Enabling users to select between secure service providers using a key escrow service
First Claim
1. A computer-implemented method for providing a secure services to a network device comprising a secure element, the method comprising:
- maintaining, by a computer, at least one cryptographic key for the secure element, the at least one cryptographic key operable to provide secure access to the secure element via a secure communication channel;
receiving, by the computer, a request to change trusted service managers (“
TSMs”
) from a first TSM to a second TSM;
causing, by the computer, the first TSM to lose access to the secure element by revoking the at least one cryptographic key from the first TSM in response to receiving the request to change TSMs; and
transmitting, by the computer, the at least one cryptographic key to the second TSM in response to receiving the request to change TSMs.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described herein for enabling users to select from available secure service providers (each having a Trusted Service Manager (“TSM”)) for provisioning applications and services on a secure element installed on a device of the user. The device includes a service provider selector (“SPS”) module that provides a user interface for selecting the secure service provider. In one embodiment, the SPS communicates with a key escrow service that maintains cryptographic keys for the secure element and distributes the keys to the user selected secure service provider. The key escrow service also revokes the keys from deselected secure service providers. In another embodiment, the SPS communicates with a central TSM that provisions applications and service on behalf of the user selected secure service provider. The central TSM serves as a proxy between the secure service providers and the secure element.
-
Citations
30 Claims
-
1. A computer-implemented method for providing a secure services to a network device comprising a secure element, the method comprising:
-
maintaining, by a computer, at least one cryptographic key for the secure element, the at least one cryptographic key operable to provide secure access to the secure element via a secure communication channel; receiving, by the computer, a request to change trusted service managers (“
TSMs”
) from a first TSM to a second TSM;causing, by the computer, the first TSM to lose access to the secure element by revoking the at least one cryptographic key from the first TSM in response to receiving the request to change TSMs; and transmitting, by the computer, the at least one cryptographic key to the second TSM in response to receiving the request to change TSMs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 23)
-
-
9. A computer program product, comprising:
-
a non-transitory computer-readable medium having computer-readable program code embodied therein that when executed by a computer provide a secure service to a communication device, the computer-readable medium comprising; computer-readable program instructions for maintaining at least one cryptographic key for a secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel; computer-readable program instructions for receiving a request to change secure service providers from a first secure service provider to a second secure service provider; computer-readable program instructions for causing the first secure service provider to lose access to the secure memory by revoking the at least one cryptographic key from the first TSM in response to receiving the request to change secure service providers; and computer-readable program instructions for transmitting the at least one cryptographic key to the second secure service provider in response to receiving the request to change secure service providers. - View Dependent Claims (10, 11, 24, 25, 26, 27, 28, 29, 30)
-
-
12. A system for providing a secure service to a network device comprising a secure memory, the system comprising:
-
a network communication device that receives a request to change trusted service managers (“
TSMs”
) from a first TSM to a second TSM;a storage device; and a processor communicatively coupled to the storage device and the network communication device, the processor executing application code instructions that are stored in the storage resource and that cause the system to; maintain at least one cryptographic key for a secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel, and cause the first TSM to lose access to the secure memory for the first TSM in response to receiving the request to change TSMs by revoking the at least one cryptographic key from the first TSM in response to receiving the request to change TSMs, the network communication module transmitting the at least one cryptographic key to the second TSM in response to receiving the request to change TSMs. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification