Alternative hardware and software configuration for near field communication

US 8,504,097 B1
Filed: 05/03/2012
Issued: 08/06/2013
Est. Priority Date: 05/03/2012
Status: Active Grant

First Claim

Patent Images

1. A system on a mobile phone for configuring a secure partition in a trusted security zone, comprising:

a processor that executes virtualization software and comprises a first virtual processor and a second virtual processor, wherein the second virtual processor comprises the trusted security zone;

a plurality of secure partitions residing in the trusted security zone, wherein the trusted security zone executes a dedicated operation system;

a first application stored in the first virtual processor, wherein the first application selects the secure partition from the plurality of secure partitions in the trusted security zone for performing a transaction associated with the first application and sends the selection to a second application stored in the trusted security zone;

a near field communication transceiver;

the second application stored in the trusted security zone, wherein the second application receives the selection from the first application and in response to receiving the selection, couples the near field communication transceiver to the secure partition residing in the trusted security zone via direct connection to a hardware port associated with the trusted security zone on the processor prior to beginning the transaction, and wherein the second application enables run-time execution in the trusted security zone based on receiving a signal from the near field communication transceiver; and

the secure partition residing in the trusted security zone, wherein the secure partition is not directly accessible from the first application.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system on a mobile phone for configuring a secure partition in a trusted security zone is provided. The system comprises a processor and a near field communication transceiver. The processor executes virtualization software and comprises a first virtual processor and a second virtual processor, where the second virtual processor comprises the trusted security zone and the secure partition resides in the trusted security zone. The first virtual processor comprises an application which utilizes the secure partition in the trusted security zone. The second virtual processor comprises an application stored in the trusted security zone, where the application couples the near field communication transceiver to the secure partition residing in the trusted security zone and where the application enables run-time execution in the trusted security zone based on the receiving a signal from the near field communication transceiver.

89 Citations

View as Search Results

19 Claims

1. A system on a mobile phone for configuring a secure partition in a trusted security zone, comprising:
- a processor that executes virtualization software and comprises a first virtual processor and a second virtual processor, wherein the second virtual processor comprises the trusted security zone;
  
  a plurality of secure partitions residing in the trusted security zone, wherein the trusted security zone executes a dedicated operation system;
  
  a first application stored in the first virtual processor, wherein the first application selects the secure partition from the plurality of secure partitions in the trusted security zone for performing a transaction associated with the first application and sends the selection to a second application stored in the trusted security zone;
  
  a near field communication transceiver;
  
  the second application stored in the trusted security zone, wherein the second application receives the selection from the first application and in response to receiving the selection, couples the near field communication transceiver to the secure partition residing in the trusted security zone via direct connection to a hardware port associated with the trusted security zone on the processor prior to beginning the transaction, and wherein the second application enables run-time execution in the trusted security zone based on receiving a signal from the near field communication transceiver; and
  
  the secure partition residing in the trusted security zone, wherein the secure partition is not directly accessible from the first application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the first virtual processor and the second virtual processor execute in a time-sliced fashion comprising switching contexts between the two virtual processors to share processor resources.
  - 3. The system of claim 1, wherein the trusted security zone utilizes security aware components implemented in System on Chip architecture (SoC).
  - 4. The system of claim 1, wherein the near field communication transceiver is coupled to a hardware port of the processor via the Single Wire Protocol (SWP).
  - 5. The system of claim 1, wherein the second application stored in the trusted security zone executes at the ring 0 protection level which provides the most privileges and most direct interaction with the physical hardware.
  - 6. The system of claim 1, wherein the second application stored in the trusted security zone couples the near field communication transceiver to a second secure partition based on receiving a selection of the second secure partition from the first application stored in the first virtual processor.
  - 7. The system of claim 1, further comprising configuring the secure partition residing in the trusted security zone using Open Mobile Alliance (OMA) standards.

8. A method of secure partition configuration in a trusted security zone on a mobile device, comprising:
- selecting in a first application on a mobile device a secure partition from a plurality of secure partitions concurrently residing in the trusted security zone on the mobile device for performing a transaction associated with the first application and sends the selection to a second application stored in the trusted security zone;
  
  sending the selection of the secure partition from the first application to a second application, wherein the second application is stored in the trusted security zone on the mobile device, and wherein the trusted security zone executes a dedicated operating system;
  
  in response to receiving the selection from the first application, coupling, by the second application, a near field communication transceiver in the mobile device to the selected secure partition prior to performing the transaction, wherein the secure partition hardware and software reside on a processor of the mobile device in the trusted security zone, wherein the secure partition is not directly accessible from the first application, and wherein the coupling is via direct connection to a hardware port associated with the trusted security zone on the processor; and
  
  establishing a wireless link between the near field communication transceiver in the mobile device and an external near field communication device, wherein the wireless link enables communication between the selected secure partition and the external near field communication device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the first application on the mobile device is an electronic wallet application and the selected secure partition contains credentials which may be used for payments, authentication, and other mobile financial services.
  - 10. The method of claim 8, wherein the trusted security zone runs a separate operating system that is not accessible to the mobile device users.
  - 11. The method of claim 10, wherein the second application stored in the trusted security zone is installed in random access memory.
  - 12. The method of claim 8, wherein the hardware port is monitored by the second application for interfacing with the secure partition.
  - 13. The method of claim 8, further comprising configuring the plurality of secure partitions residing in the trusted security zone using Open Mobile Alliance (OMA) standards.
  - 14. The method of claim 8, wherein the second application enables run-time execution in the trusted security zone based on receiving a signal from the near field communication transceiver.

15. A system on a mobile phone for configuring a secure partition in a trusted security zone, comprising:
- a processor that executes virtualization software and comprises a plurality of processing cores, a first virtual processor, and a second virtual processor, wherein the second virtual processor comprises the trusted security zone;
  
  a plurality of secure partitions residing in the trusted security zone, wherein the trusted security zone executes a dedicated operation system;
  
  an application stored in the first virtual processor, wherein the application selects the secure partition from the plurality of secure partitions in the trusted security zone for performing a transaction associated with the application and sends the selection to a second application stored in the trusted security zone;
  
  a near field communication transceiver; and
  
  the second application stored in the trusted security zone, wherein the second application receives the selection from the first application and in response to receiving the selection, is coupled to the near field communication transceiver via a first processing core of the plurality of processing cores via direct connection to a hardware port associated with the trusted security zone on the processor prior to beginning the transaction.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, wherein only the first processing core of the plurality of processing cores is coupled to the near field communication transceiver.
  - 17. The method of claim 15, wherein the first processing core of the plurality of processing cores is coupled to the near field communication transceiver via the Single Wire Protocol (SWP).
  - 18. The method of claim 15, wherein the second application in the trusted security zone executes on the first processing core of the plurality of cores.
  - 19. The method of claim 18, wherein the first virtual processor is prevented from executing on the first processing core of the plurality of processing cores when the second application in the trusted security zone is executing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Cope, Warren B., Paczkowski, Lyle W.
Primary Examiner(s)
SHEDRICK, CHARLES TERRELL

Application Number

US13/463,797
Time in Patent Office

460 Days
Field of Search

455/41.1, 455/41.2, 455/550.1, 713/186, 713/182
US Class Current

455/550.1
CPC Class Codes

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/382   insuring higher security of...

H04M 1/72412   using two-way short-range w...

H04M 2250/04   including near field commun...

H04W 12/086   using security domains

H04W 4/50   Service provisioning or rec...

H04W 4/80   Services using short range ...

Alternative hardware and software configuration for near field communication

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Alternative hardware and software configuration for near field communication

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others