EMBEDDING CLOUD-BASED FUNCTIONALITIES IN A COMMUNICATION DEVICE
First Claim
1. A portable communication device comprising:
- a processor;
a contactless transceiver coupled to the processor;
a first memory region storing an application executing in a normal execution environment; and
a second memory region storing an application agent executing in a trusted execution environment,wherein the application agent receives, from the application executing in the normal execution environment, a limited-use key (LUK) generated by a remote computer and associated with a set of one or more limited-use thresholds that limits usage of the LUK, stores the LUK in a secure storage of the trusted execution environment, receives a request to conduct a transaction from the application executing in the normal execution environment, generates a transaction cryptogram using the LUK, accesses the contactless transceiver, and transmits the transaction cryptogram to an access device via the contactless transceiver.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for enhancing the security of a communication device may include providing an application agent that executes in a trusted execution environment of the communication device, and a transaction application that executes in a normal application execution environment of the communication device. The application agent may receive, from the application, a limited-use key (LUK) generated by a remote computer, and store the LUK in a secure storage of the trusted execution environment. When the application agent receives a request to conduct a transaction from the application executing in the normal execution environment, the application agent may generate a transaction cryptogram using the LUK, and provides the transaction cryptogram to an access device.
246 Citations
20 Claims
-
1. A portable communication device comprising:
-
a processor; a contactless transceiver coupled to the processor; a first memory region storing an application executing in a normal execution environment; and a second memory region storing an application agent executing in a trusted execution environment, wherein the application agent receives, from the application executing in the normal execution environment, a limited-use key (LUK) generated by a remote computer and associated with a set of one or more limited-use thresholds that limits usage of the LUK, stores the LUK in a secure storage of the trusted execution environment, receives a request to conduct a transaction from the application executing in the normal execution environment, generates a transaction cryptogram using the LUK, accesses the contactless transceiver, and transmits the transaction cryptogram to an access device via the contactless transceiver. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for enhancing security of a portable communication device, the method comprising:
-
receiving, from a remote computer by an application executing in a normal execution environment of the portable communication device, a limited-use key (LUK) that is associated with a set of one or more limited-use thresholds that limits usage of the LUK; sending, by the application executing in the normal execution environment, the LUK to an application agent executing in a trusted execution environment of the portable communication device; receiving, by the application executing in the normal execution environment, a request to conduct a transaction; sending, by the application executing in the normal execution environment, the request to conduct the transaction to the application agent executing in the trusted execution environment, wherein the application agent generates a transaction cryptogram using the LUK, and accesses a contactless interface of the portable communication device to transmit the transaction cryptogram to an access device to conduct the transaction. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method for enhancing security of a portable communication device, the method comprising:
-
receiving, by an application agent executing in a trusted execution environment of the portable communication device, a limited-use key (LUK) from an application executing in a normal execution environment of the portable communication device, the LUK associated with a set of one or more limited-use thresholds that limits usage of the LUK, and provided to the application executing in the normal execution environment from a remote computer; storing, by the application agent executing in the trusted execution environment, the LUK in a secure storage of the trusted execution environment; receiving, by the application agent executing in the trusted execution environment, a request to conduct a transaction from the application executing in the normal execution environment; generating, by the application agent executing in the trusted execution environment, a transaction cryptogram using the LUK; and accessing a contactless interface of the portable communication device to transmit the transaction cryptogram to an access device to conduct the transaction. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification