Method for issuer and chip specific diversification
First Claim
Patent Images
1. A method for initializing a secure element in a wireless terminal, comprising:
- receiving an uninitialized secure element comprising memory, wherein the memory of the secure element includes pre-installed root keys and a unique serial number;
receiving secure element tailoring information associated with a wireless terminal issuer; and
, configuring the installed secure element to support secure communication through the wireless terminal, wherein said configuring of the secure element is based on the received tailoring information and the pre-installed root keys and the unique serial number.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for initializing secure elements for use in mobile devices. A mobile device manufacturer embeds uninitialized secure elements into mobile devices. An issuer-specific seed value is securely passed into an initialization routine in the operating system of the secure element. The initialization routine diversifies the initial root keys on the secure element with the issuer seed and the unique chip serial number to create master and chip keys for use in secure communications between the issuer and the mobile device user.
59 Citations
40 Claims
-
1. A method for initializing a secure element in a wireless terminal, comprising:
-
receiving an uninitialized secure element comprising memory, wherein the memory of the secure element includes pre-installed root keys and a unique serial number;
receiving secure element tailoring information associated with a wireless terminal issuer; and
,configuring the installed secure element to support secure communication through the wireless terminal, wherein said configuring of the secure element is based on the received tailoring information and the pre-installed root keys and the unique serial number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus, comprising:
-
a wireless terminal; and
a terminal-integrated secure element comprising memory, wherein said secure element is configured, based on tailoring information received from an issuer and based on pre-installed root keys and a unique serial number associated with the secure element, to support secure communication through the wireless terminal. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-readable medium having computer-executable instructions for performing steps comprising:
-
receiving secure element tailoring information associated with a wireless terminal issuer;
deriving from said secure element tailoring information a key value and an issuer seed;
validating said secure element tailoring information using said derived key value and pre-installed key values of a wireless terminal; and
,configuring a secure element to support secure communication through the wireless terminal, wherein said configuring of the secure element is based on the secure element tailoring information. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for initializing a secure element in a wireless terminal, comprising:
-
generating tailoring information corresponding to a key value associated with the wireless terminal and a seed value associated with a wireless terminal issuer;
securely transmitting said tailoring information to an untrusted party in possession of said wireless terminal, wherein the information is thereafter used to configure the secure element to support secure communication through the wireless terminal, wherein said configuring is based on the tailoring information and pre-installed root keys and a unique serial number associated with the secure element. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
-
38. A memory device that has been initialized to include the following fields:
-
at least one pre-installed root key value for use in the generation of at least one issuer-specific chip key;
a pre-installed transfer key value for use in the validation of received initialization data;
a pre-installed MAC seed value for use in the validation of received initialization data; and
,a pre-installed unique chip serial number, wherein said at least one root key value, said transfer key value, and said MAC seed value are identical to respective root key values, transfer key values, and MAC seed values on a plurality of other commonly manufactured memory devices, and wherein said unique chip serial number is not identical to the unique chip serial number on any other commonly manufactured memory device. - View Dependent Claims (39, 40)
-
Specification