Trust-zone-based end-to-end security
First Claim
1. A method for exchanging encrypted information by an electronic device, the method comprising:
- generating, by the device, a device signing certificate and a device signing public private key pair, and a device encryption certificate and a device encryption public private key pair, each of the device signing and encryption certificates signed using a device unique private key that is pre-stored on the electronic device;
transmitting, by the device, the device signing and device encryption certificates to a token service provider (TSP) server;
receiving, by the device, a TSP signing certificate and a TSP encryption certificate from the TSP server;
identifying, by the device a TSP signing public key and a TSP encryption public key of the TSP server based on the received TSP signing and the received TSP encryption certificates; and
transmitting a message including (i) information encrypted based on the TSP encryption public key and (ii) a signature of the electronic device based on the device signing private key,wherein the device unique private key is stored on the electronic device by a manufacturer of the electronic device for access by a trusted application of the electronic device and wherein the information includes information for registering payment information with the TSP, the payment information associated with the electronic device.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, electronic devices, and systems for exchanging encrypted information. A method for exchanging encrypted information by an electronic device includes generating one or more device certificates and one or more device public private key pairs. The one or more device certificates are signed using a device unique private key that is pre-stored on the electronic device. The method also includes sending the one or more device certificates to a server of a token service provider (TSP). The method further includes receiving one or more TSP certificates from the TSP server. The method includes identifying one or more TSP public keys of the TSP server based on the one or more received TSP certificates. Additionally, the method includes transmitting a message including the information encrypted based on the one or more identified TSP public keys and a signature of the electronic device.
-
Citations
14 Claims
-
1. A method for exchanging encrypted information by an electronic device, the method comprising:
-
generating, by the device, a device signing certificate and a device signing public private key pair, and a device encryption certificate and a device encryption public private key pair, each of the device signing and encryption certificates signed using a device unique private key that is pre-stored on the electronic device; transmitting, by the device, the device signing and device encryption certificates to a token service provider (TSP) server; receiving, by the device, a TSP signing certificate and a TSP encryption certificate from the TSP server; identifying, by the device a TSP signing public key and a TSP encryption public key of the TSP server based on the received TSP signing and the received TSP encryption certificates; and transmitting a message including (i) information encrypted based on the TSP encryption public key and (ii) a signature of the electronic device based on the device signing private key, wherein the device unique private key is stored on the electronic device by a manufacturer of the electronic device for access by a trusted application of the electronic device and wherein the information includes information for registering payment information with the TSP, the payment information associated with the electronic device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An electronic device for exchanging encrypted information, the electronic device comprising:
-
at least one hardware processor configured to generate a device signing certificate and a device signing public private key pair, and to generate a device encryption certificate and a device encryption public private key pair, the device signing and encryption certificates signed using a device unique private key that is pre-stored on the electronic device; and a transceiver configured to transmit the device signing and encryption certificates to a token service provider (TSP) server and to receive a TSP signing certificate and TSP encryption certificate from the TSP server, wherein the at least one hardware processor is further configured to identify a TSP signing public key and a TSP encryption public key of the TSP server based on the received TSP signing and encryption certificates, and wherein the transceiver is configured to transmit a message including (i) information encrypted based on the TSP encryption public key and (ii) a signature of the electronic device based on the device signing private key, wherein the device unique private key is stored on the electronic device by a manufacturer of the electronic device for access by a trusted application of the electronic device and wherein the information includes information for registering payment information with the TSP, the payment information associated with the electronic device. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for exchanging encrypted information of a token service provider (TSP), the system comprising:
-
a TSP server comprising; at least one hardware processor configured to generate a TSP signing certificate and a TSP signing public private key pair, and a TSP encryption certificate and a TSP encryption public private key pair, the TSP signing and TSP encryption certificates signed using a TSP root certificate authority (CA) private key; and a transceiver configured to transmit the TSP signing and TSP encryption certificates to an electronic device and to receive a device signing certificate and a device encryption certificate from the electronic device, wherein the at least one hardware processor is further configured to verify an authenticity of the device signing and device encryption certificates based on a public key for a root CA private key of a manufacturer of the electronic device, and wherein the transceiver is configured to receive, from the electronic device, a message including (i) information encrypted based on the TSP encryption public key of the TSP encryption public private key pair and (ii) a signature of the electronic device, wherein a device unique private key is stored on the electronic device by the manufacturer for access by a trusted application of the electronic device and wherein the information includes information for registering payment information with the TSP, the payment information associated with the electronic device. - View Dependent Claims (12, 13, 14)
-
Specification