Portable secure element
First Claim
1. A computer-implemented method for transferring control of a secure element, comprising:
- creating, by a computer, a master key between a first trusted service manager (“
TSM”
) and a second TSM, wherein the master key facilitates a transfer of control of a secure element from the first TSM to the second TSM;
receiving, by the computer, a request to transfer control of the secure element from the first TSM to the second TSM;
initiating, by the computer, a secure communication channel with the secure element, wherein, the secure communication channel is established using an access key known by the first TSM that is resident on the secure element;
communicating, by the computer, an instruction to delete the access key from the secure element;
creating, by the computer, a temporary key;
communicating, by the computer, the temporary key to the secure element;
encrypting, by the computer, the temporary key using the master key established between the first TSM and the second TSM; and
communicating, by the computer, the encrypted temporary key to the second TSM for the second TSM to access the secure element.
2 Assignments
0 Petitions
Accused Products
Abstract
Transferring control of a secure element between TSMs comprises a zone master key established between the TSMs that facilitates encryption of a temporary key. The TSMs create the zone master key prior to initiation of transfer of control. Once transfer of control is initiated, the first TSM establishes a communication channel and deletes its key from the secure element. The first TSM creates a temporary key that is encrypted with the zone master key established between the first TSM and the second TSM. The encrypted temporary key is communicated to the second TSM with a device identifier. The second TSM decrypts the temporary key using the zone master key and identifies the user device using the device identifier. The new TSM establishes a communication channel and deletes the temporary key from the secure element. The new TSM then inputs and saves its key into the secure element.
165 Citations
29 Claims
-
1. A computer-implemented method for transferring control of a secure element, comprising:
-
creating, by a computer, a master key between a first trusted service manager (“
TSM”
) and a second TSM, wherein the master key facilitates a transfer of control of a secure element from the first TSM to the second TSM;receiving, by the computer, a request to transfer control of the secure element from the first TSM to the second TSM; initiating, by the computer, a secure communication channel with the secure element, wherein, the secure communication channel is established using an access key known by the first TSM that is resident on the secure element; communicating, by the computer, an instruction to delete the access key from the secure element; creating, by the computer, a temporary key; communicating, by the computer, the temporary key to the secure element; encrypting, by the computer, the temporary key using the master key established between the first TSM and the second TSM; and communicating, by the computer, the encrypted temporary key to the second TSM for the second TSM to access the secure element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for transferring control of a secure element, comprising:
-
creating, by a computer, a first master key between a first trusted service manager (“
TSM”
) and a mediator TSM, wherein the first master key facilitates a transfer of control of a secure element from the first TSM to the mediator TSM;creating, by a computer, a second master key between the mediator TSM and a second TSM, wherein the second master key facilitates a transfer of control of the secure element from the mediator TSM to the second TSM; receiving, by the computer, a first temporary key from the first TSM to transfer control of the secure element from the first TSM to the mediator TSM, wherein the first temporary key is encrypted by the first master key established between the first TSM and the mediator TSM, and wherein the first temporary key has been saved on the secure element; decrypting, by the computer, the first temporary key using the first master key established between the first TSM and the mediator TSM; initiating, by the computer, a secure communication channel with the secure element, wherein the secure communication channel is established using the first temporary key decrypted by the mediator TSM; communicating, by the computer, an instruction to delete the first temporary key from the secure element; creating, by the computer, a second temporary key; communicating, by the computer, the second temporary key to the secure element; encrypting, by the computer, the second temporary key using the second master key established between the mediator TSM and the second TSM; and communicating, by the computer, the encrypted second temporary key to the second TSM for the second TSM to access the secure element. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer program product, comprising:
a non-transitory computer-readable medium having computer-readable program code embodied therein for transferring control of a secure element, the computer-readable medium comprising; computer-readable program code for receiving a first temporary key from a first trusted service manager (“
TSM”
) to transfer control of a secure element from the first TSM to a mediator TSM;computer-readable program code for initiating a secure communication channel with the secure element, wherein the secure communication channel is established using the first temporary key and wherein the first temporary key is resident on the secure element; computer-readable program code for creating a second temporary key, wherein the second temporary key is inputted and saved on the secure element; and computer-readable program code for communicating the second temporary key to the second TSM. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
24. A system for transferring control of a secure element, the system comprising:
-
a storage medium; and a processor configured to execute computer-executable instructions stored in the storage medium, the computer-executable instructions comprising; instructions for receiving a first temporary key from a first TSM to transfer control of a secure element from the first TSM to a mediator TSM; instructions for decrypting the first temporary key using the first master key established between the first TSM and the mediator TSM; instructions for initiating a secure communication channel with the secure element, wherein the secure communication channel is established using the first temporary key decrypted by the mediator TSM; instructions for communicating an instruction to delete the first temporary key from the secure element; instructions for creating a second temporary key; instructions for communicating the second temporary key to the secure element; and instructions for communicating the second temporary key to the second TSM for the second TSM to access the secure element. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification