SYSTEM AND METHOD FOR KEY MANAGEMENT FOR ISSUER SECURITY DOMAIN USING GLOBAL PLATFORM SPECIFICATIONS
First Claim
1. A method comprising:
- receiving from a server an authorization to update a first Issuer Security Domain encryption keyset;
encrypting, via a secure element on a client device, a second Issuer Security Domain keyset with a server public key to yield an encrypted second Issuer Security Domain keyset; and
sending the encrypted second Issuer Security Domain keyset to the server for updating the first Issuer Security Domain encryption keyset with the encrypted second Issuer Security Domain keyset.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key management for Issuer Security Domain (ISD) using GlobalPlatform Specifications. A client receives from a server an authorization to update a first ISD keyset. The client encrypts, via a client-side secure element, a second ISD keyset with a server public key. The client sends the encrypted second ISD keyset to the server for updating the first ISD keyset with the encrypted second ISD keyset. Prior to updating, the client generates the first ISD keyset at a vendor and sends the first ISD keyset to the client-side secure element and sends the first ISD keyset encrypted with the server public key to the server. The disclosed method allows for updating of an ISD keyset of which only the client-side secure element and a server have knowledge.
72 Citations
26 Claims
-
1. A method comprising:
-
receiving from a server an authorization to update a first Issuer Security Domain encryption keyset; encrypting, via a secure element on a client device, a second Issuer Security Domain keyset with a server public key to yield an encrypted second Issuer Security Domain keyset; and sending the encrypted second Issuer Security Domain keyset to the server for updating the first Issuer Security Domain encryption keyset with the encrypted second Issuer Security Domain keyset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
sending, from a server to a client, an authorization to update a first Issuer Security Domain encryption keyset; receiving, at the server, an encrypted second Issuer Security Domain keyset, generated by a client within a client-side Secure Element; and updating the first Issuer Security Domain encryption keyset with the encrypted second Issuer Security Domain keyset. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system comprising:
-
a processor; a memory storing instructions for controlling the processor to perform a method comprising; generating, at a vendor, an Issuer Security Domain encryption keyset; sending the Issuer Security Domain encryption keyset and a server public key to a Secure Element at a client, wherein the Secure Element implements at least a portion of Global Platform Card specifications; encrypting, at the vendor, the Issuer Security Domain encryption keyset with the server public key to yield an encrypted keyset; and sending the encrypted keyset to the server. - View Dependent Claims (17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium storing instructions which, when executed by a computing device, cause the computing device to perform steps comprising:
-
receiving, at a client having a Secure Element, an Issuer Security Domain encryption keyset and a server public key, wherein the keyset is generated at a vendor; and storing the Issuer Security Domain encryption keyset and server public key. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A non-transitory computer-readable storage medium storing instructions which, when executed by a computing device, cause the computing device to perform steps comprising:
-
generating an Issuer Security Domain encryption keyset; sending the Issuer Security Domain encryption keyset and a server public key to a Secure Element embedded within a client; encrypting the Issuer Security Domain encryption keyset with the server public key to yield an encrypted keyset; and sending the encrypted keyset to the server. - View Dependent Claims (26)
-
Specification