Partially delegated over-the-air provisioning of a secure element

US 8,060,449 B1
Filed: 01/05/2009
Issued: 11/15/2011
Est. Priority Date: 01/05/2009
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning a secure element on a mobile device, comprising:

receiving a provisioning service request associated with a credit card from a first trusted service manager associated with the credit card;

establishing a secure connection with the secure element of the mobile device, wherein at least a portion of the secure connection is provided by a wireless link;

receiving a request over the secure connection from an over-the-air client of the mobile device;

in response to the request, transmitting a command over the secure connection to the over-the-air client, the command relating to at least a portion of the services identified in the provisioning service request;

receiving a command result over the secure connection from the over-the-air client;

closing the secure connection with the secure element of the mobile device;

transmitting a status of the provisioning service request, wherein the receiving the request, the transmitting the command, the receiving the command result, and the transmitting the status are performed by a second trusted service manager associated with a wireless service provider, and wherein the secure connection is between the secure element of the mobile device and the second trusted service manager;

receiving, by the second trusted service manager, a new provisioning service request from the first trusted service manager, wherein the new provisioning service request is a request to provision personalization information of the credit card to the secure element;

transmitting, by the second trusted service manager, a message to the over-the-air client on the mobile device;

based on the message, establishing a new secure connection between the secure element on the mobile device and the first trusted service manager, wherein at least a portion of the new secure connection is provided by another wireless link;

requesting, by the over-the-air client, a new command from the first trusted service manager, the new command relating to at least a portion of the services identified in the new provisioning service request;

receiving, by the over-the-air client, the new command from the first trusted service manager;

providing, by the over-the-air client, the new command to the secure element for processing; and

transmitting, by the over-the-air client, the result of the secure element processing the new command to the first trusted service manager.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for provisioning a secure element on a mobile device is provided. The system comprises a first trusted service manager associated with a credit card, a second trusted service manager associated with a wireless service provider, and a mobile device. The mobile device has a secure element to hold the credit card and an over-the-air client to communicate wirelessly with the first trusted service manager and the second trusted service manager. When the second trusted service manager receives a message from the first trusted service manager to provision a personalization information for the credit card to the mobile device, the second trusted service manager transmits to the over-the-air client a message to initiate transfer of the personalization information for the credit card.

Citations

17 Claims

1. A method of provisioning a secure element on a mobile device, comprising:
- receiving a provisioning service request associated with a credit card from a first trusted service manager associated with the credit card;
  
  establishing a secure connection with the secure element of the mobile device, wherein at least a portion of the secure connection is provided by a wireless link;
  
  receiving a request over the secure connection from an over-the-air client of the mobile device;
  
  in response to the request, transmitting a command over the secure connection to the over-the-air client, the command relating to at least a portion of the services identified in the provisioning service request;
  
  receiving a command result over the secure connection from the over-the-air client;
  
  closing the secure connection with the secure element of the mobile device;
  
  transmitting a status of the provisioning service request, wherein the receiving the request, the transmitting the command, the receiving the command result, and the transmitting the status are performed by a second trusted service manager associated with a wireless service provider, and wherein the secure connection is between the secure element of the mobile device and the second trusted service manager;
  
  receiving, by the second trusted service manager, a new provisioning service request from the first trusted service manager, wherein the new provisioning service request is a request to provision personalization information of the credit card to the secure element;
  
  transmitting, by the second trusted service manager, a message to the over-the-air client on the mobile device;
  
  based on the message, establishing a new secure connection between the secure element on the mobile device and the first trusted service manager, wherein at least a portion of the new secure connection is provided by another wireless link;
  
  requesting, by the over-the-air client, a new command from the first trusted service manager, the new command relating to at least a portion of the services identified in the new provisioning service request;
  
  receiving, by the over-the-air client, the new command from the first trusted service manager;
  
  providing, by the over-the-air client, the new command to the secure element for processing; and
  
  transmitting, by the over-the-air client, the result of the secure element processing the new command to the first trusted service manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the mobile device is one of a mobile phone, a personal digital assistant, and a media player.
  - 3. The method of claim 1, further including validating, by the second trusted service manager, the provisioning service request.
  - 4. The method of claim 3 further including:
    - logging, by the second trusted service manager, the provisioning service request; and
      
      transmitting, by the second trusted service manager, an acknowledgment of the provisioning service request to the first trusted service manager.
  - 5. The method of claim 4 further comprising transmitting, by the second trusted service manager, a wake up message to the over-the-air client of the mobile device.
  - 6. The method of claim 5, wherein the validating the provisioning request, the logging the provisioning request, and the transmitting the acknowledgment occur before the transmitting the wake up message.
  - 7. The method of claim 1, wherein the provisioning service request comprises one of downloading the credit card, personalizing the credit card, locking the credit card, suspending the credit card, modifying the credit card, and deleting the credit card.
  - 8. The method of claim 1, wherein the communication with the first trusted service manager associated with the credit card is a wireless communication session.
  - 9. The method of claim 1, wherein the wireless link is one of a code division multiple access (CDMA), global system for mobile communication (GSM), and a worldwide interoperability for microwave access (WiMAX) wireless link.
  - 10. The method of claim 1, wherein the first trusted service manager is operated by a third party.
  - 11. The method of claim 1, wherein the receiving the provisioning service request is performed by the second trusted service manager.
  - 12. The method of claim 1, further comprising receiving, by the second trusted service manager, an acknowledgment of the status of the provisioning service requested from the first trusted service manager.
  - 13. The method of claim 1, further comprising:
    - receiving, by the second trusted service manager, another new provisioning service request from the first trusted service manager,transmitting, by the second trusted service manager, a new message to the over-the-air client on the mobile device; and
      
      based on the new message, establishing another new secure connection between the secure element on the mobile device and the first trusted service manager to enable the over-the-air client to request another new command from the first trusted service manager, receive the other new command from the first trusted service manager, provide the other new command to the secure element for processing, and transmit the result of the secure element processing the other new command to the first trusted service manager, wherein at least a portion of the other new secure connection is provided by a wireless link.
  - 14. The method of claim 13, wherein the other new provisioning service request is a request to provision personalization information of the credit card to the secure element.

15. A method of, provisioning a secure element on a mobile device, comprising:
- receiving a provisioning service request associated with a credit card from a first trusted service manager associated with the credit card;
  
  establishing a secure connection with the secure element of the mobile device, wherein at least a portion of the secure connection is provided by a wireless link;
  
  receiving a request over the secure connection from an over-the-air client of the mobile device;
  
  in response to the request, transmitting a command over the secure connection to the over-the-air client, the command relating to at least a portion of the services identified in the provisioning service request;
  
  receiving a command result over the secure connection from the over-the-air client;
  
  closing the secure connection with the secure element of the mobile device;
  
  transmitting a status of the provisioning service request, wherein the receiving the request, the transmitting the command, the receiving the command result, and the transmitting the status are performed by a second trusted service manager associated with a wireless service provider, and wherein the secure connection is between the secure element of the mobile device and the second trusted service manager;
  
  receiving, by the second trusted service manager, a new provisioning service request from the first trusted service manager, wherein the new provisioning service request is a request to provision personalization information of the credit card to the secure element;
  
  transmitting, by the second trusted service manager, a message to the over-the-air client on the mobile device;
  
  based on the message, establishing a new secure connection between the secure element on the mobile device and the first trusted service manager, wherein at least a portion of the new secure connection is provided by another wireless link;
  
  requesting, by the over-the-air client, a new command from the first trusted service manager, the new command relating to at least a portion of the services identified in the new provisioning service request;
  
  receiving, by the over-the-air client, the new command from the first trusted service manager;
  
  providing, by the over-the-air client, the new command to the secure element for processing; and
  
  transmitting, by the over-the-air client, the result of the secure element processing the new command to the first trusted service manager, wherein the personalization information comprises personal credit card information.

16. A method of provisioning a secure element on a mobile device, comprising:
- receiving a provisioning service request associated with a credit card from a first trusted service manager associated with the credit card;
  
  establishing a secure connection with the secure element of the mobile device, wherein at least a portion of the secure connection is provided by a wireless link;
  
  receiving a request over the secure connection from an over-the-air client of the mobile device;
  
  in response to the request, transmitting a command over the secure connection to the over-the-air client, the command relating to at least a portion of the services identified in the provisioning service request;
  
  receiving a command result over the secure connection from the over-the-air client;
  
  closing the secure connection with the secure element of the mobile device;
  
  transmitting a status of the provisioning service request, wherein the receiving the provisioning service request is performed by a second trusted service manager associated with a wireless service provider, wherein the receiving the request, the transmitting the command, the receiving the command result, and the transmitting the status are performed by the first trusted service manager, wherein the secure connection is between the secure element of the mobile device and the first trusted service manager, and wherein the provisioning service request is a request to provision personalization information of the credit card to the secure element;
  
  receiving, by the second trusted service manager, a new provisioning service request from the first trusted service manager, wherein the new provisioning service request comprises one of downloading the credit card, locking the credit card, suspending the credit card, modifying the credit card, and deleting the credit card;
  
  establishing a new secure connection between the secure element of the mobile device and the second trusted service manager, wherein at least a portion of the new secure connection is provided by a wireless link;
  
  receiving, by the second trusted service manager, a new request over the secure connection from an over-the-air client of the mobile device;
  
  in response to the new request, transmitting, by the second trusted service manager, a new command over the new secure connection to the over-the-air client, the new command relating to at least a portion of the services identified in the new provisioning service request;
  
  receiving, by the second trusted service manager, a new command result over the new secure connection from the over-the-air client;
  
  closing the new secure connection with the secure element of the mobile device; and
  
  transmitting, by the second trusted service manager, a status of the new provisioning service request to the first trusted service manager.
- View Dependent Claims (17)
- - 17. The method of claim 16, further comprising transmitting, by the second trusted service manager, an acknowledgment of the status of the provisioning service request to the first trusted service manager.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Zhu, Kevin
Primary Examiner(s)
Fischer; Andrew J.
Assistant Examiner(s)
CHEUNG, CALVIN K

Application Number

US12/348,371
Time in Patent Office

1,044 Days
Field of Search

726/26, 705/14.51, 705/14.64, 705/75
US Class Current

705/75
CPC Class Codes

G06Q 20/401   Transaction verification

G06Q 30/0253   During e-commerce, i.e. onl...

G06Q 30/0267   Wireless devices

H04W 12/009   specially adapted for netwo...

H04W 12/02   Protecting privacy or anony...

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

Partially delegated over-the-air provisioning of a secure element

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Partially delegated over-the-air provisioning of a secure element

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links