Configuring a plurality of security isolated wallet containers on a single mobile device

US 10,269,011 B2
Filed: 09/23/2016
Issued: 04/23/2019
Est. Priority Date: 10/06/2005
Status: Active Grant

First Claim

Patent Images

1. A high security mobile electronic transaction device for ensuring isolated access to a plurality of distinct service-provider specific electronic wallets disposed in a non-transient memory of the device comprising:

a non-transient memory accessible by a processor of the mobile device;

at least one mobile transaction platform-specific application programming interface stored in the memory and configured to facilitate access to secure mobile transaction platform resources by a wallet container executing on the mobile device;

a wallet container disposed in the memory of the mobile device and executable by the processor, wherein the wallet container interfaces with secure mobile transaction platform resources via the at least one application programming interface, the wallet container comprising;

an access controller that ensures a wallet disposed in the at least one of the plurality of distinct wallet containers only has access to mobile device resources to which the disposed wallet has permissions by limiting access to the at least one application programming interface;

at least one service provider-specific wallet disposed in the wallet container, wherein service provider-specific wallet security is enforced by the wallet container accessing a portion of the secure mobile transaction platform resources via the at least one application programming interface; and

at least one wallet companion applet, for each of the at least one service provider-specific wallets, stored in a particular non-volatile service provider-specific security domain of a plurality of non-volatile service provider-specific security domains of a secure element, wherein the particular security domain comprises the at least one wallet companion applet and at least one other applet, the security domain and all applets disposed therein being accessible as a group by the mobile transaction platform when using unique, security through use of domain-specific security keys when accessing the secure element.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Configuring a plurality of security isolated wallet containers on a single mobile device includes configuring at least one mobile transaction platform-specific application programming interface for facilitating access to secure mobile transaction platform resources by a wallet container executing on a mobile device; disposing a plurality of distinct wallet containers in a memory of the mobile device, wherein each wallet container interfaces with secure mobile transaction platform resources via the at least one application programming interface; disposing at least one service provider-specific wallet in each of the plurality of distinct wallet containers; and enforcing service-provider specific wallet security by a distinct wallet container accessing a portion of the secure mobile transaction platform resources via the at least one application programming interface.

Citations

20 Claims

1. A high security mobile electronic transaction device for ensuring isolated access to a plurality of distinct service-provider specific electronic wallets disposed in a non-transient memory of the device comprising:
- a non-transient memory accessible by a processor of the mobile device;
  
  at least one mobile transaction platform-specific application programming interface stored in the memory and configured to facilitate access to secure mobile transaction platform resources by a wallet container executing on the mobile device;
  
  a wallet container disposed in the memory of the mobile device and executable by the processor, wherein the wallet container interfaces with secure mobile transaction platform resources via the at least one application programming interface, the wallet container comprising;
  
  an access controller that ensures a wallet disposed in the at least one of the plurality of distinct wallet containers only has access to mobile device resources to which the disposed wallet has permissions by limiting access to the at least one application programming interface;
  
  at least one service provider-specific wallet disposed in the wallet container, wherein service provider-specific wallet security is enforced by the wallet container accessing a portion of the secure mobile transaction platform resources via the at least one application programming interface; and
  
  at least one wallet companion applet, for each of the at least one service provider-specific wallets, stored in a particular non-volatile service provider-specific security domain of a plurality of non-volatile service provider-specific security domains of a secure element, wherein the particular security domain comprises the at least one wallet companion applet and at least one other applet, the security domain and all applets disposed therein being accessible as a group by the mobile transaction platform when using unique, security through use of domain-specific security keys when accessing the secure element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The mobile device of claim 1, wherein a mobile transaction platform with which the mobile transaction platform-specific application programming interface is associated comprises an enabling tier, a service tier, and a personalization tier.
  - 3. The mobile device of claim 1, wherein the application programming interface is mobile device-independent.
  - 4. The mobile device of claim 1, wherein the application programming interface is mobile device operating environment-specific.
  - 5. The mobile device of claim 1, wherein the wallet container cannot impact access to secure mobile transaction platform resources of a second wallet container.
  - 6. The mobile device of claim 1, wherein a mobile transaction platform with which the mobile transaction platform-specific application programming interface is associated supports multiple independent wallet containers operating on a single mobile device.
  - 7. The mobile device of claim 1, wherein service-provider specific wallet security is enabled to facilitate keeping service provider-specific information separate and confidential from other service providers with which the at least one wallet interacts via the mobile device.
  - 8. The mobile device of claim 1, wherein a wallet container executing on the mobile device comprises a run-time environment for interpreting at least one of the wallet and an applet.
  - 9. The mobile device of claim 1, wherein the wallet container facilitates security of transactions between external service provider resources and at least one wallet by isolating access of service provider resources from unauthorized wallets.
  - 10. The mobile device of claim 1, wherein the wallet container provides defined transaction patterns for implementing complex security for mobile transactions among wallets and service providers.

11. A high security mobile electronic transaction device for ensuring isolated access to a plurality of distinct service-provider specific security domains disposed in a non-transient memory of the device comprising:
- a non-transient memory accessible by a processor of the mobile device;
  
  at least one mobile transaction platform-specific application programming interface stored in the memory and configured to facilitate access to secure mobile transaction platform resources by a wallet container executing on the mobile device;
  
  a distinct wallet container disposed in the memory of the mobile device and executable by the processor, wherein the wallet container ensures a wallet disposed in the distinct wallet container only has access to mobile device resources to which the disposed wallet has permissions by limiting access to the at least one application programming interface; and
  
  at least one wallet companion applet, for the wallet, stored in a non-volatile service provider-specific security domain of a non-volatile secure element comprising the at least one wallet companion applet and at least one other applet, the security domain and all applets disposed therein being accessible as a group through use of domain-specific security keys when accessing the secure element.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The mobile device of claim 11, wherein a mobile transaction platform with which the mobile transaction platform-specific application programming interface is associated comprises an enabling tier, a service tier, and a personalization tier.
  - 13. The mobile device of claim 11, wherein the application programming interface is mobile device-independent.
  - 14. The mobile device of claim 11, wherein the application programming interface is mobile device operating environment-specific.
  - 15. The mobile device of claim 11, wherein the wallet container cannot impact access to secure mobile transaction platform resources of a second wallet container.
  - 16. The mobile device of claim 11, wherein a mobile transaction platform with which the mobile transaction platform-specific application programming interface is associated supports multiple independent wallet containers operating on a single mobile device.
  - 17. The mobile device of claim 11, wherein the wallet container facilitates keeping service provider-specific information separate and confidential from other service providers with which the at least one wallet interacts via the mobile device.
  - 18. The mobile device of claim 11, wherein a wallet container executing on the mobile device comprises a run-time environment for interpreting at least one of the wallet and an applet.
  - 19. The mobile device of claim 11, wherein the wallet container facilitates security of transactions between external service provider resources and at least one wallet by isolating access of service provider resources from unauthorized wallets.
  - 20. The mobile device of claim 11, wherein the wallet container provides defined transaction patterns for implementing complex security for mobile transactions among wallets and service providers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard Mobile Transactions Solutions, Inc. (MasterCard Incorporated)
Original Assignee
Mastercard Mobile Transactions Solutions, Inc. (MasterCard Incorporated)
Inventors
Desai, Mehul, Pitroda, Satyan G., Maniar, Nehal
Primary Examiner(s)
Wong, Eric T
Assistant Examiner(s)
Poe, Kevin

Application Number

US15/274,951
Publication Number

US 20170011396A1
Time in Patent Office

942 Days
Field of Search

705 41
US Class Current
CPC Class Codes

G06F 8/65   Updates security arrangemen...

G06Q 20/08   Payment architectures

G06Q 20/105   involving programming of a ...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/36   using electronic wallets or...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/06   Buying, selling or leasing ...

G06Q 30/0641   Shopping interfaces

Configuring a plurality of security isolated wallet containers on a single mobile device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Configuring a plurality of security isolated wallet containers on a single mobile device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links