| 摘要 |
Systems and methods for secure transaction authorization are provided. An emulator is instantiated on a host device and configured to emulate an integrated circuit having a different instruction set than an integrated circuit of the host device, and a guest operating system executing on the emulated integrated circuit is configured to communicate with a host operating system of the host device through an emulated network interface of the emulator. Under control of one or more guest operating system processes executing on the emulated integrated circuit, a request is received over a first secure communication channel from an application executing on the host operating system to authorize a transaction. Further, based on the received request, user input is obtained from an input device of the host device and transformed into verification data. A different second secure communication channel is established to a remote system through the emulated network interface, and a request is sent over the second channel to the remote system to authorize the transaction based on the verification data. An authorization result is received from the remote system over the second secure communication channel, and a response is sent to the application over the first secure communication channel indicating the authorization result. |
| 主权项 |
1. A computer-implemented method comprising:
instantiating an emulator on a host device having a host operating system, wherein the emulator implements functionality of a hardware architecture different than a hardware architecture of the host device and wherein the emulator is configured to emulate at least one integrated circuit having a different instruction set than an integrated circuit of the host device; configuring a guest operating system executing on the emulated integrated circuit to communicate through an emulated network interface of the emulator, the guest operating system and host operating system both executing on the host device, and wherein the emulated network interface is configured to facilitate transfer of data to and from the guest operating system via a network stack of the host operating system; configuring the emulator to disengage from the host device such that the guest operating system and applications executing on the guest operating system do not have unauthorized access to software and hardware of the host device; configuring the emulator such that an environment of the emulator is protected from unauthorized access by the host operating system and applications executing on the host operating system, and an environment of the host device is protected from unauthorized access by the guest operating system and applications executing on the guest operating system; and under control of one or more guest operating system processes executing on the emulated integrated circuit:
receiving, over a first secure communication channel, a request to authorize a transaction, the request received from an application executing on the host device;based on the received request, obtaining user input from an input device of the host device and transforming the user input to verification data, wherein the verification data is a credit card security code, a Quick Response Code, or information received from an integrated circuit on a credit card;establishing a different second secure communication channel to a remote system through the emulated network interface;sending a request to the remote system over the second secure communication channel to authorize the transaction based on the verification data;receiving an authorization result from the remote system over the second secure communication channel; andsending a response to the application over the first secure communication channel indicating the authorization result. |
