Crunchfish AB (publ) has applied for a Swedish patent for a method to prevent fraudulent rollbacks. The patent application enables Trusted Applications to execute securely in software-based trusted environments, which is key for CBDC implementations and other payments applications to achieve scalability, interoperability and cost-efficiency. Crunchfish has applied for a patent for method of preventing fraudulent rollback of a protected asset in trusted application, executable in a secure execution environment on a host device.

Rollback is a technique wherein an identical instance of the entire host device or the trusted application running therein, depending on the security arrangement, is created, cloned and then re-installed in order to re-use the protected asset. The clone may be rolled back to act as the original trusted application or host device. A malicious user attempting to hack the host device, or with the intent of being able to fully access all of the functionality of the host device.

Rollbacks give rise to critical security vulnerabilities relating to fraudulent use the protected assets in a trusted application. For instance, double-spending may occur if a clone of the Digital Cash Trusted Application is rolled back and continues to operate offline. Other related security vulnerabilities may be realised in other scenarios, for instance multi-usage of any finite resource or exploiting license timers for subscriptions or accounts or exploiting expiry timers.

This patent application protecting against fraudulent rollbacks complements Crunchfish's patent application from last year that prevented fraudulent cloning.