SECURE MOBILE DEVICE TRANSACTIONS

US 20150248668A1
Filed: 03/03/2015
Published: 09/03/2015
Est. Priority Date: 03/03/2014
Status: Abandoned Application

First Claim

Patent Images

1. A mobile computing device having a processor and a memory, wherein the processor is programmed with a mobile transaction application, wherein:

the memory comprises a local database to hold data items for use by the mobile transaction application;

wherein the mobile transaction application is adapted to encrypt data items for storage in the local database and to decrypt data items stored in the local database using white-box cryptographic techniques.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile computing device has a processor and a memory. The processor is programmed with a mobile transaction application 101. The memory comprises a local database 102 to hold data items for use by the mobile transaction application 101. The mobile transaction application 101 is adapted to encrypt data items for storage in the local database 102 and to decrypt data items stored in the local database 102 using white-box cryptographic techniques.

Citations

20 Claims

1. A mobile computing device having a processor and a memory, wherein the processor is programmed with a mobile transaction application, wherein:
- the memory comprises a local database to hold data items for use by the mobile transaction application;
  
  wherein the mobile transaction application is adapted to encrypt data items for storage in the local database and to decrypt data items stored in the local database using white-box cryptographic techniques.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A mobile computing device as claimed in claim 1, wherein an entry in the local database comprises an index and an encrypted parameter for use by the mobile transaction algorithm.
  - 3. A mobile computing device as claimed in claim 1, wherein the mobile transaction application is adapted to use static white-box cryptography and uses a key derivation algorithm in encryption and storage of data in the local encrypted database.
  - 4. A mobile computing device as claimed in claim 3, wherein an entry in the local database further comprises an application sequence counter to indicate a transaction in which an operation associated with the entry was performed.
  - 5. A mobile computing device as claimed in claim 1, wherein the mobile transaction application is adapted to use dynamic white-box cryptography and uses a key transportation algorithm in encryption and storage of data in the local encrypted database.
  - 6. A mobile computing device as claimed in claim 5, wherein an entry in the local database comprises an index and an encrypted parameter for use by the mobile transaction algorithm and wherein an entry in the local database further comprises an encrypted key for that entry.
  - 7. A mobile computing device as claimed in claim 5, wherein the mobile transaction application communicates with a server adapted to secure one or more parameters used by the mobile transaction application.
  - 8. A mobile computing device as claimed in claim 1, wherein the mobile transaction application and the local database are protected by software obfuscation.
  - 9. A mobile computing device as claimed in claim 1, wherein the mobile transaction application is downloaded to the mobile computing device without customisation to the mobile computing device or its user.
  - 10. A mobile computing device as claimed in claim 9, wherein on installation or initialization, the mobile transaction application is customised to the mobile computing device or its user.
  - 11. A mobile computing device as claimed in claim 1, wherein the mobile computing device is adapted to act as a payment device and wherein the mobile transaction application is a payment application.
  - 12. A mobile computing device as claimed in claim 11 wherein the mobile computing device is adapted to emulate a contactless payment card.
  - 13. A mobile computing device as claimed in claim 1, wherein the mobile computing device is or comprises a mobile telephone.

14. A method of operating a mobile transaction application at a mobile computing device, wherein the mobile computing device comprises a processor adapted to execute the mobile transaction application and a memory comprising a local database to hold data items for use by the mobile transaction application, the method comprising:
- identifying one or more data items for storage in or retrieval from the local database; and
  
  eitherencrypt the one or more data items for storage in the local database using white-box cryptographic techniques, ordecrypt the one or more data items stored in the local database using white-box cryptographic techniques.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the mobile transaction application uses static white-box cryptography and uses a key derivation algorithm in encryption and storage of data in the local encrypted database.
  - 16. The method of claim 14, wherein the mobile transaction application uses dynamic white-box cryptography and uses a key transportation algorithm in encryption and storage of data in the local encrypted database.
  - 17. The method of claim 14, wherein the mobile transaction application and the local database are protected by software obfuscation.
  - 18. The method of claim 14, further comprising:
    - downloading the mobile transaction application to the mobile computing device without customisation to the mobile computing device or its user; and
      
      on installation or initialization, customising the mobile transaction application to the mobile computing device or its user.
  - 19. The method of claim 14, wherein the mobile computing device is adapted to act as a payment device and wherein the mobile transaction application is a payment application.
  - 20. The method of claim 19, wherein the mobile computing device is adapted to emulate a contactless payment card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Radu, Cristian, Collinge, Mehdi

Application Number

US14/636,467
Publication Number

US 20150248668A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/14   against software analysis o...

G06F 21/602   Providing cryptographic fac...

G06K 19/06206   the magnetic marking being ...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/326   Payment applications instal...

G06Q 20/3263   characterised by activation...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 2220/00   Business processing using c...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 2209/56   Financial cryptography, e.g...

H04L 9/002   Countermeasures against att...

H04W 12/02   Protecting privacy or anony...

SECURE MOBILE DEVICE TRANSACTIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE MOBILE DEVICE TRANSACTIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links