WRITING APPLICATION DATA TO A SECURE ELEMENT

US 20120159195A1
Filed: 09/26/2011
Published: 06/21/2012
Est. Priority Date: 12/17/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for writing application data in a secure element namespace of a secure element of a contactless device, using requests from a user-interface software application resident on the contactless device and outside the secure element, the method comprising:

assigning, by the control software application, one or more memory blocks of the secure element namespace to a software application from a software application provider, wherein the one or more data memory blocks of the secure element namespace are protected from a read access type and a write access type access keys, the access keys defined, by the control software application, in an access memory lock of the secure element namespace, and wherein a copy of the access keys are maintained in the control software application;

transmitting, from the user-interface software application to a remote trusted service manager (TSM) computer, a request for application data for the software application assigned to the one or more memory blocks of the secure element and an access key for a write access type, the application data to be written to the secure element namespace;

receiving, in a secure memory of the contactless device, from the remote TSM computer, the requested application data and the requested access key; and

writing, by the control software application in the secure element, the requested application data from the secure memory to the one or more data memory blocks of the secure element namespace to the software application, wherein the one or more data memory blocks of the secure element namespace are accessed by the control software application using the requested access key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element.

31 Citations

View as Search Results

27 Claims

1. A computer-implemented method for writing application data in a secure element namespace of a secure element of a contactless device, using requests from a user-interface software application resident on the contactless device and outside the secure element, the method comprising:
- assigning, by the control software application, one or more memory blocks of the secure element namespace to a software application from a software application provider, wherein the one or more data memory blocks of the secure element namespace are protected from a read access type and a write access type access keys, the access keys defined, by the control software application, in an access memory lock of the secure element namespace, and wherein a copy of the access keys are maintained in the control software application;
  
  transmitting, from the user-interface software application to a remote trusted service manager (TSM) computer, a request for application data for the software application assigned to the one or more memory blocks of the secure element and an access key for a write access type, the application data to be written to the secure element namespace;
  
  receiving, in a secure memory of the contactless device, from the remote TSM computer, the requested application data and the requested access key; and
  
  writing, by the control software application in the secure element, the requested application data from the secure memory to the one or more data memory blocks of the secure element namespace to the software application, wherein the one or more data memory blocks of the secure element namespace are accessed by the control software application using the requested access key.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
- - 3. The method according to claim 1, wherein the requested application data comprises at least one of a software application executable in the secure element or data required to support an existing software application in the secure element.
  - 4. The method according to claim 3, further comprising:
    - receiving, in the secure memory from the remote TSM computer, an application identifier (AID) for the software application and a directory access key, the directory access key for writing to an application directory table in a directory memory block in the secure element namespace; and
      
      writing, by the control software application, the AID of the software application and the memory block location of the written software application into the application directory table, wherein the directory memory block is accessed by the control software application using the directory access key.
  - 5. The method according to claim 1, further comprising:
    - receiving, in the secure memory, from the remote TSM computer, a new access key, wherein the new access key overwrites the requested access key; and
      
      replacing, by the control software application, in the access memory block the requested first access key with the new first access key, wherein write access to the data memory block and the access memory block granted using the requested access key, and wherein a copy of the new access key is maintained in the control software application.
  - 6. The method according to claim 1, wherein the secure element comprises the secure memory.
  - 7. The method according to claim 1, wherein the user-interface software application resident outside the secure element executes on an operating system of a computer, the computer comprising the secure element, and an input device for accepting a user input.
  - 8. The method according to claim 1, wherein writing the requested application data from the temporary memory to a data memory block comprises an installation step when the application data is a software application, thereby configuring the software application to execute within the secure element for initiating transactions with an external card reader device.
  - 9. The method according to claim 1, wherein the TSM computer is an external card reader device in radio frequency contact with the contactless device comprising the secure element.

2. (canceled)

10. A computer-implemented system for writing application data in a secure element namespace of a contactless device using requests from a user-interface software application resident outside the secure element, the system comprising:
- a computer comprising the secure element and that executes a user-interface software application to transmit, to a remote trusted service manager (TSM) computer, a request for application data and an access key for a write access type, the application data to be written to the secure element namespace;
  
  a temporary memory in the computer for receiving, from the remote TSM computer, the requested application data and the requested access key; and
  
  a control software application operating in the secure element that assigns one or more memory blocks of the secure element namespace to a software application from a software application provider, and that writes the requested application data from the temporary memory to the one or more data memory blocks of the secure element namespace assigned to the software application and,wherein the one or more data memory blocks of the secure element namespace are accessed by the control software application using the requested access key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 26)
- - 11. The system according to claim 10, wherein the secure element comprises the secure memory.
  - 12. The system according to claim 10, wherein the data memory block of the secure element namespace is protected from a read access type and a write access type by access keys, the access keys defined in an access memory block of the secure element namespace.
  - 13. The system according to claim 10, wherein the requested application data comprises one of at least a software application executable in the secure element or data required to support an existing software application in the secure element.
  - 14. The system according to claim 13, wherein the temporary memory receives from the remote TSM computer an application identifier (AID) for the software application and a directory access key, the directory access key for writing to an application directory table in a directory memory block in the secure element namespace, andwherein the control software application in the secure element writes the AID of the software application and the memory block location of the written software application into the application directory table, wherein the directory memory block is accessed by the control software application using the directory access key.
  - 15. The system according to claim 10, wherein the temporary memory receives, from the remote TSM computer, a new access key, the new access key replaces the requested access key, andwherein the control software application in the secure element replaces in the access memory block the requested access key with the new access key, wherein write access to the data memory block and the access memory block is granted using the requested access key, and wherein a copy of the new access key is maintained in the control software application.
  - 16. The system according to claim 10, wherein writing the requested application data from the temporary memory to a data memory block comprise an installation step when the application data is a software application, thereby configuring the software application to execute within the secure element for initiating transactions with an external card reader device.
  - 17. The system according to claim 10, wherein the TSM computer is an external card reader device in radio frequency contact with the computer.
  - 26. The system of claim 12, wherein the control software application maintains a copy of the access keys defined in the access memory blocks of the secure element namespace.

18. A contactless device, comprising:
- a secure element comprising a secure element namespace;
  
  a user-interface software application resident outside the secure element that transmits, to a remote trusted service manager (TSM) computer, a request for application data and at least an access key for a write access type, the application data to be written to the secure element namespace;
  
  a temporary memory that receives, from the remote TSM computer, the requested application data and the requested access key; and
  
  a control software application in the secure element that assigns one or more memory blocks of the secure element namespace to a software application from a software application provider, and that writes the requested application data from the temporary memory to the one or more data memory blocks of the secure element namespace assign to the software application, andwherein the one or more data memory block of the secure element namespace are accessed by the control software application using the requested access key.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 27)
- - 19. The device according to claim 18, wherein the secure element comprises the temporary memory.
  - 20. The device according to claim 18, wherein the data memory block of the secure element namespace is protected from a read access type and a write access type by access keys, the access keys defined in an access memory block of the secure element namespace.
  - 21. The device according to claim 18, wherein the requested application data comprises one at least one of a software application executable in the secure element or data required to support an existing software application in the secure element.
  - 22. The device according to claim 21, wherein the temporary memory receives, from the remote TSM computer, an application identifier (AID) for the software application and a directory access key, the directory access key for writing to an application directory table in a directory memory block in the secure element namespace, andwherein the control software application in the secure element writes the AID of the software application and the memory block location of the written software application into the application directory table, wherein the directory memory block is accessed by the control software application using the directory access key.
  - 23. The device according to claim 18, wherein the temporary memory receives, from the remote TSM computer, a new access key, wherein the new access key replaces the requested access key, andwherein the control software application replaces in the access memory block the requested access key with the new access key, wherein write access to the data memory block and the access memory block has been granted using the requested access key, and wherein a copy of the new access key is maintained in the control software application.
  - 24. The device according to claim 18, wherein writing the requested application data from the temporary secure memory of the secure element to a data memory block comprises an installation step when the application data is a software application, thereby configuring the software application to execute within the secure element for initiating transactions with an external card reader device.
  - 25. The device according to claim 18, wherein the TSM computer is an external card reader device in radio frequency contact with the device.
  - 27. The device of claim 20, wherein the control software application maintains a copy of the access keys defined in the access memory blocks of the secure element namespace.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
von Behren, Rob, Wall, Jonathan, Paya, Ismail Cem, Muehlberg, Alexej, Meyn, Hauke

Granted Patent

US 8,335,921 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3563   Software being resident on ...

G06Q 20/35765   Access rights to memory zones

G07F 7/1008   Active credit-cards provide...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/08   Key distribution or managem...

H04L 9/0897   involving additional device...

H04W 12/35   Protecting application or s...

H04W 4/80   Services using short range ...

WRITING APPLICATION DATA TO A SECURE ELEMENT

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

WRITING APPLICATION DATA TO A SECURE ELEMENT

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others