SYSTEMS AND METHOD FOR PROVIDING MULTIPLE VIRTUAL SECURE ELEMENTS IN A SINGLE PHYSICAL SECURE ELEMENT OF A MOBILE DEVICE

US 20130304651A1
Filed: 03/12/2013
Published: 11/14/2013
Est. Priority Date: 05/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method of providing a virtual secure element (virtual SE) to a mobile device having a secure element chip (SE), the method comprising:

generating, for the virtual SE, a key for a certificate authority security domain (CASD key) for an SE supplier;

forwarding the CASD key to the SE supplier for a previously-created certificate authority security domain (CASD) to cause a card serial number (CSN) and a card production life cycle (CPLC key) from the SE supplier to be provided to a maker of the mobile device;

receiving, from the maker of the mobile device, an updated CSN and CPLC data comprising the International Mobile Equipment Identity (IMEI) for the mobile device;

adding an issuer security domain key (ISD key) to the updated CSN and CPLC data to a master secure element issuer trusted service manager (master SEI TSM);

in response detecting a first use of the mobile device, provisioning a software application to the mobile device, wherein the software application is configured to;

retrieve the CSN, the CPLC data, and the IMEI; and

send the CSN, the CPLC data, and the IMEI to the master SEI TSM; and

based at least in part on the CSN, the CPLC data, and the IMEI, verifying and activating the SE.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for providing a plurality of virtual secure elements (virtual SEs) to mobile devices with secure elements (SEs). A method generates and forwards a certificate authority security domain (CASD) key for a plurality of virtual SEs to an SE supplier that created the CASD. The method receives a card serial number (CSN) and a card production life cycle (CPLC) key from the SE supplier and forwards these to a mobile device maker. An updated CSN and CPLC data is received from the device maker with an International Mobile Equipment Identity (IMEI) and an issuer security domain key (ISD key) is added to the CSN and CPLC data by a master secure element issuer trusted service manager (master SEI TSM). An application is provisioned to the device that retrieves the CSN, CPLC data, and the IMEI, which are used for to verify and activate the virtual SE.

309 Citations

20 Claims

1. A method of providing a virtual secure element (virtual SE) to a mobile device having a secure element chip (SE), the method comprising:
- generating, for the virtual SE, a key for a certificate authority security domain (CASD key) for an SE supplier;
  
  forwarding the CASD key to the SE supplier for a previously-created certificate authority security domain (CASD) to cause a card serial number (CSN) and a card production life cycle (CPLC key) from the SE supplier to be provided to a maker of the mobile device;
  
  receiving, from the maker of the mobile device, an updated CSN and CPLC data comprising the International Mobile Equipment Identity (IMEI) for the mobile device;
  
  adding an issuer security domain key (ISD key) to the updated CSN and CPLC data to a master secure element issuer trusted service manager (master SEI TSM);
  
  in response detecting a first use of the mobile device, provisioning a software application to the mobile device, wherein the software application is configured to;
  
  retrieve the CSN, the CPLC data, and the IMEI; and
  
  send the CSN, the CPLC data, and the IMEI to the master SEI TSM; and
  
  based at least in part on the CSN, the CPLC data, and the IMEI, verifying and activating the SE.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising providing a plurality of virtual secure elements (virtual SEs) by:
    - generating a CASD key, for each of the plurality of virtual SEs, for an SE supplier that previously created a corresponding certificate authority security domain (CASD); and
      
      forwarding a CASD key for each of the plurality of virtual SEs to the SE supplier that created the corresponding CASD.
  - 3. The method of claim 1, wherein the CASD key generation is performed by the master SEI TSM and the SE supplier is an SE chip manufacturer, SE chip supplier, or SE chip provider.
  - 4. The method of claim 1, wherein upon receiving the forwarded CASD key, the SE supplier injects the CASD key into the virtual SE.
  - 5. The method of claim 1, wherein the CPLC key is a 42 byte key provided by the SE supplier.
  - 6. The method of claim 1, wherein SE supplier is the same entity as the maker of the mobile device.
  - 7. The method of claim 1, wherein the verifying and activating of the SE is performed by the master SEI TSM.
  - 8. The method of claim 1, further comprising:
    - prompting, by the master SEI TSM, a user associated with the mobile device to download one or more products or service offerings comprising at least a mobile payment product (MPP); and
      
      in response to receiving a request from the mobile device to download at least one product or service offering, provisioning the MPP and software associated with the at least one product or service offering from the SET TSM to the mobile device.
  - 9. The method of claim 1, further comprising:
    - prompting, by a third party trusted service manager (TSM), a user associated with the mobile device to download one or more products or service offerings offered by the third party; and
      
      in response to receiving a request from the mobile device to download at least one third party product or service offering;
      
      provisioning software associated with the at least one third party product or service offering from the third party to the mobile device; and
      
      subscribing the user associated with the mobile device to the third party TSM.
  - 10. The method of claim 9, further comprising:
    - receiving, from the third party, a TSM request at the master SEI TSM for delegated management (DM).
  - 11. The method of claim 9, further comprising:
    - receiving, from the third party, a TSM request at the master SEI TSM for authorized management (AM).
  - 12. The method of claim 9, further comprising:
    - providing, by the master SEI TSM, appropriate keys to the third party TSM for provisioning a third party service into the SE; and
      
      provisioning the third party service into the SE.
  - 13. The method of claim 1, wherein the SE contains a cardlet in ROM.
  - 14. The method of claim 13, wherein the cardlet is a mobile PayPass®
    - cardlet.
  - 15. The method of claim 1, wherein the previously-created CASD was created in the SE.
  - 16. The method of claim 1 wherein the SE supplier injects the CASD key into the SE during manufacturing of the SE.

17. A non-transitory computer readable storage medium having program instructions stored thereon for providing a plurality of virtual secure elements (virtual SEs) to a mobile device having a secure element chip (SE), executable on a computing device, the instructions comprising:
- instructions for generating, for each of the plurality of virtual SEs, a certificate authority security domain (CASD key) for an SE supplier of the SE that previously created a corresponding certificate authority security domain (CASD);
  
  instructions for forwarding a CASD key for each of the plurality of virtual SEs to the SE supplier that created the corresponding CASD so that the card serial number (CSN) and a card production life cycle (CPLC key) from the SE supplier is forwarded to a maker of the mobile device;
  
  instructions for receiving, from the maker of the mobile device, an updated CSN and CPLC data comprising International Mobile Equipment Identity (IMEI) data;
  
  instructions for adding an issuer security domain key (ISD key) to the updated CSN and CPLC data to a master secure element issuer trusted service manager (master SEI TSM);
  
  in response detecting a first use of the mobile device instructions for provisioning a software application to the mobile device, wherein the software application is configured to;
  
  retrieve the CSN, the CPLC data, and the IMEI; and
  
  send the CSN, the CPLC data, and the IMEI to the master SEI TSM; and
  
  instructions for verifying and activating at least one of the plurality of virtual SEs based at least in part on the CSN, the CPLC data, and the IMEI and a CASD key for the at least one of the plurality of virtual SEs previously forwarded to the SE supplier.

18. A system for providing a plurality of virtual secure elements (virtual SEs) to a mobile device having a secure element chip (SE), the system comprising:
- means for generating, for each of the plurality of virtual SEs, a key for a certificate authority security domain (CASD key) for an SE supplier that previously created a corresponding certificate authority security domain (CASD);
  
  means for forwarding a CASD key for each of the plurality of virtual SEs to the SE supplier that created the CASD so that the card serial number (CSN) and a card production life cycle (CPLC key) from the SE supplier can be forwarded to a maker of the mobile device;
  
  means for receiving, from the maker of the mobile device, an updated CSN and CPLC data comprising International Mobile Equipment Identity (IMEI) data;
  
  means for adding an issuer security domain key (ISD key) to the updated CSN and CPLC data to a master secure element issuer trusted service manager (master SEI TSM);
  
  in response detecting a first use of the mobile device, means for provisioning a software application to the mobile device, wherein the software application is configured to;
  
  retrieve the CSN, the CPLC data, and the IMEI; and
  
  send the CSN, the CPLC data, and the IMEI to the master SEI TSM; and
  
  based at least in part on the CSN, the CPLC data, and the IMEI, means for verifying and activating at least one of the plurality of virtual SEs.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the means for provisioning software to the mobile device comprises:
    - means for causing a prompt to appear on a graphical user interface (GUI) of the mobile device prompting a user associated with the mobile device to download the software application; and
      
      means for accepting input via the GUI to download, install, verify and activate the software application; and
      
      wherein the software application is further configured to;
      
      send the CSN, the CPLC data, and the IMEI from the mobile device to the master SEI TSM.
  - 20. The system of claim 18, further comprising:
    - in response detecting a subsequent use of the mobile device, means for invoking a previously-provisioned software application on the mobile device, wherein the previously-provisioned software application is configured to;
      
      retrieve the CSN, the CPLC data, and the IMEI; and
      
      send the CSN, the CPLC data, and the IMEI from the mobile device to the master SEI TSM; and
      
      means for verifying and activating at least a second one of the plurality of virtual SEs based at least in part on the CSN, the CPLC data, and the IMEI and a CASD key for a second one of the plurality of virtual SEs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
SMITH, Theresa L.

Granted Patent

US 9,953,310 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/3227   using secure elements embed...

G06Q 20/3229   Use of the SIM of a M-devic...

G06Q 20/3821   Electronic credentials

H04L 63/0823   using certificates cryptogr...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

H04W 12/71   Hardware identity

H04W 4/50   Service provisioning or rec...

SYSTEMS AND METHOD FOR PROVIDING MULTIPLE VIRTUAL SECURE ELEMENTS IN A SINGLE PHYSICAL SECURE ELEMENT OF A MOBILE DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

309 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHOD FOR PROVIDING MULTIPLE VIRTUAL SECURE ELEMENTS IN A SINGLE PHYSICAL SECURE ELEMENT OF A MOBILE DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

309 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links