Systems, methods, and computer program products for supporting multiple contactless applications using different security keys

US 7,967,215 B2
Filed: 04/18/2008
Issued: 06/28/2011
Est. Priority Date: 04/18/2008
Status: Active Grant

First Claim

Patent Images

1. A method for supporting multiple contactless applications using different security keys on a wireless smart device, the method comprising:

at a wireless smart device configured to communicate with a wireless smart device reader, the wireless device including a plurality of contactless applications and a contactless application memory for use by the plurality of contactless applications;

initializing a portion of the memory such that access to the portion of memory requires the use of a shared secret key known to the plurality of contactless applications;

reserving the portion of memory for use by one of the plurality of contactless applications by using the shared secret key to set access privileges for the portion of memory such that access to the portion of memory requires the use of a application-specific secret key associated with the one application and not known to the other applications;

accessing the reserved portion of memory using the application-specific secret key; and

releasing the reserved portion of memory by using the application-specific secret key to set access privileges for the portion of memory such that access to the portion of memory requires the use of the shared secret key.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer program products for supporting multiple contactless applications using different security keys on a wireless smart device are disclosed. According to one aspect, the subject matter described herein includes a method for supporting multiple contactless applications using different security keys on a wireless smart device. The method includes, at a wireless smart device configured to communicate with a wireless smart device reader, the wireless device including a plurality of contactless applications and a contactless application memory for use by the plurality of contactless applications, initializing a portion of the memory such that access to the portion of memory requires the use of a shared secret key known to the plurality of contactless applications. The method includes reserving the portion of memory for use by one of the plurality of contactless applications by using the shared secret key to set access privileges for the portion of memory such that access to the portion of memory requires the use of a application-specific secret key associated with the one application and not known to the other applications.

Citations

18 Claims

1. A method for supporting multiple contactless applications using different security keys on a wireless smart device, the method comprising:
- at a wireless smart device configured to communicate with a wireless smart device reader, the wireless device including a plurality of contactless applications and a contactless application memory for use by the plurality of contactless applications;
  
  initializing a portion of the memory such that access to the portion of memory requires the use of a shared secret key known to the plurality of contactless applications;
  
  reserving the portion of memory for use by one of the plurality of contactless applications by using the shared secret key to set access privileges for the portion of memory such that access to the portion of memory requires the use of a application-specific secret key associated with the one application and not known to the other applications;
  
  accessing the reserved portion of memory using the application-specific secret key; and
  
  releasing the reserved portion of memory by using the application-specific secret key to set access privileges for the portion of memory such that access to the portion of memory requires the use of the shared secret key.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein initializing the portion of memory includes initializing the portion of memory during at least one of a power on reset, a power on sequence, a system reset, and a memory initialization procedure.
  - 3. The method of claim 1 wherein accessing the reserved portion of memory using the application-specific secret key includes at least one of reading from the portion and writing to the portion by at least one of the one application and the smart device reader.
  - 4. The method of claim 1 wherein the application memory comprises a MIFARE memory, the memory including at least one sector, each sector including a sector trailer including a key field for holding an access key for the respective sector.
  - 5. The method of claim 4 wherein the portion of memory comprises a sector of the MIFARE memory and wherein setting access privileges for the portion of memory such that access to the portion of memory requires a secret key includes writing the secret key into the key field of the sector trailer.

6. A method for supporting multiple contactless applications based on MIFARE specifications using different security keys on a wireless smart device, the method comprising:
- at a wireless smart device configured to communicate with a wireless smart device reader, the device including a secure element for hosting a plurality of contactless applications based on MIFARE specifications and a MIFARE memory for use by the plurality of contactless applications based on MIFARE specifications;
  
  initializing a sector of the MIFARE memory such that a sector trailer of the sector contains a shared secret key known to the plurality of contactless applications based on MIFARE specifications hosted by the secure element;
  
  reserving the sector of MIFARE memory for use by one of the plurality of contactless applications based on MIFARE specifications by using the shared secret key to write information associated with the one application into the MIFARE memory, including writing a application-specific secret key associated with the one application into a key field of the sector trailer;
  
  performing a MIFARE transaction with the wireless smart device reader, the MIFARE transaction including accessing, by the wireless smart device reader, the reserved sector of MIFARE memory using the application-specific secret key contained in the key field of the sector trailer; and
  
  releasing the sector of MIFARE memory for use by another of the plurality of contactless applications based on MIFARE specifications by using the application-specific secret key associated with the one application to write the shared secret key into a key field of the sector trailer.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6 wherein reserving the sector of MIFARE memory for use by the one application includes using at least one of the shared secret key and the application-specific secret key to copy the information associated with the one application from a secure data storage area associated with the one application into the sector of MIFARE memory.
  - 8. The method of claim 6 wherein releasing the MIFARE memory includes using at least one of the shared secret key and the application-specific secret key to copy information associated with the one application from the MIFARE memory into the secure data storage area associated with the one application.
  - 9. The method of claim 6 wherein releasing the MIFARE memory includes using at least one of the shared secret key and the application-specific secret key to write null data into a sector data block of the sector of MIFARE memory.

10. A wireless smart device for supporting multiple applications using different security keys, the wireless smart device comprising:
- a communications module for wirelessly communicating with a wireless smart device reader;
  
  a plurality of applications for communicating with the wireless smart device reader via the communications module, each application having associated with it an application key not known to the other applications; and
  
  an application memory for use by the plurality of applications and accessible by the wireless smart device reader via the communications module, wherein access to at least a portion of the memory requires the use of an access key, the application memory being configured such that, upon initialization, a shared secret key, known to the plurality of applications, is the access key for the portion of memory,wherein each one application is configured to reserve the portion of memory by using the shared secret key to change the access key for the portion to the application key associated with the one application, and wherein each one application is configured to release the reserved portion of memory by using the application key associated with the one application to change the access key for the portion to shared secret key.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10 wherein each one application has a secure memory area, separate from the application memory, for storing data associated with that one application.
  - 12. The system of claim 10 comprising a secure element for hosting applications, wherein the plurality of applications are hosted by the secure element.
  - 13. The system of claim 12 wherein the secure element is configured to reserve the portion of memory by using the shared secret key to change the access key for the portion to the application key associated with the one application, and wherein the secure element is configured to release the reserved portion of memory by using the application key associated with the one application to change the access key for the portion to shared secret key.
  - 14. The system of claim 10 wherein the application memory comprises a MIFARE memory, the memory comprising at least one MIFARE sector, each MIFARE sector including a sector trailer, and each sector trailer including a key field for containing the access key, and wherein the communications module is configured to communicate with the wireless smart device reader to perform a MIFARE transaction.
  - 15. The system of claim 14 wherein the MIFARE memory is configured such that upon initialization, the key field of at least one sector trailer contains the shared secret key.
  - 16. The system of claim 15 wherein initialization includes at least one of a power on reset, a power on sequence, a system reset, and a memory initialization procedure.

17. A computer readable medium encoded with computer executable instructions for performing steps comprising:
- at a wireless smart device configured to communicate with a wireless smart device reader, the device including a secure element for hosting a plurality of applications and an application memory for use by the plurality of applications;
  
  initialize at least a portion of the memory such that access to the portion of memory requires the use of a shared secret key known to the plurality of hosted applications;
  
  using the shared secret key, set access privileges for the portion of memory such that access to the portion of memory requires the use of a application-specific secret key known to one of the plurality of hosted applications;
  
  using the application-specific secret key, access the portion of memory; and
  
  releasing the reserved portion of memory by using the application-specific secret key to set access privileges for the portion of memory such that access to the portion of memory requires the use of the shared secret key.

18. A computer readable medium encoded with computer executable instructions for performing steps comprising:
- at a wireless smart device configured to communicate with a wireless smart device reader, the device including a secure element for hosting a plurality of contactless applications based on MIFARE specifications and a MIFARE memory for use by the plurality of contactless applications based on MIFARE specifications;
  
  initializing a sector of the MIFARE memory such that a sector trailer of the sector contains a shared secret key known to the plurality of contactless applications based on MIFARE specifications hosted by the secure element;
  
  reserving the sector of MIFARE memory for use by one of the plurality of contactless applications based on MIFARE specifications by using the shared secret key to write information associated with the one application into the MIFARE memory, including writing a application-specific secret key associated with the one application into a key field of the sector trailer;
  
  performing a MIFARE transaction with the wireless smart device reader, the MIFARE transaction including, by the wireless smart device reader, accessing the reserved sector of MIFARE memory using the application-specific secret key contained in the key field of the sector trailer; and
  
  releasing the sector of MIFARE memory for use by another of the plurality of contactless applications based on MIFARE specifications by using the application-specific secret key associated with the one application to write the shared secret key into a key field of the sector trailer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
ViVOtech Incorporated
Inventors
Martin, Philippe, Kumar, Pradeep, Liu, Ming-Li, Vijayshankar, Roshan
Primary Examiner(s)
Labaze; Edwyn

Application Number

US12/105,778
Publication Number

US 20090261172A1
Time in Patent Office

1,166 Days
Field of Search

235/492, 235/380, 235/487, 235/451
US Class Current

235/492
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0853   using an additional device,...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/088   Usage controlling of secret...

H04W 12/033   of the user plane, e.g. use...

H04W 12/086   using security domains

H04W 12/47   using near field communicat...

H04W 4/80   Services using short range ...

Systems, methods, and computer program products for supporting multiple contactless applications using different security keys

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and computer program products for supporting multiple contactless applications using different security keys

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links