公开(公告)号：US20190012672A1

公开(公告)日：2019-01-10

申请号：US16065793

申请日：2016-12-21

Applicant: GEMALTO SA

Inventor： Viola FRANCESCO

IPC: G06Q20/40 ,  G06F21/60 ,  G06F21/57

Abstract: This invention concerns a method and system for improving the security of transaction in an emulated Integrated Circuit. During compilation time of a payment application, at least one detection agent are inserted into the code of the payment application. This detection agent is configured to detect an unauthorized use of the payment application. During a runtime of the payment application, if the detection agent result indicates “no threat detected” the payment application retrieves from a predefined map of “no threat detected”, the right value associated to the detection agent, otherwise a random false value is generated. The payment application alters at least one data manipulated during the transaction with the value retrieved or generated. A reverse mechanism of the payment application retrieve the right value and apply a restoration process to the altered data with the retrieved right value. The payment application computes a cryptogram from the restored manipulated data. From the computed cryptogram, a third party can authorize or reject the transaction.

公开(公告)号：US20190005493A1

公开(公告)日：2019-01-03

申请号：US16064462

申请日：2016-12-21

Applicant: GEMALTO SA

Inventor： Viola FRANCESCO

IPC: G06Q20/38 ,  H04L9/08

Abstract: This invention concerns a method and system for improving the security of transaction in an emulated Integrated Circuit. Methods and devices for pre-generating session keys for securing transactions are provided. The generated session key is obfuscated with a preventing data for unauthorized use and/or access of the session cryptographic and encrypted. This encrypted obfuscated key is provisioned from a remote computer to the communication device. The mobile application is configured to decrypt and de-obfuscate the received encrypted obfuscated session cryptographic key, during a transaction. The method may also include generating, by the communication device, a transaction cryptogram using the decrypted and de-obfuscated session cryptographic key, and sending by the communication device to the remote system the transaction cryptogram to conduct the transaction. The transaction can be authorized based on at least whether the decrypted and de-obfuscated session cryptographic key is the expected one. With the invention, the session cryptographic key is keep unveiled from the moment they are provisioned to until the very last moment when the session cryptographic key is used to compute the cryptogram.