×

Trusted service manager (TSM) architectures and methods

  • US 8,417,643 B2
  • Filed: 12/20/2011
  • Issued: 04/09/2013
  • Est. Priority Date: 06/06/2008
  • Status: Active Grant
0
Associated Cases
0
Associated Defendants
0
Product Citations
0
Petitions
25
Forward Citations
2
Assignments
First Claim
Patent Images

1. A client device for making a contactless payment at a point of sale (POS), comprising:

  • a first secure element comprising a first computer-readable medium containing instructions for causing the client device to securely download a payment application to the first secure element from a trusted service manager (TSM), wherein;

    the first secure element is programmed to download the payment application in response to determining that the payment application is signed by the TSM;

    a second secure element, physically separate from the first secure element, comprising a second computer-readable medium having;

    instructions for registering the client device with the TSM only through the second secure element, exclusive of the first secure element, wherein;

    the client device is registered with the TSM for authentication by registering an authentication data that is obtained using a user authentication input device of the client device;

    instructions for storing the authentication data in the second secure element of the registered client device, wherein the stored authentication data is excluded from the first secure element;

    instructions for storing a security key in the second secure element of the registered client device, wherein the security key is excluded from the first secure element;

    instructions for storing a payment instrument in the second secure element of the registered client device, wherein the payment instrument is excluded from the first secure element; and

    a secure tunnel circuit for secure input of the user authentication data directly to the second secure element;

    a memory storage device, comprising a third computer-readable medium containing instructions, that when executed by the client device, cause the client device to;

    execute the payment application resident on the first secure element;

    signal, by the payment application, the user authentication input device of the client device to input a user authentication data obtained from the user of the registered client device;

    input, by the user authentication input device in response to the signal from the payment application, the obtained user authentication data;

    send the obtained user authentication data to the second secure element via the secure tunnel circuit; and

    wherein the stored authentication data is excluded from the first secure element;

    wherein the second computer-readable medium of the second secure element includes instructions for;

    comparing the obtained user authentication data to the stored authentication data in response to signaling by the payment application andgenerating the secure payment information message in response to an authentication including a match of the obtained user authentication data with the stored authentication data;

    wherein the generated secure payment information message comprises the payment instrument and is encrypted in accordance with the security key; and

    transmitting the generated secure payment information message to a POS reader by one of near field communication (NFC), infrared, short range wireless connectivity, secure short message service (SMS), or direct secure communication from the second secure element to the POS.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×