Secure handling of stored-value data objects

US 20030093695A1
Filed: 03/21/2002
Published: 05/15/2003
Est. Priority Date: 11/13/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method in a communication device of securely managing stored-value data objects, the method comprising:

receiving a stored-value data object comprising a value portion and an authentication portion at the communication device;

performing, in a secure element comprising a portion of the communication device, the steps of;

verifying the stored-value data object;

associating the stored-value data object with an index value stored in the security element;

protecting the authentication portion of the stored-value data object; and

generating a binding value that binds the value portion, the authentication portion, and the index value; and

storing the binding value, the index value, the value portion as clear text, and the protected authentication portion, together as a processed stored-value data object in non-secure memory accessible to the communication device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user'"'"'s personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption. Techniques further provide temporary and rapid verification data objects useful where rapid ticket verification is essential, such as mass transit systems.

Citations

33 Claims

1. A method in a communication device of securely managing stored-value data objects, the method comprising:
- receiving a stored-value data object comprising a value portion and an authentication portion at the communication device;
  
  performing, in a secure element comprising a portion of the communication device, the steps of;
  
  verifying the stored-value data object;
  
  associating the stored-value data object with an index value stored in the security element;
  
  protecting the authentication portion of the stored-value data object; and
  
  generating a binding value that binds the value portion, the authentication portion, and the index value; and
  
  storing the binding value, the index value, the value portion as clear text, and the protected authentication portion, together as a processed stored-value data object in non-secure memory accessible to the communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising performing, in the secure element, the step of storing a flag corresponding to the index value in the secure element that indicates whether or not the stored-value object has been used.
  - 3. The method of claim 2, wherein storing a flag corresponding to the index value in the secure element comprises setting the flag to indicate an unused state in conjunction with storing the processed stored-value object in non-secure memory to indicate that the processed stored-value object has not been used.
  - 4. The method of claim 3, further comprising setting the flag to indicate a used state in conjunction with receiving the processed stored-value object at the security element for redemption processing.
  - 5. The method of claim 1, wherein protecting the authentication portion of the stored-value data object comprises copy protecting the authentication portion of the stored-value data object through public-key encryption using a public key for which the corresponding private key is securely held by the communication device.
  - 6. The method Qf claim 1, wherein generating a binding value that binds the value portion, the authentication portion, and the index value comprises encrypting the index value, the value portion, and the protected authentication portion with a private key securely held by the secure element to form the binding value.
  - 7. The method of claim 1, wherein verifying the stored-value data object comprises verifying the authentication portion of the stored-value data object to ensure that the stored-value data object was issued by a legitimate issuing system.
  - 8. The method of claim 7, wherein verifying the authentication portion of the stored-value data object comprises decrypting the authentication portion using a first key associated with the issuing system, and wherein the first key is securely retained in the security element.
  - 9. The method of claim 8, wherein the issuing system encrypts the stored-value data object using a second key that is associated with the communication device before sending the stored-value data object to the communication device.
  - 10. The method of claim 9, wherein verifying the authentication portion of the stored-value data object further comprises decrypting the stored-value data object using a third key stored in the secure element to obtain the authentication portion.
  - 11. The method of claim 1, wherein the stored-value data object is received at the communication device responsive to requesting the stored-value data object, and wherein requesting the stored-value data object comprises:
    - generating a request nonce in the secure element; and
      
      sending a request message from the communication device to the issuing system, wherein the request message includes the request nonce.
  - 12. The method of claim 11, wherein the issuing system includes the request nonce in the stored-value object returned to the communication device, and wherein verifying the stored-value data object in the security element comprises verifying the request nonce.
  - 13. The method of claim 12, wherein verifying the stored-value data object further comprises verifying the authentication portion of the stored-value data object.
  - 14. The method of claim 13, wherein verifying the authentication portion of the stored-value data object comprises decrypting the authentication portion using a first encryption key associated with the issuing system that is stored in the security element.
  - 15. The method of claim 1, further comprising sending a stored-value data object from the communication system to a redeeming system for redemption.
  - 16. The method of claim 15, wherein sending a stored-value data object from the communication system to a redeeming system for redemption comprises:
    - retrieving a processed stored-value data object corresponding to the stored-value object being redeemed from the non-secure memory accessible to the communication device;
      
      transferring the processed stored-value data object to the security element of the communication device, and in the security element performing the steps of;
      
      verifying the index value to insure that the index value matches a stored index value in secure memory;
      
      verifying the binding between the index value, the protected authentication portion, and the value portion, of the processed stored-value object;
      
      removing the protection previously applied by the security element to the authentication portion to recover the stored-valued object comprising the value portion and the authentication portion; and
      
      encrypting the stored-value data object using a redemption key received at the communication device from the redeeming system; and
      
      sending the encrypted stored-value data object from the communication device to the redeeming system.
  - 17. The method of claim 16, further comprising:
    - receiving a redemption nonce from the redeeming system; and
      
      adding the redemption nonce to the stored-value object in the secure memory element before encrypting it with the redemption key.
  - 18. The method of claim 16, wherein removing the protection previously applied by the security element to the authentication portion to recover the stored-valued object comprising the value. portion and the authentication portion comprises removing encryption applied by the secure element in the step of protecting the authentication portion.

19. A communication device for securely managing stored-value data objects, each comprising a value portion and an authentication portion, the communication device comprising:
- a non-secure element to communicate with stored-value data object issuing and redeeming systems; and
  
  a secure element communicatively coupled to the non-secure element, and programmed to;
  
  receive a stored-value data object from the non-secure element;
  
  verify the stored-value data object;
  
  associate the stored-value data object with an index value stored in the secure element;
  
  protect the authentication portion of the stored-value data object;
  
  generate a binding value that binds the value portion, the authentication portion, and the index value; and
  
  transfer the binding and index values, along with the value and authentication portions of the stored-value data object, to the non-secure element as a processed stored-value data object for storage.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 20. The communication device of claim 19, wherein the secure element protects the authentication portion of the stored-value data object by encrypting the authentication portion using a public key for which the corresponding private key is securely held by the communication device.
  - 21. The communication device of claim 19, wherein the secure element generates a binding value that binds the value portion, the authentication portion, and the index value by encrypting the index value, the value portion, and the protected authentication portion with a private key securely held by the secure element to form the binding value.
  - 22. The communication device of claim 19, wherein the secure element stores a flag in association with the index value that indicates whether or not the stored-value object associated with the index value is used or unused.
  - 23. The communication device of claim 19, wherein the secure element sets the flag to indicate an unused state for the stored-value object before transfer to the non-secure element for storage as the processed stored-value data object.
  - 24. The communication device of claim 19, wherein the secure element sets the flag to indicate a used state for the stored-value object upon transfer of the processed stored-value data object from the non-secure element into the secure element for redemption processing.
  - 25. The communication device of claim 19, wherein the secure element generates a request nonce for each issuance request sent from the communication device to an issuing system.
  - 26. The communication device of claim 25, wherein the secure element verifies the stored-value data object in part by verifying that the stored-value data object includes a request nonce previously generated by the secure element.
  - 27. The communication device of claim 26, wherein the secure element further verifies the stored value data object by decrypting the authentication portion of the stored-value data object using a first key that is associated with the issuing system and securely retained in the secure element.
  - 28. The communication device of claim 19, wherein the non-secure element transfers the processed stored-value object from non-secure memory back to the secure element for redemption processing, and wherein the secure element:
    - verifies the binding between the index value and the authentication and value portions based on the binding value;
      
      confirms that the index value matches a stored index value in the secure element;
      
      removes the protection applied by the secure element to the authentication portion to recover the stored-value data object as comprising the value and authentication portions;
      
      encrypts the stored-value data object using a redemption key associated with a redeeming system with which the stored-value data object is being redeemed; and
      
      transfers the encrypted stored-value data object to the non-secure element for transfer to the redeeming system.
  - 29. The communication device of claim 28, wherein the secure element removes the protection applied by the secure element to the authentication portion to recover the stored-value data object by decrypting the protected secure element to remove an encryption applied to the authentication portion by the secure element as part of the step of protecting the authentication portion.
  - 30. The communication device of claim 28, wherein the secure element verifies that a flag stored in the secure element in association with the index value indicates that the processed stored-value object has not be previously processed for redemption.
  - 31. The communication device of claim 30, wherein the secure element sets the flag to indicate a used state for the processed stored-value data object to prevent subsequent redemption processing should the same processed stored-value data object be presented to the secure element for redemption processing.
  - 32. The communication device of claim 28, wherein the secure element adds a signed object to the stored-value object before encrypting the stored-value object for authentication by the redeeming system.
  - 33. The communication device of claim 28, wherein the secure element adds a redemption nonce received by the communication device from the redeeming system to the stored-value data object before encrypting the stored-value data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ericsson, Inc. (Telefonaktiebolaget LM Ericsson)
Original Assignee
Ericsson, Inc. (Telefonaktiebolaget LM Ericsson)
Inventors
Dutta, Santanu

Application Number

US10/103,502
Publication Number

US 20030093695A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06Q 20/045   using payment protocols inv...

G06Q 20/32   using wireless devices

G06Q 20/327   Short range or proximity pa...

G06Q 20/363   with the personal data of a...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/387   Payment using discounts or ...

G07B 15/00   Arrangements or apparatus f...

G07F 17/42   for ticket printing or like...

G07F 7/0866   by active credit-cards adap...

G07F 7/1016   Devices or methods for secu...

Secure handling of stored-value data objects

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Secure handling of stored-value data objects

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links