Trusted Integrity Manager (TIM)

US 20100306076A1
Filed: 12/21/2009
Published: 12/02/2010
Est. Priority Date: 05/29/2009
Status: Abandoned Application

First Claim

Patent Images

1. A system for use with a trusted service manager (TSM) and a mobile device having a unique identification data, the system comprising:

a server wherein;

the server validates an application against the unique identification data of the mobile device and provides the validated application for the mobile device; and

a secure element (SE) acting as a client wherein;

the SE is present in the mobile device as client;

the validated application from the server is installed in the SE;

the SE is adapted to execute the validated application to perform a service process; and

the service process includes enablement of payment functions on the mobile device, wherein enablement of payment functions includes;

providing secure communication between the mobile device and the TSM;

secure provisioning of a payment instrument on the mobile device, wherein authentication and verification for the payment instrument on the mobile device is provided by the server; and

binding the payment instruments and the validated application to the mobile device to provide a strong ID management for enhanced user protection and system security and integrity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for use with a trusted service manager (TSM) and a mobile device having a subscriber unique identifying data, according to one embodiment, includes: a server in which the server validates an application against the unique and identifying data of the mobile device and provides the validated application for the mobile device; and a secure element (SE) acting as a client in which the SE is present in the mobile device as client; the validated application from the server is installed in the SE; and the SE is adapted to execute the validated application to perform a service process. The service process includes enablement of payment functions on the mobile device, in which enablement of payment functions includes: providing secure communication between the mobile device and the server; secure provisioning of a payment instrument on the mobile device, wherein authentication and verification for the payment instrument on the mobile device is provided by the server; and binding the payment instruments and the validated application to the mobile device to provide a strong ID management for enhanced user protection and system security and integrity.

355 Citations

20 Claims

1. A system for use with a trusted service manager (TSM) and a mobile device having a unique identification data, the system comprising:
- a server wherein;
  
  the server validates an application against the unique identification data of the mobile device and provides the validated application for the mobile device; and
  
  a secure element (SE) acting as a client wherein;
  
  the SE is present in the mobile device as client;
  
  the validated application from the server is installed in the SE;
  
  the SE is adapted to execute the validated application to perform a service process; and
  
  the service process includes enablement of payment functions on the mobile device, wherein enablement of payment functions includes;
  
  providing secure communication between the mobile device and the TSM;
  
  secure provisioning of a payment instrument on the mobile device, wherein authentication and verification for the payment instrument on the mobile device is provided by the server; and
  
  binding the payment instruments and the validated application to the mobile device to provide a strong ID management for enhanced user protection and system security and integrity.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein:
    - a tag identifier is stored in a hardware secure storage on a device using a trusted software component to provide a secure identity binding;
      
      the mobile device is configured to read the tag identifier to verify the content of the hardware secure storage so that, if a match is found, the tag identifier is trusted as representing the identity of the device.
  - 3. The system of claim 1, wherein:
    - an authentication of the mobile device by the server is based on a zero knowledge proof augmented by hardware-based protection of secret key material.
  - 4. The system of claim 1, wherein:
    - a trusted remote attestation agent (TRAA) is configured to perform a set of pulse-check steps to ensure that a security-sensitive connection between the mobile device client and the TIM server is available and active.
  - 5. The system of claim 1, wherein:
    - an interactive phishing detection visual indicator is provided to the mobile device upon a successful authentication of the mobile device client by the server; and
      
      the interactive phishing detection visual indicator is available at a trust source site for matching by a user of the mobile device.

6. A method for performing a financial transaction from a mobile device in conjunction with a trusted service manager (TSM), the method comprising:
- leveraging a subscriber identity data to the mobile device;
  
  activating service on the mobile device identified by a secure element and the subscriber identity data;
  
  receiving a user request via the mobile device through the TSM by a server for enabling payment functions on the mobile device;
  
  enabling payment functions on the mobile device by the server wherein;
  
  the server validates an application against the subscriber identity data of the mobile device;
  
  the server provides the validated application via a trusted third party (TTP) over the air (OTA) to the mobile device; and
  
  the validated application is installed in an embedded secure element (SE) of the mobile device;
  
  executing the validated application in the SE of the mobile device to request provisioning from a trusted service provider (TSP) of the TSM of a payment instrument on the mobile device;
  
  requesting by the TSP of the TSM from a bank of validation, verification, and authorization that the requested payment instrument is a legitimate payment instrument for the mobile device identified by the subscriber identity data;
  
  in response to authorization from the bank being received by the TSM, validating and packaging by the server of information for enabling the payment instrument in a proper format for the embedded SE of the mobile device;
  
  passing the packaged information from the server to the TTP; and
  
  installing over the air (OTA) the packaged information by the TTP into the embedded SE of the mobile device.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method of claim 6, further comprising:
    - validating by the server a payment instrument within the embedded SE to be executed on the mobile device; and
      
      checking by the server of the integrity of the payment instrument on a regular basis using a secure identity binding.
  - 8. The method of claim 6, further comprising:
    - using by the server a plurality of data linked to the user and mobile device to verify identity, time, geo-location, or authorization credentials on transactions in an acquiring process using the wireless channel of the mobile device in conjunction with a usual acquiring network.
  - 9. The method of claim 6, wherein the leveraging comprises:
    - using the subscriber identity data to control a level of risk to be tolerated, wherein the risk is associated with the use of the mobile device.
  - 10. The method of claim 6, further comprising:
    - creating a profile for the mobile device; and
      
      using the profile to control risk associated with offline use of the mobile device.
  - 11. The method of claim 6, wherein:
    - a trusted remote attestation agent (TRAA) performs a set of pulse-check steps to ensure that a security-sensitive connection is available and active.
  - 12. The method of claim 6, wherein:
    - an interactive phishing detection visual indicator is provided to the mobile device upon a successful authentication of a mobile device client by a server; and
      
      the interactive phishing detection visual indicator is available at a trust source site for matching by a user of the mobile device.
  - 13. The method of claim 6, wherein:
    - an authentication of the mobile device by the server is based on zero knowledge proof augmented by hardware-based protection of secret key material.
  - 14. The method of claim 6, further comprising:
    - storing a tag identifier in a hardware secure storage on a device using a trusted software component to provide a secure identity binding;
      
      reading the tag identifier to verify the content of the hardware secure storage; and
      
      if a match is found, trusting the tag identifier as representing the identity of the device.

15. A computer program product comprising a computer readable medium having computer readable code for instructing a processor to perform a method, the method comprising:
- activating service on the mobile device identified by a secure element and a unique identifying data;
  
  receiving a user request via the mobile device through the TSM by a server for enabling payment functions on the mobile device;
  
  enabling payment functions by the server on the mobile device wherein;
  
  the server validates an application against the unique identifying data of the mobile device;
  
  the server provides the validated application via a trusted third party (TTP) over the air (OTA) to the mobile device; and
  
  the validated application is installed in an embedded secure element (SE) of the mobile device; and
  
  executing the validated application in the SE of the mobile device to request provisioning from a trusted service provider (TSP) of the TSM of a payment instrument on the mobile device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, further comprising computer readable code for instructing the processor to perform:
    - requesting by the TSP of the TSM, from a bank, of validation, verification, and authorization that the requested payment instrument is a legitimate payment instrument for the mobile device identified by the unique identifying data;
      
      in response to authorization from the bank being received by the TSM, validating and packaging by the server of information for enabling the payment instrument in a proper format for the embedded SE of the mobile device;
      
      passing the packaged information from the server to the TTP; and
      
      installing over the air (OTA) the packaged information by the TTP into the embedded SE of the mobile device.
  - 17. The computer program product of claim 15, further comprising computer readable code for instructing the processor to perform:
    - a set of pulse-check steps of a trusted remote attestation agent (TRAA) to ensure that a security-sensitive connection is available and active.
  - 18. The computer program product of claim 15, further comprising computer readable code for instructing the processor to perform:
    - providing an interactive phishing detection visual indicator to the mobile device upon a successful authentication of a mobile device client by a server; and
      
      making the interactive phishing detection visual indicator available at a trust source site for matching by a user of the mobile device.
  - 19. The computer program product of claim 15, further comprising computer readable code for instructing the processor to perform:
    - an authentication of the mobile device by the server based on zero knowledge proof augmented by hardware-based protection of secret key material.
  - 20. The computer program product of claim 15, further comprising computer readable code for instructing the processor to perform:
    - storing a tag identifier in a hardware secure storage on a device using a trusted software component to provide a secure identity binding so that upon reading the tag identifier to verify the content of the hardware secure storage, if a match is found, the tag identifier is trusted as representing the identity of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Nahari, Hadi, Taveau, Sebastien, Duprat, Eric

Application Number

US12/643,972
Publication Number

US 20100306076A1
Time in Patent Office

Days
Field of Search
US Class Current

705/26.8
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/10   specially adapted for elect...

G06Q 20/3229   Use of the SIM of a M-devic...

G06Q 20/326   Payment applications instal...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3823   combining multiple encrypti...

G06Q 30/0633   Lists, e.g. purchase orders...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/006   involving public key infras...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Trusted Integrity Manager (TIM)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

355 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Trusted Integrity Manager (TIM)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

355 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others