DYNAMICALLY REACTING POLICIES AND PROTECTIONS FOR SECURING MOBILE FINANCIAL TRANSACTION DATA IN TRANSIT

US 20110178933A1
Filed: 01/20/2010
Published: 07/21/2011
Est. Priority Date: 01/20/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securing mobile financial transactions, the method comprising:

receiving, over a communication network, a list of protection mechanisms available for implementation by an external terminal;

receiving, over the communication network, security-related data from one or more sensors;

computing an attack signature based on the security-related data;

storing, in a database, security policy data including a plurality of security policies;

selecting a security policy from the plurality of security policies based on the list of protection mechanisms and the attack signature;

establishing a secure communication session between the external terminal and an internal network component according to the selected security policy; and

communicating, over the communication network during the secure communication session, a data message according to the selected security policy, the data message being associated with a mobile financial transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure mobile financial transaction is provided by receiving, over a communication network, a list of protection mechanisms available for implementation by an external terminal. Security-related data is received from one or more sensors and an attack signature is computed based on the security-related data. An appropriate security policy is selected from multiple security policies stored in a database based on the list of protection mechanisms and the attack signature. A secure communication session is established between the external terminal and an internal network component according to the selected security policy. A data message associated with a mobile financial transaction is communicated over the communication network during the communication session.

Citations

18 Claims

1. A method for securing mobile financial transactions, the method comprising:
- receiving, over a communication network, a list of protection mechanisms available for implementation by an external terminal;
  
  receiving, over the communication network, security-related data from one or more sensors;
  
  computing an attack signature based on the security-related data;
  
  storing, in a database, security policy data including a plurality of security policies;
  
  selecting a security policy from the plurality of security policies based on the list of protection mechanisms and the attack signature;
  
  establishing a secure communication session between the external terminal and an internal network component according to the selected security policy; and
  
  communicating, over the communication network during the secure communication session, a data message according to the selected security policy, the data message being associated with a mobile financial transaction.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the selecting the security policy further includes:
    - computing a value associated with the data message based on at least one of a value of the financial transaction and a predetermined valuation formula;
      
      computing a probability that security of the data message will be compromised based on the list of protection mechanisms and the attack signature;
      
      computing a total risk level as a product of (1) the value associated with the data message and (2) the probability that security of the data message will be compromised; and
      
      selecting the policy from the plurality of security policies that results in a risk level within a predetermined risk threshold.
  - 3. The method of claim 1, wherein the security policy includes at least one of (1) an encryption algorithm for encrypting data messages, (2) a communication channel for communicating data messages and (3) a communication protocol for communication data messages.
  - 4. The method of claim 1, wherein establishing a secure communication session further includes:
    - constructing a policy message including at least one of a protection mechanism, a communication channel, and a communication protocol to be used for the communication session; and
      
      transmitting the policy message to the external terminal over the communication network.
  - 5. The method of claim 4, wherein establishing a secure communication session further includes:
    - determining a protection mechanism for the policy message based on the list of protection mechanisms and the attack signature;
      
      determining a communication channel for the policy message based on the list of protection mechanisms and the attack signature;
      
      determining a communication protocol for the policy message based on the list of protection mechanisms and the attack signature; and
      
      transmitting, over the communication network, the protection mechanism, the communication channel, and the communication protocol for the policy message.
  - 6. The method of claim 1, wherein the security policy includes at least one of:
    - channel encryption, payload encryption, encryption key rotation, encryption key generation using a biometric identifier, encryption key generation based on a pseudorandom number, communication channel split information, and data message reassembly information.

7. A system for securing mobile financial transactions, the system comprising:
- a memory operable to store security policy data including a plurality of security policies; and
  
  a processor coupled to the memory, the processor being operable to;
  
  receive, over a communication network, a list of protection mechanisms available for implementation by an external terminal;
  
  receive, over the communication network, security-related data from one or more sensors;
  
  compute an attack signature based on the security-related data;
  
  select a security policy from the plurality of security policies based on the list of protection mechanisms and the attack signature;
  
  establish a secure communication session between the external terminal and an internal network component according to the selected security policy; and
  
  communicate, over the communication network during the secure communication session, a data message according to the selected security policy, the data message being associated with a mobile financial transaction.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the processor is further operable to:
    - compute a value associated with the data message based on at least one of a value of the financial transaction and a predetermined valuation formula;
      
      compute a probability that security of the data message will be compromised based on the list of protection mechanisms and the attack signature;
      
      compute a total risk level as a product of (1) the value associated with the data message and (2) the probability that security of the data message will be compromised; and
      
      select the policy from the plurality of security policies that results in a risk level within a predetermined acceptable risk threshold.
  - 9. The system of claim 7, wherein the security policy includes at least one of (1) an encryption algorithm for encrypting data messages, (2) a communication channel for communicating data messages, and (3) a communication protocol for communicating data messages.
  - 10. The system of claim 7, wherein the processor is further operable to:
    - construct a policy message including at least one of a protection mechanism, a communication channel, and a communication protocol to be used for the communication session; and
      
      transmit the policy message to the external terminal over the communication network.
  - 11. The system of claim 7, wherein the processor is further operable to:
    - determine a protection mechanism for the policy message based on the list of protection mechanisms and the attack signature;
      
      determine a communication channel for the policy message based on the list of protection mechanisms and the attack signature;
      
      determine a communication protocol for the policy message based on the list of protection mechanisms and the attack signature; and
      
      transmit, over the communication network, the protection mechanism, the communication channel, and the communication protocol for the policy message.
  - 12. The system of claim 7, wherein the security policy includes at least one of:
    - channel encryption, payload encryption, encryption key rotation, encryption key generation using a biometric identifier, encryption key generation based on a pseudorandom number, communication channel split information, and data message reassembly information.

13. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions, which, when executed by a computer system, cause the computer system to perform:
- receiving, over a communication network, a list of protection mechanisms available for implementation by an external terminal;
  
  receiving, over the communication network, security-related data from one or more sensors;
  
  computing an attack signature based on the security-related data;
  
  storing, in a database, security policy data including a plurality of security policies;
  
  selecting a security policy from the plurality of security policies based on the list of protection mechanisms and the attack signature;
  
  establishing a secure communication session between the external terminal and an internal network component according to the selected security policy; and
  
  communicating, over the communication network during the secure communication session, a data message according to the selected security policy, the data message being associated with a mobile financial transaction.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer-readable medium of claim 13, wherein the sequences of instructions further include instructions, which, when executed by the computer system, cause the computer system to perform:
    - computing a value associated with the data message based on at least one of a value of the financial transaction and a predetermined valuation formula;
      
      computing a probability that security of the data message will be compromised based on the list of protection mechanisms and the attack signature;
      
      computing a total risk level as a product of (1) the value associated with the data message and (2) the probability that security of the data message will be compromised; and
      
      selecting the policy from the plurality of security policies that results in a risk level within a predetermined risk threshold.
  - 15. The computer-readable medium of claim 13, wherein the security policy includes at least one of (1) an encryption algorithm for encrypting data messages, (2) a communication channel for communicating data messages, and (3) a communication protocol for communicating data messages.
  - 16. The computer-readable medium of claim 13, wherein the sequences of instructions further include instructions, which, when executed by the computer system, cause the computer system to perform:
    - constructing a policy message including at least one of a protection mechanism, a communication channel, and a communication protocol to be used for the communication session; and
      
      transmitting the policy message to the external terminal over the communication network.
  - 17. The computer-readable medium of claim 13, wherein the sequences of instructions further include instructions, which, when executed by the computer system, cause the computer system to perform:
    - determining a protection mechanism for the policy message based on the list of protection mechanisms and the attack signature;
      
      determining a communication channel for the policy message based on the list of protection mechanisms and the attack signature;
      
      determining a communication protocol for the policy message based on the list of protection mechanisms and the attack signature; and
      
      transmitting, over the communication network, the protection mechanism, the communication channel, and the communication protocol for the policy message.
  - 18. The computer-readable medium of claim 13, wherein security policy includes at least one of:
    - channel encryption, payload encryption, encryption key rotation, encryption key generation using a biometric identifier, encryption key generation based on a pseudorandom number, communication channel split information, and data message reassembly information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Bailey, Samuel A. JR.

Granted Patent

US 8,650,129 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06F 21/564   by virus signature recognition

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3223   Realising banking transacti...

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

G06Q 2220/00   Business processing using c...

G06Q 40/02   Banking, e.g. interest calc...

H04L 2463/102   applying security measure f...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

H04W 4/00   Services specially adapted ...

DYNAMICALLY REACTING POLICIES AND PROTECTIONS FOR SECURING MOBILE FINANCIAL TRANSACTION DATA IN TRANSIT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMICALLY REACTING POLICIES AND PROTECTIONS FOR SECURING MOBILE FINANCIAL TRANSACTION DATA IN TRANSIT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links