Creation and validation of a secure list of security certificates
US11593780B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 10, 2015 |
| Grant date | Feb 28, 2023 |
| Priority date | — |
| Expiry date | Jul 14, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06Q2220/00
- WIPO fieldIT methods for management
- WIPO sectorElectrical engineering
Abstract
Disclosed is a technique for verifying the validity of security certificates received by a mobile device. The technique can involve diverting a security certificate into a secure environment, such as a payment application, by modifying an import address table (e.g., implementing a “hook”) that is accessed by the security layer of the mobile device. Once diverted, the payment application can create a copy of the security certificate. The copy may be stored in a list of security certificates that is subsequently uploaded to a payment processing system for authentication. In some embodiments, a checksum is generated for the import address table using a cryptographic hash function. The checksum allows the payment application or the payment processing system to determine whether an unauthorized modification of the import address table is present.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.