System for transaction authentication
First Claim
1. A computer-implemented method comprising:
- instantiating an emulator on a host device having a host operating system, wherein the emulator implements functionality of a hardware architecture different than a hardware architecture of the host device and wherein the emulator is configured to emulate at least one integrated circuit having a different instruction set than an integrated circuit of the host device;
configuring a guest operating system executing on the emulated integrated circuit to communicate through an emulated network interface of the emulator, the guest operating system and host operating system both executing on the host device, and wherein the emulated network interface is configured to facilitate transfer of data to and from the guest operating system via a network stack of the host operating system;
configuring the emulator to disengage from the host device such that the guest operating system and applications executing on the guest operating system do not have unauthorized access to software and hardware of the host device;
configuring the emulator such that an environment of the emulator is protected from unauthorized access by the host operating system and applications executing on the host operating system, and an environment of the host device is protected from unauthorized access by the guest operating system and applications executing on the guest operating system; and
under control of one or more guest operating system processes executing on the emulated integrated circuit;
receiving, over a first secure communication channel, a request to authorize a transaction, the request received from an application executing on the host device;
based on the received request, obtaining user input from an input device of the host device and transforming the user input to verification data, wherein the verification data is a credit card security code, a Quick Response Code, or information received from an integrated circuit on a credit card;
establishing a different second secure communication channel to a remote system through the emulated network interface;
sending a request to the remote system over the second secure communication channel to authorize the transaction based on the verification data;
receiving an authorization result from the remote system over the second secure communication channel; and
sending a response to the application over the first secure communication channel indicating the authorization result.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for secure transaction authorization are provided. An emulator is instantiated on a host device and configured to emulate an integrated circuit having a different instruction set than an integrated circuit of the host device, and a guest operating system executing on the emulated integrated circuit is configured to communicate with a host operating system of the host device through an emulated network interface of the emulator. Under control of one or more guest operating system processes executing on the emulated integrated circuit, a request is received over a first secure communication channel from an application executing on the host operating system to authorize a transaction. Further, based on the received request, user input is obtained from an input device of the host device and transformed into verification data. A different second secure communication channel is established to a remote system through the emulated network interface, and a request is sent over the second channel to the remote system to authorize the transaction based on the verification data. An authorization result is received from the remote system over the second secure communication channel, and a response is sent to the application over the first secure communication channel indicating the authorization result.
14 Citations
18 Claims
-
1. A computer-implemented method comprising:
-
instantiating an emulator on a host device having a host operating system, wherein the emulator implements functionality of a hardware architecture different than a hardware architecture of the host device and wherein the emulator is configured to emulate at least one integrated circuit having a different instruction set than an integrated circuit of the host device; configuring a guest operating system executing on the emulated integrated circuit to communicate through an emulated network interface of the emulator, the guest operating system and host operating system both executing on the host device, and wherein the emulated network interface is configured to facilitate transfer of data to and from the guest operating system via a network stack of the host operating system; configuring the emulator to disengage from the host device such that the guest operating system and applications executing on the guest operating system do not have unauthorized access to software and hardware of the host device; configuring the emulator such that an environment of the emulator is protected from unauthorized access by the host operating system and applications executing on the host operating system, and an environment of the host device is protected from unauthorized access by the guest operating system and applications executing on the guest operating system; and under control of one or more guest operating system processes executing on the emulated integrated circuit; receiving, over a first secure communication channel, a request to authorize a transaction, the request received from an application executing on the host device; based on the received request, obtaining user input from an input device of the host device and transforming the user input to verification data, wherein the verification data is a credit card security code, a Quick Response Code, or information received from an integrated circuit on a credit card; establishing a different second secure communication channel to a remote system through the emulated network interface; sending a request to the remote system over the second secure communication channel to authorize the transaction based on the verification data; receiving an authorization result from the remote system over the second secure communication channel; and sending a response to the application over the first secure communication channel indicating the authorization result. - View Dependent Claims (2, 3)
-
-
5. The method of claim 1 wherein information received from the first secure communication channel is encrypted.
-
6. The method of claim 1 wherein the input device is a touch screen and wherein obtaining the user input from the input device comprises receiving a plurality of locations each indicating a location of an interaction with the touch screen.
-
7. The method of claim 1 wherein establishing a different second secure communication channel to the remote system through the emulated network interface comprises establishing a secure virtual private network between a second guest operating system process and the remote system.
-
8. The method of claim 1 wherein configuring the emulator to communicate with the host operating system of the host device comprises:
attaching a second guest operating system process to the emulated network interface wherein the second process is configured to transfer packets between the emulated network interface and the host operating system network stack.
-
9. The method of claim 1 wherein at least one of the guest operating system processes executes in kernel space of the guest operating system.
-
10. A system comprising:
-
a memory for storing computer-executable instructions; and a processing unit for executing the instructions stored on the memory, wherein execution of the instructions results the processing unit performing operations comprising; instantiating an emulator on a host device having a host operating system, wherein the emulator implements functionality of a hardware architecture different than a hardware architecture of the host device and wherein the emulator is configured to emulate at least one integrated circuit having a different instruction set than an integrated circuit of the host device; configuring a guest operating system executing on the emulated integrated circuit to communicate through an emulated network interface of the emulator, the guest operating system and host operating system both executing on the host device, and wherein the emulated network interface is configured to facilitate transfer of data to and from the guest operating system via a network stack of the host operating system; configuring the emulator to disengage from the host device such that the guest operating system and applications executing on the guest operating system do not have unauthorized access to software and hardware of the host device; configuring the emulator such that an environment of the emulator is protected from unauthorized access by the host operating system and applications executing on the host operating system, and an environment of the host device is protected from unauthorized access by the guest operating system and applications executing on the guest operating system; and under control of one or more guest operating system processes executing on the emulated integrated circuit; receiving, over a first secure communication channel, a request to authorize a transaction, the request received from an application executing on the host device; based on the received request, obtaining user input from an input device of the host device and transforming the user input to verification data, wherein the verification data is a credit card security code, a Quick Response Code, or information received from an integrated circuit on a credit card; establishing a different second secure communication channel to a remote system through the emulated network interface; sending a request to the remote system over the second secure communication channel to authorize the transaction based on the verification data; receiving an authorization result from the remote system over the second secure communication channel; and sending a response to the application over the first secure communication channel indicating the authorization result.
-
-
11. The system of claim 10 wherein the emulated integrated circuit duplicates the operation of a corresponding physical integrated circuit executing a plurality of instructions wherein the physical integrated circuit comprises a central processing unit.
-
12. The system of claim 11 wherein the emulated integrated circuit duplicates an instruction cycle and instruction cycle timing of the physical integrated circuit.
-
13. The system of claim 10 wherein instantiating the emulator on the host device comprises executing the host device in a sandbox process having a controlled set of resources that can be accessed by the emulator.
-
14. The system of claim 10 wherein information received from the first secure communication channel is encrypted.
-
15. The system of claim 10 wherein the input device is a touch screen and wherein obtaining the user input from the input device comprises receiving a plurality of locations each indicating a location of an interaction with the touch screen.
-
16. The system of claim 10 wherein establishing a different second secure communication channel to the remote system through the emulated network interface comprises establishing a secure virtual private network between a second guest operating system process and the remote system.
-
17. The system of claim 10 wherein configuring the emulator to communicate with the host operating system of the host device comprises:
attaching a second guest operating system process to the emulated network interface wherein the second process is configured to transfer packets between the emulated network interface and the host operating system network stack.
-
18. The system of claim 10 wherein at least one of the guest operating system processes executes in kernel space of the guest operating system.
Specification