DATA PROTECTION IN NEAR FIELD COMMUNICATIONS (NFC) TRANSACTIONS

US 20140244513A1
Filed: 02/22/2013
Published: 08/28/2014
Est. Priority Date: 02/22/2013
Status: Abandoned Application

First Claim

Patent Images

1. A system on chip (SOC) comprising:

a central processing unit (CPU) configured to detect and process a secure transaction, wherein the secure transaction includes sensitive data;

a system controller unit (SCU) coupled with the CPU, wherein the SCU is configured to control encryption of the sensitive data when the sensitive data is received by the CPU and to control decryption of encrypted sensitive data; and

a security engine coupled to the SCU, wherein the security engine is configured to implement encryption or decryption of the sensitive data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are architectures, platforms and methods for protecting sensitive data that are utilized during near field communications (NFC) communications or transactions and more particularly, a system on chip (SOC) microcontroller that is configured to control processing of the sensitive data during the NFC transactions is described. The sensitive data may include, but not limited to, personal information, financial information, or business identification numbers.

Citations

23 Claims

1. A system on chip (SOC) comprising:
- a central processing unit (CPU) configured to detect and process a secure transaction, wherein the secure transaction includes sensitive data;
  
  a system controller unit (SCU) coupled with the CPU, wherein the SCU is configured to control encryption of the sensitive data when the sensitive data is received by the CPU and to control decryption of encrypted sensitive data; and
  
  a security engine coupled to the SCU, wherein the security engine is configured to implement encryption or decryption of the sensitive data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The SOC as recited in claim 1, wherein the CPU is configured to process encrypted sensitive data.
  - 3. The SOC as recited in claim 1, wherein the SCU is configured to receive encrypted sensitive data previously encrypted by the security engine from the CPU, wherein the SCU sends the encrypted sensitive data to the security engine for decryption and sends decrypted sensitive data to an external secure element for processing.
  - 4. The SOC as recited in claim 1, wherein the SCU is configured to receive the sensitive data from a target device, and in response to receiving the sensitive data, the SCU is configured to send the received sensitive data to a secure element for processing or sends the sensitive data for encryption to the security engine if the sensitive data is to be sent to the CPU for use by software applications hosted on the CPU.
  - 5. The SOC as recited in claim 1, wherein the sensitive data includes personal information, financial identification, and/or business identification numbers.
  - 6. The SOC as recited in claim 1, wherein the secure transaction includes an Europay MasterCard and Visa (EMV) transaction.
  - 7. The SOC as recited in claim 1 further comprising a controller configured as an interface to receive and send sensitive data from the SOC.
  - 8. The SOC as recited in claim 7, wherein the controller is one of an inter-integrated circuit (I2C) controller or serial peripheral bus (SPI) controller.

9. A device comprising:
- a secure element configured to process sensitive data;
  
  a near field communications (NFC) controller coupled to the secure element; and
  
  a system on chip (SOC) coupled to the secure element by the NFC controller, the SOC comprising;
  
  a central processing unit (CPU);
  
  a data interface;
  
  a system controller unit (SCU) that couples the CPU to the data interface, wherein the SCU is configured as a proxy controller to the CPU;
  
  and a security engine coupled to the SCU configured to encrypt the sensitive data processed by the CPU, and decrypt previously encrypted sensitive data that the CPU sends to the secure element for further secure processing.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 21)
- - 10. The device as recited in claim 9, wherein the CPU receives and processes the encrypted sensitive data from the SCU.
  - 11. The device as recited in claim 9, wherein the data interface includes one of an inter-integrated circuit (I2C) controller, serial peripheral bus (SPI) controller, or other peripheral interface.
  - 12. The device as recited in claim 9, wherein the SCU is configured to receive the sensitive data through the data interface and in response to receiving the sensitive data, the SCU is configured to send the received sensitive data to the secure element for processing or to the security engine for encryption, wherein decrypted sensitive data is sent to the CPU for processing.
  - 13. The device as recited in claim 9, wherein the SCU is configured to filter the sensitive data in a secure transaction from other transactions that do not require further processing by the secure element.
  - 14. The device as recited in claim 9, wherein the sensitive data includes personal information, financial identification, and/or business identification numbers.
  - 15. The device as recited in claim 9, wherein the sensitive data is utilized during NFC transactions, the NFC transactions include Europay MasterCard and Visa (EMV) transactions.
  - 16. The device as recited in claim 9 further comprising a security engine in the SOC, the security engine is controlled by the SCU to encrypt or decrypt sensitive data.
  - 21. The method as recited in claim 16, wherein the sensitive data includes personal information, financial identification, and/or business identification numbers that are utilized during the NFC transaction, the NFC transaction includes Europay MasterCard and Visa (EMV) transactions.

17. A method of protecting sensitive data during a near field communications (NFC) transaction, the method comprising:
- initiating a secure transaction application that receives the sensitive data;
  
  determining if a system controller unit (SCU) sends the sensitive data to a host central processing unit (CPU) or to a secure element;
  
  encrypting the sensitive data by a security engine, if the SCU sends the sensitive data to the host CPU;
  
  sending unencrypted sensitive data, if the SCU sends the sensitive data to the secure element; and
  
  processing the unencrypted sensitive data by the secure element.
- View Dependent Claims (18, 19, 20)
- - 18. The method as recited in claim 17, wherein the initiating secure transaction application includes receiving of the sensitive data by the SCU through an inter-integrated circuit (I2C) controller or similar peripheral controller.
  - 19. The method as recited in claim 17, wherein the sending an unencrypted sensitive data to the secure element includes decrypting an encrypted sensitive data that was previously encrypted by the security engine, wherein decrypted sensitive data is sent by the host CPU to the secure element via the SCU for further secure processing.
  - 20. The method as recited by claim 17, wherein the sending of the sensitive data by the SCU to the secure element includes routing of the received sensitive data directly to the secure element rather than sending the received sensitive data to the CPU for processing.

22. Machine readable storage medium including program code, when executed, cause a computing device to perform the method of:
- initiating a secure transaction application that receives sensitive data from a target device;
  
  determining if the sensitive data is to be encrypted or sent to a secure element as unencrypted data;
  
  encrypting the sensitive data if the sensitive data is to used by a host central processing unit (CPU); and
  
  sending unencrypted sensitive data for secure processing.
- View Dependent Claims (23)
- - 23. The machine readable storage medium of claim 22 further comprising decrypting previously encrypted sensitive data from the host CPU prior to sending the unencrypted sensitive data for secure processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Ballesteros, Miguel

Application Number

US13/774,031
Publication Number

US 20140244513A1
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

G06F 21/74   operating in dual or compar...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/382   insuring higher security of...

DATA PROTECTION IN NEAR FIELD COMMUNICATIONS (NFC) TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

DATA PROTECTION IN NEAR FIELD COMMUNICATIONS (NFC) TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links