Partially delegated over-the-air provisioning of a secure element

US 8,250,662 B1
Filed: 10/10/2011
Issued: 08/21/2012
Est. Priority Date: 01/05/2009
Status: Active Grant

First Claim

Patent Images

1. A system for provisioning a secure element on a mobile device, comprising:

a first trusted service manager associated with a credit card;

a second trusted service manager associated with a wireless service provider; and

a mobile device having a secure element to hold the credit card and an over-the-air client to communicate wirelessly with the first trusted service manager and the second trusted service manager,wherein the second trusted service manager receives a provisioning service request from the first trusted service manager, validates that the provisioning service request originates from the first trusted service manager and that the first trusted service manager is authorized to conduct provisioning on the mobile device based on an exchange of shared secrets or security tokens, receives a request from the over-the-air client over a secure connection established between the secure element and the second trusted service manager, transmits a command over the secure connection to the over-the-air client in response to the request, the command relating to at least a portion of the service identified in the provisioning request, receives a command result over the secure connection from the over-the-air client, and closes the secure connection.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for provisioning a secure element on a mobile device is provided. The system comprises a first trusted service manager associated with a credit card, a second trusted service manager associated with a wireless service provider, and a mobile device. The mobile device has a secure element to hold the credit card and an over-the-air client to communicate wirelessly with the first trusted service manager and the second trusted service manager. When the second trusted service manager receives a message from the first trusted service manager to provision a personalization information for the credit card to the mobile device, the second trusted service manager transmits to the over-the-air client a message to initiate transfer of the personalization information for the credit card.

Citations

18 Claims

1. A system for provisioning a secure element on a mobile device, comprising:
- a first trusted service manager associated with a credit card;
  
  a second trusted service manager associated with a wireless service provider; and
  
  a mobile device having a secure element to hold the credit card and an over-the-air client to communicate wirelessly with the first trusted service manager and the second trusted service manager,wherein the second trusted service manager receives a provisioning service request from the first trusted service manager, validates that the provisioning service request originates from the first trusted service manager and that the first trusted service manager is authorized to conduct provisioning on the mobile device based on an exchange of shared secrets or security tokens, receives a request from the over-the-air client over a secure connection established between the secure element and the second trusted service manager, transmits a command over the secure connection to the over-the-air client in response to the request, the command relating to at least a portion of the service identified in the provisioning request, receives a command result over the secure connection from the over-the-air client, and closes the secure connection.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the mobile device is one of a mobile phone, a personal digital assistant, a media player, a wristwatch, a laptop computer, and a tablet computer.
  - 3. The system of claim 1, wherein the provisioning service request comprises one of downloading the credit card, personalizing the credit card, locking the credit card, suspending the credit card, modifying the credit card, and deleting the credit card.
  - 4. The system of claim 1, wherein the mobile device further comprises a near-field-communication transceiver.
  - 5. The system of claim 4, wherein the near-field-communication transceiver and the secure element are provided by separate chip sets in the mobile device.
  - 6. The system of claim 1, wherein the first trusted service manager is operated by a third party.

7. A method of provisioning a secure element on a mobile device, comprising:
- receiving, by a second trusted service manager associated with a wireless service provider, a provisioning service request from a first trusted service manager associated with a credit card;
  
  validating, by the second trusted service manager, that the provisioning service request originates from the first trusted service manager and that the first trusted service manager is authorized to conduct provisioning on the mobile device based on an exchange of shared secrets or security tokens;
  
  establishing a secure connection between the second trusted service manager and the secure element of the mobile device, wherein at least a portion of the secure connection is provided by a wireless link;
  
  receiving, by the second trusted service manager, a request over the secure connection from an over-the-air client of the mobile device;
  
  in response to the request, transmitting, by the second trusted service manager, a command over the secure connection to the over-the-air client, the command relating to at least a portion of the services identified in the provisioning service request;
  
  receiving, by the second trusted service manager, a command result over the secure connection from the over-the-air client; and
  
  closing the secure connection with the secure element of the mobile device.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The method of claim 7, wherein the mobile device is one of a mobile phone, a personal digital assistant, and a media player.
  - 9. The method of claim 7, further including:
    - logging, by the second trusted service manager, the provisioning service request;
      
      transmitting, by the second trusted service manager, an acknowledgement of the provisioning service request to the first trusted service manager; and
      
      logging, by the second trusted service manager, the command result.
  - 10. The method of claim 9, further including transmitting, by the second trusted service manager, a wake up message to the over-the-air client of the mobile device.
  - 11. The method of claim 10, wherein the validating the provisioning request, the logging the provisioning request, and the transmitting the acknowledgment occur before the transmitting the wake up message.
  - 12. The method of claim 7, wherein the provisioning service request comprises one of downloading the credit card, personalizing the credit card, locking the credit card, suspending the credit card, modifying the credit card, and deleting the credit card.
  - 13. The method of claim 7, wherein the wireless link is one of a code division multiple access (CDMA), global system for mobile communication (GSM), and a worldwide interoperability for microwave access (WiMAX) wireless link.
  - 14. The method of claim 7, further including transmitting, by the second trusted service manager, a status of the provisioning service request to the first trusted service manager.
  - 15. The method of claim 7, wherein closing the secure connection is performed by the second trusted service manager or the over-the-air client.

16. A method of provisioning a secure element on a mobile device performed by the mobile device, comprising:
- in response to receiving a provisioning service request from a first trusted service manager associated with a credit card, establishing, by an over-the-air client of the mobile device, a secure connection between a second trusted service manager associated with a wireless service provider and the secure element of the mobile device, wherein the provisioning service request comprises one of locking the credit card and suspending the credit card, and wherein at least a portion of the secure connection is provided by a wireless link;
  
  requesting, by the over-the-air client, a command from the second trusted service manager;
  
  receiving, by the over-the-air client, the command from the second trusted service manager over the secure connection, the command relating to at least a portion of the services identified in the provisioning service request;
  
  transmitting, by the over-the-air client, a command result over the secure connection to the second trusted service manager; and
  
  closing the secure connection with the secure element of the mobile device.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the mobile device is one of a mobile phone, a personal digital assistant, and a media player.
  - 18. The method of claim 16, further including providing, by the over-the-air client, the command to the secure element for processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Zhu, Kevin
Primary Examiner(s)
Reagan, James A
Assistant Examiner(s)
CHEUNG, CALVIN K

Application Number

US13/270,205
Time in Patent Office

316 Days
Field of Search

705/14.23, 705/75, 726/26
US Class Current

726/26
CPC Class Codes

G06Q 20/401   Transaction verification

G06Q 30/0253   During e-commerce, i.e. onl...

G06Q 30/0267   Wireless devices

H04W 12/009   specially adapted for netwo...

H04W 12/02   Protecting privacy or anony...

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

Partially delegated over-the-air provisioning of a secure element

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Partially delegated over-the-air provisioning of a secure element

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links