Google Patents a Two-Lock Verification System to Stop Stolen Digital Passes
Temporary digital tokens, the kind that let your phone pay at a register or unlock a door, can be silently intercepted and replayed by an attacker nearby. Google's new patent describes a way to catch that attack before the token is ever accepted.
What Google's relay-attack fix actually does
Imagine you hold up your phone to pay for coffee. Behind the scenes, your phone sends a short-lived digital pass to the payment terminal. A relay attack is when a nearby attacker silently intercepts that pass and forwards it to a different terminal across town, spending your money somewhere you never went. The attack works because the token looks legitimate on its own.
Google's approach adds a second layer of trust. Instead of just checking whether the token is valid, the system also checks which app created it and whether that app is one Google trusts. Both checks have to pass before the token is accepted.
Think of it like a concert ticket that not only has a barcode but also a watermark that proves it came from the official box office. A forged copy might have the barcode, but it won't have the watermark. This patent describes building that watermark into the verification step itself.
How the two-signature verification chain works
When a device receives a request to verify a temporary token, the system calls into a trusted framework (a secure, Google-controlled layer of the operating system, accessed via an API) to generate a cryptographically signed data bundle. That bundle contains two distinct signatures:
- A signature covering the data bundle itself, tied to the trusted framework's own public key.
- A separate signature identifying the calling application, the specific app that requested the token verification.
The verification step then runs two independent checks. First, it uses the trusted framework's public key to confirm the data bundle hasn't been tampered with. Second, it compares the calling app's signature against a known-good signature for a trusted application, confirming the right app made the request and not a spoofed or relay-injected one.
Only when both checks pass does the system mark the temporary token as verified. If either fails, the token is rejected. The design is specifically aimed at asymmetric relay attacks, where an attacker captures a token on one channel (say, near-field communication) and replays it on a different channel or at a different location, creating a mismatch the single-signature check would miss.
What this means for digital wallets and access tokens
Temporary tokens are everywhere: tap-to-pay, digital ID cards, hotel room keys, transit passes, event tickets. Most of them rely on short-lived codes that expire quickly, which reduces risk but doesn't eliminate relay attacks, because an attacker can replay the token within its validity window.
This patent is relevant to any Android-based payment or access system. Google controls the underlying platform for a large share of the world's digital wallets, and a system-level fix like this one would apply broadly without requiring individual app developers to reinvent their own security. If this approach ships in Android, the protection becomes automatic for apps that use the trusted framework rather than something each developer has to bolt on separately.
This is quiet but solid security infrastructure work. Relay attacks on NFC tokens are a real and documented threat, not a theoretical one, and Google is in a unique position to fix it at the OS level rather than patching it app by app. The double-signature approach is well-understood cryptographic practice applied to a specific gap. Worth watching if you follow Android Pay or digital ID rollouts.
Which company should we read for you?
We track 17 companies here. Pro is the same weekly breakdown for any company you choose, delivered privately. Type a name and we'll scope it and send you a quote.
Get one Big Tech patent every Sunday
Plain English, intelligent commentary, no hype. Free.
Editorial commentary on a publicly published patent application. Not legal advice.