TRUSTED SERVICE MANAGER (TSM) ARCHITECTURES AND METHODS
First Claim
Patent Images
1. A client device, comprising:
- a first secure element comprising a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction, wherein;
the payment application has been securely downloaded to the first secure element from a trusted service manager (TSM); and
the first secure element is programmed to download the payment application in response to determining that the payment application is signed by the TSM;
a second secure element, physically separate from the first secure element, comprisinga second computer-readable medium having a security key, a payment instrument, stored authentication data, and instructions for generating a secure payment information message responsive to the payment application, wherein;
the security key is excluded from the first secure element;
the payment instrument is excluded from the first secure element;
the client device is registered with the TSM only through the second secure element, exclusive of the first secure element, so that registering the client device with the TSM for authentication includes registering and storing the stored authentication data, wherein the stored authentication data is excluded from the first secure element;
the second computer-readable medium includes instructions for;
comparing a user authentication input to the stored authentication data in response to signaling by the payment application andgenerating the secure payment information message in response to an authentication including a match of the user authentication input with the stored authentication data; and
wherein the secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.
2 Assignments
0 Petitions
Accused Products
Abstract
A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.
102 Citations
18 Claims
-
1. A client device, comprising:
-
a first secure element comprising a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction, wherein; the payment application has been securely downloaded to the first secure element from a trusted service manager (TSM); and the first secure element is programmed to download the payment application in response to determining that the payment application is signed by the TSM; a second secure element, physically separate from the first secure element, comprising a second computer-readable medium having a security key, a payment instrument, stored authentication data, and instructions for generating a secure payment information message responsive to the payment application, wherein; the security key is excluded from the first secure element; the payment instrument is excluded from the first secure element; the client device is registered with the TSM only through the second secure element, exclusive of the first secure element, so that registering the client device with the TSM for authentication includes registering and storing the stored authentication data, wherein the stored authentication data is excluded from the first secure element; the second computer-readable medium includes instructions for; comparing a user authentication input to the stored authentication data in response to signaling by the payment application and generating the secure payment information message in response to an authentication including a match of the user authentication input with the stored authentication data; and wherein the secure payment information message comprises the payment instrument and is encrypted in accordance with the security key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A trusted service manager (TSM) server comprising a computer-readable medium containing instructions to facilitate financial transactions via short message service (SMS) over a network by performing a method comprising:
-
generating a random key for a client device; encrypting the random key using a public certificate of the client device; sending the random key to the client device for storage in a crypto secure element, wherein; the client device is registered with the TSM only through the crypto secure element, exclusive of an app secure element that is physically separate from the crypto secure element, the security key and a payment instrument are excluded from the app secure element, so that registering the client device with the TSM for authentication includes registering and storing an authentication data, and the stored authentication data is excluded from the app secure element; securely uploading a payment application to the app secure element of the client device from the TSM server, wherein the app secure element is programmed to download the payment application in response to determining that the payment application is signed by the TSM; receiving an encrypted SMS message comprising a payment certificate and an address of a service provider (SP), wherein the SMS message from the client device is encrypted in accordance with the random key; decrypting the SMS message using the random key and determining the address of the SP; re-encrypting the SMS message using a second stored key corresponding to the SP; and forwarding the re-encrypted SMS message to the SP for completion of a financial transaction. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification