Please download the dossier by clicking on the dossier button x
×

Logical validation of devices against fraud

  • US 10,373,167 B2
  • Filed: 06/30/2016
  • Issued: 08/06/2019
  • Est. Priority Date: 06/30/2016
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for detecting security threats on a payment terminal capable of communicating with a payment object reader, the method comprising:

  • generating, by a tamper monitoring component of the payment terminal, a request for attesting security of the payment terminal;

    sending, by the tamper monitoring component of the payment terminal, the request for attesting security of the payment terminal to a payment processing server;

    generating, by a tamper detection component of the payment processing server, at least one command to scan or test the payment terminal against pre-determined test criteria;

    sending, by the tamper detection component of the payment processing server, the command to the payment terminal;

    executing, by the tamper monitoring component of the payment terminal, the command to generate attestation data indicative of one or more security threats;

    determining, by the tamper detection component of the payment processing server, the attestation data based on the command, wherein attestation data includes at least one of a current state of the payment terminal, a previous state of the payment terminal, a risk rating, and a merchant profile saved on the payment terminal;

    sending the attestation data from the tamper detection component of the payment processing server to the tamper monitoring component of the payment terminal;

    determining, by the tamper detection component of the payment processing server, whether to approve or deny the request for attesting security based on a comparison of one or more of attestation data with known behavior;

    if the determination yields that the request has been approved, further generating an attestation ticket having one or more validity conditions, wherein the one or more validity conditions include expiration time that indicates the time after which the attestation ticket becomes invalid; and

    sending the attestation ticket to the payment terminal, wherein the attestation ticket indicates that the payment terminal is secure;

    andif the determination yields that the request has been denied, further generating another attestation ticket at least includes denial notification, wherein the denial notification indicates a reason for denial of the request; and

    sending the other attestation ticket to the payment terminal, wherein the attestation ticket indicates that the payment terminal is not secure.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×