Electronic transaction risk management

摘要

A method of detecting unauthorized activity in an electronic message transfer system comprising a plurality of devices, each device being configured to generate and receive cryptographically secured transfer messages for exchanging content with other devices in the system. In each device, audit information is accumulated in a memory of the device. The device periodically forwards at least part of its accumulated audit information to a secure server.

主权项

1. A method of detecting unauthorized activity in an electronic message transfer system comprising a plurality of storage and transfer devices associated with respective users of the electronic message transfer system, each storage and transfer device being configured to generate and receive cryptographically secured transfer messages for exchanging content with other storage and transfer devices in the system, the method comprising:each storage and transfer device:
accumulating audit information in a memory of the storage and transfer device, the accumulated audit information comprising audit information relating to a plurality of transfer messages generated or received by the storage and transfer device; and embedding encrypted audit information in each transfer message generated by the storage and transfer device, the embedded encrypted audit information comprising encrypted audit information relating to at least two transfer messages generated or received by the storage and transfer device, the encrypted audit information being encrypted using a first key that is different from a second key used to cryptographically secure the transfer message; and at least one of the plurality of storage and transfer devices receiving cryptographically secured transfer messages and forwarding copies of the received cryptographically secured transfer messages to a secure server configured to decrypt and analyse the audit information embedded in each received cryptographically secured transfer message to detect unauthorized activity; wherein each storage and transfer device comprises an Application Specific Integrated Circuit (ASIC) configured to implement the memory and a processor of the storage and transfer device.