Trusted service manager (TSM) architectures and methods
First Claim
Patent Images
1. A client device for making a contactless payment at a point of sale (POS), comprising:
- a first secure element comprising a first computer-readable medium containing instructions for causing the client device to securely download a payment application to the first secure element from a trusted service manager (TSM), wherein;
the first secure element is programmed to download the payment application in response to determining that the payment application is signed by the TSM;
a second secure element, physically separate from the first secure element, comprising a second computer-readable medium having;
instructions for registering the client device with the TSM only through the second secure element, exclusive of the first secure element, wherein;
the client device is registered with the TSM for authentication by registering an authentication data that is obtained using a user authentication input device of the client device;
instructions for storing the authentication data in the second secure element of the registered client device, wherein the stored authentication data is excluded from the first secure element;
instructions for storing a security key in the second secure element of the registered client device, wherein the security key is excluded from the first secure element;
instructions for storing a payment instrument in the second secure element of the registered client device, wherein the payment instrument is excluded from the first secure element; and
a secure tunnel circuit for secure input of the user authentication data directly to the second secure element;
a memory storage device, comprising a third computer-readable medium containing instructions, that when executed by the client device, cause the client device to;
execute the payment application resident on the first secure element;
signal, by the payment application, the user authentication input device of the client device to input a user authentication data obtained from the user of the registered client device;
input, by the user authentication input device in response to the signal from the payment application, the obtained user authentication data;
send the obtained user authentication data to the second secure element via the secure tunnel circuit; and
wherein the stored authentication data is excluded from the first secure element;
wherein the second computer-readable medium of the second secure element includes instructions for;
comparing the obtained user authentication data to the stored authentication data in response to signaling by the payment application andgenerating the secure payment information message in response to an authentication including a match of the obtained user authentication data with the stored authentication data;
wherein the generated secure payment information message comprises the payment instrument and is encrypted in accordance with the security key; and
transmitting the generated secure payment information message to a POS reader by one of near field communication (NFC), infrared, short range wireless connectivity, secure short message service (SMS), or direct secure communication from the second secure element to the POS.
2 Assignments
0 Petitions
Accused Products
Abstract
A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.
-
Citations
9 Claims
-
1. A client device for making a contactless payment at a point of sale (POS), comprising:
-
a first secure element comprising a first computer-readable medium containing instructions for causing the client device to securely download a payment application to the first secure element from a trusted service manager (TSM), wherein; the first secure element is programmed to download the payment application in response to determining that the payment application is signed by the TSM; a second secure element, physically separate from the first secure element, comprising a second computer-readable medium having; instructions for registering the client device with the TSM only through the second secure element, exclusive of the first secure element, wherein; the client device is registered with the TSM for authentication by registering an authentication data that is obtained using a user authentication input device of the client device; instructions for storing the authentication data in the second secure element of the registered client device, wherein the stored authentication data is excluded from the first secure element; instructions for storing a security key in the second secure element of the registered client device, wherein the security key is excluded from the first secure element; instructions for storing a payment instrument in the second secure element of the registered client device, wherein the payment instrument is excluded from the first secure element; and a secure tunnel circuit for secure input of the user authentication data directly to the second secure element; a memory storage device, comprising a third computer-readable medium containing instructions, that when executed by the client device, cause the client device to; execute the payment application resident on the first secure element; signal, by the payment application, the user authentication input device of the client device to input a user authentication data obtained from the user of the registered client device; input, by the user authentication input device in response to the signal from the payment application, the obtained user authentication data; send the obtained user authentication data to the second secure element via the secure tunnel circuit; and wherein the stored authentication data is excluded from the first secure element; wherein the second computer-readable medium of the second secure element includes instructions for; comparing the obtained user authentication data to the stored authentication data in response to signaling by the payment application and generating the secure payment information message in response to an authentication including a match of the obtained user authentication data with the stored authentication data; wherein the generated secure payment information message comprises the payment instrument and is encrypted in accordance with the security key; and transmitting the generated secure payment information message to a POS reader by one of near field communication (NFC), infrared, short range wireless connectivity, secure short message service (SMS), or direct secure communication from the second secure element to the POS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification