APPARATUS AND METHOD FOR MANAGING USE OF SECURE TOKENS

US 20150100788A1
Filed: 10/04/2013
Published: 04/09/2015
Est. Priority Date: 10/04/2013
Status: Active Grant

First Claim

Patent Images

1. A communication device comprising:

a secure element having a secure element memory with first executable instructions, wherein the secure element, responsive to executing the first executable instructions, performs first operations comprising;

receiving an encrypted secure token from a secure token application function that is remote from the communication device; and

storing the encrypted secure token in the secure element memory;

a secure device processor having a secure device processor memory with second executable instructions, wherein the secure device processor is separate from the secure element and in communication with the secure element, wherein the secure device processor, responsive to executing the second executable instructions, performs second operations comprising;

accessing user input requesting the encrypted secure token;

receiving a modified secure token from the secure element, wherein the modified secure token is generated by the secure element by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information; and

providing the modified secure token to a receiving device to enable the receiving device to provide the modified secure token to the secure token application function for decrypting the modified secure token to analyze the identification information and to obtain token information for use by the receiving device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that incorporates the subject disclosure may perform, for example, operations including receiving an encrypted secure token from a secure token application function that is remote from the communication device, storing the encrypted secure token in a secure element memory of the secure element, accessing user input requesting the encrypted secure token where the secure device processor is separate from the secure element and is in communication with the secure element, generating a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information, receiving the modified secure token from the secure element, and providing the modified secure token to a receiving device. Other embodiments are disclosed.

Citations

20 Claims

1. A communication device comprising:
- a secure element having a secure element memory with first executable instructions, wherein the secure element, responsive to executing the first executable instructions, performs first operations comprising;
  
  receiving an encrypted secure token from a secure token application function that is remote from the communication device; and
  
  storing the encrypted secure token in the secure element memory;
  
  a secure device processor having a secure device processor memory with second executable instructions, wherein the secure device processor is separate from the secure element and in communication with the secure element, wherein the secure device processor, responsive to executing the second executable instructions, performs second operations comprising;
  
  accessing user input requesting the encrypted secure token;
  
  receiving a modified secure token from the secure element, wherein the modified secure token is generated by the secure element by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information; and
  
  providing the modified secure token to a receiving device to enable the receiving device to provide the modified secure token to the secure token application function for decrypting the modified secure token to analyze the identification information and to obtain token information for use by the receiving device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The communication device of claim 1, wherein the secure element comprises a universal integrated circuit card, wherein the encrypted secure token comprises a two dimensional bar code, and wherein the receiving device comprises a two dimensional bar code reader.
  - 3. The communication device of claim 2, wherein the second operations further comprise:
    - receiving, by the secure device processor, a secure token descriptor associated with the encrypted secure token from the secure token application function; and
      
      storing the secure token descriptor in the secure device processor memory, wherein the user input is a selection based on the secure token descriptor.
  - 4. The communication device of claim 1, further comprising a device processor that is separate from the secure device processor and in communication with the secure device processor, wherein the device processor facilitates wireless communications between the communication device and the receiving device.
  - 5. The communication device of claim 1, wherein the identification information comprises a digital signature and a time stamp.
  - 6. The communication device of claim 1, wherein the adding of the identification information to the encrypted secure token is via a hash function.
  - 7. The communication device of claim 1, wherein the receiving of the encrypted secure token from the secure token application function by the secure element is via a remote management server, and wherein keysets are utilized for mutual authentication of the secure element and the secure device processor with the remote management server.
  - 8. The communication device of claim 1, wherein the first operations further comprise:
    - receiving, by the secure element, token adjustment instructions from the secure token application function, wherein the token adjustment instructions are received via a remote management server, and wherein keysets are utilized for mutual authentication of the secure element and the secure device processor with the remote management server.
  - 9. The communication device of claim 8, wherein the token adjustment instructions include a command to delete the encrypted secure token from the secure element memory.
  - 10. The communication device of claim 8, wherein the token adjustment instructions include a command to replace the encrypted secure token in the secure element memory with another encrypted secure token.
  - 11. The communication device of claim 8, wherein the token adjustment instructions include a command to change encryption keys associate with the encrypted secure token stored in the secure element memory.

12. A method comprising:
- receiving, by a secure element of a communication device, an encrypted secure token from a secure token application function that is remote from the communication device;
  
  storing the encrypted secure token in a secure element memory of the secure element;
  
  accessing, by a secure device processor of the communication device, a request for the encrypted secure token, wherein the secure device processor is separate from the secure element and is in communication with the secure element;
  
  generating, by the secure element, a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information;
  
  receiving, by the secure device processor, the modified secure token from the secure element; and
  
  providing, by the secure device processor, the modified secure token to a receiving device to enable the receiving device to provide the modified secure token to the secure token application function for decrypting the modified secure token to analyze the identification information and to obtain token information for use by the receiving device.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, comprising:
    - receiving, by the secure device processor, a secure token descriptor associated with the encrypted secure token from the secure token application function; and
      
      storing the secure token descriptor in a secure device processor memory, wherein the request for the encrypted secure token is according to a selection based on the secure token descriptor.
  - 14. The method of claim 13, wherein the request is generated by an application being executed on the communication device and further comprising providing wireless communications between the communication device and the receiving device utilizing a device processor of the communication device, wherein the device processor is separate from the secure device processor and in communication with the secure device processor.
  - 15. The method of claim 12, wherein the request is generated by a remote source, and wherein the identification information comprises a digital signature and a time stamp.
  - 16. The method of claim 12, wherein the receiving of the encrypted secure token from the secure token application function by the secure element is via a remote management server, and wherein keysets are utilized for mutual authentication of the secure element and the secure device processor with the remote management server, and wherein the identification information is added to the encrypted secure token using a hash function.
  - 17. The method of claim 12, comprising:
    - receiving, by the secure element, token adjustment instructions from the secure token application function, wherein the token adjustment instructions are received via a remote management server, wherein keysets are utilized for mutual authentication of the secure element and the secure device processor with the remote management server, and wherein the token adjustment instructions include one of a command to delete the encrypted secure token from the secure element memory, a command to replace the encrypted secure token in the secure element memory with another encrypted secure token, or a command to change encryption keys associate with the encrypted secure token stored in the secure element memory.

18. A method comprising:
- providing, by a secure token application function, a token descriptor to a secure device processor of a communication device for storage at the secure device processor;
  
  providing, by the secure token application function, an encrypted secure token to a secure element of the communication device for storage at the secure element;
  
  receiving, by the secure token application function, a modified secure token from a receiving device that obtained the modified secure token from the communication device according to user input associated with the token descriptor;
  
  decrypting, by the secure token application function, the modified secure token to obtain the encrypted secure token and to obtain identification information;
  
  verifying, by the secure token application function, the identification information;
  
  decrypting, by the secure token application function, the encrypted secure token to obtain a secure token;
  
  analyzing, by the secure token application function, the secure token to obtain token information; and
  
  providing, by the secure token application function, a notification to the receiving device indicating an acceptance or denial of the token information.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, comprising providing, by the secure token application function, token adjustment instructions to the secure element, wherein the token adjustment instructions are provided via a remote management server, wherein keysets are utilized for mutual authentication of the secure element and the secure device processor with the remote management server, and wherein the token adjustment instructions include one of a command to delete the encrypted secure token from the secure element, a command to replace the encrypted secure token in the secure element with another encrypted secure token, or a command to change encryption keys associate with the encrypted secure token stored in the secure element, wherein the identification information includes a digital signature.
  - 20. The method of claim 18, comprising comparing the secure token obtained from the decrypting to another secure token that was generated and stored by the secure token application function, wherein the decrypting of the encrypted secure token to obtain the secure token utilizes a transport key, wherein the providing of the encrypted secure token to the secure element is via a remote management server, and wherein keysets are utilized for mutual authentication of the secure element and the secure device processor with the remote management server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.), AT&T Mobility II LLC (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.), AT&T Mobility II LLC (AT&T, Inc.)
Inventors
Chastain, Walter Cooper, Chin, Stephen Emille, Wane, Ismaila, King, Samuel, Suozzo, Michael, Vondrak, Nicholas

Granted Patent

US 9,124,573 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 2463/121   Timestamp

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04W 12/069   using certificates or pre-s...

APPARATUS AND METHOD FOR MANAGING USE OF SECURE TOKENS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR MANAGING USE OF SECURE TOKENS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links