Secure handling of stored-value data objects
First Claim
1. A method in a communication device of securely managing stored-value data objects, the method comprising:
- receiving a stored-value data object comprising a value portion and an authentication portion at the communication device;
performing, in a secure element comprising a portion of the communication device, the steps of;
verifying the stored-value data object;
associating the stored-value data object with an index value stored in the security element;
protecting the authentication portion of the stored-value data object; and
generating a binding value that binds the value portion, the authentication portion, and the index value; and
storing the binding value, the index value, the value portion as clear text, and the protected authentication portion, together as a processed stored-value data object in non-secure memory accessible to the communication device.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user'"'"'s personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption. Techniques further provide temporary and rapid verification data objects useful where rapid ticket verification is essential, such as mass transit systems.
-
Citations
33 Claims
-
1. A method in a communication device of securely managing stored-value data objects, the method comprising:
-
receiving a stored-value data object comprising a value portion and an authentication portion at the communication device;
performing, in a secure element comprising a portion of the communication device, the steps of;
verifying the stored-value data object;
associating the stored-value data object with an index value stored in the security element;
protecting the authentication portion of the stored-value data object; and
generating a binding value that binds the value portion, the authentication portion, and the index value; and
storing the binding value, the index value, the value portion as clear text, and the protected authentication portion, together as a processed stored-value data object in non-secure memory accessible to the communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A communication device for securely managing stored-value data objects, each comprising a value portion and an authentication portion, the communication device comprising:
-
a non-secure element to communicate with stored-value data object issuing and redeeming systems; and
a secure element communicatively coupled to the non-secure element, and programmed to;
receive a stored-value data object from the non-secure element;
verify the stored-value data object;
associate the stored-value data object with an index value stored in the secure element;
protect the authentication portion of the stored-value data object;
generate a binding value that binds the value portion, the authentication portion, and the index value; and
transfer the binding and index values, along with the value and authentication portions of the stored-value data object, to the non-secure element as a processed stored-value data object for storage. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification