DYNAMICALLY REACTING POLICIES AND PROTECTIONS FOR SECURING MOBILE FINANCIAL TRANSACTIONS

US 20110154034A1
Filed: 12/17/2009
Published: 06/23/2011
Est. Priority Date: 12/17/2009
Status: Active Grant

First Claim

Patent Images

1. A method for securing mobile financial transactions, the method comprising:

receiving a list of protection methods from an external terminal over a communication network;

creating a matrix of protection methods based on at least one of the protection methods, the matrix corresponding to the external terminal;

receiving security-related information from one or more trust mediator agents over the communication network;

retrieving, from a master list of rules, rules corresponding to the received security-related information;

selecting at least one protection method from the matrix of protection methods based on the rules obtained by the retrieving; and

transmitting the at least one selected protection method to the one or more trust mediator agents,wherein at least one of the above steps is performed by a processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure mobile financial transaction is provided by receiving a list of protection methods from an external terminal over a communication network. A matrix of protection methods corresponding to the external terminal is created based on the identified protection methods. Security-related information is received from one or more trust mediator agents over the communication network. Rules corresponding to the received security related information are retrieved, and at least one protection method is selected from the matrix of protection methods based on the retrieved rules. The selected protection method is transmitted to the trust mediator agents for implementation.

105 Citations

View as Search Results

18 Claims

1. A method for securing mobile financial transactions, the method comprising:
- receiving a list of protection methods from an external terminal over a communication network;
  
  creating a matrix of protection methods based on at least one of the protection methods, the matrix corresponding to the external terminal;
  
  receiving security-related information from one or more trust mediator agents over the communication network;
  
  retrieving, from a master list of rules, rules corresponding to the received security-related information;
  
  selecting at least one protection method from the matrix of protection methods based on the rules obtained by the retrieving; and
  
  transmitting the at least one selected protection method to the one or more trust mediator agents,wherein at least one of the above steps is performed by a processor.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the creating the matrix of protection methods further includes:
    - retrieving, from a master list of protection methods, at least one of category information and strength information corresponding to each of the protection methods;
      
      arranging the protection methods in the matrix by allocating one dimension of the matrix per category based on the category information; and
      
      arranging the protection methods in the matrix in an order of increasing strength based on the strength information.
  - 3. The method of claim 1, further comprising:
    - modifying at least one of the master list of rules, a master list of protection methods, and a master list of security-related information detections based on the received security-related information.
  - 4. The method of claim 1, wherein the protection methods include at least one of an encryption method, an identification method, an authentication method, a pairing method, a digital signature method, a nonrepudiation method, a steganography method, an encryption method using a specific key length, an encryption method using a specific key exchange method, and an encryption method using a key building method.
  - 5. The method of claim 1, wherein the rules include at least one of:
    - a rule indicating a protection method to select in response to receiving a certain type of the security-related information,a rule indicating that a protection method of increased strength is to be selected in response to receiving a certain type of the security-related information,a rule indicating that a protection method is to be selected randomly in response to receiving a certain type of the security-related information, anda rule indicating that a protection method has been invalidated and is not to be used.

6. A system for securing mobile financial transactions, the system comprising:
- a trust mediator including a processor coupled to a memory, operable to;
  
  receive a list of protection methods from an external terminal over a communication network;
  
  create a matrix of protection methods based on at least one of the protection methods, the matrix corresponding to the external terminal;
  
  receive security-related information from one or more trust mediator agents over the communication network;
  
  retrieve, from a master list of rules stored in the memory, rules corresponding to the received security-related information;
  
  select at least one protection method from the matrix of protection methods based on the rules obtained by the retrieving; and
  
  transmit the at least one selected protection method to the one or more trust mediator agents.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the trust mediator is further operable to:
    - retrieve, from a master list of protection methods, at least one of category information and strength information corresponding to each of the protection methods;
      
      arrange the protection methods in the matrix by allocating one dimension of the matrix per category based on the category information; and
      
      arrange the protection methods in the matrix in an order of increasing strength based on the strength information.
  - 8. The system of claim 6, wherein the trust mediator is further operable to:
    - modify at least one of the master list of rules, a master list of protection methods, and a master list of security-related information detections based on the received security-related information.
  - 9. The system of claim 6, wherein the protection methods include at least one of an encryption method, an identification method, an authentication method, a pairing method, a digital signature method, a nonrepudiation method, a steganography method, an encryption method using a specific key length, an encryption method using a specific key exchange method, and an encryption method using a key building method.
  - 10. The system of claim 6, wherein the rules include at least one of:
    - a rule indicating a protection method to select in response to receiving a certain type of the security-related information,a rule indicating that a protection method of increased strength is to be selected in response to receiving a certain type of the security-related information,a rule indicating that a protection method is to be selected randomly in response to receiving a certain type of the security-related information, anda rule indicating that a protection method has been invalidated and is not to be used.

11. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions, which, when executed by a computer system, cause the computer system to perform:
- receiving a list of protection methods from an external terminal over a communication network;
  
  creating a matrix of protection methods based on at least one of the protection methods, the matrix corresponding to the external terminal;
  
  receiving security-related information from one or more trust mediator agents over the communication network;
  
  retrieving, from a master list of rules, rules corresponding to the received security-related information;
  
  selecting at least one protection method from the matrix of protection methods based on the rules obtained by the retrieving; and
  
  transmitting the at least one selected protection method to the one or more trust mediator agents.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-readable medium of claim 11, wherein the sequences of instructions further include instructions, which, when executed by the computer system, cause the computer system to perform:
    - retrieving, from a master list of protection methods, at least one of category information and strength information corresponding to each of the protection methods;
      
      arranging the protection methods in the matrix by allocating one dimension of the matrix per category based on the category information; and
      
      arranging the protection methods in the matrix in an order of increasing strength based on the strength information.
  - 13. The computer-readable medium of claim 11, wherein the sequences of instructions further include instructions, which, when executed by the computer system, cause the computer system to perform:
    - modifying at least one of the master list of rules, a master list of protection methods, and a master list of security-related information detections based on the received security-related information.
  - 14. The computer-readable medium of claim 11, wherein the protection methods include at least one of an encryption method, an identification method, an authentication method, a pairing method, a digital signature method, a nonrepudiation method, a steganography method, an encryption method using a specific key length, an encryption method using a specific key exchange method, and an encryption method using a key building method.
  - 15. The computer-readable medium of claim 11, wherein the rules include at least one of:
    - a rule indicating a protection method to select in response to receiving a certain type of the security-related information,a rule indicating that a protection method of increased strength is to be selected in response to receiving a certain type of the security-related information,a rule indicating that a protection method is to be selected randomly in response to receiving a certain type of the security-related information, anda rule indicating that a protection method has been invalidated and is not to be used.

16. A method for completing secure mobile financial transactions, the method comprising:
- transmitting a list of protection methods available for an external terminal to a trust mediator over a communication network;
  
  transmitting security-related information to the trust mediator over the communication network, the security-related information including sensor data received from a plurality of sensors; and
  
  receiving, in response to the transmitting of the security-related information, at least one protection method from the trust mediator for implementation; and
  
  completing a financial transaction by using the external terminal and the at least one received protection method,wherein at least one of the above steps is performed by a processor.

17. A system for completing secure mobile financial transactions, the system comprising:
- an external terminal including a processor coupled to a memory, operable to;
  
  transmit a list of protection methods available for an external terminal to a trust mediator over a communication network;
  
  transmit security-related information to the trust mediator over the communication network, the security-related information including sensor data received from a plurality of sensors; and
  
  receive, in response to the transmitting of the security-related information, at least one protection method from the trust mediator; and
  
  complete a financial transaction by using the external terminal and the at least one received protection method.

18. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions, which, when executed by a computer system, cause the computer system to perform:
- transmitting a list of protection methods available for an external terminal to a trust mediator over a communication network;
  
  transmitting security-related information to the trust mediator over the communication network, the security-related information including sensor data received from a plurality of sensors; and
  
  receiving, in response to the transmitting of the security-related information, at least one protection method from the trust mediator; and
  
  completing a financial transaction by using the external terminal and the at least one received protection method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Bailey, Samuel A. JR.

Granted Patent

US 9,756,076 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/3823   combining multiple encrypti...

G06Q 40/02   Banking, e.g. interest calc...

H04L 2463/102   applying security measure f...

H04L 63/0478   applying multiple layers of...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 12/088   using filters or firewalls

DYNAMICALLY REACTING POLICIES AND PROTECTIONS FOR SECURING MOBILE FINANCIAL TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

105 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

DYNAMICALLY REACTING POLICIES AND PROTECTIONS FOR SECURING MOBILE FINANCIAL TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others