Isolating distinct service provider widgets within a wallet container
First Claim
Patent Images
1. An apparatus, comprising:
- a plurality of widget modules accessible in a memory of a mobile device, wherein each widget module is associated with a service provider; and
a wallet container that is accessible in the memory, the wallet container operable on the mobile device to;
isolate a plurality of distinct electronic wallets that are accessible in the memory;
control access to the plurality of distinct electronic wallets through the plurality of widget modules by authenticating a widget module to access a distinct electronic wallet based on wallet access rights of the service provider associated with the widget module;
determine wallet access rights of the service provider by processing a widget access context object associated with a specific widget that is used by the wallet container to manage widget access, wherein the widget access context object is a runtime accessible data structure that is populated with information derived from a widget access record;
securely isolate access to mobile device resources that is allowed for each widget module via limiting access to at least one application programming interface;
control widget access to resources with service provider-specific security domain applets that are accessible in a memory of the mobile device;
limit, with the wallet container widget use of security domain applets to a security domain applet of the service provider associated with the widget; and
store at least one widget module of the plurality of widget modules associated with a service provider in a particular non-volatile service provider-specific security domain memory of a plurality of non-volatile service provider-specific security domain memories of a secure element of the mobile device, the particular security domain memory comprising the at least one widget module and the service provider-specific security domain applet; and
access the security domain and all applets disposed therein as a group using unique, security domain-specific security keys when accessing the secure element.
2 Assignments
0 Petitions
Accused Products
Abstract
Isolating distinct service provider widgets within a wallet container is accomplished by configuring a widget to provide access to an issuer-specific service group of services that are accessible in a service tier of a multi-tier platform for providing secure transactions, determining widget isolation requirements for operating the widget, configuring a widget descriptor with the isolation requirements, and communicating with the configured widget that has been deployed on a mobile device to provide at least one service from the issuer-specific service group.
-
Citations
16 Claims
-
1. An apparatus, comprising:
-
a plurality of widget modules accessible in a memory of a mobile device, wherein each widget module is associated with a service provider; and a wallet container that is accessible in the memory, the wallet container operable on the mobile device to; isolate a plurality of distinct electronic wallets that are accessible in the memory; control access to the plurality of distinct electronic wallets through the plurality of widget modules by authenticating a widget module to access a distinct electronic wallet based on wallet access rights of the service provider associated with the widget module; determine wallet access rights of the service provider by processing a widget access context object associated with a specific widget that is used by the wallet container to manage widget access, wherein the widget access context object is a runtime accessible data structure that is populated with information derived from a widget access record; securely isolate access to mobile device resources that is allowed for each widget module via limiting access to at least one application programming interface; control widget access to resources with service provider-specific security domain applets that are accessible in a memory of the mobile device; limit, with the wallet container widget use of security domain applets to a security domain applet of the service provider associated with the widget; and store at least one widget module of the plurality of widget modules associated with a service provider in a particular non-volatile service provider-specific security domain memory of a plurality of non-volatile service provider-specific security domain memories of a secure element of the mobile device, the particular security domain memory comprising the at least one widget module and the service provider-specific security domain applet; and access the security domain and all applets disposed therein as a group using unique, security domain-specific security keys when accessing the secure element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification