Secure reset of personal and service provider information on mobile devices

US 8,429,409 B1
Filed: 07/11/2012
Issued: 04/23/2013
Est. Priority Date: 04/06/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for resetting secure elements within network computing devices configured to conduct financial transactions, comprising:

receiving an encrypted reset request message by a secure element of a network computing device configured to conduct financial transactions, the encrypted reset request message being associated with a request to change control of the secure element from a first trusted service manager to a second trusted service manager, the encrypted reset request message originating from a source other than the first trusted service manager;

providing a communication key within the secure element;

decrypting the encrypted reset request message within the secure element using the communication key;

verifying authorization for the reset request message; and

clearing parameters associated with the first trusted service manager from the secure element based on instructions provided in the verified reset request message that originated from the source other than the first trusted service manager.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described herein for supporting end users of a mobile device, such as a mobile phone, to reset a secure element associated with the communication device. The reset process may include clearing the secure element, associated memories, and storage devices of any user specific or personalized information associated with the user. The reset process may also include removing or resetting keys or other identifiers within the secure element that associate the mobile device with a particular secure service provider. According to various embodiments, a computer-implemented method for resetting a secure element within a network device may include receiving an encrypted reset request message at the secure element, decrypting the encrypted reset request message using a communication key, verifying authorization for the reset request message, and atomically clearing parameters associated with the secure element.

Citations

25 Claims

1. A computer-implemented method for resetting secure elements within network computing devices configured to conduct financial transactions, comprising:
- receiving an encrypted reset request message by a secure element of a network computing device configured to conduct financial transactions, the encrypted reset request message being associated with a request to change control of the secure element from a first trusted service manager to a second trusted service manager, the encrypted reset request message originating from a source other than the first trusted service manager;
  
  providing a communication key within the secure element;
  
  decrypting the encrypted reset request message within the secure element using the communication key;
  
  verifying authorization for the reset request message; and
  
  clearing parameters associated with the first trusted service manager from the secure element based on instructions provided in the verified reset request message that originated from the source other than the first trusted service manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, further comprising revoking an access key of the first trusted service manager to access the secure element of the network computing device in connection with the request to change from the first trusted service manager to the second trusted service manager.
  - 3. The computer-implemented method of claim 1, further comprising receiving a certificate request and providing a certificate associated with the communication key in response to receiving the certificate request.
  - 4. The computer-implemented method of claim 1, wherein clearing parameters associated with the secure element comprises resetting one or more card keys of the first trusted service manager within the secure element.
  - 5. The computer-implemented method of claim 1, wherein verifying authorization for the reset request message comprises verifying a signature of the reset request message from a trusted authority.
  - 6. The computer-implemented method of claim 1, wherein verifying authorization for the reset request message comprises receiving an authorization code over a wireless interface.
  - 7. The computer-implemented method of claim 1, wherein the communication key comprises a private public key pair.
  - 8. The computer-implemented method of claim 1, further comprising providing a signing key within the secure element.
  - 9. The computer-implemented method of claim 1, wherein the secure element is associated with a Near Field Communication interface.
  - 10. The computer-implemented method of claim 1, wherein clearing parameters associated with the secure element comprises an atomic operation.

11. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program instructions embodied therein that when executed by a computer perform a method for resetting secure memories within network computing devices configured to conduct financial transactions, the computer-readable program instructions comprising;
  
  computer-readable program instructions for receiving an encrypted reset request message by a secure memory of a network computing device configured to engage in financial transactions, the encrypted reset request message being associated with a request to change control of the secure memory from a first electronic entity to a second electronic entity, the encrypted reset request message originating from a source other than the first electronic entity;
  
  computer-readable program instructions for storing a communication key within a secure certificate associated with the secure memory of the network computing device;
  
  computer-readable program instructions for decrypting the encrypted reset request message within the secure memory using the communication key;
  
  computer-readable program instructions for verifying authorization for the reset request message; and
  
  computer-readable program instructions for clearing parameters associated with the first electronic entity from the secure memory based on instructions provided in the verified reset request message that originated from the source other than the first electronic entity.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The computer program product of claim 11, wherein the first electronic entity is a first trusted service manager and the second electronic entity is a second trusted service manager.
  - 13. The computer program product of claim 12, further comprising computer-readable program instructions for revoking an access key of the first trusted service manager to access the secure memory of the network computing device in connection with the request to change from the first trusted service manager to the second trusted service manager.
  - 14. The computer program product of claim 11, wherein clearing parameters associated with the secure memory comprises resetting card keys associated with the secure memory.
  - 15. The computer program product of claim 11, wherein the secure memory is associated with a Near Field Communication interface.
  - 16. The computer program product of claim 11, wherein verifying authorization for the reset request message comprises verifying a signature of the reset request message from a trusted authority.
  - 17. The computer program product of claim 11, wherein verifying authorization for the reset request message comprises receiving an authorization code over a wireless interface.
  - 18. The computer program product of claim 11, wherein verifying authorization for the reset request message comprises receiving an authorization code over a Near Field Communications interface.
  - 19. The computer program product of claim 11, wherein clearing parameters associated with the secure memory comprises an atomic operation.
  - 20. The computer program product of claim 11, wherein the secure certificate comprises a public key for signing message associated with the secure memory.
  - 21. The computer program product of claim 11, wherein the secure memory is a secure element.

22. A system for resetting secure memories within network computing devices, the system comprising:
- a computing device configured to convey payment information for a financial transaction; and
  
  a resettable secure element existing in the computing device, the resettable secure element comprising;
  
  a memory;
  
  a secure element identity certificate stored in the memory;
  
  a secure element identity communication key stored in the memory;
  
  a secure element identity signing key stored in the memory;
  
  a processor; and
  
  computer executable programs stored in the memory that when executed by the processor cause the system to;
  
  (i) receive an encrypted reset request message within the secure element, the encrypted reset request message being associated with a request to change control of the secure element from a first electronic entity to a second electronic entity, the encrypted reset request message originating from a source other than the first electronic entity,(ii) decrypt the reset request messaging using the communication keys,(iii) verify authorization of the reset request message using the signing key, and(iv) reset one or more payment card keys associated with the resettable secure element in response to verifying authorization of the reset request message and based on instructions provided in the verified reset request message that originated from the source other than the first electronic entity.
- View Dependent Claims (23, 24, 25)
- - 23. The system of claim 22, wherein the first electronic entity is a first trusted service manager and the second electronic entity is a second trusted service manager.
  - 24. The system of claim 22, wherein the resettable secure element is associated with Near Field Communications.
  - 25. The system of claim 22, wherein the card keys comprise card manager keys or fare keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Wall, Jonathan, von Behren, Rob
Primary Examiner(s)
ZECHER, CORDELIA P K

Application Number

US13/547,029
Time in Patent Office

286 Days
Field of Search

None
US Class Current

713/172
CPC Class Codes

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/3227   using secure elements embed...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

H04L 2209/12   Details relating to cryptog...

H04L 2209/50   Oblivious transfer

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/0897   involving additional device...

H04L 9/3263   involving certificates, e.g...

H04M 15/48   Secure or trusted billing, ...

H04W 12/04   Key management, e.g. using ...

H04W 12/082   using revocation of authori...

H04W 12/086   using security domains

H04W 12/35   Protecting application or s...

Secure reset of personal and service provider information on mobile devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure reset of personal and service provider information on mobile devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links