TRUSTED REMOTE ATTESTATION AGENT (TRAA)

US 20100306107A1
Filed: 03/31/2010
Published: 12/02/2010
Est. Priority Date: 05/29/2009
Status: Active Grant

First Claim

Patent Images

1. A system for use with a service provider and a consumer electronic device, the system comprising:

an agent module configured to;

perform a set of checking mechanisms to ensure that a communication connection between the consumer electronic device and the service provider is available and active,wherein the frequency of the checking mechanisms may be adjusted by the system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for use with a service provider and a consumer electronic device include a trusted remote attestation agent (TRAA) configured to perform a set of checking procedures or mechanisms to help ensure the security status of a consumer electronic device (e.g., a mobile terminal or phone) that holds financial instruments. The checking procedures may include: self-verifying integrity by the TRAA; checking for presence of a provisioning SIM card (one that was present when the financial instruments were enabled on the device); checking that a communication connection between the consumer electronic device and the service provider is available and active; and checking that communication connectivity to a home mobile network is available and active. The frequency of the checking mechanisms may be adjusted, for example, according to a risk-profile of a user associated with the device or the location (e.g., GPS location) of the device. The checks may be used, for example, to temporarily disable or limit the use of the financial instruments from the device.

Citations

20 Claims

1. A system for use with a service provider and a consumer electronic device, the system comprising:
- an agent module configured to;
  
  perform a set of checking mechanisms to ensure that a communication connection between the consumer electronic device and the service provider is available and active,wherein the frequency of the checking mechanisms may be adjusted by the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein:
    - a predetermined restriction on the consumer electronic device is enforced if one or more of the checking mechanisms fail.
  - 3. The system of claim 1, wherein:
    - the system adjusts the frequency of the checking mechanisms depending on a risk-profile associated with the consumer electronic device.
  - 4. The system of claim 1, wherein:
    - the agent module is included in a hardware secure module of the consumer electronic device; and
      
      the checking mechanisms include a mechanism for verifying self-integrity by the agent module.
  - 5. The system of claim 1, wherein:
    - the agent module has a stored, protected copy of a SIM card unique identifier value; and
      
      the checking mechanisms include a mechanism for verifying whether an identity of a SIM card of the consumer electronic device matches the stored, protected copy of the unique identifier value.
  - 6. The system of claim 1, wherein:
    - the checking mechanisms include a mechanism for checking connectivity to a home mobile network including a trusted service manager (TSM) of the service provider.
  - 7. The system of claim 1, wherein:
    - the checking mechanisms include a mechanism for checking connectivity to a financial services provider (FSP).
  - 8. The system of claim 1, whereinthe consumer electronic device includes a provisioning SIM card that was present when the consumer electronic device was provisioned with a financial instrument by storing a copy of and protecting a unique identifier value of the provisioning SIM card in a hardware secure module of the consumer electronic device;
    - andthe checking mechanisms include a mechanism for verifying whether an identity of a SIM card of the consumer electronic device matches the stored, protected copy of the unique identifier value of the provisioning SIM card; and
      
      wherein;
      
      the system is configured to put the financial instrument in a hold state if the verification of the provisioning SIM card fails.

9. A method for use with a consumer electronic device and a service provider, the method comprising:
- determining whether a SIM card is present on the consumer electronic device;
  
  determining whether a data in a secure element of the consumer electronic device has changed;
  
  determining, if the SIM card is present, whether a network connection to the service provider is available; and
  
  enforcing a predetermined restriction on the consumer electronic device if either the SIM card is not present or the data in the secure element has changed and there is no confirmation from the service provider through the network connection.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, further comprising:
    - self-verifying integrity by an agent resident on the consumer electronic device, wherein if the self-verifying fails, a financial instrument on the consumer electronic device is put in a lock state so that the financial instrument is required to be re-enabled by calling the service provider.
  - 11. The method of claim 9, wherein:
    - the consumer electronic device includes a provisioning SIM card that was present when the consumer electronic device is provisioned with a financial instrument and the provisioning SIM card has a unique identifier value that is stored and protected in the consumer electronic device; and
      
      further comprising;
      
      if the SIM card is determined to be present, verifying whether an identity of the SIM card matches the stored, protected unique identifier value of the provisioning SIM card; and
      
      putting the financial instrument in a hold state if the verification of the provisioning SIM card fails so that the financial instrument will become available for use once the provisioning SIM card is again present in the consumer electronic device.
  - 12. The method of claim 9, wherein:
    - the service provider comprises a trusted service manager for a financial instrument, the trusted service manager connected on a home mobile network of the consumer electronic device; and
      
      further comprising;
      
      if determining whether a network connection to the service provider is available fails, putting the financial instrument in a cap state, wherein financial transactions for more than a predetermined cap value are denied to the consumer electronic device.
  - 13. The method of claim 12, wherein:
    - the cap state is enforced until a provisioning SIM card, a connection to the trusted service manager via the home mobile network, and a connection to a financial service provider (FSP) all become available on the consumer electronic device.
  - 14. The method of claim 9, wherein:
    - the determination whether a SIM card is present, the determination whether a data has changed, the determination whether a network connection is available, and the conditional enforcement of restrictions comprise a set of checking mechanisms; and
      
      the checking mechanisms are performed at a frequency depending on a risk-profile associated with user of the device.
  - 15. The method of claim 9, wherein:
    - the determination whether a SIM card is present, the determination whether a data has changed, the determination whether a network connection is available, and the conditional enforcement of restrictions comprise a set of checking mechanisms; and
      
      the checking mechanisms are performed at a frequency depending on a global positioning system (GPS) location of the consumer electronic device.

16. A computer program product comprising a computer readable medium having computer readable code for instructing a processor of a device to perform a method, the method comprising:
- self-verifying integrity of the computer readable code;
  
  checking for presence of a provisioning SIM card present when the device is provisioned with a financial instrument;
  
  checking for connectivity to a financial service provider (FSP);
  
  checking for connectivity to a trusted service manager (TSM) via a home mobile network;
  
  if the self-verifying fails, putting a financial instrument on the device in a lock state so that the financial instrument is required to be re-enabled by calling the service provider;
  
  if a SIM card is determined present, verifying whether the SIM card matches the provisioning SIM card;
  
  if the verification of the provisioning SIM card fails, putting the financial instrument in a hold state so that the financial instrument will become available for use once the provisioning SIM card is again present in the device; and
  
  if checking for connectivity to the FSP fails and checking for connectivity to the TSM fails, putting the financial instrument in a cap state, wherein financial transactions for more than a predetermined cap value are denied to the device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein the self-verifying includes using one or more of a digital signature verification or an oblivious hashing (OH) technique applied to the computer readable code.
  - 18. The computer program product of claim 16, wherein a frequency of the self-verification and checking is adjusted according to at least one of a user-profile associated with the device and a GPS location of the device.
  - 19. The computer program product of claim 16, wherein the device is a mobile phone.
  - 20. The computer program product of claim 16, wherein the device is a consumer electronic device for which the SIM card is substituted by a uniquely identifiable network communication element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Nahari, Hadi

Granted Patent

US 9,734,496 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/44
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/32   using wireless devices

G06Q 20/3227   using secure elements embed...

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 30/0613   Third-party assisted

H04L 63/126   the source of the received ...

H04L 63/14   for detecting or protecting...

H04W 12/00   Security arrangements; Auth...

H04W 12/10   Integrity

H04W 12/67   Risk-dependent, e.g. select...

TRUSTED REMOTE ATTESTATION AGENT (TRAA)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TRUSTED REMOTE ATTESTATION AGENT (TRAA)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links