System for transaction authentication

US 9,009,468 B1
Filed: 09/30/2014
Issued: 04/14/2015
Est. Priority Date: 08/26/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

instantiating an emulator on a host device having a host operating system, wherein the emulator implements functionality of a hardware architecture different than a hardware architecture of the host device and wherein the emulator is configured to emulate at least one integrated circuit having a different instruction set than an integrated circuit of the host device;

configuring a guest operating system executing on the emulated integrated circuit to communicate through an emulated network interface of the emulator, the guest operating system and host operating system both executing on the host device, and wherein the emulated network interface is configured to facilitate transfer of data to and from the guest operating system via a network stack of the host operating system;

configuring the emulator to disengage from the host device such that the guest operating system and applications executing on the guest operating system do not have unauthorized access to software and hardware of the host device;

configuring the emulator such that an environment of the emulator is protected from unauthorized access by the host operating system and applications executing on the host operating system, and an environment of the host device is protected from unauthorized access by the guest operating system and applications executing on the guest operating system; and

under control of one or more guest operating system processes executing on the emulated integrated circuit;

receiving, over a first secure communication channel, a request to authorize a transaction, the request received from an application executing on the host device;

based on the received request, obtaining user input from an input device of the host device and transforming the user input to verification data, wherein the verification data is a credit card security code, a Quick Response Code, or information received from an integrated circuit on a credit card;

establishing a different second secure communication channel to a remote system through the emulated network interface;

sending a request to the remote system over the second secure communication channel to authorize the transaction based on the verification data;

receiving an authorization result from the remote system over the second secure communication channel; and

sending a response to the application over the first secure communication channel indicating the authorization result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for secure transaction authorization are provided. An emulator is instantiated on a host device and configured to emulate an integrated circuit having a different instruction set than an integrated circuit of the host device, and a guest operating system executing on the emulated integrated circuit is configured to communicate with a host operating system of the host device through an emulated network interface of the emulator. Under control of one or more guest operating system processes executing on the emulated integrated circuit, a request is received over a first secure communication channel from an application executing on the host operating system to authorize a transaction. Further, based on the received request, user input is obtained from an input device of the host device and transformed into verification data. A different second secure communication channel is established to a remote system through the emulated network interface, and a request is sent over the second channel to the remote system to authorize the transaction based on the verification data. An authorization result is received from the remote system over the second secure communication channel, and a response is sent to the application over the first secure communication channel indicating the authorization result.

14 Citations

View as Search Results

18 Claims

1. A computer-implemented method comprising:
- instantiating an emulator on a host device having a host operating system, wherein the emulator implements functionality of a hardware architecture different than a hardware architecture of the host device and wherein the emulator is configured to emulate at least one integrated circuit having a different instruction set than an integrated circuit of the host device;
  
  configuring a guest operating system executing on the emulated integrated circuit to communicate through an emulated network interface of the emulator, the guest operating system and host operating system both executing on the host device, and wherein the emulated network interface is configured to facilitate transfer of data to and from the guest operating system via a network stack of the host operating system;
  
  configuring the emulator to disengage from the host device such that the guest operating system and applications executing on the guest operating system do not have unauthorized access to software and hardware of the host device;
  
  configuring the emulator such that an environment of the emulator is protected from unauthorized access by the host operating system and applications executing on the host operating system, and an environment of the host device is protected from unauthorized access by the guest operating system and applications executing on the guest operating system; and
  
  under control of one or more guest operating system processes executing on the emulated integrated circuit;
  
  receiving, over a first secure communication channel, a request to authorize a transaction, the request received from an application executing on the host device;
  
  based on the received request, obtaining user input from an input device of the host device and transforming the user input to verification data, wherein the verification data is a credit card security code, a Quick Response Code, or information received from an integrated circuit on a credit card;
  
  establishing a different second secure communication channel to a remote system through the emulated network interface;
  
  sending a request to the remote system over the second secure communication channel to authorize the transaction based on the verification data;
  
  receiving an authorization result from the remote system over the second secure communication channel; and
  
  sending a response to the application over the first secure communication channel indicating the authorization result.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein the emulated integrated circuit duplicates the operation of a corresponding physical integrated circuit executing a plurality of instructions wherein the physical integrated circuit comprises a central processing unit.
  - 3. The method of claim 2 wherein the emulated integrated circuit duplicates an instruction cycle and instruction cycle timing of the physical integrated circuit.

5. The method of claim 1 wherein information received from the first secure communication channel is encrypted.

6. The method of claim 1 wherein the input device is a touch screen and wherein obtaining the user input from the input device comprises receiving a plurality of locations each indicating a location of an interaction with the touch screen.

7. The method of claim 1 wherein establishing a different second secure communication channel to the remote system through the emulated network interface comprises establishing a secure virtual private network between a second guest operating system process and the remote system.

8. The method of claim 1 wherein configuring the emulator to communicate with the host operating system of the host device comprises:
- attaching a second guest operating system process to the emulated network interface wherein the second process is configured to transfer packets between the emulated network interface and the host operating system network stack.

9. The method of claim 1 wherein at least one of the guest operating system processes executes in kernel space of the guest operating system.

10. A system comprising:
- a memory for storing computer-executable instructions; and
  
  a processing unit for executing the instructions stored on the memory, wherein execution of the instructions results the processing unit performing operations comprising;
  
  instantiating an emulator on a host device having a host operating system, wherein the emulator implements functionality of a hardware architecture different than a hardware architecture of the host device and wherein the emulator is configured to emulate at least one integrated circuit having a different instruction set than an integrated circuit of the host device;
  
  configuring a guest operating system executing on the emulated integrated circuit to communicate through an emulated network interface of the emulator, the guest operating system and host operating system both executing on the host device, and wherein the emulated network interface is configured to facilitate transfer of data to and from the guest operating system via a network stack of the host operating system;
  
  configuring the emulator to disengage from the host device such that the guest operating system and applications executing on the guest operating system do not have unauthorized access to software and hardware of the host device;
  
  configuring the emulator such that an environment of the emulator is protected from unauthorized access by the host operating system and applications executing on the host operating system, and an environment of the host device is protected from unauthorized access by the guest operating system and applications executing on the guest operating system; and
  
  under control of one or more guest operating system processes executing on the emulated integrated circuit;
  
  receiving, over a first secure communication channel, a request to authorize a transaction, the request received from an application executing on the host device;
  
  based on the received request, obtaining user input from an input device of the host device and transforming the user input to verification data, wherein the verification data is a credit card security code, a Quick Response Code, or information received from an integrated circuit on a credit card;
  
  establishing a different second secure communication channel to a remote system through the emulated network interface;
  
  sending a request to the remote system over the second secure communication channel to authorize the transaction based on the verification data;
  
  receiving an authorization result from the remote system over the second secure communication channel; and
  
  sending a response to the application over the first secure communication channel indicating the authorization result.

11. The system of claim 10 wherein the emulated integrated circuit duplicates the operation of a corresponding physical integrated circuit executing a plurality of instructions wherein the physical integrated circuit comprises a central processing unit.

12. The system of claim 11 wherein the emulated integrated circuit duplicates an instruction cycle and instruction cycle timing of the physical integrated circuit.

13. The system of claim 10 wherein instantiating the emulator on the host device comprises executing the host device in a sandbox process having a controlled set of resources that can be accessed by the emulator.

14. The system of claim 10 wherein information received from the first secure communication channel is encrypted.

15. The system of claim 10 wherein the input device is a touch screen and wherein obtaining the user input from the input device comprises receiving a plurality of locations each indicating a location of an interaction with the touch screen.

16. The system of claim 10 wherein establishing a different second secure communication channel to the remote system through the emulated network interface comprises establishing a secure virtual private network between a second guest operating system process and the remote system.

17. The system of claim 10 wherein configuring the emulator to communicate with the host operating system of the host device comprises:
- attaching a second guest operating system process to the emulated network interface wherein the second process is configured to transfer packets between the emulated network interface and the host operating system network stack.

18. The system of claim 10 wherein at least one of the guest operating system processes executes in kernel space of the guest operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MagicCube, Inc.
Original Assignee
MagicCube, Inc.
Inventors
Zayed, Nancy
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
HO, DAO Q

Application Number

US14/502,300
Time in Patent Office

196 Days
Field of Search

713/2, 713/164, 726/4
US Class Current

713/164
CPC Class Codes

G06F 11/3652   in-circuit-emulation [ICE] ...

G06F 21/53   by executing in a restricte...

G06F 21/71   to assure secure computing ...

G06F 2221/03   Indexing scheme relating to...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 63/12   Applying verification of th...

H04L 67/10   in which an application is ...

System for transaction authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System for transaction authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links