Systems and methods for trusted path secure communication

US 10,237,073 B2
Filed: 01/19/2016
Issued: 03/19/2019
Est. Priority Date: 01/19/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for secure exchange of information on a network between a user device and a server, the method comprising the steps of:

(a) generating by a data-collection module on the user device a secured object comprising;

(i) an information object comprising;

(A) a type header specifying at least one type, and (B) information of the at least one type specified in the type header, wherein;

the data-collection module collects from the user device, device information that;

(C) corresponds to the at least one type, (D) is used for authentication of the user device by the server, and (E) is to be transmitted to the server in the information object;

(ii) a header object comprising an anti-replay header or an anti-tamper header, wherein said anti-replay header enables a recipient to determine (A) if a message was previously-received and (B) if the message is received outside a permissible pre-determined time window;

(iii) an integrity object comprising a digital signature of at least part of the information object; and

(b) transmitting, via a client app associated with the data-collection module, the secured object to the server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for establishing a trusted path for secure communication between client devices and server devices, such as between an account holder and a financial institution, can provide the core security attributes of confidentiality (of the parties), integrity (of the information), anti-replay (protection against replay fraud) and/or anti-tampering (protection against unauthorized changes to information being exchanged and/or modules that generate and communicate such information). A messaging layer implementation in favor of a transport layer implementation can provide a trusted path. This infrastructure features secure cryptographic key storage, and implementation of a trusted path built using the cryptographic infrastructure. The trusted path protects against unauthorized information disclosure, modification, or replays. These services can effectively protect against Man-in-the-Middle, Man-in-the-Application, and other attacks.

145 Citations

32 Claims

1. A computer-implemented method for secure exchange of information on a network between a user device and a server, the method comprising the steps of:
- (a) generating by a data-collection module on the user device a secured object comprising;
  
  (i) an information object comprising;
  
  (A) a type header specifying at least one type, and (B) information of the at least one type specified in the type header, wherein;
  
  the data-collection module collects from the user device, device information that;
  
  (C) corresponds to the at least one type, (D) is used for authentication of the user device by the server, and (E) is to be transmitted to the server in the information object;
  
  (ii) a header object comprising an anti-replay header or an anti-tamper header, wherein said anti-replay header enables a recipient to determine (A) if a message was previously-received and (B) if the message is received outside a permissible pre-determined time window;
  
  (iii) an integrity object comprising a digital signature of at least part of the information object; and
  
  (b) transmitting, via a client app associated with the data-collection module, the secured object to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the information of the at least one type contained in the information object comprises a rooted device detection result, a malware detection result, or a debugger-emulator attachment result.
  - 3. The method of claim 1, further comprising determining by the data-collection module at least one of whether:
    - the user device is rooted, using a root-signature list, and providing a rooted device detection result;
      
      the user device or the client app is affected by malware, using a malware signature list, and providing a malware detection result;
      
      ora debugger or an emulator is attached to the client app, the data-collection module, or a security module associated with the data-collection module, and providing a debugger-emulator attachment result.
  - 4. The method of claim 1, further comprising:
    - encrypting information in the information object by the data-collection module or a security module associated with the data-collection module, to produce encrypted information.
  - 5. The method of claim 1, wherein:
    - the data-collection module collects from the user device information to be transmitted to the server, comprising;
      
      (i) a fingerprint of the user device, (ii) a location of the user device, or (iii) a certificate corresponding to a client app that is installed on the user device and that is associated with the data-collection module.
  - 6. The method of claim 1, further comprising exchanging by the data-collection module with a first security module that is associated with both the data-collection module and the user device, a first data element.
  - 7. The method of claim 6, wherein the first data element comprises:
    - (i) a public key of the server, for encrypting the information to be transmitted, (ii) a private key of the data-collection module, for generating the digital signature, (iii) an identifier of the user device, or (iv) a location of the user device.
  - 8. The method of claim 6, further comprising:
    - encrypting by the first security module the first data element using a first level storage key;
      
      storing by the first security module, the encrypted first data element in a sandbox associated with the client app;
      
      encrypting the first level storage key using a second level storage key or a master key; and
      
      storing the encrypted first level storage key in the sandbox.
  - 9. The method of claim 8, wherein the first level storage key is encrypted using the second level storage key, the method further comprising:
    - encrypting the second level storage key using the master key; and
      
      storing the encrypted second level storage key in the sandbox.
  - 10. The method of claim 8, further comprising dynamically generating the master key by the first security module.
  - 11. The method of claim 8, further comprising:
    - encrypting by a second security module that is also installed on the user device and that is associated with a second client app installed on the user device, a second data element using a second first level storage key;
      
      storing by the second security module, the encrypted second data element in a second sandbox associated with the second client app;
      
      encrypting the second first level storage key using a second level storage key or a second master key associated with the second client app, the second master key being unable to decrypt any key not encrypted by the second master key; and
      
      storing the encrypted second first level storage key in the second sandbox.
  - 12. The method of claim 8, further comprising, upon a request from the data-collection module, providing to the data-collection module the first data element in an unencrypted form.
  - 13. The method of claim 1, wherein generating the anti-replay header comprises:
    - generating a message identifier; and
      
      forming the anti-replay header by including;
      
      (i) the message identifier, and (ii);
      
      (A) a time of collection of the information to be transmitted, or (B) a time of transmission of the encrypted information.
  - 14. The method of claim 1, wherein generating the anti-tamper header comprises computing a message digest for:
    - the information object;
      
      the anti-replay header;
      
      the anti-tamper header;
      
      the data-collection module;
      
      orthe client app.
  - 15. The method of claim 1, wherein generating the signature comprises:
    - encrypting a message digest associated with the information object; and
      
      encrypting a message digest associated with;
      
      the anti-replay header;
      
      the anti-tamper header;
      
      the data-collection module;
      
      orthe client app.

16. A computer-implemented method for secure communication on a network between a user device and a first server, the method comprising the steps of:
- (a) receiving by a client app installed on a user device, through an information transmission received by said user device, a secured object comprising;
  
  (i) an information object comprising a configuration file for configuring the user device to collect selected specific types of device authentication information by a data-collection module on the user device, said device authentication information used for authentication of the user device by said first server,wherein said specific types are selected by said first server or a second server from a larger set of available types of device authentication information;
  
  (ii) a header object comprising an anti-replay header or an anti-tamper header, and(iii) an integrity object comprising a digital signature associated with the information object;
  
  (b) validating by the data-collection module the information object based on the signature;
  
  (c) performing by the data-collection module;
  
  (i) an anti-replay check, or (ii) an anti-tamper check; and
  
  (d) configuring the data-collection module to collect device authentication information according to the configuration file.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 17. The method of claim 16, wherein the configuration file is transmitted by the first server or the second server.
  - 18. The method of claim 16, wherein the information object is encrypted, the method further comprising decrypting by the data-collection module the information object.
  - 19. The method of claim 16, wherein the configuration file comprises more than one of:
    - a root-signature list;
      
      a malware signature list;
      
      a list of apps to scan to detect rooting;
      
      a whitelist for logging;
      
      a blacklist;
      
      or an instruction to log locations of the user device.
  - 20. The method of claim 16, wherein the configuration file comprises a biometric configuration file, the method further comprising:
    - obtaining by the data-collection module biometric information according to the biometric configuration file.
  - 21. The method of claim 16, further comprising exchanging a first data element between the data-collection module and a first security module.
  - 22. The method of claim 21, wherein the first data element comprises:
    - (i) a private key of the data-collection module, for decrypting the information object, (ii) a public key of the first server, for validating the information object using the signature, (iii) at least a part of a message identifier history used in performing an anti-replay check, or (iv) a certificate associated with the client app.
  - 23. The method of claim 21, further comprising:
    - encrypting by the first security module the first data element using a first level storage key;
      
      storing by the first security module, the encrypted first data element in a file in a sandbox associated with the client app;
      
      encrypting the first level storage key using a second level storage key or a master key; and
      
      storing the encrypted first level storage key in the sandbox.
  - 24. The method of claim 23, wherein the first level storage key is encrypted using the second level storage key, the method further comprising:
    - encrypting the second level storage key using the master key; and
      
      storing the encrypted second level storage key in the sandbox.
  - 25. The method of claim 23, further comprising:
    - encrypting by a second security module that is also installed on the user device and that is associated with a second client app installed on the user device, a second data element using a second first level storage key;
      
      storing by the second security module, the encrypted second data element in a file in a second sandbox associated with the second client app;
      
      encrypting the second first level storage key using a second level storage key or a second master key corresponding to the second client app, the second master key being unable to decrypt any key not encrypted by the second master key; and
      
      storing the encrypted second first level storage key in the second sandbox.
  - 26. The method of claim 23, further comprising dynamically generating the second master key by the second security module.
  - 27. The method of claim 21, further comprising, upon a request from the data-collection module, providing to the data-collection module the second data element in an unencrypted form.
  - 28. The method of claim 16, wherein performing the anti-replay check comprises:
    - accessing a message time from the anti-replay header and notifying to the client app that the information object is invalid, when the message time is older than a specified threshold;
      
      otherwise, accessing a message identifier from the anti-replay header and notifying to the client app that the information object is invalid, when the message identifier is located in a cache of message identifiers;
      
      otherwise, storing the message identifier in the cache; and
      
      notifying the client app that the information object is not replayed.
  - 29. The method of claim 16, wherein performing the anti-tamper check comprises:
    - computing by the data-collection module a message digest for the anti-replay header or the anti-tamper header;
      
      comparing the message digest with a corresponding message digest obtained from the signature; and
      
      notifying validity of the secured object to the client app according to a result of the comparison.
  - 30. The method of claim 16, further comprising determining by the data-collection module at least one of whether:
    - the user device is rooted, using a root-signature list;
      
      the user device or the client app is affected by malware, using a malware signature list;
      
      ora debugger or an emulator is attached to at least one of the client app, the data-collection module, or a security module associated with the data-collection module.
  - 31. The method of claim 30, wherein:
    - the secured object;
      
      (i) comprises the root-signature list or the malware signature list, and (ii) is uploaded to a networked computer; and
      
      receiving the secured object comprises downloading the secured object from the networked computer.
  - 32. The method of claim 16, further comprising logging by the data-collection module the device authentication information to be sent to said first server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accertify, Inc. (American Express Company)
Original Assignee
InAuth, Inc. (American Express Company)
Inventors
Benson, Glenn S.
Primary Examiner(s)
Lwin, Maung T

Application Number

US15/000,913
Publication Number

US 20160248590A1
Time in Patent Office

1,155 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/564   by virus signature recognition

G06F 21/57   Certifying or maintaining t...

G06F 21/606   by securing the transmissio...

G06F 21/64   Protecting data integrity, ...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 20/382   insuring higher security of...

H04L 63/0272   Virtual private networks

H04L 63/145   the attack involving the pr...

H04L 9/3247   involving digital signatures

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 12/10   Integrity

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

Systems and methods for trusted path secure communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

145 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for trusted path secure communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others