Networkless Mobile Payments With Minimal changes in Trusted Execution Environments

Peer-to-peer mobile digital payments can be made in the absence of a network as follows: the receiver of funds verifies the availability of on-device balance by examining the prior, authenticated, transaction records of the sender. A new transaction record including the transaction amount is created, made immutable and secure using cryptographic techniques, and is stored at both sender and receiver. When either sender or receiver regains network connectivity, the transaction is settled with the original provider of the on-device balance, e.g., a financial institution. The integrity of the records of offline transactions, e.g., made in the absence of a mobile network, is vital for offline payments to be secure and trustworthy. This disclosure describes techniques that, with minimal modifications to trusted applications (TAs) in a trusted execution environment (TEE) to securely verify transaction records and to harden them against malicious attacks

Secure Mobile Payments Without Network Connectivity

Mobile payments depend on the availability of internet connectivity, e.g., to enable a centralized service to authenticate a payment. This disclosure describes techniques to enable peer-to-peer mobile payments in the absence of a network. A user has an initial amount, referred to as the balance, that is transferred to their mobile device from a balance provider, e.g., a financial institution. The balance is digitally signed by both the user and the balance provider. To transact in the absence of a network, peer users perform a contactless payment as follows. The receiver of funds verifies the availability of funds by examining the prior, authenticated, transaction records of the sender. A transaction record including the transaction amount is created and made immutable and secure using cryptographic techniques. When either the sender or receiver regains network connectivity, the transaction is settled with the balance provider. Double-spend attempts by a malicious sender are forestalled by enabling secure maintenance of the true balance on a sender’s device (even in the absence of a network), and by enabling the receiver to settle with the sender’s balance provider on the basis of an authenticated transaction record

Addressing email loss with SureMail: Measurement, design, and evaluation

Abstract — We consider the problem of silent email loss in the Internet, where neither the sender nor the intended recipient is notified of the loss. Our detailed measurement study over several months shows a silent email loss rate of 0.71 % to 1.02%. The silent loss of an important email can impose a high cost on users. We further show that spam filtering can be the significant cause of silent email loss, but not the sole cause. SureMail augments the existing SMTP-based email infrastructure with a notification system to make intended recipients aware of email they are missing. A notification is a short, fixed-format fingerprint of an email, constructed so as to preserve sender and recipient privacy, and prevent spoofing by spammers. SureMail is designed to be usable immediately by users without requiring the cooperation of their email providers, so it leaves the existing email infrastructure (including anti-spam infrastructure) untouched and does not require a PKI for email users. It places minimal demands on users, by automating the tasks of generating, retrieving, and verifying notifications. It alerts users only when there is actual email loss. Our prototype implementation demonstrates the effectiveness of SureMail in notifying recipients upon email loss. I