Crunchfish patent fraudulent rollback protection of Trusted Applications

Crunchfish has applied for a Swedish patent for a method to prevent fraudulent rollbacks. The patent application enables Trusted Applications to execute securely in software-based trusted environments, which is key for CBDC implementations and other payments applications to achieve scalability, interoperability and cost-efficiency.

Diagram

Description automatically generated

Crunchfish has applied for a patent for method of preventing fraudulent rollback of a protected asset in trusted application, executable in a secure execution environment on a host device. Rollback is a technique wherein an identical instance of the entire host device or the trusted application running therein, depending on the security arrangement, is created, cloned and then re-installed in order to re-use the protected asset. The clone may be rolled back to act as the original trusted application or host device. A malicious user attempting to hack the host device, or with the intent of being able to fully access all of the functionality of the host device.

 

Rollbacks give rise to critical security vulnerabilities relating to fraudulent use the protected assets in a trusted application. For instance, double-spending may occur if a clone of the Digital Cash Trusted Application is rolled back and continues to operate offline. Other related security vulnerabilities may be realised in other scenarios, for instance multi-usage of any finite resource or exploiting license timers for subscriptions or accounts or exploiting expiry timers.

 

This is another strategic Crunchfish Digital Cash innovation enabling payments applications to execute securely in software-based trusted environment on smartphones, the dominant bearer for payments. As it is not possible that all users should be forced to use the hardware, the trusted environment for payments on smartphones need to be software-based. This is key for CBDC implementations and other payments systems to achieve scalability, interoperability and cost-efficiency”, says Joachim Samuelsson, CEO of Crunchfish.

 

This patent application protecting against fraudulent rollbacks complements Crunchfish’s patent application from last year that prevented fraudulent cloning.   

 
For more information, please contact:

Joachim Samuelsson, CEO of Crunchfish AB

+46 708 46 47 88

joachim.samuelsson@crunchfish.com 

 

This information is Crunchfish AB obliged to publish in accordance with the EU Market Abuse Regulation. The information was provided by the contact person above for publication on 17 March 2023 at 00:01 CET.

 

Västra Hamnen Corporate Finance AB is the Certified Adviser. Email: ca@vhcorp.se. Telephone +46 40 200 250.

 

About Crunchfish – crunchfish.com

Crunchfish is a deep tech company developing a Digital Cash platform for Banks, Payment Services and CBDC implementations and Gesture Interaction technology for AR/VR and automotive industry. Crunchfish is listed on Nasdaq First North Growth Market since 2016, with headquarters in Malmö, Sweden and with a subsidiary in India.

Download as PDF