Abstract: This invention concerns a method and system for improving the security of transaction in an emulated Integrated Circuit. During compilation time of a payment application, at least one detection agent are inserted into the code of the payment application. This detection agent is configured to detect an unauthorized use of the payment application. During a runtime of the payment application, if the detection agent result indicates “no threat detected” the payment application retrieves from a predefined map of “no threat detected”, the right value associated to the detection agent, otherwise a random false value is generated. The payment application alters at least one data manipulated during the transaction with the value retrieved or generated. A reverse mechanism of the payment application retrieve the right value and apply a restoration process to the altered data with the retrieved right value. The payment application computes a cryptogram from the restored manipulated data.

Abstract: This invention concerns a method and system for improving the security of transaction in an emulated Integrated Circuit. Methods and devices for pre-generating session keys for securing transactions are provided. The generated session key is obfuscated with a preventing data for unauthorized use and/or access of the session cryptographic and encrypted. This encrypted obfuscated key is provisioned from a remote computer to the communication device. The mobile application is configured to decrypt and de-obfuscate the received encrypted obfuscated session cryptographic key, during a transaction. The method may also include generating, by the communication device, a transaction cryptogram using the decrypted and de-obfuscated session cryptographic key, and sending by the communication device to the remote system the transaction cryptogram to conduct the transaction. The transaction can be authorized based on at least whether the decrypted and de-obfuscated session cryptographic key is the expected one.