client device 106-114 represents any suitable computing or processing device that interacts with at least one server or other computing device(s) over the network 102.
- the client devices 106-114 include a desktop computer 106, a mobile telephone or smartphone 108, a personal digital assistant (PDA) 110, a laptop computer 112, and a tablet computer 114.
- PDA personal digital assistant
- any other or additional client devices could be used in the computing system 100.
- client devices 108-114 communicate indirectly with the network 102.
- the client devices 108-110 communicate via one or more base stations 116, such as cellular base stations or eNodeBs.
- the client devices 112-114 communicate via one or more wireless access points 118, such as IEEE 802.11 wireless access points. Note that these are for illustration only and that each client device could communicate directly with the network 102 or indirectly with the network 102 via any suitable intermediate device(s) or network(s).
- the servers 103 or 104 represent servers associated with a manufacturer of one or more of the client devices, CA servers, financial servers, or token service provider (TSP) servers that participate in enabling trust-zone-based end-to-end security.
- CA servers CA servers
- financial servers financial servers
- token service provider (TSP) servers that participate in enabling trust-zone-based end-to-end security.
- FIG. 1 illustrates one example of a computing system 100
- the system 100 could include any number of each component in any suitable arrangement.
- computing and communication systems come in a wide variety of configurations, and FIG. 1 does not limit the scope of this disclosure to any particular configuration.
- FIG. 1 illustrates one operational environment in which various features disclosed in this patent document can be used, these features could be used in any other suitable system.
- FIGS. 2 and 3 illustrate example devices in a computing system according to this disclosure.
- FIG. 2 illustrates an example server 200
- FIG. 3 illustrates an example client device 300.
- the server 200 could represent the servers 103 or 104 in FIG. 1
- the client device 300 could represent one or more of the client devices 106-114 in FIG. 1.
- the server 200 includes a bus system 205, which supports communication between at least one processing device 210, at least one storage device 215, at least one communications unit 220, and at least one input/output (I/O) unit 225.
- a bus system 205 which supports communication between at least one processing device 210, at least one storage device 215, at least one communications unit 220, and at least one input/output (I/O) unit 225.
- the processing device 210 executes instructions that may be loaded into a memory 230.
- the processing device 210 may include any suitable number(s) and type(s) of processors or other devices in any suitable arrangement.
- Example types of processing devices 210 include microprocessors, microcontrollers, digital signal processors, field programmable gate arrays, application specific integrated circuits, and discreet circuitry.
- the memory 230 and a persistent storage 235 are examples of storage devices 215, which represent any structure(s) capable of storing and facilitating retrieval of information (such as data, program code, and/or other suitable information on a temporary or permanent basis).
- the memory 230 may represent a random access memory or any other suitable volatile or non-volatile storage device(s).
- the persistent storage 235 may contain one or more components or devices supporting longer-term storage of data, such as a ready only memory, hard drive, Flash memory, or optical disc.
- the communications unit 220 supports communications with other systems or devices.
- the communications unit 220 could include a network interface card or a wireless transceiver facilitating communications over the network 102.
- the communications unit 220 may support communications through any suitable physical or wireless communication link(s).
- the I/O unit 225 allows for input and output of data.
- the I/O unit 225 may provide a connection for user input through a keyboard, mouse, keypad, touchscreen, or other suitable input device.
- the I/O unit 225 may also send output to a display, printer, or other suitable output device.
- FIG. 2 is described as representing the server 104 of FIG. 1, the same or similar structure could be used in one or more of the client devices 106-114.
- a laptop or desktop computer could have the same or similar structure as that shown in FIG. 2.
- FIG. 3 illustrates an example electronic device 300 according to various embodiments of the present disclosure.
- the embodiment of the electronic device 300 illustrated in FIG. 3 is for illustration only, and the client devices 108-114 of FIG. 1 could have the same or similar configuration.
- electronic devices come in a wide variety of configurations, and FIG. 3 does not limit the scope of this disclosure to any particular implementation of an electronic device.
- the electronic device 300 includes antenna(s) 305, a radio frequency (RF) transceiver 310, transmit (TX) processing circuitry 315, a microphone 320, and receive (RX) processing circuitry 325.
- the electronic device 300 also includes a speaker 330, a processor 340, an input/output (I/O) interface (IF) 345, a touchscreen 350, a display 355, a memory 360, and one or more sensors 365.
- the memory 360 includes an operating system (OS) 361 and one or more applications 362.
- OS operating system
- applications 362 one or more applications
- the RF transceiver 310 receives, from the antenna 305, an incoming RF signal transmitted by an eNB of the network 100.
- the RF transceiver 310 down-converts the incoming RF signal to generate an intermediate frequency (IF) or baseband signal.
- the IF or baseband signal is sent to the RX processing circuitry 325, which generates a processed baseband signal by filtering, decoding, and/or digitizing the baseband or IF signal.
- the RX processing circuitry 325 transmits the processed baseband signal to the speaker 330 (such as for voice data) or to the processor 340 for further processing (such as for web browsing data).
- the TX processing circuitry 315 receives analog or digital voice data from the microphone 320 or other outgoing baseband data (such as web data, e-mail, or interactive video game data) from the processor 340.
- the TX processing circuitry 315 encodes, multiplexes, and/or digitizes the outgoing baseband data to generate a processed baseband or IF signal.
- the RF transceiver 310 receives the outgoing processed baseband or IF signal from the TX processing circuitry 315 and up-converts the baseband or IF signal to an RF signal that is transmitted via the antenna 305.
- the processor 340 can include one or more processors and execute the OS program 361 stored in the memory 360 in order to control the overall operation of the electronic device 300.
- the processor 340 includes at least one microprocessor or microcontroller.
- the processor 340 is also capable of executing other processes and programs resident in the memory 360, such as operations that receive, store, and timely instruct the display of videos for screen burn-in prevention and reduction management.
- the processor 340 can move data into or out of the memory 360 as required by an executing process.
- the processor 340 is configured to execute a plurality of applications 362, such as a payment application 363 for making secure payments using a financial account.
- the processor 340 can operate the plurality of applications 362 based on the OS program 361.
- the processor 340 is also coupled to the I/O interface 345, which provides electronic device 300 with the ability to connect to other devices such as laptop computers and handheld computers.
- the I/O interface 345 is the communication path between these accessories and the processor 340.
- the I/O interface 345 may include a near field communication (NFC) module for near field communication with, for example, a payment device to process a payment transaction.
- NFC near field communication
- the processor 340 is also coupled to the touchscreen 350 and the display 355.
- the operator of the electronic device 300 can use the touchscreen 350 to enter data into the electronic device 300.
- the display 355 may be a liquid crystal display, a light-emitting diode (LED) display, an optical LED (OLED), an active matrix OLED (AMOLED), or other display capable of rendering text and/or at least limited graphics, such as from web sites.
- LED light-emitting diode
- OLED optical LED
- AMOLED active matrix OLED
- the memory 360 is coupled to the processor 340.
- Part of the memory 360 could include a random access memory (RAM), and another part of the memory 360 could include a Flash memory or other read-only memory (ROM).
- RAM random access memory
- ROM read-only memory
- Electronic device 300 further includes one or more sensor(s) 365 that can meter a physical quantity or detect an activation state of the electronic device 300 and convert metered or detected information into an electrical signal.
- sensor 365 may include one or more buttons for touch input, a camera, a gesture sensor, a gyroscope or gyro sensor, an air pressure sensor, a magnetic sensor or magnetometer, an acceleration sensor or accelerometer, a grip sensor, a proximity sensor, a color sensor 365 (e.g., a Red Green Blue (RGB) sensor), a bio-physical sensor, a temperature/humidity sensor, an illumination sensor 365, an Ultraviolet (UV) sensor, an Electromyography (EMG) sensor, an Electroencephalogram (EEG) sensor, an Electrocardiogram (ECG) sensor, an IR sensor, an ultrasound sensor, an iris sensor, a fingerprint sensor, etc.
- the sensor(s) 365 can further include a control circuit for controlling at least one of the sensors included therein. Any of these
- FIGS. 2 and 3 illustrate examples of devices in a communication system
- various changes may be made to FIGS. 2 and 3.
- the processor 340 could be divided into multiple processors, such as one or more central processing units (CPUs) and one or more graphics processing units (GPUs).
- FIG. 3 illustrates the electronic device 300 configured as a mobile telephone or smartphone
- electronic devices could be configured to operate as other types of mobile or stationary devices.
- client devices and servers can come in a wide variety of configurations, and FIGS. 2 and 3 do not limit this disclosure to any particular electronic devices.
- Various embodiments of the present disclosure provide methods and systems ensure the payment artifacts can only be decrypted in a Trusted Execution Environment (TEE) of the electronic device 300 or by the Token Service Provider (TSP), creating end-to-end security, irrespective of any intermediate platforms the information has to traverse, such as the regular operating system of the electronic device, the Internet, and any servers that handle messages for TSP.
- TEE Trusted Execution Environment
- TSP Token Service Provider
- an encryption method is implemented to ensure the payment artifacts can only be decrypted in the TEE of the electronic device 300 or by the card network TSP, which creates end-to-end security.
- One or more embodiments of this disclosure recognizes and takes into account that attestation used by SAMSUNG KNOXTM helps protect enterprise apps and data from unauthorized access by creating a virtual container within a device.
- a Mobile Device Management (MDM) server Before the container is created, a Mobile Device Management (MDM) server must verify the device security status to identify whether the device is secure in order to create the container. Attestation can be used to verify the device’s security status. Attestation is the process where a device provides device measurement data signed with a trusted key available only in ARM® Trust Zone®. Measurement data from the device is reliable for a short period of time after the nonce creation as the device can be compromised.
- MDM Mobile Device Management
- One or more embodiments of this disclosure recognizes and takes into account that to use remote attestation, an application server is normally required to perform time-consuming customizations and modifications to its communication protocols, including changes to the server side and device side components.
- the mechanism described in this disclosure of attestation by proxy allows an application server to gain the benefits of remote attestation without modifying server code or its device side components.
- One or more embodiments provides implementing this attestation by proxy mechanism as part of a token requester server, which acts as the “proxy” performing remote attestation of the device on behalf of the application server that is the token service provider of the card network, and the trusted application of a bank card network.
- One or more embodiments provide implementing this attestation by proxy mechanism by using the attestation proxy server as a Virtual Private Network (VPN) server, which will help avoid the application server to talk to attestation server every time.
- VPN Virtual Private Network
- the entire configuration related to attestation is done on the VPN server.
- the entire configuration of the attestation agent which works accordingly to the application server, can be configured on the VPN server. In other embodiments, only some of the configuration is performed on the VPN server.
- the configuration can include any of the steps or operations performed during the attestation process.
- there is also a VPN server for the device side also referred to herein as the VPN client). Due to the VPN server performing many or all of the operations, the device application will now use a reduced amount of processing.
- One or more embodiments provide implementing this attestation by proxy mechanism by using in cooperation with devices that control people’s vehicle, electronic equipment and home appliances in the concept of Internet of Things (IOT).
- IOT Internet of Things
- a mobile phone would serve as the core of IOT in controlling other equipment, the device security is very important; many application servers may attest the device first before processing through any request.
- One or more embodiments provide a proxy server to do all the attestation of the device instead, so all application servers can just enjoy the benefits of getting the attestation result from proxy server.
- FIG. 4 illustrates a flow diagram 400 of an attestation by proxy operation according to various embodiments.
- the embodiment of the flow diagram 400 shown in FIG. 4 is for illustration only. Other embodiments of the flow diagram 400 could be used without departing from the scope of this disclosure.
- a system in FIG. 4, includes electronic device 505 shown in Fig. 5 with trust zone 410, attestation agent 415, and virtual private network (VPN) for client side 420.
- the system also includes attestation server 430, VPN for server side 425, and application server 535 shown in Fig. 5.
- Attestation server 430 and VPN server 425 could be examples of servers 103 and 104 in FIG. 1.
- VPN for server side 425 could be part of attestation server 430.
- the attestation server 430 can produce validation result 550.
- the validation result can be used to validate the security for electronic device 505. In other words, the validation result can indicate whether the security for the electronic device 505 is valid.
- the attestation by proxy system uses a VPN server 425 to talk to the attestation server 430.
- An application server will receive the result from VPN server 425 because the entire configuration is done at VPN server 425. Accordingly, the client side on device will also use a VPN client 420 to respond to the attestation request and provide required information.
- MDM server when MDM server needs to attest the mobile device, in normal attestation process, it will be configured to connect to the cloud based attestation server, and also any other server which needs to do attestation process like token requestor server to remember attestation server information. But in Attestation by Proxy procedure, all these servers just wait for VPN server to do all the work for them. On the other hand, normally device needs to install specific API like MDM API which will also be avoided in Attestation by Proxy procedure.
- a VPN client 420 establishes secure and authenticated connection with the VPN server 425.
- the VPN client 420 requests nonce from the attestation server 430 (440).
- the nonce is generated by the attestation server 430 and stored with a timestamp, and sent to the VPN server 425 (445).
- the VPN server 425 starts the attestation process by sending the nonce to the VPN client 420 (450).
- the VPN client 420 passes the nonce to the attestation agent 415 (455).
- the nonce is used by the attestation agent 415 to request a measurement from the trust zone 410 (460).
- the trust zone 410 returns a blob to the attestation agent 415 (465).
- the blob contains the nonce, measurements, device ID, signature, and certificate chain.
- the measurements can be cryptographic measurements of a boot loader and kernel of the electronic device 505.
- the blob is passed to the attestation agent 415 to the VPN client 420 (470) and then to the VPN server 425 (475).
- the VPN server 425 asks the attestation server 430 to parse the blob, and perform signature and certificate checks (480).
- the attestation server 430 sends the measurement results and verdict to the VPN server 425 (485).
- the VPN server 725 checks the nonce, timestamps and verdict that are returned by the attestation server 430 and perform necessary format transformation before sending the verdict to the application server. Once the application server trusts the electronic device, accept the coming request and work as expected.
- attestation by proxy allows learning a devices security status, helping vendors know whether a device contains original factory images, checking if anything has changed on a device, and if so, how it could affect a security container. Attestation can be performed when an integrity check of a device is required, before a security container is created, when MDM vendors trigger the attestation process periodically as needed, when a device enrolls in a payment application, such as SAMSUNG PAYTM, and needs to talk to a token requestor server, and anytime when a server needs to know the security status of a device.
- a payment application such as SAMSUNG PAYTM
- FIG. 5 illustrates an example system 500 for attestation by proxy according to this disclosure.
- the embodiment of the system 500 shown in FIG. 5 is for illustration only. Other embodiments of the system 500 could be used without departing from the scope of this disclosure.
- System 500 can be one example of computing system 100 in FIG. 1.
- system 500 includes electronic device 505 with trust zone 410, attestation agent 415, and virtual private network (VPN) for client side 420.
- System 400 also includes attestation server 430, VPN for server side 425, and application server 435.
- Attestation server 430 and application server 535 could be examples of servers 103 and 104 in FIG. 1.
- VPN for server side 425 could be included as part of attestation server 430 or application server 535.
- the electronic device 505 can be one example of client devices 106-114 in FIG. 1.
- the electronic device 505 includes the trust zone 410 and the attestation agent 415.
- the trust zone 410 can be a container that is virtual and secure.
- the trust zone 410 is configured to protect measurement data signed with a trusted key. This trusted key can be used to form a secure device data for use with the attestation agent 415.
- the secure device data may be, in one example, a binary large object (BLOB).
- BLOB binary large object
- the VPN 425 and 420 are used by electronic device 505 to communicate with attestation server 430 and application server 535.
- the application server 535 can include a policy 540 and tokens 545.
- the tokens 545 can be used by electronic device 505 to conduct electronic payments.
- Policy 540 may include information, requirement and/or criteria (e.g., validation logic, attestation rules, etc.) used to complete attestation according to certain card network or payment service provider. Each card network or payment service provide may impose distinctive policy. Policy 540 may further specify the data format and/or data content of the attestation result that is acceptable by the card network or payment service provider.
- the system 500 allows payment networks such as VISATM, MASTER CARDTM, and AMERICAN EXPRESSTM to enjoy the benefits of remote attestation without having to make any changes to their server or require any special device components for electronic devices.
- the embodiment provides the payment server 610 show in Fig. 6 acting as an attestation proxy, and performing attestation on behalf of the card network.
- the attestation by proxy is actually using a VPN server to talk to the attestation server.
- the application server can receive the result from VPN server when the entire configuration is done at VPN server.
- the client server on device can also use a VPN server to respond to the attestation request and provide required information.
- An aspect of this disclosure allows an application provider (such as a financial institution) to take advantage of attestation without having to make modifications to server or device components of its software.
- attestation is used to protect enterprise apps and data from unauthorized access by creating a virtual security container within a device.
- a Mobile Device Management (MDM) server Before the container is created, a Mobile Device Management (MDM) server must verify the device security status to identify whether the device is secure in order to create the container. Attestation can be used to verify the device’s security status. Attestation is the process where a device provides device measurement data signed with a trusted key available only in the secure container (i.e., trust zone). Measurement data from the device is reliable for a short period of time after the nonce creation as the device can be compromised.
- MDM Mobile Device Management
- an electronic device for performing attestation by proxy comprises at least one transceiver, and at least one processor operatively coupled to the at least one transceiver.
- the at least one processor is configured to transmit, to an attestation server, secure device data for an electronic device through a proxy server, receive, from the attestation server, a validation result indicating that a security for the electronic device is valid through the proxy server, the validation result generated based on the secure device data, and communicate payment information with an application server according to the validation result.
- a policy associated with the application server is obtained by the proxy server, and the policy indicates validation logic specific to the application server and indicates a data format of the validation result that is acceptable by the application server.
- the policy is obtained from one of the application server or a default policy.
- the proxy server comprises a virtual private network (VPN) server, and the VPN server is used to generate a secure connection with the electronic device.
- VPN virtual private network
- the secure device data is generated by using a nonce and device measurements of the electronic device, and the nonce is received from the attestation server through the proxy server.
- the secure device data is a binary large object generated by using the nonce received from the attestation server and device measurements of the electronic device.
- the at least one processor further configured to receive a token for use in a payment from the application server through the proxy server.
- a non-transitory computer readable medium containing computer readable program code that, when executed, causes at least one processing device of an electronic device to transmit, to an attestation server, secure device data for an electronic device through a proxy server, receiving, from the attestation server, a validation result indicating that a security for the electronic device is valid through the proxy server, the validation result generated based on the secure device data, and communicate payment information with an application server according to the validation result.
- FIG. 6 illustrates a flow diagram 600 of a token use operation based on electronic device attestation by proxy in accordance with various embodiments of the present disclosure.
- the embodiment of the flow diagram 600 shown in FIG. 6 is for illustration only. Other embodiments of the flow diagram 600 could be used without departing from the scope of this disclosure.
- the solid line may include a request (e.g., request or call) command and the dotted line may include a response (e.g., response or return) command.
- the payment system may include an electronic device 605, a payment server 610 (e.g., may include a payment service server and/or a token requester server), and a token server 615 (also referred to as a token service provider).
- the electronic device may include, for example, a payment application 620 and/or a payment manager 625.
- the token server 615 may issue or manage information (such as tokens) related to payment.
- the token server 615 may control the operation cycle of the token.
- the electronic device 605 may store information that can be used for payment, using an external input or a sensor 365 (e.g., camera sensor or Optical Character Reader (OCR)) functionally connected to the electronic device 605.
- the information that can be used for payment may include card information (e.g., PAN), a valid period, CVV, or a user name.
- the electronic device 605 may execute an application (e.g., payment application 620) included in the electronic device 605 on the basis of an external input (e.g., user input).
- the electronic device 605 may store, in a payment application 620 included in the electronic device 605, information that can be used for payment through an external input (e.g., touch, double touch, long press, leftward/rightward movement after touch, gesture, or drag and stop) or a sensor functionally connected to the electronic device 605.
- the information that can be used for payment may include, for example, Primary Account Number (PAN).
- PAN may include an account number associated with a Bank Identification Number (BIN) generated by a financial server.
- BIN Bank Identification Number
- the electronic device 605 may store information, which is associated with the payment application 620 and can be used for payment, in the electronic device 605 or the external device (e.g., server).
- the electronic device 605 may store information, which can be used for payment corresponding to the payment application 620, in a memory (e.g., the memory 230 of FIG. 2 or memory 360 of FIG. 3) included in the electronic device 605 or in an external device (e.g., any of client devices 106-114, or the server 104 of FIG. 1).
- the electronic device 605 may provide an interface for the information that can be used for payment.
- the interface may include the information that can be used for payment, for example, letters for the PAN, a picture, an icon, a notification, or an indicator.
- the electronic device 605 may register a PAN using the payment application 620.
- the electronic device 605 may transfer the PAN to the payment application 620.
- the payment manager 625 may provide information related to the PAN, which has been input through a sensor functionally connected to the electronic device 605, to the user by transferring the PAN to the payment manager 625 (630).
- the payment manager 625 may encrypt the PAN (633).
- the payment manager 625 may encrypt the PAN using a key included in the security application in order to protect the PAN from the outside.
- information received from the electronic device 605 or the external device e.g., a server or financial server may be used in the encryption.
- the payment manager 625 may register an encrypted PAN in the payment server 610 (635).
- the payment manager 625 may be functionally connected with the payment server 610 to transfer the encrypted PAN.
- the encrypted PAN may be transferred through a protection channel for protection against the outside.
- the payment manager 625 may use a predetermined command (e.g., POST/enrollment) in registering the PAN in the payment server 610.
- the payment server 610 may control the encrypted PAN through, for example, the token requester server included in the payment server 610.
- the encrypted PAN may be simply referred to as PAN.
- POST/enrollment which is a predetermined command, may be used when the payment manager 625 requests the payment server 610 to provide a signal for card registration.
- the parameter of POST/enrollment may include, for example, one parameter among type, entry, token requester ID, user ID, app ID, device ID, card reference ID, device name, device profile, device certificates for encryption and signing, device pair, payment instrument, and presentation mode.
- the card type may include, for example, a payment card name (e.g., payment account brand).
- the payment card name may include, for example, at least one of VISATM, MASTER CARDTM, AMERICAN EXPRESSTM, or DISCOVERYTM.
- the entry may include, for example, a card entry method.
- the card entry method may include, for example, at least one of MANUAL, OCR, APP, or FILE.
- the device profile may include, for example, the type (e.g., ordinary electronic device 605 or wearable device) of the electronic device 605.
- the payment instrument may include, for example, payment information (e.g., PAN, valid period, or CVV).
- the presentation mode may include, for example, a payment method (e.g., MST or NFC) used for payment.
- the POST/enrollment which is the predetermined command, may include a command for checking whether the payment server 610 requires attestation of the electronic device 605, in order to attest the electronic device 605.
- the payment server 610 may send a command with “Expect: 100-continue” request header, which is used in HyperText Transfer Protocol (HTTP), to the token server 615 to receive data (e.g., disposable random number) from the token server 615.
- HTTP HyperText Transfer Protocol
- the payment server 610 may perform the attestation on the predetermined command received from the payment manager 625.
- the payment server 610 may perform the attestation of the electronic device 605 or the payment manager 625 on the basis of the predetermined command or a condition designated to the payment server 610.
- the payment server 610 may perform at least a part of the token issuance operations.
- the payment server 610 may generate a disposable random number (e.g., nonce) (637).
- the disposable random number may be, for example, generated by the payment server 610 or received from an external device. Further, the disposable random number may include valid time or use time, for which the payment function is usable.
- the payment server 610 may transfer, to the payment manager 625, an instruction to perform a function associated with the attestation (640). For example, in response to the predetermined command (e.g., POST/enrollment), the payment server 610 may transfer the instruction, using the disposable random number. For example, the payment server 610 may send a response including Attestation-Nonce, which is a disposable random number associated with the attestation, to the payment manager 625.
- the predetermined command e.g., POST/enrollment
- the payment server 610 may transfer the instruction, using the disposable random number.
- the payment server 610 may send a response including Attestation-Nonce, which is a disposable random number associated with the attestation, to the payment manager 625.
- the payment manager 625 may perform the attestation in accordance with the response associated with the attestation received from the payment server 610 (643).
- the attestation may be performed in, for example, the trust zone, which is a security area of the electronic device 605.
- the trust zone may be included in, for example, the TEE.
- the attestation may be performed using a unique electronic device key (e.g. key or LUK) included (stored) in the trust zone.
- the attestation may include an operation of checking the integrity of the electronic device 605 or an electronic device 605 performing the payment function.
- the key may be included in the electronic device 605 at the time of manufacturing (processing) the electronic device 605.
- the attestation may be performed by another key made using the key.
- a TEE public key or a TEE private key may be made and used.
- the key may be changed at the operation time point of, for example, the electronic device 605 or the electronic device 605.
- the key may be deleted, revised, or damaged.
- the key when there is a random access to the trust zone, for example, the TEE, from the outside, the key may be deleted, revised, or damaged.
- information included in the key may be changed.
- the key may be randomly changed, and may be generated to include new information whenever the electronic device 605 is booted.
- the key may be included in the security module.
- the key may be stored a security module distinguished from the trust zone.
- the security module may include, for example, a security area, and may be physically distinguished from an element (e.g., payment application 620) of the electronic device 605 or the electronic device 605.
- the key may be identical or similar to, for example, a unique key corresponding to the security module.
- the payment manager 625 may transfer the disposable random number received by the payment server 610 to the trust zone.
- the trust zone may perform the attestation using, for example, the disposable random number, and generate blob associated with the attestation.
- the trust zone may generate the blob on the basis of the disposable random number, for example, the disposable random number having use time or valid time configured therefor, and the key.
- the payment manager 625 may receive a blob generated based on the disposable random number, from the trust zone.
- the payment manager 625 may transfer the blob and/or the PAN to the payment server 610 (645).
- the payment manager 625 may use a predetermined command (e.g., POST/enrollments w/Attestation-Blob) for the transfer.
- the payment manager 625 may transfer, for example, the blob, the blob and the PAN, a device profile, a user ID, or an application ID to the payment server 610.
- the payment server 610 may determine the validity of the OTP value or numerical value received from the payment manager 625 (647). For example, the payment server 610 may determine the validity, using the blob and the disposable random number generated by the payment server 610.
- the payment server 610 may transfer the device profile, user ID, and the application ID to the token server 615 (650).
- the device profile may include a device ID (e.g., International Mobile Equipment Identity (IMEI)) and/or payment means (e.g., Near Field Communication (NFC) and/or Magnetic Secure Transmission (MSC)).
- IMEI International Mobile Equipment Identity
- NFC Near Field Communication
- MSC Magnetic Secure Transmission
- the device profile may include an identifier (e.g., device ID) for identifying a device.
- the user ID may include, for example, a name of a user using the electronic device 605.
- the app ID may include, for example, an identifier of a payment application 620 (e.g. SAMSUNG WALLETTM).
- the payment server 610 may stop (interrupt) the attestation or card registration operation. According to various embodiments, when the blob information is not valid, the payment server 610 may transfer a result (e.g., attestation failure) of the attestation to the electronic device 605 (e.g., the payment manager 625) or another electronic device 605.
- a result e.g., attestation failure
- the token server 615 may generate a channel (e.g., session) between the payment server 610 and the token server 615 in response to the reception of the user information.
- the channel may encrypt information (e.g., data) transmitted or received through the channel, for example, using a common (public) key shared by the payment server 610 and the token server 615.
- the payment server 610 may transfer a PAN (e.g., an encrypted PAN) to the token server 615, using a channel generated between the payment server 610 and the token server 615.
- the token server 615 may register the PAN received from the payment server 610.
- the registration process may include a procedure of checking, using at least one ID among the user ID, app ID, device ID, or card reference ID, whether token issuance is possible.
- the token server 615 may perform a process of checking whether it is possible to issue a token for the card, using the card reference ID.
- the token server 615 may register the PAN received from the payment server 610 and transfer a response (e.g., card reference ID) to the registration to the payment server 610 (655).
- the response to the registration may include, for example, at least one of a card reference ID, a contract condition, card metadata, or issuer metadata.
- the payment server 610 may transfer information received from the token server 615, for example, a response to the registration, to the payment manager 625 (660), and the payment manager 625 may transfer the information to the payment application 620.
- the response to the registration may include, for example, at least one of a card reference ID, a contract condition, card metadata, or issuer metadata.
- At least a part of the response to the registration of PAN may be information stored in the payment server 610 or the payment manager 625 and may be changed (e.g., generation, revision, or removal) according to a predetermined condition.
- the payment application 620 may output at least a part of the response to the registration received from the payment manager 625 to the outside, to the user. For example, the payment application 620 may display the contract conditions included in the response.
- the information for performing the attestation may be stored in an external device.
- the disposable random number, the blob, the key, the device profile, the user ID, the app ID, or the public (open) key may be stored inside or outside of the electronic device 605.
- the external device may include, for example, an attestation server.
- FIG. 7 illustrates a flow diagram 700 of a token use operation based on electronic device attestation in an electronic device 605 according to various embodiments.
- the embodiment of the flow diagram 700 shown in FIG. 7 is for illustration only. Other embodiments of the flow diagram 700 could be used without departing from the scope of this disclosure.
- the solid line may include a request (e.g., request or call) command and the dotted line may include a response (e.g., response or return) command.
- the payment system may include an electronic device 605, a payment server 610, or a token server 615.
- the electronic device 605 may include, for example, a payment application 620 and/or a payment manager 625.
- the token server 615 may transfer information associated with authentication (certification) to the payment server 610 (705).
- the authentication may include, for example, server authentication.
- the server authentication may include, for example, authentication using a Certificate Authority (CA).
- CA Certificate Authority
- the electronic device 605 may store information that can be used for payment, using an external input or a sensor 365 (e.g., camera sensor or Optical Character Reader (OCR)) functionally connected to the electronic device 605.
- the information that can be used for payment may include card information (e.g., PAN), a valid period, CVV, or a user name.
- the electronic device 605 may execute an application (e.g., payment application 620) included in the electronic device 605 on the basis of an external input (e.g., user input).
- the electronic device 605 may store, in a payment application 620 included in the electronic device 605, information that can be used for payment through an external input (e.g., touch, double touch, long press, leftward/rightward movement after touch, gesture, or drag and stop) or a sensor functionally connected to the electronic device 605.
- the information that can be used for payment may include, for example, Primary Account Number (PAN).
- PAN may include an account number associated with a Bank Identification Number (BIN) generated by a financial server.
- BIN Bank Identification Number
- the electronic device 605 may store information, which is associated with the payment application 620 and can be used for payment, in the electronic device 605 or the external device (e.g., server).
- the electronic device 605 may store information, which can be used for payment corresponding to the payment application 620, in a memory (e.g., the memory 230 of FIG. 2 or memory 360 of FIG. 3) included in the electronic device 605 or in an external device (e.g., any of client devices 106-114, or the server 104 of FIG. 1).
- the electronic device 605 may provide an interface for the information that can be used for payment.
- the interface may include the information that can be used for payment, for example, letters for the PAN, a picture, an icon, a notification, or an indicator.
- the electronic device 605 may register a PAN using the payment application 620.
- the electronic device 605 may transfer the PAN to the payment application 620.
- the payment manager 625 may provide information related to the PAN, which has been input through a sensor functionally connected to the electronic device 605, to the user by transferring the PAN to the payment manager 625 (710).
- the payment manager 625 may encrypt the PAN (714).
- the payment manager 625 may generate a device certification (713).
- the payment manager 625 may encrypt the PAN using a key included in the security application in order to protect the PAN from the outside (714).
- information received from the electronic device 605 or the external device e.g., a server or financial server may be used in the encryption.
- the payment manager 625 may register an encrypted PAN in the payment server 610 (715).
- the payment manager 625 may be functionally connected with the payment server 610 to transfer the encrypted PAN.
- the encrypted PAN may be transferred through a protection channel for protection against the outside.
- the payment manager 625 may use a predetermined command (e.g., POST/enrollment) in registering the PAN in the payment server 610.
- the payment server 610 may control the encrypted PAN through, for example, the token requester server included in the payment server 610.
- the encrypted PAN may be simply referred to as PAN.
- POST/enrollment which is a predetermined command, may be used when the payment manager 625 requests the payment server 610 to provide a signal for card registration.
- the parameter of POST/enrollment may include, for example, one parameter among type, entry, token requester ID, user ID, app ID, device ID, card reference ID, device name, device profile, device certificates for encryption and signing, device pair, payment instrument, or presentation mode.
- the card type may include, for example, a payment card name (e.g., payment account brand).
- the payment card name may include, for example, at least one of VISATM, MASTER CARDTM, AMERICAN EXPRESSTM, or DISCOVERYTM.
- the entry may include, for example, a card entry method.
- the card entry method may include, for example, at least one of MANUAL, OCR, APP, or FILE.
- the device profile may include, for example, the type (e.g., ordinary electronic device 605 or wearable device) of the electronic device 605.
- the payment instrument may include, for example, payment information (e.g., PAN, valid period, or CVV).
- the presentation mode may include, for example, a payment method (e.g., MST or NFC) used for payment.
- the POST/enrollment which is the predetermined command, may include a command for checking whether the payment server 610 requires attestation of the electronic device 605, in order to attest the electronic device 605.
- the payment server 610 may send a command with “Expect: 100-continue” request header, which is used in HyperText Transfer Protocol (HTTP), to the token server 615 to receive data (e.g., disposable random number) from the token server 615.
- HTTP HyperText Transfer Protocol
- the payment server 610 may perform the attestation on the basis of a predetermined command received from the payment manager 625.
- the payment server 610 may perform the attestation of the electronic device 605 or the payment manager 625 on the basis of the predetermined command or a condition designated to the payment server 610.
- the payment server 610 may perform at least a part of the token issuance operations.
- the payment server 610 may generate a disposable random number (717).
- the disposable random number may be, for example, generated by the payment server 610 or received from an external device. Further, the disposable random number may include valid time or use time, for which the payment function is usable.
- the payment server 610 may transfer, to the payment manager 625, an instruction to perform a function associated with the attestation (720). For example, in response to the predetermined command, the payment server 610 may transfer the instruction, using the disposable random number. For example, the payment server 610 may send a response including Attestation-Nonce, which is a disposable random number associated with the attestation, to the payment manager 625.
- the payment manager 625 may perform the attestation in accordance with the response associated with the attestation received from the payment server 610 (723).
- the attestation may be performed in, for example, the trust zone, which is a security area of the electronic device 605.
- the trust zone may be included in, for example, the TEE.
- the attestation may be performed using a key included (stored) in the trust zone.
- the attestation may include an operation of checking the integrity of the electronic device 605 or an electronic device 605 performing the payment function.
- the key may be included in the electronic device 605 at the time of manufacturing (processing) the electronic device 605.
- the attestation may be performed using another key made using the key described above. For example, based on the above key, a TEE public key or TEE private key may be made and used.
- the notification associated with the call center method may include, for example, the electronic device 605 or the number of the electronic device 605.
- the key when the electronic device 605 or the electronic device 605 is not normally booted, the key may be deleted, revised, or damaged. Further, when the key is used in the electronic device 605 or the electronic device 605 using a predetermined revised file (e.g., image), the key may be deleted, revised, or damaged.
- a predetermined revised file e.g., image
- the key when there is a random access to the trust zone, for example, the TEE, from the outside, the key may be deleted, revised, or damaged.
- information included in the key when the electronic device 605 or the electronic device 605 is normally booted, information included in the key may be changed. For example, the key may be randomly changed, and may be generated to include new information whenever the electronic device 605 is booted.
- the key may be included in the security module.
- the key may be stored a security module distinguished from the trust zone.
- the security module may include, for example, a security area, and may be physically distinguished from an element (e.g., payment application 620) of the electronic device 605 or the electronic device 605.
- the key may be identical or similar to, for example, a unique key corresponding to the security module.
- the payment manager 625 may transfer the disposable random number received by the payment server 610 to the trust zone.
- the trust zone may perform the attestation using, for example, the disposable random number, and generate blob associated with the attestation.
- the trust zone may generate the blob on the basis of the disposable random number, for example, the disposable random number having use time or valid time configured therefor, and the key.
- the payment manager 625 may receive a blob generated based on the disposable random number, from the trust zone.
- the payment manager 625 may transfer the blob and/or the PAN to the payment server 610 (725).
- the payment manager 625 may use a predetermined command (e.g., POST/enrollments w/Attestation-Blob) for the transfer.
- the payment manager 625 may transfer, for example, the blob, the blob and the PAN, a device profile, a user ID, or an application ID to the payment server 610.
- the payment server 610 may determine the validity of the blob received from the payment manager 625 (727). For example, the payment server 610 may determine the validity, using the blob and the disposable random number generated by the payment server 610.
- the payment server 610 may transfer the device profile, user ID, and the application ID to the token server 615 (730).
- the device profile may include a device ID (e.g., International Mobile Equipment Identity (IMEI)) and/or payment means (e.g., Near Field Communication (NFC) and/or Magnetic Secure Transmission (MSC)).
- IMEI International Mobile Equipment Identity
- NFC Near Field Communication
- MSC Magnetic Secure Transmission
- the device profile may include an identifier (e.g., device ID) for identifying a device.
- the user ID may include, for example, a name of a user using the electronic device 605.
- the app ID may include, for example, an identifier of a payment application 620 (e.g. SAMSUNG WALLETTM).
- the payment server 610 may stop (interrupt) the attestation or card registration operation. According to various embodiments, when the blob information is not valid, the payment server 610 may transfer a result (e.g., attestation failure) of the attestation to the electronic device 605 (e.g., the payment manager 625) or another electronic device 605.
- a result e.g., attestation failure
- the token server 615 may generate a channel (e.g., session) between the payment server 610 and the token server 615 in response to reception of the user information.
- the channel may encrypt information (e.g., data) transmitted or received through the channel, for example, using a common (public) key shared by the payment server 610 and the token server 615.
- the payment server 610 may transfer a PAN (e.g., an encrypted PAN) to the token server 615, using a channel generated between the payment server 610 and the token server 615.
- the token server 615 may register the PAN received from the payment server 610.
- the registration process may include a procedure of checking, using at least one ID among the user ID, app ID, device ID, and card reference ID, whether token issuance is possible.
- the token server 615 may perform a process of checking whether it is possible to issue a token for the card, using the card reference ID.
- a process of checking, by a user having registered using a device ID and a user ID, whether the device having been already registered is right.
- the token server 615 may register the PAN received from the payment server 610 and transfer a response (e.g., card reference ID) to the registration to the payment server 610 (730).
- the response to the registration may include, for example, at least one of a card reference ID, a contract condition, card metadata, or issuer metadata.
- the payment server 610 may transfer information received from the token server 615, for example, a response to the registration, to the payment manager 625 (740), and the payment manager 625 may transfer the information to the payment application 620 (745).
- the response to the registration may include, for example, at least one of a card reference ID, a contract condition, card metadata, or issuer metadata.
- At least a part of the response to the registration of PAN may be information stored in the payment server 610 or the payment manager 625 and may be changed (e.g., generation, revision, or removal) according to a predetermined condition.
- the payment application 620 may output at least a part of the response to the registration received from the payment manager 625 to the outside, to the user.
- the payment application 620 may provide a user with the contract conditions included in the response to the registration.
- the information for performing the attestation may be stored in an external device.
- the disposable random number, the blob, the key, the device profile, the user ID, the application ID, or the common (public) key, which are to be used for the attestation may be stored in the electronic device 605 or outside of the electronic device 605.
- the external device may include, for example, an attestation server.
- FIG. 8 illustrates a flow diagram 800 of a token update operation based on token attestation in an electronic device 605 according to various embodiments.
- the embodiment of the flow diagram 800 shown in FIG. 8 is for illustration only. Other embodiments of the flow diagram 800 could be used without departing from the scope of this disclosure.
- the solid line may include a request (e.g., request or call) command and the dotted line may include a response (e.g., response or return) command.
- the payment system may include an electronic device 605, a payment server 610, or a token server 615.
- the electronic device 605 may include, for example, a payment application 620 and/or a payment manager 625.
- the payment manager 625 may update (replenish) a token (803).
- the payment manager 625 may perform the token update as an internal operation of the payment manager 625.
- the token update may be performed based on a predetermined command (e.g., replenish token).
- the payment manager 625 may perform token attestation associated with the token update.
- the payment manager 625 may perform the token attestation to enable use of the token.
- the token attestation may be performed, for example, by an internal operation of the payment manager 625 or based on an external input (e.g., user input or external device input).
- the payment manager 625 may transfer a command associated with the token attestation to the payment server 610 (805).
- the command associated with the token attestation may be performed using, for example, a predetermined command (e.g., POST/nonces).
- the payment server 610 may transfer a response (e.g., nonces) corresponding to the command associated with the token attestation to the payment manager 625 (810).
- the payment manager 625 may transfer a result associated with the token attestation to the payment server 610 (815).
- the result associated with the token attestation may be performed using, for example, a predetermined command (e.g., POST/verdicts).
- the payment server 610 may transfer a response (e.g., OK) corresponding to the result associated with the token attestation to the payment manager 625 (820).
- the payment manager 625 may perform the token update, based on the response corresponding to the result associated with the token attestation.
- the payment manager 625 may perform the token update, based on the token attestation. For example, the payment manager 625 may request the payment server 610 to perform token update (825). The request associated with the token update may be made using a predetermined command (e.g., POST/tokens/ ⁇ id ⁇ ).
- a predetermined command e.g., POST/tokens/ ⁇ id ⁇ .
- the POST/tokens/ ⁇ id ⁇ may be used in an operation in which the payment manager 625 performs token update with respect to the token server 615.
- the POST/tokens command may include at least one of a token ID or a key (e.g., token key) associated with the token ID when the command is transferred.
- the token server 615 may update the token.
- the payment server 610 may forward the token reference or key to the token server 615 (830) and receive a POST/notifications command including the token (835).
- the payment server 610 may send a PUSH token ⁇ id ⁇ command to the payment manager 625 (840) and receive a GET/tokens/ ⁇ id ⁇ command in return (845).
- the payment manager 625 may receive, for example, a response corresponding to the POST/tokens/ ⁇ id ⁇ from the payment server 610, and the response corresponding to the POST/tokens/ ⁇ id ⁇ may include key information (850).
- the POST/tokens command may include, for example, a resource ID.
- the resource ID may include an identifier of the registered (enrollment) resource, which may be configured in the form of Uniform Resource Locator (URL).
- the resource ID may include, for example, reference information storing information related to a token ID or token reference, and may include an address at which the token ID or the token reference is stored in the payment server 610.
- the payment server 610 may transfer the token state, the token, and the token use key to the payment manager 625.
- the payment manager 625 may transfer a notification or event associated with the key to the payment application 620 (855).
- the payment manager 625 may use a predetermined command (e.g., notify replenished) in transferring the notification or event associated with the key to the payment application 620.
- the payment manager 625 may store, in a trust zone, the information (e.g., the key) received from the payment server 610 (853).
- the payment manager 625 may store, for example, the new token use key in a security application included in the electronic device 605.
- the payment application 620 may transfer a notification corresponding to an event or notification associated with the key to the payment manager 625 (860).
- the payment application 620 may transfer information (e.g., ack replenished) indicating that the event or notification associated with the key is performed, to the payment manager 625.
- the information indicating that the event or notification associated with the key is performed may include, for example, an acknowledgment type.
- the notification corresponding to the event or notification associated with the key may include, for example, the token update (replenishment), and the token update may indicate, for example, that the PAN included in the electronic device 605 has been changed into a state allowing the payment function.
- the new token use key may be used in, for example, completing the update of the key corresponding to the PAN.
- the payment manager 625 may transfer the token update operation to the payment server 610 (865). For example, the payment manager 625 may transfer a report that the token updating operation is performed, to the payment server 610, using a predetermined command (e.g., POST/reports). The payment manager 625 may transfer, for example, a report that the PAN has been changed into a state allowing execution of the payment function. According to an embodiment, the payment manager 625 may perform state synchronization with the payment server 610. According to various embodiments, the payment server 610 may transfer the token update operation to the token server 615 (870). For example, the payment server 610 may transmit a response (e.g., acknowledgement or token reference replenished) to the token server 615.
- a response e.g., acknowledgement or token reference replenished
- FIGS. 6-8 illustrate examples of flow diagrams for electronic device attestation.
- FIGS. 6-8 discuss the use of a payment server 610 and a token server 615.
- the payment server 610 can be one example of a proxy server.
- payment server 610 could be VPN server 425 in FIG. 5, a VPN client 420, an attestation server 430, or a combination thereof.
- Token server 615 could be one example of an application server, such as application server 535 in FIG. 5.
- various changes could be made, such as, for example, while shown as a series of steps, various steps in each figure could overlap, occur in parallel, occur in a different order, occur multiple times, or not be performed in one or more embodiments.
- FIG. 9 illustrates a process 900 for attestation by an electronic device 605 in accordance with various embodiments of the present disclosure.
- the process 900 depicted in FIG. 9 may be performed by the electronic device 300 in FIG. 3.
- the embodiment of the process 900 shown in FIG. 9 is for illustration only. Other embodiments of the process 900 could be used without departing from the scope of this disclosure.
- the electronic device 605 may acquire, for example, attestation information corresponding to the electronic device 605 from an external electronic device of the electronic device 605.
- the electronic device 605 may acquire the attestation information (also referred to as device data) as a request for the determination of the integrity of the electronic device 605.
- the attestation information may include, for example, a disposable random number (nonce).
- the electronic device 605 may perform, for example, attestation of the electronic device 605, based on the attestation information.
- the attestation may include functions of identifying the security for the electronic device 605.
- the attestation may include functions of identifying the integrity for the electronic device 605.
- the electronic device 605 may transmit, for example, a result of the attestation to the external electronic device or another electronic device 605.
- the result e.g., blob or security
- the attestation may be determined or generated based on the disposable random number (nonce) and/or the security information included in the electronic device 605.
- the other electronic device 605 may include, for example, a token server 615, a third party server, a wearable device, or a cloud server.
- the cloud server may include, for example, a personal cloud or a public cloud.
- FIG. 9 illustrates examples of processes for attestation
- various changes could be made to FIG. 9.
- steps in each figure could overlap, occur in parallel, occur in a different order, occur multiple times, or not be performed in one or more embodiments.
- FIG. 10 illustrates a process 1000 for attestation by proxy server in accordance with various embodiments of the present disclosure.
- the process 1000 depicted in FIG. 10 may be performed by the server 200 in FIG. 2.
- the embodiment of the process 1000 shown in FIG. 10 is for illustration only. Other embodiments of the process 1000 could be used without departing from the scope of this disclosure.
- the proxy server may request attestation information from an attestation server 430.
- the proxy server may acquire the attestation information as a request for the determination of the integrity of the electronic device 505.
- the attestation information may include, for example, a disposable random number (nonce).
- the proxy server may trigger attestation though the attestation agent 415 by sending the attestation information to the attestation agent 415.
- the attestation agent 415 may use the attestation information to request a measurement from the trust zone 410.
- the trust zone 410 returns secure device data (e.g., in the form of a BLOB) to the attestation agent 415.
- the proxy server receives the secure device data.
- the proxy server requests the attestation server 430 to parse the secure device data and perform signature and certificate checks, according to policy 540.
- the proxy server receives a validation result from the attestation server 430.
- the proxy server can notify the application server 535 to trust the electronic device 505.
- the proxy server can have the validation result formatted and/or data content updated in accordance with policy 540, and send the formatted and/or updated validation result to the application server.
- FIG. 10 illustrates examples of processes for attestation
- various changes could be made to FIG. 10.
- steps in each figure could overlap, occur in parallel, occur in a different order, occur multiple times, or not be performed in one or more embodiments.
- present disclosure has been described with an exemplary embodiment, various changes and modifications may be suggested to one skilled in the art. It is intended that the present disclosure encompass such changes and modifications as fall within the scope of the appended claims.
- a method of for attestation by proxy comprises transmitting, to an attestation server, secure device data for an electronic device through a proxy server, receiving, from the attestation server, a validation result indicating that a security for the electronic device is valid through the proxy server, the validation result generated based on the secure device data, and communicating payment information with an application server according to the validation result.
- a policy associated with the application server is obtained by the proxy server, and the policy indicates validation logic specific to the application server and indicates a data format of the validation result that is acceptable by the application server.
- the policy is obtained from one of the application server or a default policy.
- the proxy server comprises a virtual private network (VPN) server
- VPN virtual private network
- the secure device data is generated by using a nonce and device measurements of the electronic device, and the nonce is received from the attestation server through the proxy server.
- the secure device data is a binary large object generated by using the nonce received from the attestation server and device measurements of the electronic device.
- the communication of the payment information with the application server comprises receiving a token for use in a payment from the application server through the proxy server.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Finance (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
An embodiment of this disclosure provides a method and electronic device for attestation by proxy, the method comprising retrieving, by the electronic device, secure device data of the electronic device; performing, by an electronic device, attestation with an attestation server using a proxy server, wherein a validation result of the device is generated based on the secure device data; and communicating payment information with an application server when the validation result is trusted.
Description
Embodiments of this disclosure relate generally to secure communications. More specifically, embodiments of this disclosure relate to attestation by proxy.
Using consumer electronic device as a means of payment for a payment transaction is popular and convenient for consumers. However, when enrolling credit cards on electronic devices, the sensitive secrete credit card payment information artifacts (e.g., account numbers, tokens, keys, etc.) are exposed to attackers because these artifacts are exchanged between electronic device and the card network token service provider (TSP). Attestation is the process where a device provides device measurement data signed with a trusted key. Device measurement data from the device is reliable for a short period of time after a nonce creation as the device can be compromised.
Embodiments of this disclosure provide examples of attestation by proxy.
A first embodiment of this disclosure provides a method for attestation by proxy. The method includes retrieving, by the electronic device, secure device data of the electronic device. The method also includes performing, by an electronic device, attestation with an attestation server using a proxy server. A validation result of the device is generated based on the secure device data. The method also includes communicating payment information with an application server when the validation result is trusted.
A second embodiment of this disclosure provides an electronic device for performing attestation by proxy. The electronic device comprises at least one processor configured to retrieve, by the electronic device, secure device data of the electronic device. The at least one processor is also configured to perform attestation with an attestation server using a proxy server. A validation result of the electronic device is generated based on the secure device data. The at least one processor is also configured to communicate payment information with an application server when the validation result is trusted.
A third embodiment of this disclosure provides a non-transitory computer readable medium containing computer readable program code that, when executed, causes at least one processing device of a mobile device to retrieve, by the electronic device, secure device data of the electronic device. The computer readable program code also causes the at least one processing device to perform attestation with an attestation server using a proxy server. A validation result of the electronic device is generated based on the secure device data. The computer readable program code also causes the at least one processing device to communicate payment information with an application server us when the validation result is trusted.
Other technical features may be readily apparent to one skilled in the art from the following figures, descriptions, and claims.
The term “couple” and its derivatives refer to any direct or indirect communication between two or more elements, whether or not those elements are in physical contact with one another. The terms “transmit,” “receive,” and “communicate,” as well as derivatives thereof, encompass both direct and indirect communication. The terms “include” and “comprise,” as well as derivatives thereof, mean inclusion without limitation. The term “or” is inclusive, meaning and/or. The phrase “associated with,” as well as derivatives thereof, means to include, be included within, interconnect with, contain, be contained within, connect to or with, couple to or with, be communicable with, cooperate with, interleave, juxtapose, be proximate to, be bound to or with, have, have a property of, have a relationship to or with, or the like. The term “controller” means any device, system or part thereof that controls at least one operation. Such a controller may be implemented in hardware or a combination of hardware and software and/or firmware. The functionality associated with any particular controller may be centralized or distributed, whether locally or remotely. The phrase “at least one of,” when used with a list of items, means that different combinations of one or more of the listed items may be used, and only one item in the list may be needed. For example, “at least one of: A, B, and C” includes any of the following combinations: A, B, C, A and B, A and C, B and C, and A and B and C.
Moreover, various functions described below can be implemented or supported by one or more computer programs, each of which is formed from computer readable program code and embodied in a computer readable medium. The terms “application” and “program” refer to one or more computer programs, software components, sets of instructions, procedures, functions, objects, classes, instances, related data, or a portion thereof adapted for implementation in a suitable computer readable program code. The phrase “computer readable program code” includes any type of computer code, including source code, object code, and executable code. The phrase “computer readable medium” includes any type of medium capable of being accessed by a computer, such as read only memory (ROM), random access memory (RAM), a hard disk drive, a compact disc (CD), a digital video disc (DVD), or any other type of memory. A “non-transitory” computer readable medium excludes wired, wireless, optical, or other communication links that transport transitory electrical or other signals. A non-transitory computer readable medium includes media where data can be permanently stored and media where data can be stored and later overwritten, such as a rewritable optical disc or an erasable memory device.
Definitions for other certain words and phrases are provided throughout this patent document. Those of ordinary skill in the art should understand that in many if not most instances, such definitions apply to prior as well as future uses of such defined words and phrases.
For a more complete understanding of this disclosure and its advantages, reference is now made to the following description, taken in conjunction with the accompanying drawings, in which:
FIG. 1 illustrates an example computing system according to this disclosure;
FIGS. 2 and 3 illustrate example devices in a computing system according to this disclosure;
FIG. 4 illustrates a flow diagram of an attestation by proxy operation according to various embodiments;
FIG. 5 illustrates an example system for attestation by proxy according to this disclosure;
FIG. 6 illustrates a flow diagram of a token use operation based on electronic device attestation in accordance with various embodiments of the present disclosure;
FIG. 7 illustrates a flow diagram of a token use operation based on electronic device attestation in an electronic device according to various embodiments;
FIG. 8 illustrates a flow diagram of a token update operation based on token attestation in an electronic device according to various embodiments;
FIG. 9 illustrates a process for attestation by an electronic device in accordance with various embodiments of the present disclosure; and
FIG. 10 illustrates a process for attestation by proxy server in accordance with various embodiments of the present disclosure.
FIGS. 1 through 10, discussed below, and the various embodiments used to describe the principles of the present invention in this patent document are by way of illustration only and should not be construed in any way to limit the scope of the disclosure. Those skilled in the art will understand that the principles of this disclosure may be implemented in any suitably arranged device or system.
FIG. 1 illustrates an example computing system 100 according to this disclosure. The embodiment of the computing system 100 shown in FIG. 1 is for illustration only. Other embodiments of the computing system 100 could be used without departing from the scope of this disclosure.
As shown in FIG. 1, the system 100 includes a network 102, which facilitates communication between various components in the system 100. For example, the network 102 may communicate Internet Protocol (IP) packets, frame relay frames, Asynchronous Transfer Mode (ATM) cells, or other information between network addresses. The network 102 may include one or more local area networks (LANs), metropolitan area networks (MANs), wide area networks (WANs), all or a portion of a global network such as the Internet, or any other communication system or systems at one or more locations.
The network 102 facilitates communications between various servers 103 and 104 and various client devices 106-114. Each server 104 includes any suitable computing or processing device that can provide computing services for one or more client devices. Each server 104 could, for example, include one or more processing devices, one or more memories storing instructions and data, and one or more network interfaces facilitating communication over the network 102.
Each client device 106-114 represents any suitable computing or processing device that interacts with at least one server or other computing device(s) over the network 102. In this example, the client devices 106-114 include a desktop computer 106, a mobile telephone or smartphone 108, a personal digital assistant (PDA) 110, a laptop computer 112, and a tablet computer 114. However, any other or additional client devices could be used in the computing system 100.
In this example, some client devices 108-114 communicate indirectly with the network 102. For example, the client devices 108-110 communicate via one or more base stations 116, such as cellular base stations or eNodeBs. Also, the client devices 112-114 communicate via one or more wireless access points 118, such as IEEE 802.11 wireless access points. Note that these are for illustration only and that each client device could communicate directly with the network 102 or indirectly with the network 102 via any suitable intermediate device(s) or network(s).
As described in more detail below, the servers 103 or 104 represent servers associated with a manufacturer of one or more of the client devices, CA servers, financial servers, or token service provider (TSP) servers that participate in enabling trust-zone-based end-to-end security.
Although FIG. 1 illustrates one example of a computing system 100, various changes may be made to FIG. 1. For example, the system 100 could include any number of each component in any suitable arrangement. In general, computing and communication systems come in a wide variety of configurations, and FIG. 1 does not limit the scope of this disclosure to any particular configuration. While FIG. 1 illustrates one operational environment in which various features disclosed in this patent document can be used, these features could be used in any other suitable system.
FIGS. 2 and 3 illustrate example devices in a computing system according to this disclosure. In particular, FIG. 2 illustrates an example server 200, and FIG. 3 illustrates an example client device 300. The server 200 could represent the servers 103 or 104 in FIG. 1, and the client device 300 could represent one or more of the client devices 106-114 in FIG. 1.
As shown in FIG. 2, the server 200 includes a bus system 205, which supports communication between at least one processing device 210, at least one storage device 215, at least one communications unit 220, and at least one input/output (I/O) unit 225.
The processing device 210 executes instructions that may be loaded into a memory 230. The processing device 210 may include any suitable number(s) and type(s) of processors or other devices in any suitable arrangement. Example types of processing devices 210 include microprocessors, microcontrollers, digital signal processors, field programmable gate arrays, application specific integrated circuits, and discreet circuitry.
The memory 230 and a persistent storage 235 are examples of storage devices 215, which represent any structure(s) capable of storing and facilitating retrieval of information (such as data, program code, and/or other suitable information on a temporary or permanent basis). The memory 230 may represent a random access memory or any other suitable volatile or non-volatile storage device(s). The persistent storage 235 may contain one or more components or devices supporting longer-term storage of data, such as a ready only memory, hard drive, Flash memory, or optical disc.
The communications unit 220 supports communications with other systems or devices. For example, the communications unit 220 could include a network interface card or a wireless transceiver facilitating communications over the network 102. The communications unit 220 may support communications through any suitable physical or wireless communication link(s).
The I/O unit 225 allows for input and output of data. For example, the I/O unit 225 may provide a connection for user input through a keyboard, mouse, keypad, touchscreen, or other suitable input device. The I/O unit 225 may also send output to a display, printer, or other suitable output device.
Note that while FIG. 2 is described as representing the server 104 of FIG. 1, the same or similar structure could be used in one or more of the client devices 106-114. For example, a laptop or desktop computer could have the same or similar structure as that shown in FIG. 2.
FIG. 3 illustrates an example electronic device 300 according to various embodiments of the present disclosure. The embodiment of the electronic device 300 illustrated in FIG. 3 is for illustration only, and the client devices 108-114 of FIG. 1 could have the same or similar configuration. However, electronic devices come in a wide variety of configurations, and FIG. 3 does not limit the scope of this disclosure to any particular implementation of an electronic device.
As shown in FIG. 3, the electronic device 300 includes antenna(s) 305, a radio frequency (RF) transceiver 310, transmit (TX) processing circuitry 315, a microphone 320, and receive (RX) processing circuitry 325. The electronic device 300 also includes a speaker 330, a processor 340, an input/output (I/O) interface (IF) 345, a touchscreen 350, a display 355, a memory 360, and one or more sensors 365. The memory 360 includes an operating system (OS) 361 and one or more applications 362.
The RF transceiver 310 receives, from the antenna 305, an incoming RF signal transmitted by an eNB of the network 100. The RF transceiver 310 down-converts the incoming RF signal to generate an intermediate frequency (IF) or baseband signal. The IF or baseband signal is sent to the RX processing circuitry 325, which generates a processed baseband signal by filtering, decoding, and/or digitizing the baseband or IF signal. The RX processing circuitry 325 transmits the processed baseband signal to the speaker 330 (such as for voice data) or to the processor 340 for further processing (such as for web browsing data).
The TX processing circuitry 315 receives analog or digital voice data from the microphone 320 or other outgoing baseband data (such as web data, e-mail, or interactive video game data) from the processor 340. The TX processing circuitry 315 encodes, multiplexes, and/or digitizes the outgoing baseband data to generate a processed baseband or IF signal. The RF transceiver 310 receives the outgoing processed baseband or IF signal from the TX processing circuitry 315 and up-converts the baseband or IF signal to an RF signal that is transmitted via the antenna 305.
The processor 340 can include one or more processors and execute the OS program 361 stored in the memory 360 in order to control the overall operation of the electronic device 300. In some embodiments, the processor 340 includes at least one microprocessor or microcontroller.
The processor 340 is also capable of executing other processes and programs resident in the memory 360, such as operations that receive, store, and timely instruct the display of videos for screen burn-in prevention and reduction management. The processor 340 can move data into or out of the memory 360 as required by an executing process. In some embodiments, the processor 340 is configured to execute a plurality of applications 362, such as a payment application 363 for making secure payments using a financial account.
The processor 340 can operate the plurality of applications 362 based on the OS program 361. The processor 340 is also coupled to the I/O interface 345, which provides electronic device 300 with the ability to connect to other devices such as laptop computers and handheld computers. The I/O interface 345 is the communication path between these accessories and the processor 340. For example, the I/O interface 345 may include a near field communication (NFC) module for near field communication with, for example, a payment device to process a payment transaction.
The processor 340 is also coupled to the touchscreen 350 and the display 355. The operator of the electronic device 300 can use the touchscreen 350 to enter data into the electronic device 300. The display 355 may be a liquid crystal display, a light-emitting diode (LED) display, an optical LED (OLED), an active matrix OLED (AMOLED), or other display capable of rendering text and/or at least limited graphics, such as from web sites.
The memory 360 is coupled to the processor 340. Part of the memory 360 could include a random access memory (RAM), and another part of the memory 360 could include a Flash memory or other read-only memory (ROM).
Although FIGS. 2 and 3 illustrate examples of devices in a communication system, various changes may be made to FIGS. 2 and 3. For example, various components in FIGS. 2 and 3 could be combined, further subdivided, or omitted and additional components could be added according to particular needs. As a particular example, the processor 340 could be divided into multiple processors, such as one or more central processing units (CPUs) and one or more graphics processing units (GPUs). Also, while FIG. 3 illustrates the electronic device 300 configured as a mobile telephone or smartphone, electronic devices could be configured to operate as other types of mobile or stationary devices. In addition, as with computing and communication networks, client devices and servers can come in a wide variety of configurations, and FIGS. 2 and 3 do not limit this disclosure to any particular electronic devices.
Various embodiments of the present disclosure provide methods and systems ensure the payment artifacts can only be decrypted in a Trusted Execution Environment (TEE) of the electronic device 300 or by the Token Service Provider (TSP), creating end-to-end security, irrespective of any intermediate platforms the information has to traverse, such as the regular operating system of the electronic device, the Internet, and any servers that handle messages for TSP. In order to protect the secrecy of credit card payment artifacts, such as account numbers, tokens, and keys, one or more precautions may be taken. For example, in some embodiments, an encryption method is implemented to ensure the payment artifacts can only be decrypted in the TEE of the electronic device 300 or by the card network TSP, which creates end-to-end security.
One or more embodiments of this disclosure recognizes and takes into account that attestation used by SAMSUNG KNOX™ helps protect enterprise apps and data from unauthorized access by creating a virtual container within a device. Before the container is created, a Mobile Device Management (MDM) server must verify the device security status to identify whether the device is secure in order to create the container. Attestation can be used to verify the device’s security status. Attestation is the process where a device provides device measurement data signed with a trusted key available only in ARM® Trust Zone®. Measurement data from the device is reliable for a short period of time after the nonce creation as the device can be compromised.
One or more embodiments of this disclosure recognizes and takes into account that to use remote attestation, an application server is normally required to perform time-consuming customizations and modifications to its communication protocols, including changes to the server side and device side components. The mechanism described in this disclosure of attestation by proxy allows an application server to gain the benefits of remote attestation without modifying server code or its device side components.
One or more embodiments provides implementing this attestation by proxy mechanism as part of a token requester server, which acts as the “proxy” performing remote attestation of the device on behalf of the application server that is the token service provider of the card network, and the trusted application of a bank card network.
One or more embodiments provide implementing this attestation by proxy mechanism by using the attestation proxy server as a Virtual Private Network (VPN) server, which will help avoid the application server to talk to attestation server every time. In this example, the entire configuration related to attestation is done on the VPN server. The entire configuration of the attestation agent, which works accordingly to the application server, can be configured on the VPN server. In other embodiments, only some of the configuration is performed on the VPN server. The configuration can include any of the steps or operations performed during the attestation process. Similarly, there is also a VPN server for the device side (also referred to herein as the VPN client). Due to the VPN server performing many or all of the operations, the device application will now use a reduced amount of processing.
One or more embodiments provide implementing this attestation by proxy mechanism by using in cooperation with devices that control people’s vehicle, electronic equipment and home appliances in the concept of Internet of Things (IOT). In this example, since a mobile phone would serve as the core of IOT in controlling other equipment, the device security is very important; many application servers may attest the device first before processing through any request. One or more embodiments provide a proxy server to do all the attestation of the device instead, so all application servers can just enjoy the benefits of getting the attestation result from proxy server.
FIG. 4 illustrates a flow diagram 400 of an attestation by proxy operation according to various embodiments. The embodiment of the flow diagram 400 shown in FIG. 4 is for illustration only. Other embodiments of the flow diagram 400 could be used without departing from the scope of this disclosure.
In FIG. 4, a system includes electronic device 505 shown in Fig. 5 with trust zone 410, attestation agent 415, and virtual private network (VPN) for client side 420. The system also includes attestation server 430, VPN for server side 425, and application server 535 shown in Fig. 5. Attestation server 430 and VPN server 425 could be examples of servers 103 and 104 in FIG. 1. VPN for server side 425 could be part of attestation server 430. The attestation server 430 can produce validation result 550. The validation result can be used to validate the security for electronic device 505. In other words, the validation result can indicate whether the security for the electronic device 505 is valid.
In an embodiment of this disclosure, the attestation by proxy system uses a VPN server 425 to talk to the attestation server 430. An application server will receive the result from VPN server 425 because the entire configuration is done at VPN server 425. Accordingly, the client side on device will also use a VPN client 420 to respond to the attestation request and provide required information.
For example, when MDM server needs to attest the mobile device, in normal attestation process, it will be configured to connect to the cloud based attestation server, and also any other server which needs to do attestation process like token requestor server to remember attestation server information. But in Attestation by Proxy procedure, all these servers just wait for VPN server to do all the work for them. On the other hand, normally device needs to install specific API like MDM API which will also be avoided in Attestation by Proxy procedure.
In FIG. 4, a VPN client 420 establishes secure and authenticated connection with the VPN server 425. The VPN client 420 requests nonce from the attestation server 430 (440). The nonce is generated by the attestation server 430 and stored with a timestamp, and sent to the VPN server 425 (445). The VPN server 425 starts the attestation process by sending the nonce to the VPN client 420 (450). The VPN client 420 passes the nonce to the attestation agent 415 (455). The nonce is used by the attestation agent 415 to request a measurement from the trust zone 410 (460). The trust zone 410 returns a blob to the attestation agent 415 (465). The blob contains the nonce, measurements, device ID, signature, and certificate chain. The measurements can be cryptographic measurements of a boot loader and kernel of the electronic device 505. The blob is passed to the attestation agent 415 to the VPN client 420 (470) and then to the VPN server 425 (475). The VPN server 425 asks the attestation server 430 to parse the blob, and perform signature and certificate checks (480). The attestation server 430 sends the measurement results and verdict to the VPN server 425 (485). The VPN server 725 checks the nonce, timestamps and verdict that are returned by the attestation server 430 and perform necessary format transformation before sending the verdict to the application server. Once the application server trusts the electronic device, accept the coming request and work as expected.
One or more embodiments of this disclosure provides that attestation by proxy allows learning a devices security status, helping vendors know whether a device contains original factory images, checking if anything has changed on a device, and if so, how it could affect a security container. Attestation can be performed when an integrity check of a device is required, before a security container is created, when MDM vendors trigger the attestation process periodically as needed, when a device enrolls in a payment application, such as SAMSUNG PAY™, and needs to talk to a token requestor server, and anytime when a server needs to know the security status of a device.
FIG. 5 illustrates an example system 500 for attestation by proxy according to this disclosure. The embodiment of the system 500 shown in FIG. 5 is for illustration only. Other embodiments of the system 500 could be used without departing from the scope of this disclosure. System 500 can be one example of computing system 100 in FIG. 1.
In FIG. 5, system 500 includes electronic device 505 with trust zone 410, attestation agent 415, and virtual private network (VPN) for client side 420. System 400 also includes attestation server 430, VPN for server side 425, and application server 435. Attestation server 430 and application server 535 could be examples of servers 103 and 104 in FIG. 1. VPN for server side 425 could be included as part of attestation server 430 or application server 535.
The electronic device 505 can be one example of client devices 106-114 in FIG. 1. The electronic device 505 includes the trust zone 410 and the attestation agent 415. The trust zone 410 can be a container that is virtual and secure. The trust zone 410 is configured to protect measurement data signed with a trusted key. This trusted key can be used to form a secure device data for use with the attestation agent 415. The secure device data may be, in one example, a binary large object (BLOB).
The VPN 425 and 420 are used by electronic device 505 to communicate with attestation server 430 and application server 535. The application server 535 can include a policy 540 and tokens 545. The tokens 545 can be used by electronic device 505 to conduct electronic payments. Policy 540 may include information, requirement and/or criteria (e.g., validation logic, attestation rules, etc.) used to complete attestation according to certain card network or payment service provider. Each card network or payment service provide may impose distinctive policy. Policy 540 may further specify the data format and/or data content of the attestation result that is acceptable by the card network or payment service provider.
In one embodiment, the system 500 allows payment networks such as VISA™, MASTER CARD™, and AMERICAN EXPRESS™ to enjoy the benefits of remote attestation without having to make any changes to their server or require any special device components for electronic devices. The embodiment provides the payment server 610 show in Fig. 6 acting as an attestation proxy, and performing attestation on behalf of the card network.
In the embodiment implemented through a VPN server, the attestation by proxy is actually using a VPN server to talk to the attestation server. The application server can receive the result from VPN server when the entire configuration is done at VPN server. Accordingly, the client server on device can also use a VPN server to respond to the attestation request and provide required information. An aspect of this disclosure allows an application provider (such as a financial institution) to take advantage of attestation without having to make modifications to server or device components of its software.
Originally, attestation is used to protect enterprise apps and data from unauthorized access by creating a virtual security container within a device. Before the container is created, a Mobile Device Management (MDM) server must verify the device security status to identify whether the device is secure in order to create the container. Attestation can be used to verify the device’s security status. Attestation is the process where a device provides device measurement data signed with a trusted key available only in the secure container (i.e., trust zone). Measurement data from the device is reliable for a short period of time after the nonce creation as the device can be compromised.
According to various embodiments, an electronic device for performing attestation by proxy, the electronic device comprises at least one transceiver, and at least one processor operatively coupled to the at least one transceiver. The at least one processor is configured to transmit, to an attestation server, secure device data for an electronic device through a proxy server, receive, from the attestation server, a validation result indicating that a security for the electronic device is valid through the proxy server, the validation result generated based on the secure device data, and communicate payment information with an application server according to the validation result.
According to various embodiments, a policy associated with the application server is obtained by the proxy server, and the policy indicates validation logic specific to the application server and indicates a data format of the validation result that is acceptable by the application server.
According to various embodiments, the policy is obtained from one of the application server or a default policy.
According to various embodiments, the proxy server comprises a virtual private network (VPN) server, and the VPN server is used to generate a secure connection with the electronic device.
According to various embodiments, the secure device data is generated by using a nonce and device measurements of the electronic device, and the nonce is received from the attestation server through the proxy server.
According to various embodiments, the secure device data is a binary large object generated by using the nonce received from the attestation server and device measurements of the electronic device.
According to various embodiments, the at least one processor further configured to receive a token for use in a payment from the application server through the proxy server.
According to various embodiments, a non-transitory computer readable medium containing computer readable program code that, when executed, causes at least one processing device of an electronic device to transmit, to an attestation server, secure device data for an electronic device through a proxy server, receiving, from the attestation server, a validation result indicating that a security for the electronic device is valid through the proxy server, the validation result generated based on the secure device data, and communicate payment information with an application server according to the validation result.
FIG. 6 illustrates a flow diagram 600 of a token use operation based on electronic device attestation by proxy in accordance with various embodiments of the present disclosure. The embodiment of the flow diagram 600 shown in FIG. 6 is for illustration only. Other embodiments of the flow diagram 600 could be used without departing from the scope of this disclosure.
In FIG. 6, the solid line may include a request (e.g., request or call) command and the dotted line may include a response (e.g., response or return) command. According to an embodiment, the payment system may include an electronic device 605, a payment server 610 (e.g., may include a payment service server and/or a token requester server), and a token server 615 (also referred to as a token service provider). The electronic device may include, for example, a payment application 620 and/or a payment manager 625. The token server 615 may issue or manage information (such as tokens) related to payment. The token server 615 may control the operation cycle of the token.
According to various embodiments, the electronic device 605 may store information that can be used for payment, using an external input or a sensor 365 (e.g., camera sensor or Optical Character Reader (OCR)) functionally connected to the electronic device 605. For example, the information that can be used for payment may include card information (e.g., PAN), a valid period, CVV, or a user name. In one embodiment, the electronic device 605 may execute an application (e.g., payment application 620) included in the electronic device 605 on the basis of an external input (e.g., user input). The electronic device 605 may store, in a payment application 620 included in the electronic device 605, information that can be used for payment through an external input (e.g., touch, double touch, long press, leftward/rightward movement after touch, gesture, or drag and stop) or a sensor functionally connected to the electronic device 605. The information that can be used for payment may include, for example, Primary Account Number (PAN). The PAN may include an account number associated with a Bank Identification Number (BIN) generated by a financial server.
According to various embodiments, the electronic device 605 may store information, which is associated with the payment application 620 and can be used for payment, in the electronic device 605 or the external device (e.g., server). For example, the electronic device 605 may store information, which can be used for payment corresponding to the payment application 620, in a memory (e.g., the memory 230 of FIG. 2 or memory 360 of FIG. 3) included in the electronic device 605 or in an external device (e.g., any of client devices 106-114, or the server 104 of FIG. 1).
According to various embodiments, the electronic device 605 may provide an interface for the information that can be used for payment. The interface may include the information that can be used for payment, for example, letters for the PAN, a picture, an icon, a notification, or an indicator.
According to various embodiments, the electronic device 605 may register a PAN using the payment application 620. For example, the electronic device 605 may transfer the PAN to the payment application 620. According to an embodiment, the payment manager 625 may provide information related to the PAN, which has been input through a sensor functionally connected to the electronic device 605, to the user by transferring the PAN to the payment manager 625 (630).
According to various embodiments, the payment manager 625 may encrypt the PAN (633). For example, the payment manager 625 may encrypt the PAN using a key included in the security application in order to protect the PAN from the outside. Further, for example, information received from the electronic device 605 or the external device (e.g., a server or financial server) may be used in the encryption.
According to various embodiments, the payment manager 625 may register an encrypted PAN in the payment server 610 (635). For example, the payment manager 625 may be functionally connected with the payment server 610 to transfer the encrypted PAN. The encrypted PAN may be transferred through a protection channel for protection against the outside. For example, the payment manager 625 may use a predetermined command (e.g., POST/enrollment) in registering the PAN in the payment server 610. Further, the payment server 610 may control the encrypted PAN through, for example, the token requester server included in the payment server 610. Hereinafter, the encrypted PAN may be simply referred to as PAN.
According to various embodiments, POST/enrollment, which is a predetermined command, may be used when the payment manager 625 requests the payment server 610 to provide a signal for card registration. The parameter of POST/enrollment may include, for example, one parameter among type, entry, token requester ID, user ID, app ID, device ID, card reference ID, device name, device profile, device certificates for encryption and signing, device pair, payment instrument, and presentation mode. The card type may include, for example, a payment card name (e.g., payment account brand). The payment card name may include, for example, at least one of VISA™, MASTER CARD™, AMERICAN EXPRESS™, or DISCOVERY™. The entry may include, for example, a card entry method. The card entry method may include, for example, at least one of MANUAL, OCR, APP, or FILE. The device profile may include, for example, the type (e.g., ordinary electronic device 605 or wearable device) of the electronic device 605. The payment instrument may include, for example, payment information (e.g., PAN, valid period, or CVV). The presentation mode may include, for example, a payment method (e.g., MST or NFC) used for payment.
According to various embodiments, the POST/enrollment, which is the predetermined command, may include a command for checking whether the payment server 610 requires attestation of the electronic device 605, in order to attest the electronic device 605. For example, the payment server 610 may send a command with “Expect: 100-continue” request header, which is used in HyperText Transfer Protocol (HTTP), to the token server 615 to receive data (e.g., disposable random number) from the token server 615.
According to various embodiments, the payment server 610 may perform the attestation on the predetermined command received from the payment manager 625. For example, the payment server 610 may perform the attestation of the electronic device 605 or the payment manager 625 on the basis of the predetermined command or a condition designated to the payment server 610.
According to various embodiments, in the case of not performing the attestation, the payment server 610 may perform at least a part of the token issuance operations. According to various embodiments, in the case of performing the attestation, the payment server 610 may generate a disposable random number (e.g., nonce) (637). The disposable random number may be, for example, generated by the payment server 610 or received from an external device. Further, the disposable random number may include valid time or use time, for which the payment function is usable.
According to various embodiments, the payment server 610 may transfer, to the payment manager 625, an instruction to perform a function associated with the attestation (640). For example, in response to the predetermined command (e.g., POST/enrollment), the payment server 610 may transfer the instruction, using the disposable random number. For example, the payment server 610 may send a response including Attestation-Nonce, which is a disposable random number associated with the attestation, to the payment manager 625.
According to various embodiments, the payment manager 625 may perform the attestation in accordance with the response associated with the attestation received from the payment server 610 (643). The attestation may be performed in, for example, the trust zone, which is a security area of the electronic device 605. The trust zone may be included in, for example, the TEE.
According to various embodiments, the attestation may be performed using a unique electronic device key (e.g. key or LUK) included (stored) in the trust zone. The attestation may include an operation of checking the integrity of the electronic device 605 or an electronic device 605 performing the payment function. The key may be included in the electronic device 605 at the time of manufacturing (processing) the electronic device 605.
According to one embodiment, the attestation may be performed by another key made using the key. For example, based on the key, a TEE public key or a TEE private key may be made and used.
According to various embodiments, the key may be changed at the operation time point of, for example, the electronic device 605 or the electronic device 605. For example, when the electronic device 605 or the electronic device 605 is not normally booted, the key may be deleted, revised, or damaged. Further, when the key is used in the electronic device 605 or the electronic device 605 using a predetermined revised file (e.g., image), the key may be deleted, revised, or damaged. According to various embodiments, when there is a random access to the trust zone, for example, the TEE, from the outside, the key may be deleted, revised, or damaged.
According to various embodiments, when the electronic device 605 or the electronic device 605 is normally booted, information included in the key may be changed. For example, the key may be randomly changed, and may be generated to include new information whenever the electronic device 605 is booted.
According to various embodiments, the key may be included in the security module. For example, the key may be stored a security module distinguished from the trust zone. The security module may include, for example, a security area, and may be physically distinguished from an element (e.g., payment application 620) of the electronic device 605 or the electronic device 605. Further, the key may be identical or similar to, for example, a unique key corresponding to the security module.
According to various embodiments, the payment manager 625 may transfer the disposable random number received by the payment server 610 to the trust zone. The trust zone may perform the attestation using, for example, the disposable random number, and generate blob associated with the attestation.
According to various embodiments, the trust zone may generate the blob on the basis of the disposable random number, for example, the disposable random number having use time or valid time configured therefor, and the key. According to various embodiments, the payment manager 625 may receive a blob generated based on the disposable random number, from the trust zone.
According to various embodiments, the payment manager 625 may transfer the blob and/or the PAN to the payment server 610 (645). The payment manager 625 may use a predetermined command (e.g., POST/enrollments w/Attestation-Blob) for the transfer. The payment manager 625 may transfer, for example, the blob, the blob and the PAN, a device profile, a user ID, or an application ID to the payment server 610.
According to various embodiments, the payment server 610 may determine the validity of the OTP value or numerical value received from the payment manager 625 (647). For example, the payment server 610 may determine the validity, using the blob and the disposable random number generated by the payment server 610.
According to various embodiments, when the blob information is valid, the payment server 610 may transfer the device profile, user ID, and the application ID to the token server 615 (650). The device profile may include a device ID (e.g., International Mobile Equipment Identity (IMEI)) and/or payment means (e.g., Near Field Communication (NFC) and/or Magnetic Secure Transmission (MSC)). Further, the device profile may include an identifier (e.g., device ID) for identifying a device. The user ID may include, for example, a name of a user using the electronic device 605. The app ID may include, for example, an identifier of a payment application 620 (e.g. SAMSUNG WALLET™).
According to various embodiments, when the blob information is not valid, the payment server 610 may stop (interrupt) the attestation or card registration operation. According to various embodiments, when the blob information is not valid, the payment server 610 may transfer a result (e.g., attestation failure) of the attestation to the electronic device 605 (e.g., the payment manager 625) or another electronic device 605.
According to various embodiments, the token server 615 may generate a channel (e.g., session) between the payment server 610 and the token server 615 in response to the reception of the user information. The channel may encrypt information (e.g., data) transmitted or received through the channel, for example, using a common (public) key shared by the payment server 610 and the token server 615. According to various embodiments, the payment server 610 may transfer a PAN (e.g., an encrypted PAN) to the token server 615, using a channel generated between the payment server 610 and the token server 615.
According to various embodiments, the token server 615 may register the PAN received from the payment server 610. The registration process may include a procedure of checking, using at least one ID among the user ID, app ID, device ID, or card reference ID, whether token issuance is possible. For example, the token server 615 may perform a process of checking whether it is possible to issue a token for the card, using the card reference ID. According to another embodiment, a process of checking whether the device having been already registered, by a registered user, using a device ID and a user ID. According to one embodiment, the token server 615 may register the PAN received from the payment server 610 and transfer a response (e.g., card reference ID) to the registration to the payment server 610 (655). The response to the registration may include, for example, at least one of a card reference ID, a contract condition, card metadata, or issuer metadata.
According to various embodiments, the payment server 610 may transfer information received from the token server 615, for example, a response to the registration, to the payment manager 625 (660), and the payment manager 625 may transfer the information to the payment application 620. The response to the registration may include, for example, at least one of a card reference ID, a contract condition, card metadata, or issuer metadata.
According to various embodiments, at least a part of the response to the registration of PAN (e.g., POST/enrollment) may be information stored in the payment server 610 or the payment manager 625 and may be changed (e.g., generation, revision, or removal) according to a predetermined condition. According to various embodiments, the payment application 620 may output at least a part of the response to the registration received from the payment manager 625 to the outside, to the user. For example, the payment application 620 may display the contract conditions included in the response.
According to various embodiments, the information for performing the attestation may be stored in an external device. For example, in order to perform the attestation, the disposable random number, the blob, the key, the device profile, the user ID, the app ID, or the public (open) key may be stored inside or outside of the electronic device 605. The external device may include, for example, an attestation server.
FIG. 7 illustrates a flow diagram 700 of a token use operation based on electronic device attestation in an electronic device 605 according to various embodiments. The embodiment of the flow diagram 700 shown in FIG. 7 is for illustration only. Other embodiments of the flow diagram 700 could be used without departing from the scope of this disclosure.
In FIG. 7, the solid line may include a request (e.g., request or call) command and the dotted line may include a response (e.g., response or return) command. According to an embodiment, the payment system may include an electronic device 605, a payment server 610, or a token server 615. The electronic device 605 may include, for example, a payment application 620 and/or a payment manager 625.
According to various embodiments, the token server 615 may transfer information associated with authentication (certification) to the payment server 610 (705). The authentication may include, for example, server authentication. The server authentication may include, for example, authentication using a Certificate Authority (CA).
According to various embodiments, the electronic device 605 may store information that can be used for payment, using an external input or a sensor 365 (e.g., camera sensor or Optical Character Reader (OCR)) functionally connected to the electronic device 605. For example, the information that can be used for payment may include card information (e.g., PAN), a valid period, CVV, or a user name. According to an embodiment, the electronic device 605 may execute an application (e.g., payment application 620) included in the electronic device 605 on the basis of an external input (e.g., user input). The electronic device 605 may store, in a payment application 620 included in the electronic device 605, information that can be used for payment through an external input (e.g., touch, double touch, long press, leftward/rightward movement after touch, gesture, or drag and stop) or a sensor functionally connected to the electronic device 605. The information that can be used for payment may include, for example, Primary Account Number (PAN). The PAN may include an account number associated with a Bank Identification Number (BIN) generated by a financial server.
According to various embodiments, the electronic device 605 may store information, which is associated with the payment application 620 and can be used for payment, in the electronic device 605 or the external device (e.g., server). For example, the electronic device 605 may store information, which can be used for payment corresponding to the payment application 620, in a memory (e.g., the memory 230 of FIG. 2 or memory 360 of FIG. 3) included in the electronic device 605 or in an external device (e.g., any of client devices 106-114, or the server 104 of FIG. 1).
According to various embodiments, the electronic device 605 may provide an interface for the information that can be used for payment. The interface may include the information that can be used for payment, for example, letters for the PAN, a picture, an icon, a notification, or an indicator.
According to various embodiments, the electronic device 605 may register a PAN using the payment application 620. For example, the electronic device 605 may transfer the PAN to the payment application 620. According to an embodiment, the payment manager 625 may provide information related to the PAN, which has been input through a sensor functionally connected to the electronic device 605, to the user by transferring the PAN to the payment manager 625 (710).
According to various embodiments, the payment manager 625 may encrypt the PAN (714). For example, the payment manager 625 may generate a device certification (713). The payment manager 625 may encrypt the PAN using a key included in the security application in order to protect the PAN from the outside (714). Further, for example, information received from the electronic device 605 or the external device (e.g., a server or financial server) may be used in the encryption.
According to various embodiments, the payment manager 625 may register an encrypted PAN in the payment server 610 (715). For example, the payment manager 625 may be functionally connected with the payment server 610 to transfer the encrypted PAN. The encrypted PAN may be transferred through a protection channel for protection against the outside. For example, the payment manager 625 may use a predetermined command (e.g., POST/enrollment) in registering the PAN in the payment server 610. Further, the payment server 610 may control the encrypted PAN through, for example, the token requester server included in the payment server 610. Hereinafter, the encrypted PAN may be simply referred to as PAN.
According to various embodiments, POST/enrollment, which is a predetermined command, may be used when the payment manager 625 requests the payment server 610 to provide a signal for card registration. The parameter of POST/enrollment may include, for example, one parameter among type, entry, token requester ID, user ID, app ID, device ID, card reference ID, device name, device profile, device certificates for encryption and signing, device pair, payment instrument, or presentation mode. The card type may include, for example, a payment card name (e.g., payment account brand). The payment card name may include, for example, at least one of VISA™, MASTER CARD™, AMERICAN EXPRESS™, or DISCOVERY™. The entry may include, for example, a card entry method. The card entry method may include, for example, at least one of MANUAL, OCR, APP, or FILE. The device profile may include, for example, the type (e.g., ordinary electronic device 605 or wearable device) of the electronic device 605. The payment instrument may include, for example, payment information (e.g., PAN, valid period, or CVV). The presentation mode may include, for example, a payment method (e.g., MST or NFC) used for payment.
According to various embodiments, the POST/enrollment, which is the predetermined command, may include a command for checking whether the payment server 610 requires attestation of the electronic device 605, in order to attest the electronic device 605. For example, the payment server 610 may send a command with “Expect: 100-continue” request header, which is used in HyperText Transfer Protocol (HTTP), to the token server 615 to receive data (e.g., disposable random number) from the token server 615.
According to various embodiments, the payment server 610 may perform the attestation on the basis of a predetermined command received from the payment manager 625. For example, the payment server 610 may perform the attestation of the electronic device 605 or the payment manager 625 on the basis of the predetermined command or a condition designated to the payment server 610. According to various embodiments, in the case of not performing the attestation, the payment server 610 may perform at least a part of the token issuance operations.
According to various embodiments, in the case of not performing the attestation, the payment server 610 may generate a disposable random number (717). The disposable random number may be, for example, generated by the payment server 610 or received from an external device. Further, the disposable random number may include valid time or use time, for which the payment function is usable.
According to various embodiments, the payment server 610 may transfer, to the payment manager 625, an instruction to perform a function associated with the attestation (720). For example, in response to the predetermined command, the payment server 610 may transfer the instruction, using the disposable random number. For example, the payment server 610 may send a response including Attestation-Nonce, which is a disposable random number associated with the attestation, to the payment manager 625.
According to various embodiments, the payment manager 625 may perform the attestation in accordance with the response associated with the attestation received from the payment server 610 (723). The attestation may be performed in, for example, the trust zone, which is a security area of the electronic device 605. The trust zone may be included in, for example, the TEE.
According to various embodiments, the attestation may be performed using a key included (stored) in the trust zone. The attestation may include an operation of checking the integrity of the electronic device 605 or an electronic device 605 performing the payment function. The key may be included in the electronic device 605 at the time of manufacturing (processing) the electronic device 605. According to one embodiment, the attestation may be performed using another key made using the key described above. For example, based on the above key, a TEE public key or TEE private key may be made and used.
The notification associated with the call center method may include, for example, the electronic device 605 or the number of the electronic device 605. For example, when the electronic device 605 or the electronic device 605 is not normally booted, the key may be deleted, revised, or damaged. Further, when the key is used in the electronic device 605 or the electronic device 605 using a predetermined revised file (e.g., image), the key may be deleted, revised, or damaged. According to various embodiments, when there is a random access to the trust zone, for example, the TEE, from the outside, the key may be deleted, revised, or damaged. According to various embodiments, when the electronic device 605 or the electronic device 605 is normally booted, information included in the key may be changed. For example, the key may be randomly changed, and may be generated to include new information whenever the electronic device 605 is booted.
According to various embodiments, the key may be included in the security module. For example, the key may be stored a security module distinguished from the trust zone. The security module may include, for example, a security area, and may be physically distinguished from an element (e.g., payment application 620) of the electronic device 605 or the electronic device 605. Further, the key may be identical or similar to, for example, a unique key corresponding to the security module.
According to various embodiments, the payment manager 625 may transfer the disposable random number received by the payment server 610 to the trust zone. The trust zone may perform the attestation using, for example, the disposable random number, and generate blob associated with the attestation.
According to various embodiments, the trust zone may generate the blob on the basis of the disposable random number, for example, the disposable random number having use time or valid time configured therefor, and the key. According to various embodiments, the payment manager 625 may receive a blob generated based on the disposable random number, from the trust zone.
According to various embodiments, the payment manager 625 may transfer the blob and/or the PAN to the payment server 610 (725). The payment manager 625 may use a predetermined command (e.g., POST/enrollments w/Attestation-Blob) for the transfer. The payment manager 625 may transfer, for example, the blob, the blob and the PAN, a device profile, a user ID, or an application ID to the payment server 610.
According to various embodiments, the payment server 610 may determine the validity of the blob received from the payment manager 625 (727). For example, the payment server 610 may determine the validity, using the blob and the disposable random number generated by the payment server 610.
According to various embodiments, when the blob information is valid, the payment server 610 may transfer the device profile, user ID, and the application ID to the token server 615 (730). The device profile may include a device ID (e.g., International Mobile Equipment Identity (IMEI)) and/or payment means (e.g., Near Field Communication (NFC) and/or Magnetic Secure Transmission (MSC)). Further, the device profile may include an identifier (e.g., device ID) for identifying a device. The user ID may include, for example, a name of a user using the electronic device 605. The app ID may include, for example, an identifier of a payment application 620 (e.g. SAMSUNG WALLET™).
According to various embodiments, when the blob information is not valid, the payment server 610 may stop (interrupt) the attestation or card registration operation. According to various embodiments, when the blob information is not valid, the payment server 610 may transfer a result (e.g., attestation failure) of the attestation to the electronic device 605 (e.g., the payment manager 625) or another electronic device 605.
According to various embodiments, the token server 615 may generate a channel (e.g., session) between the payment server 610 and the token server 615 in response to reception of the user information. The channel may encrypt information (e.g., data) transmitted or received through the channel, for example, using a common (public) key shared by the payment server 610 and the token server 615. According to various embodiments, the payment server 610 may transfer a PAN (e.g., an encrypted PAN) to the token server 615, using a channel generated between the payment server 610 and the token server 615.
According to various embodiments, the token server 615 may register the PAN received from the payment server 610. The registration process may include a procedure of checking, using at least one ID among the user ID, app ID, device ID, and card reference ID, whether token issuance is possible. For example, the token server 615 may perform a process of checking whether it is possible to issue a token for the card, using the card reference ID. According to another embodiment, a process of checking, by a user having registered using a device ID and a user ID, whether the device having been already registered is right. According to one embodiment, the token server 615 may register the PAN received from the payment server 610 and transfer a response (e.g., card reference ID) to the registration to the payment server 610 (730). The response to the registration may include, for example, at least one of a card reference ID, a contract condition, card metadata, or issuer metadata.
According to various embodiments, the payment server 610 may transfer information received from the token server 615, for example, a response to the registration, to the payment manager 625 (740), and the payment manager 625 may transfer the information to the payment application 620 (745). The response to the registration may include, for example, at least one of a card reference ID, a contract condition, card metadata, or issuer metadata.
According to various embodiments, at least a part of the response to the registration of PAN (e.g., POST/enrollment) may be information stored in the payment server 610 or the payment manager 625 and may be changed (e.g., generation, revision, or removal) according to a predetermined condition.
According to various embodiments, the payment application 620 may output at least a part of the response to the registration received from the payment manager 625 to the outside, to the user. For example, the payment application 620 may provide a user with the contract conditions included in the response to the registration.
According to various embodiments, the information for performing the attestation may be stored in an external device. For example, the disposable random number, the blob, the key, the device profile, the user ID, the application ID, or the common (public) key, which are to be used for the attestation, may be stored in the electronic device 605 or outside of the electronic device 605. The external device may include, for example, an attestation server.
FIG. 8 illustrates a flow diagram 800 of a token update operation based on token attestation in an electronic device 605 according to various embodiments. The embodiment of the flow diagram 800 shown in FIG. 8 is for illustration only. Other embodiments of the flow diagram 800 could be used without departing from the scope of this disclosure.
In FIG. 8, the solid line may include a request (e.g., request or call) command and the dotted line may include a response (e.g., response or return) command. According to an embodiment, the payment system may include an electronic device 605, a payment server 610, or a token server 615. The electronic device 605 may include, for example, a payment application 620 and/or a payment manager 625.
According to various embodiments, the payment manager 625 may update (replenish) a token (803). For example, the payment manager 625 may perform the token update as an internal operation of the payment manager 625. The token update may be performed based on a predetermined command (e.g., replenish token).
According to various embodiments, the payment manager 625 may perform token attestation associated with the token update. For example, the payment manager 625 may perform the token attestation to enable use of the token. The token attestation may be performed, for example, by an internal operation of the payment manager 625 or based on an external input (e.g., user input or external device input).
According to various embodiments, the payment manager 625 may transfer a command associated with the token attestation to the payment server 610 (805). The command associated with the token attestation may be performed using, for example, a predetermined command (e.g., POST/nonces). According to various embodiments, the payment server 610 may transfer a response (e.g., nonces) corresponding to the command associated with the token attestation to the payment manager 625 (810).
According to various embodiments, the payment manager 625 may transfer a result associated with the token attestation to the payment server 610 (815). The result associated with the token attestation may be performed using, for example, a predetermined command (e.g., POST/verdicts).
According to various embodiments, the payment server 610 may transfer a response (e.g., OK) corresponding to the result associated with the token attestation to the payment manager 625 (820). According to one embodiment, the payment manager 625 may perform the token update, based on the response corresponding to the result associated with the token attestation.
According to various embodiments, the payment manager 625 may perform the token update, based on the token attestation. For example, the payment manager 625 may request the payment server 610 to perform token update (825). The request associated with the token update may be made using a predetermined command (e.g., POST/tokens/{id}).
According to various embodiments, the POST/tokens/{id} may be used in an operation in which the payment manager 625 performs token update with respect to the token server 615. For example, the POST/tokens command may include at least one of a token ID or a key (e.g., token key) associated with the token ID when the command is transferred. Based on the token ID, the token server 615 may update the token. The payment server 610 may forward the token reference or key to the token server 615 (830) and receive a POST/notifications command including the token (835). The payment server 610 may send a PUSH token{id} command to the payment manager 625 (840) and receive a GET/tokens/{id} command in return (845). The payment manager 625 may receive, for example, a response corresponding to the POST/tokens/{id} from the payment server 610, and the response corresponding to the POST/tokens/{id} may include key information (850). Further, the POST/tokens command may include, for example, a resource ID. The resource ID may include an identifier of the registered (enrollment) resource, which may be configured in the form of Uniform Resource Locator (URL). Further, the resource ID may include, for example, reference information storing information related to a token ID or token reference, and may include an address at which the token ID or the token reference is stored in the payment server 610.
According to various embodiments, the payment server 610 may transfer the token state, the token, and the token use key to the payment manager 625. According to various embodiments, the payment manager 625 may transfer a notification or event associated with the key to the payment application 620 (855). For example, the payment manager 625 may use a predetermined command (e.g., notify replenished) in transferring the notification or event associated with the key to the payment application 620. According to various embodiments, the payment manager 625 may store, in a trust zone, the information (e.g., the key) received from the payment server 610 (853). The payment manager 625 may store, for example, the new token use key in a security application included in the electronic device 605.
According to various embodiments, the payment application 620 may transfer a notification corresponding to an event or notification associated with the key to the payment manager 625 (860). For example, the payment application 620 may transfer information (e.g., ack replenished) indicating that the event or notification associated with the key is performed, to the payment manager 625. The information indicating that the event or notification associated with the key is performed may include, for example, an acknowledgment type. The notification corresponding to the event or notification associated with the key may include, for example, the token update (replenishment), and the token update may indicate, for example, that the PAN included in the electronic device 605 has been changed into a state allowing the payment function. The new token use key may be used in, for example, completing the update of the key corresponding to the PAN.
According to various embodiments, the payment manager 625 may transfer the token update operation to the payment server 610 (865). For example, the payment manager 625 may transfer a report that the token updating operation is performed, to the payment server 610, using a predetermined command (e.g., POST/reports). The payment manager 625 may transfer, for example, a report that the PAN has been changed into a state allowing execution of the payment function. According to an embodiment, the payment manager 625 may perform state synchronization with the payment server 610. According to various embodiments, the payment server 610 may transfer the token update operation to the token server 615 (870). For example, the payment server 610 may transmit a response (e.g., acknowledgement or token reference replenished) to the token server 615.
FIGS. 6-8 illustrate examples of flow diagrams for electronic device attestation. FIGS. 6-8 discuss the use of a payment server 610 and a token server 615. In one or more embodiments of this disclosure, the payment server 610 can be one example of a proxy server. In one example, payment server 610 could be VPN server 425 in FIG. 5, a VPN client 420, an attestation server 430, or a combination thereof. Token server 615 could be one example of an application server, such as application server 535 in FIG. 5. Additionally, various changes could be made, such as, for example, while shown as a series of steps, various steps in each figure could overlap, occur in parallel, occur in a different order, occur multiple times, or not be performed in one or more embodiments.
FIG. 9 illustrates a process 900 for attestation by an electronic device 605 in accordance with various embodiments of the present disclosure. For example, the process 900 depicted in FIG. 9 may be performed by the electronic device 300 in FIG. 3. The embodiment of the process 900 shown in FIG. 9 is for illustration only. Other embodiments of the process 900 could be used without departing from the scope of this disclosure.
Referring to FIG. 9, in operation 905, the electronic device 605 (e.g., terminal or portable phone) may acquire, for example, attestation information corresponding to the electronic device 605 from an external electronic device of the electronic device 605. According to an embodiment, in operation 905, the electronic device 605 may acquire the attestation information (also referred to as device data) as a request for the determination of the integrity of the electronic device 605. The attestation information may include, for example, a disposable random number (nonce).
In operation 910, the electronic device 605 may perform, for example, attestation of the electronic device 605, based on the attestation information. The attestation may include functions of identifying the security for the electronic device 605. The attestation may include functions of identifying the integrity for the electronic device 605.
In operation 915, the electronic device 605 may transmit, for example, a result of the attestation to the external electronic device or another electronic device 605. For example, the result (e.g., blob or security) of the attestation may be determined or generated based on the disposable random number (nonce) and/or the security information included in the electronic device 605. The other electronic device 605 may include, for example, a token server 615, a third party server, a wearable device, or a cloud server. The cloud server may include, for example, a personal cloud or a public cloud.
Although FIG. 9 illustrates examples of processes for attestation, various changes could be made to FIG. 9. For example, while shown as a series of steps, various steps in each figure could overlap, occur in parallel, occur in a different order, occur multiple times, or not be performed in one or more embodiments.
FIG. 10 illustrates a process 1000 for attestation by proxy server in accordance with various embodiments of the present disclosure. For example, the process 1000 depicted in FIG. 10 may be performed by the server 200 in FIG. 2. The embodiment of the process 1000 shown in FIG. 10 is for illustration only. Other embodiments of the process 1000 could be used without departing from the scope of this disclosure.
Referring to FIG. 10, in operation 1005, the proxy server (e.g., a VPN server) may request attestation information from an attestation server 430. According to an embodiment, in operation 1005, the proxy server may acquire the attestation information as a request for the determination of the integrity of the electronic device 505. The attestation information may include, for example, a disposable random number (nonce).
In operation 1010, the proxy server may trigger attestation though the attestation agent 415 by sending the attestation information to the attestation agent 415. The attestation agent 415 may use the attestation information to request a measurement from the trust zone 410. The trust zone 410 returns secure device data (e.g., in the form of a BLOB) to the attestation agent 415.
In operation 1015, the proxy server receives the secure device data. In operation 1020, the proxy server requests the attestation server 430 to parse the secure device data and perform signature and certificate checks, according to policy 540. In operation 1025, the proxy server receives a validation result from the attestation server 430. When the validation result is that the electronic device is to be trusted, the proxy server can notify the application server 535 to trust the electronic device 505. Or the proxy server can have the validation result formatted and/or data content updated in accordance with policy 540, and send the formatted and/or updated validation result to the application server.
Although FIG. 10 illustrates examples of processes for attestation, various changes could be made to FIG. 10. For example, while shown as a series of steps, various steps in each figure could overlap, occur in parallel, occur in a different order, occur multiple times, or not be performed in one or more embodiments. Although the present disclosure has been described with an exemplary embodiment, various changes and modifications may be suggested to one skilled in the art. It is intended that the present disclosure encompass such changes and modifications as fall within the scope of the appended claims.
According to various embodiments, a method of for attestation by proxy, the method comprises transmitting, to an attestation server, secure device data for an electronic device through a proxy server, receiving, from the attestation server, a validation result indicating that a security for the electronic device is valid through the proxy server, the validation result generated based on the secure device data, and communicating payment information with an application server according to the validation result.
According to various embodiments, a policy associated with the application server is obtained by the proxy server, and the policy indicates validation logic specific to the application server and indicates a data format of the validation result that is acceptable by the application server.
According to various embodiments, the policy is obtained from one of the application server or a default policy.
According to various embodiments, wherein the proxy server comprises a virtual private network (VPN) server, and the VPN server is used to generate a secure connection with the electronic device.
According to various embodiments, the secure device data is generated by using a nonce and device measurements of the electronic device, and the nonce is received from the attestation server through the proxy server.
According to various embodiments, the secure device data is a binary large object generated by using the nonce received from the attestation server and device measurements of the electronic device.
According to various embodiments, the communication of the payment information with the application server comprises receiving a token for use in a payment from the application server through the proxy server.
None of the description in this application should be read as implying that any particular element, step, or function is an essential element that must be included in the claim scope. The scope of patented subject matter is defined only by the claims. Moreover, none of the claims is intended to invoke 35 U.S.C. § 112(f) unless the exact words “means for” are followed by a participle.
Claims (15)
- A method of electronic device for attestation by proxy, the method comprising:transmitting, to an attestation server, secure device data for the electronic device through a proxy server;receiving, from the attestation server, a validation result indicating that a security for the electronic device is valid through the proxy server, the validation result generated based on the secure device data; andcommunicating payment information with an application server according to the validation result.
- The method of Claim 1,wherein a policy associated with the application server is obtained by the proxy server, andwherein the policy indicates validation logic specific to the application server and indicates a data format of the validation result that is acceptable by the application server.
- The method of Claim 2, wherein the policy is obtained from one of the application server or a default policy.
- The method of Claim 1,wherein the proxy server comprises a virtual private network (VPN) server, andwherein the VPN server is used to generate a secure connection with the electronic device.
- The method of Claim 1,wherein the secure device data is generated by using a nonce and device measurements of the electronic device, andwherein the nonce is received from the attestation server through the proxy server.
- The method of Claim 5,wherein the secure device data is a binary large object generated by using the nonce received from the attestation server and device measurements of the electronic device.
- The method of Claim 1, wherein communicating the payment information with the application server comprises:receiving a token for use in a payment from the application server through the proxy server.
- An electronic device for performing attestation by proxy, the electronic device comprising:at least one transceiver; andat least one processor operatively coupled to the at least one transceiver,wherein the at least one processor is configured to:transmit, to an attestation server, secure device data for an electronic device by through a proxy server;receive, from the attestation server, a validation result indicating that a security for the electronic device is valid through the proxy server, the validation result generated based on the secure device data; andcommunicate payment information with an application server according to the validation result.
- The electronic device of Claim 8,wherein a policy associated with the application server is obtained by the proxy server, andwherein the policy indicates validation logic specific to the application server and indicates a data format of the validation result that is acceptable by the application server.
- The electronic device of Claim 9, wherein the policy is obtained from one of the application server or a default policy.
- The electronic device of Claim 8,wherein the proxy server comprises a virtual private network (VPN) server, andwherein the VPN server is used to generate a secure connection with the electronic device.
- The electronic device of Claim 8,wherein the secure device data is generated by using a nonce and device measurements of the electronic device, andwherein the nonce is received from the attestation server through the proxy server.
- The electronic device of Claim 12,wherein the secure device data is a binary large object generated by using the nonce received from the attestation server and device measurements of the electronic device.
- The electronic device of Claim 8, wherein the at least one processor is further configured to:receive a token for use in a payment from the application server through the proxy server.
- A non-transitory computer readable medium containing computer readable program code that, when executed, causes at least one processing device of an electronic device to:transmit, to an attestation server, secure device data for an electronic device through a proxy server;receiving, from the attestation server, a validation result indicating that a security for the electronic device is valid through the proxy server, the validation result generated based on the secure device data; andcommunicate payment information with an application server according to the validation result.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201680011694.6A CN107430657B (en) | 2015-02-27 | 2016-02-29 | Authentication by proxy |
EP16755957.4A EP3262814A4 (en) | 2015-02-27 | 2016-02-29 | Attestation by proxy |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562126121P | 2015-02-27 | 2015-02-27 | |
US62/126,121 | 2015-02-27 | ||
US201562208359P | 2015-08-21 | 2015-08-21 | |
US62/208,359 | 2015-08-21 | ||
US15/055,314 US20160253664A1 (en) | 2015-02-27 | 2016-02-26 | Attestation by proxy |
US15/055,314 | 2016-02-26 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016137307A1 true WO2016137307A1 (en) | 2016-09-01 |
Family
ID=56789716
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2016/002020 WO2016137307A1 (en) | 2015-02-27 | 2016-02-29 | Attestation by proxy |
Country Status (4)
Country | Link |
---|---|
US (1) | US20160253664A1 (en) |
EP (1) | EP3262814A4 (en) |
CN (1) | CN107430657B (en) |
WO (1) | WO2016137307A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10069829B1 (en) | 2017-05-17 | 2018-09-04 | International Business Machines Corporation | Multi-party secure global attestation |
EP4038520A4 (en) * | 2019-09-30 | 2023-08-30 | INTEL Corporation | Methods and apparatus to attest objects in edge computing environments |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9749294B1 (en) * | 2015-09-08 | 2017-08-29 | Sprint Communications Company L.P. | System and method of establishing trusted operability between networks in a network functions virtualization environment |
CN110502887B (en) * | 2015-09-11 | 2023-07-18 | 创新先进技术有限公司 | Electronic payment method and device |
US10542115B1 (en) | 2015-10-01 | 2020-01-21 | Sprint Communications Company L.P. | Securing communications in a network function virtualization (NFV) core network |
US9781016B1 (en) | 2015-11-02 | 2017-10-03 | Sprint Communications Company L.P. | Dynamic addition of network function services |
US10250498B1 (en) | 2016-10-03 | 2019-04-02 | Sprint Communications Company L.P. | Session aggregator brokering of data stream communication |
KR102703601B1 (en) * | 2016-11-17 | 2024-09-06 | 삼성전자주식회사 | Electronic device and method for remitting thereof |
US10382203B1 (en) * | 2016-11-22 | 2019-08-13 | Amazon Technologies, Inc. | Associating applications with Internet-of-things (IoT) devices using three-way handshake |
KR102591683B1 (en) | 2016-12-07 | 2023-10-20 | 삼성전자주식회사 | Method and electronic device for managing secure element |
US10831894B2 (en) * | 2017-01-11 | 2020-11-10 | Morgan State University | Decentralized root-of-trust framework for heterogeneous networks |
GB201703864D0 (en) * | 2017-03-10 | 2017-04-26 | Irdeto Bv | Secured system operation |
TWI643148B (en) * | 2017-06-02 | 2018-12-01 | 中華電信股份有限公司 | Mobile device, method, computer program product, and distribution system thereof for configuring ticket co-branded credit card based on coding technology |
US10348488B1 (en) | 2017-08-25 | 2019-07-09 | Sprint Communications Company L.P. | Tiered distributed ledger technology (DLT) in a network function virtualization (NFV) core network |
US11126699B2 (en) * | 2018-02-07 | 2021-09-21 | Nec Corporation | Replica trusted execution environment: enabling seamless replication of trusted execution environment (TEE)-based enclaves in the cloud |
CN108540523B (en) * | 2018-02-08 | 2022-03-22 | 苏州乐轩科技有限公司 | Management device, communication system and communication method for internet of things device |
US10602353B1 (en) * | 2018-12-31 | 2020-03-24 | Microsoft Technology Licensing, Llc | Extensible device identity attestation |
CN113647074B (en) * | 2019-03-29 | 2024-10-18 | 三星电子株式会社 | Method for edge computing service and electronic device thereof |
CN111729293B (en) * | 2020-08-28 | 2020-12-22 | 腾讯科技(深圳)有限公司 | Data processing method, device and storage medium |
US11266911B1 (en) | 2020-09-21 | 2022-03-08 | Nintendo Co., Ltd. | Systems and method for identifying modified program data |
US11818102B2 (en) * | 2021-04-16 | 2023-11-14 | Nokia Technologies Oy | Security enhancement on inter-network communication |
CN113489763B (en) * | 2021-06-18 | 2023-11-21 | 深圳软牛科技有限公司 | Method, device, equipment and storage medium for closing and searching My mobile phone function |
US20220006637A1 (en) * | 2021-09-16 | 2022-01-06 | Intel Corporation | File system supporting remote attestation-based secrets |
US20240144232A1 (en) * | 2022-10-28 | 2024-05-02 | Stripe, Inc. | Systems and methods for terminal device attestation for contactless payments |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020174068A1 (en) * | 2001-05-07 | 2002-11-21 | Rodolphe Marsot | Method for increasing the security of payment of tradesman by a client, corresponding localization center and system |
JP2005062556A (en) * | 2003-08-14 | 2005-03-10 | Internatl Business Mach Corp <Ibm> | Authentication system, server, authentication method, and program |
US20090171836A1 (en) * | 2007-12-28 | 2009-07-02 | Ebay Inc. | System and method for identification verification over a financial network |
US20130226812A1 (en) * | 2012-02-24 | 2013-08-29 | Mads Landrok | Cloud proxy secured mobile payments |
US20140095865A1 (en) * | 2012-09-28 | 2014-04-03 | Blue Coat Systems, Inc. | Exchange of digital certificates in a client-proxy-server network configuration |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7213766B2 (en) * | 2003-11-17 | 2007-05-08 | Dpd Patent Trust Ltd | Multi-interface compact personal token apparatus and methods of use |
KR100636318B1 (en) * | 2004-09-07 | 2006-10-18 | 삼성전자주식회사 | Method and system for authentication of address ownership using care of address binding protocol |
CN101467421A (en) * | 2006-06-16 | 2009-06-24 | 诺基亚有限公司 | Method, apparatuses and computer media for nonce-based authentication scheme comprising indication of session control server's operation mode in authentication request |
CN101155030B (en) * | 2006-09-29 | 2010-10-06 | 维豪信息技术有限公司 | Network resource integration access method based on registration and authentication |
KR100851976B1 (en) * | 2006-11-14 | 2008-08-12 | 삼성전자주식회사 | Method and apparatus of transmitting private information using trusted apparatus |
US7783849B2 (en) * | 2007-01-05 | 2010-08-24 | International Business Machines Corporation | Using trusted user space pages as kernel data pages |
CN103607793B (en) * | 2007-10-25 | 2017-08-25 | 思达伦特网络有限责任公司 | Interworking gateway for mobile node |
US8806601B2 (en) * | 2008-02-29 | 2014-08-12 | International Business Machines Corporation | Non-interactive entity application proxy method and system |
US9734496B2 (en) * | 2009-05-29 | 2017-08-15 | Paypal, Inc. | Trusted remote attestation agent (TRAA) |
US8566944B2 (en) * | 2010-04-27 | 2013-10-22 | Microsoft Corporation | Malware investigation by analyzing computer memory |
JP5961638B2 (en) * | 2011-02-17 | 2016-08-02 | ターセーラ, インコーポレイテッド | System and method for application certification |
US10089612B2 (en) * | 2011-03-15 | 2018-10-02 | Capital One Services, Llc | Systems and methods for performing ATM fund transfer using active authentication |
US9317689B2 (en) * | 2012-06-15 | 2016-04-19 | Visa International Service Association | Method and apparatus for secure application execution |
US9756036B2 (en) * | 2012-06-15 | 2017-09-05 | Nokia Technologies Oy | Mechanisms for certificate revocation status verification on constrained devices |
US9280655B2 (en) * | 2013-03-13 | 2016-03-08 | Samsung Electronics Co., Ltd | Application authentication method and electronic device supporting the same |
US10177915B2 (en) * | 2013-03-15 | 2019-01-08 | Ologn Technologies Ag | Systems, methods and apparatuses for device attestation based on speed of computation |
US9401954B2 (en) * | 2013-11-06 | 2016-07-26 | International Business Machines Corporation | Scaling a trusted computing model in a globally distributed cloud environment |
KR101801567B1 (en) * | 2013-12-19 | 2017-11-27 | 인텔 코포레이션 | Policy-based trusted inspection of rights managed content |
US9602508B1 (en) * | 2013-12-26 | 2017-03-21 | Lookout, Inc. | System and method for performing an action based upon two-party authorization |
US9712491B2 (en) * | 2014-03-03 | 2017-07-18 | Qualcomm Connected Experiences, Inc. | Access control lists for private networks of system agnostic connected devices |
US9736154B2 (en) * | 2014-09-16 | 2017-08-15 | Nok Nok Labs, Inc. | System and method for integrating an authentication service within a network architecture |
US11107071B2 (en) * | 2016-02-01 | 2021-08-31 | Apple Inc. | Validating online access to secure device functionality |
-
2016
- 2016-02-26 US US15/055,314 patent/US20160253664A1/en not_active Abandoned
- 2016-02-29 CN CN201680011694.6A patent/CN107430657B/en active Active
- 2016-02-29 WO PCT/KR2016/002020 patent/WO2016137307A1/en active Application Filing
- 2016-02-29 EP EP16755957.4A patent/EP3262814A4/en not_active Withdrawn
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020174068A1 (en) * | 2001-05-07 | 2002-11-21 | Rodolphe Marsot | Method for increasing the security of payment of tradesman by a client, corresponding localization center and system |
JP2005062556A (en) * | 2003-08-14 | 2005-03-10 | Internatl Business Mach Corp <Ibm> | Authentication system, server, authentication method, and program |
US20090171836A1 (en) * | 2007-12-28 | 2009-07-02 | Ebay Inc. | System and method for identification verification over a financial network |
US20130226812A1 (en) * | 2012-02-24 | 2013-08-29 | Mads Landrok | Cloud proxy secured mobile payments |
US20140095865A1 (en) * | 2012-09-28 | 2014-04-03 | Blue Coat Systems, Inc. | Exchange of digital certificates in a client-proxy-server network configuration |
Non-Patent Citations (1)
Title |
---|
See also references of EP3262814A4 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10069829B1 (en) | 2017-05-17 | 2018-09-04 | International Business Machines Corporation | Multi-party secure global attestation |
US10075440B1 (en) | 2017-05-17 | 2018-09-11 | International Business Machines Corporation | Multi-party secure global attestation |
EP4038520A4 (en) * | 2019-09-30 | 2023-08-30 | INTEL Corporation | Methods and apparatus to attest objects in edge computing environments |
Also Published As
Publication number | Publication date |
---|---|
EP3262814A1 (en) | 2018-01-03 |
CN107430657A (en) | 2017-12-01 |
EP3262814A4 (en) | 2018-02-28 |
US20160253664A1 (en) | 2016-09-01 |
CN107430657B (en) | 2022-01-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016137307A1 (en) | Attestation by proxy | |
WO2016036115A1 (en) | Electronic device and method for managing re-registration | |
AU2015337278B2 (en) | Device and method for secure connection | |
WO2016137304A1 (en) | Trust-zone-based end-to-end security | |
WO2018066961A1 (en) | Trusted execution environment secure element communication | |
WO2016129838A1 (en) | Electronic device and method for processing secure information | |
WO2015126135A1 (en) | Method and apparatus for processing biometric information in electronic device | |
WO2017122980A1 (en) | Electronic device and method for authenticating identification information thereof | |
WO2016129936A1 (en) | Security message transmission apparatus and processing method therefor | |
CN111355732B (en) | Link detection method and device, electronic equipment and storage medium | |
WO2021060745A1 (en) | Electronic device for updating firmware by using security integrated circuit and operation method thereof | |
WO2020231177A1 (en) | Electronic device and method for receiving push message stored in blockchain | |
WO2019164264A1 (en) | Electronic apparatus and operating method thereof | |
WO2018080198A1 (en) | Electronic device and method for performing authentication | |
WO2023128341A1 (en) | Method and system for fraudulent transaction detection using homomorphically encrypted data | |
WO2020235933A1 (en) | System and method for payment authentication | |
WO2022146026A1 (en) | Method for processing protected data and electronic device supporting same | |
WO2018079999A1 (en) | Electronic device and method for operating the same | |
WO2018131910A1 (en) | Electronic device and method for creating shortcut to web page in electronic device | |
WO2021040395A1 (en) | Electronic device for controlling access to device resource and operation method thereof | |
WO2021235838A1 (en) | Electronic device using blockchain and operation method thereof | |
WO2021025322A1 (en) | Electronic device for activating application through key account, and system including same | |
WO2020159104A1 (en) | Electronic device for managing personal information and method therefor | |
WO2015133858A1 (en) | Apparatus and method for improving loading time in electronic device | |
WO2014010875A1 (en) | Method for executing application in interlock with pair device and performing payment and digital system therefor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16755957 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REEP | Request for entry into the european phase |
Ref document number: 2016755957 Country of ref document: EP |