DYNAMICALLY REACTING POLICIES AND PROTECTIONS FOR SECURING MOBILE FINANCIAL TRANSACTION DATA IN TRANSIT
First Claim
1. A method for securing mobile financial transactions, the method comprising:
- receiving, over a communication network, a list of protection mechanisms available for implementation by an external terminal;
receiving, over the communication network, security-related data from one or more sensors;
computing an attack signature based on the security-related data;
storing, in a database, security policy data including a plurality of security policies;
selecting a security policy from the plurality of security policies based on the list of protection mechanisms and the attack signature;
establishing a secure communication session between the external terminal and an internal network component according to the selected security policy; and
communicating, over the communication network during the secure communication session, a data message according to the selected security policy, the data message being associated with a mobile financial transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure mobile financial transaction is provided by receiving, over a communication network, a list of protection mechanisms available for implementation by an external terminal. Security-related data is received from one or more sensors and an attack signature is computed based on the security-related data. An appropriate security policy is selected from multiple security policies stored in a database based on the list of protection mechanisms and the attack signature. A secure communication session is established between the external terminal and an internal network component according to the selected security policy. A data message associated with a mobile financial transaction is communicated over the communication network during the communication session.
-
Citations
18 Claims
-
1. A method for securing mobile financial transactions, the method comprising:
-
receiving, over a communication network, a list of protection mechanisms available for implementation by an external terminal; receiving, over the communication network, security-related data from one or more sensors; computing an attack signature based on the security-related data; storing, in a database, security policy data including a plurality of security policies; selecting a security policy from the plurality of security policies based on the list of protection mechanisms and the attack signature; establishing a secure communication session between the external terminal and an internal network component according to the selected security policy; and communicating, over the communication network during the secure communication session, a data message according to the selected security policy, the data message being associated with a mobile financial transaction. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for securing mobile financial transactions, the system comprising:
-
a memory operable to store security policy data including a plurality of security policies; and a processor coupled to the memory, the processor being operable to; receive, over a communication network, a list of protection mechanisms available for implementation by an external terminal; receive, over the communication network, security-related data from one or more sensors; compute an attack signature based on the security-related data; select a security policy from the plurality of security policies based on the list of protection mechanisms and the attack signature; establish a secure communication session between the external terminal and an internal network component according to the selected security policy; and communicate, over the communication network during the secure communication session, a data message according to the selected security policy, the data message being associated with a mobile financial transaction. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions, which, when executed by a computer system, cause the computer system to perform:
-
receiving, over a communication network, a list of protection mechanisms available for implementation by an external terminal; receiving, over the communication network, security-related data from one or more sensors; computing an attack signature based on the security-related data; storing, in a database, security policy data including a plurality of security policies; selecting a security policy from the plurality of security policies based on the list of protection mechanisms and the attack signature; establishing a secure communication session between the external terminal and an internal network component according to the selected security policy; and communicating, over the communication network during the secure communication session, a data message according to the selected security policy, the data message being associated with a mobile financial transaction. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification