Mobile devices for commerce over unsecured networks

US 20120130839A1
Filed: 01/16/2012
Published: 05/24/2012
Est. Priority Date: 09/24/2006
Status: Active Grant

First Claim

Patent Images

1. A mobile device for conducting a secured transaction over a network, the mobile device comprising:

a network interface;

an interface to receive a secure element;

a memory space for storing at least a module and an application downloaded from the network;

a processor coupled to the memory space and configured to execute the module to perform operations including;

verifying whether the application has been provisioned;

when said verifying indicates that the application has not been provisioned,sending to a server via the network interface an identifier identifying the application together with device information of a secure element;

establishing a secured channel between the secure element and the server using a key set installed on the secure element, wherein the server is configured to prepare data necessary for the application to function as designed on the mobile device;

receiving the data from the server to associate the application with the secure element; and

sending out an acknowledgement to a provider of the application about a status of the application that is now active with the secure element.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for managing modules or applications installed in a mobile device are described. To provide authentic and secured transactions with another device, each of the installed applications is provisioned with a server through data communication capability in a mobile device. A provisioned application is associated with the personalized secure element in the mobile device and works with a set of keys that are generated in accordance with a set of keys from the personalized secure element. Further management of controlling an installed application is also described.

113 Citations

17 Claims

1. A mobile device for conducting a secured transaction over a network, the mobile device comprising:
- a network interface;
  
  an interface to receive a secure element;
  
  a memory space for storing at least a module and an application downloaded from the network;
  
  a processor coupled to the memory space and configured to execute the module to perform operations including;
  
  verifying whether the application has been provisioned;
  
  when said verifying indicates that the application has not been provisioned,sending to a server via the network interface an identifier identifying the application together with device information of a secure element;
  
  establishing a secured channel between the secure element and the server using a key set installed on the secure element, wherein the server is configured to prepare data necessary for the application to function as designed on the mobile device;
  
  receiving the data from the server to associate the application with the secure element; and
  
  sending out an acknowledgement to a provider of the application about a status of the application that is now active with the secure element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The mobile device as recited in claim 1, wherein the data received in the mobile device includes an application key set for the application, and a user interface specifically designed for the mobile device.
  - 3. The mobile device as recited in claim 2, wherein the mobile device is a near field communication (NFC) enabled mobile phone, and the application is an electronic purse (e-purse), the mobile device is used to exchange secured data with another device within a near distance to conduct a transaction.
  - 4. The mobile device as recited in claim 3, wherein the secured data is being exchanged over a secured channel between the mobile device and the another device established by the application key set.
  - 5. The mobile device as recited in claim 4, wherein the transaction is conducted without the mobile communicating with a transaction server.
  - 6. The mobile device as recited in claim 1, wherein said sending to a server via the network interface an identifier identifying the application together with device information of a secure element comprises:
    - determining whether the secure element has been personalized with a Trusted Service Management (TSM) system, wherein the TSM system is a collection of services configured to distribute and manage contactless services for customers signed up with the TSM, and provide data exchanges among different parties to make electronic commerce possible over a wireless network; and
      
      performing a personalization process for the secure element when above said determining determines that the secure element has not been personalized with the Trusted Service Management (TSM) system, wherein the secure element when personalized establishes a security platform for the application to run on the mobile device.
  - 7. The mobile device as recited in claim 6, wherein the personalization process comprises:
    - causing the mobile device to initiate data communication with a server in the TSM system;
      
      retrieving device information of the secure element in responding to a request from the TSM server after the TSM server determines that the secure element is registered therewith, wherein the device information is a sequence of characters uniquely identifying the secure element;
      
      receiving at least a set of keys from the TSM server, wherein the keys are generated in the TSM server in accordance with the device information of the secure element; and
      
      storing the set of keys in the secure element to facilitate a subsequent transaction with the secure element in the computing device.
  - 8. The mobile device as recited in claim 7, wherein the device information includes an identifier of the secure element, manufacturer information and a batch number.
  - 9. The mobile device as recited in claim 7, wherein the secure element is embedded in the mobile device and integrated with the mobile device via the interface.
  - 10. The mobile device as recited in claim 7, wherein the secure element is a software module installed in a secure memory space only accessible by a distributor of the secure element.
  - 11. The mobile device as recited in claim 10, wherein some components are updated when the secure element is upgraded by the distributor.
  - 12. The mobile device as recited in claim 1, wherein the operations further comprises:
    - receiving a message from a distributor of the application, the message including an identifier identifying the application;
      
      verifying that the message is indeed from the distributor;
      
      disassociating the application with the secure element in responding to a confirmation from the distributor after the message has been verified and was indeed from the distributor; and
      
      notifying the distributor that the application installed in the mobile device is no longer active.
  - 13. The method as recited in claim 8, wherein part of the data is used to facilitate the server to remotely manage the application.

14. A mobile device for conducting a secured transaction over a network, the mobile device comprising:
- a network interface;
  
  a secure element;
  
  a memory space for storing various modules downloaded from the network, each of the modules configured to provide an application or a service to a user of the mobile device;
  
  a processor coupled to the memory space and configured to execute an embedded module to perform operations including;
  
  provisioning each of the modules with a provider that publishes the each of the modules, wherein said provisioning each of the modules with a distributor comprises;
  
  sending to a server via the network interface an identifier identifying the each of the modules together with device information of the secure element;
  
  establishing a secured channel between the secure element and the server using a key set installed on the secure element, wherein the server is configured to prepare data necessary for the each of the modules to function as designed on the mobile device;
  
  receiving the data from the server to associate the each of the modules with the secure element, wherein the data includes a set of keys generated for the each of the modules; and
  
  sending out an acknowledgement to the provider of the each of the modules about a status thereof that is now active with the secure element.
- View Dependent Claims (15, 16, 17)
- - 15. The mobile device as recited claim 14, wherein the operations further comprise:
    - receiving a message from a distributor of one of the modules, the message including an identifier identifying the one of the modules;
      
      verifying that the message is authenticated;
      
      disassociating the one of the modules with the secure element in responding to a confirmation from the distributor after the message has been verified and was indeed from the distributor; and
      
      notifying the distributor that the one of the modules installed in the mobile device is no longer active.
  - 16. The mobile device as recited claim 14, wherein the mobile device includes a display configured to display a user interface showing some of the modules that are still provisioned and active, each of the modules is configured to show another user interface particularly designed for the display of the mobile device when the each of the modules is activated by a user.
  - 17. The mobile device as recited claim 16, wherein the secure element must be personalized before each of the modules is provisioned, each of the provisioned modules is associated with the personalized secure element and a key set generated in accordance with a key set of the secure element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RFCyber Corp. (RFCyber Corporation)
Original Assignee
RFCyber Corp. (RFCyber Corporation)
Inventors
Koh, Liang Seng, Pan, Hsin, Xie, Xiangzhen

Granted Patent

US 9,240,009 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/26.1
CPC Class Codes

G06Q 20/32   using wireless devices

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3227   using secure elements embed...

G06Q 20/325   using wireless networks

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/352   Contactless payments by cards

G06Q 20/3552   Downloading or loading of p...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 30/0601   Electronic shopping [e-shop...

H04L 67/141   Setup of application sessio...

Mobile devices for commerce over unsecured networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

113 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile devices for commerce over unsecured networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links