Crunchfish prevents fraudulent cloning and Digital Cash double spending
Crunchfish has applied for a patent for a logical lock that protects against fraudulent use by cloning of Trusted Applications, which significantly enhances the security of any Trusted Applications running in hardware based as well as software based secure execution environments. For instance, double spending may occur if a clone of the Digital Cash offline Trusted Application is generated and continues to operate offline. This patent pending innovation prevents such double spending with Digital Cash offline.
Cloning is a technique wherein an additional identical instance of the entire host device or the trusted application running therein, depending on the security arrangement, is created. The clone may act as the original trusted application or host device. A malicious user attempting to hack the host device, or with the intent of being able to fully access all of the functionality of the host device.
Cloning a host device may give rise to critical security vulnerabilities relating to fraudulent use by cloning of a trusted application. For instance, double spending may occur if a clone of the Digital Cash offline Trusted Application is generated and continues to operate offline. Then digital currency can be consumed from the secure digital wallet of the clone. If the currently executing trusted application is subsequently switched from the clone back to the original trusted application instance, while the secure digital wallet is still offline, the original trusted application instance may once more consume the same digital currency already consumed by the cloned instance. Other related security vulnerabilities may be realized in other scenarios, for instance multi-usage of any finite resource, exploiting license timers for subscriptions or accounts or exploiting expiry timers, to name a few.
Crunchfish has applied for a Swedish patent for a method to address fraudulent use by cloning of a Trusted Applications executable in a secure execution environment of a host device by starting the Trusted Application in a locked mode. The trusted application performs a handshake procedure with a computerized backend resource to verify that a current execution state of the trusted application has not already been occupied by another instance of the trusted application. Only upon successful verification by the handshake procedure, the trusted application switches to an unlocked mode in which access to the protected functionality and data is permitted.
“This is an extremely important innovation that carries the signature of Crunchfish founder and CTO Paul Cronholm all over. It is a surprisingly simple solution with wide applicability to the security of Trusted Applications and may very well be implemented in iOS and Android. For Crunchfish it provides an important additional level of security protecting against double spending by fraudulent use of jailbroken or rooted devices”, says Joachim Samuelsson, CEO of Crunchfish.
For more information, please contact:
Joachim Samuelsson, CEO of Crunchfish AB
+46 708 46 47 88
Erik Berggren, IR Manager
+46 726 01 16 73
This information is information that Crunchfish AB is obliged to publish in accordance with the EU Market Abuse Regulation. The information was provided by the contact person above for publication on 4 March 2022 at 00:01 CET.
Västra Hamnen Corporate Finance AB is the Certified Adviser. Email: firstname.lastname@example.org. Telephone +46 40 200 250.
About Crunchfish – crunchfish.com
Crunchfish is a deep tech company developing a Digital Cash platform for Banks, Payment Services and CBDC implementations and Gesture Interaction technology for AR/VR, automotive and digital interfaces. Crunchfish is listed on Nasdaq First North Growth Market since 2016, with headquarters in Malmö, Sweden and with representation in India.