Enabling users to select between secure service providers using a central trusted service manager
First Claim
1. A computer-implemented method for providing secure services to a network device comprising a secure element, the method comprising:
- maintaining, by a computer, at least one cryptographic key for the secure element, the at least one cryptographic key operable to provide secure access to the secure element via a secure communication channel;
receiving, by the computer, a selection of a trusted service manager (“
TSM”
) for facilitating the secure service;
obtaining, by the computer, from the selected TSM, information regarding the secure service and an application for the secure service;
provisioning, by the computer, the secure service at the secure element using the obtained information, the obtained application, and the at least one cryptographic key; and
removing, by the computer, information related to a previous TSM from the secure element.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described herein for enabling users to select from available secure service providers (each having a Trusted Service Manager (“TSM”)) for provisioning applications and services on a secure element installed on a device of the user. The device includes a service provider selector (“SPS”) module that provides a user interface for selecting the secure service provider. In one embodiment, the SPS communicates with a key escrow service that maintains cryptographic keys for the secure element and distributes the keys to the user selected secure service provider. The key escrow service also revokes the keys from deselected secure service providers. In another embodiment, the SPS communicates with a central TSM that provisions applications and service on behalf of the user selected secure service provider. The central TSM serves as a proxy between the secure service providers and the secure element.
-
Citations
37 Claims
-
1. A computer-implemented method for providing secure services to a network device comprising a secure element, the method comprising:
-
maintaining, by a computer, at least one cryptographic key for the secure element, the at least one cryptographic key operable to provide secure access to the secure element via a secure communication channel; receiving, by the computer, a selection of a trusted service manager (“
TSM”
) for facilitating the secure service;obtaining, by the computer, from the selected TSM, information regarding the secure service and an application for the secure service; provisioning, by the computer, the secure service at the secure element using the obtained information, the obtained application, and the at least one cryptographic key; and removing, by the computer, information related to a previous TSM from the secure element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product, comprising:
a non-transitory computer-readable medium having computer-readable program code embodied therein for providing secure services to a communication device comprising secure memory, the computer-readable medium comprising; computer-readable program code for maintaining at least one cryptographic key for the secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel; computer-readable program code for receiving, a selection of a secure service provider for facilitating the secure service; computer-readable program code for obtaining, from the selected secure service provider, information regarding the secure service and an application for the secure service; computer-readable program code for provisioning the secure service at the secure memory using the obtained information, the obtained application, and the at least one cryptographic key; and computer-readable program code for removing information related to a previous secure service provider from the secure memory. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
18. A system for providing secure services to a network device comprising a secure memory, the system comprising:
-
a communication module that receives a selection of a trusted service manager (“
TSM”
) for facilitating the secure service;a managed TSM communicably coupled to the communication module that; maintains at least one cryptographic key for the secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel; receives, from the selected TSM, information regarding the secure service and an application for the secure service; provisions the secure service at the secure memory using the received information, the received application, and the at least one cryptographic key; and causes information related to a previous TSM to be removed from the secure memory. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A computer-implemented method for providing secure services to a network device comprising a secure element, the method comprising:
-
maintaining, by a computer, at least one cryptographic key for the secure element, the at least one cryptographic key operable to provide secure access to the secure element via a secure communication channel; receiving, by the computer, a selection of a trusted service manager (“
TSM”
) for facilitating the secure service;obtaining, by the computer, from the selected TSM, information regarding the secure service and an application for the secure service; provisioning, by the computer, the secure service at the secure element using the obtained information, the obtained application, and the at least one cryptographic key; and transmitting, by the computer, a message to the secure element commanding the secure element to remove information and an application related to a previous TSM from the secure element. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A computer program product, comprising:
a non-transitory computer-readable medium having computer-readable program code embodied therein for providing secure services to a communication device comprising secure memory, the computer-readable medium comprising; computer-readable program code for maintaining at least one cryptographic key for the secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel; computer-readable program code for receiving, a selection of a secure service provider for facilitating the secure service; computer-readable program code for obtaining, from the selected secure service provider, information regarding the secure service and an application for the secure service; computer-readable program code for provisioning the secure service at the secure memory using the obtained information, the obtained application, and the at least one cryptographic key; and computer-readable program code for transmitting a message to the secure memory requesting the secure memory to remove information and an application related to a previous secure service provider from the secure memory. - View Dependent Claims (31, 32, 33)
-
34. A system for providing secure services to a network device comprising a secure memory, the system comprising:
-
a communication module that receives a selection of a trusted service manager (“
TSM”
) for facilitating the secure service;a managed TSM communicably coupled to the communication module that; maintains at least one cryptographic key for the secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel; receives, from the selected TSM, information regarding the secure service and an application for the secure service; provisions the secure service at the secure memory using the received information, the received application, and the at least one cryptographic key; and transmits, via the communication module, a message to the secure memory commanding the secure memory to remove information and an application related to a previous TSM from the secure memory. - View Dependent Claims (35, 36, 37)
-
Specification