Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
First Claim
1. A user equipment, comprising:
- a processor of the user equipment;
a memory of the user equipment;
a trusted security zone of the user equipment, wherein the trusted security zone provides hardware assisted trust and is implemented by partitioning hardware and software resources into a secure partition and a normal partition;
a ticket generator stored in the secure partition in the trusted security zone of the user equipment to generate a plurality of access codes; and
a code generator stored in the secure partition in the trusted security zone of the user equipment configured to;
generate a different one-time-password for each of the plurality of access codes, wherein the one-time-password is not displayed on the user equipment,store the one-time-password in the secure partition in the trusted security zone,transmit the one-time-password to a trusted server through a trusted channel, wherein the one-time-password generated in the trusted security zone of the user equipment and received by the trusted server from the user equipment is stored in the trusted server,responsive to an associated access code from the plurality of access codes being displayed and upon request of a user of the user equipment, display the one-time-password, wherein a request is sent to the trusted server from a point of sale or a workstation for the one-time-password associated with the access code, and wherein access is granted to the user equipment in response to a verification of the associated access code and the one-time-password from the user equipment and the one-time-password stored by the trusted server matching, andinvalidate the one-time-password promptly after the display ends.
6 Assignments
0 Petitions
Accused Products
Abstract
A user equipment. The user equipment comprises a processor, a memory, a trusted security zone, wherein the trusted security zone provides hardware assisted trust, a ticket generator stored in the trusted security zone to generate a plurality of access codes, and a code generator stored in the trusted security zone. The code generator generates a different one-time-password for each of the plurality of access codes, wherein the one-time-password is not displayed on the user equipment, stores the one-time-password in the trusted security zone, and transmits the one-time-password to a trusted server through a trusted channel. Responsive to an associated access code from the plurality of access codes being displayed and upon request of a user of the user equipment, the code generator displays the one-time-password and invalidates the one-time-password promptly after the display ends.
-
Citations
20 Claims
-
1. A user equipment, comprising:
-
a processor of the user equipment; a memory of the user equipment; a trusted security zone of the user equipment, wherein the trusted security zone provides hardware assisted trust and is implemented by partitioning hardware and software resources into a secure partition and a normal partition; a ticket generator stored in the secure partition in the trusted security zone of the user equipment to generate a plurality of access codes; and a code generator stored in the secure partition in the trusted security zone of the user equipment configured to; generate a different one-time-password for each of the plurality of access codes, wherein the one-time-password is not displayed on the user equipment, store the one-time-password in the secure partition in the trusted security zone, transmit the one-time-password to a trusted server through a trusted channel, wherein the one-time-password generated in the trusted security zone of the user equipment and received by the trusted server from the user equipment is stored in the trusted server, responsive to an associated access code from the plurality of access codes being displayed and upon request of a user of the user equipment, display the one-time-password, wherein a request is sent to the trusted server from a point of sale or a workstation for the one-time-password associated with the access code, and wherein access is granted to the user equipment in response to a verification of the associated access code and the one-time-password from the user equipment and the one-time-password stored by the trusted server matching, and invalidate the one-time-password promptly after the display ends. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of generating and verifying one-time-passwords for user equipments, comprising:
-
generating, by a code generator stored in a trusted security zone in a memory of a user equipment, a different one-time-password associated with each of a plurality of access codes, wherein the trusted security zone provides hardware assisted trust and is implemented by partitioning hardware and software resources into a secure partition and a normal partition, and wherein the one-time-password is not displayed on the user equipment at the time of generation; storing the one-time-password in the secure partition in the trusted security zone of the user equipment; transmitting the one-time-password to a trusted server through a trusted channel, wherein the one-time-password generated in the trusted security zone of the user equipment and received by the trusted server from the user equipment is stored in the trusted server; responsive to an associated access code being displayed at a point of sale (POS), displaying the one-time-password; transmitting, by the POS, a request to the trusted server for a one-time-password associated with the access code; comparing the one-time-password displayed on the user equipment with the one-time-password stored by and received from the trusted server; responsive to the associated access code having been verified and the one-time-password from the user equipment and the one-time-password stored by the trusted server matching, granting access associated with the access code to the user equipment; and invalidating the one-time-password promptly after the display ends. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of generating and verifying one-time-passwords for user equipments, comprising:
-
generating, by a code generator stored in a trusted security zone in a memory of a user equipment, a different one-time-password associated with each of a plurality of access codes, wherein the trusted security zone provides hardware assisted trust and is implemented by partitioning hardware and software resources into a secure partition and a normal partition, and wherein the one-time-password is not displayed on the user equipment; storing the one-time-password in the secure partition in the trusted security zone of the user equipment; transmitting the one-time-password to a trusted server through an encrypted channel, wherein the one-time-password generated in the trusted security zone of the user equipment and received by the trusted server from the user equipment is stored in the trusted server; responsive to an associated access code being displayed to a work station, transmitting the one-time-password to the work station through a dedicated channel, wherein the one-time-password is not displayed on the user equipment or the work station; transmitting, by the work station, a request to the trusted server for a one-time-password associated with the access code; comparing the one-time-password received from the user equipment with the one-time-password stored by and received from the trusted server; examining the access code; responsive to the associated access code having been verified and the one-time-password from the user equipment and the one-time-password stored by the trusted server matching, granting access associated with the access code to the user equipment; and invalidating the one-time-password after granting access to the user equipment. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification