Trusted security zone containers for the protection and confidentiality of trusted service manager data
First Claim
1. A method for providing access to a trusted security zone of a mobile device, comprising:
- receiving, by an application, trusted service manager validation data from a trusted service manager, wherein the trusted service manager validation data is uniquely associated with the trusted service manager;
receiving, by the application, a trusted security zone master key;
hashing, by the application, the trusted service manager validation data with the trusted security zone master key to generate a trusted security zone sub key configured to provide access to a set of one or more trusted security zone containers of the plurality of trusted security zone containers, wherein the hashing is completed using a one-way secure hash function;
generating, by the application, the trusted security zone sub key based on hashing to access the set of one or more trusted security zone containers of the trusted security zone;
transmitting at least one message to provision at least in part the set of one or more trusted security zone containers with the trusted security zone sub key; and
providing, by the application, the trusted security zone sub key to the trusted service manager so that the trusted service manager may access the set of one or more trusted security zone containers, wherein the trusted security zone comprises a hardware assisted trust zone.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments relate generally to systems and methods for providing access to a trusted security zone container within a trusted security zone of a mobile device. An application may receive trusted service manager validation data from a trusted service manager. The application may also receive a trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone. The application may hash the trusted service manager validation data with the trusted security zone master key. The application may generate the trusted security zone sub key based on hashing to access one or more containers. One or more signal may be transmitted to provision the set of one or more trusted security zone containers with the trusted security zone sub key. The application may provide the sub key to the trusted service manager to access a container.
-
Citations
20 Claims
-
1. A method for providing access to a trusted security zone of a mobile device, comprising:
-
receiving, by an application, trusted service manager validation data from a trusted service manager, wherein the trusted service manager validation data is uniquely associated with the trusted service manager; receiving, by the application, a trusted security zone master key; hashing, by the application, the trusted service manager validation data with the trusted security zone master key to generate a trusted security zone sub key configured to provide access to a set of one or more trusted security zone containers of the plurality of trusted security zone containers, wherein the hashing is completed using a one-way secure hash function; generating, by the application, the trusted security zone sub key based on hashing to access the set of one or more trusted security zone containers of the trusted security zone; transmitting at least one message to provision at least in part the set of one or more trusted security zone containers with the trusted security zone sub key; and providing, by the application, the trusted security zone sub key to the trusted service manager so that the trusted service manager may access the set of one or more trusted security zone containers, wherein the trusted security zone comprises a hardware assisted trust zone. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for providing access to a trusted security zone of a mobile device, comprising:
-
receiving, by an application, trusted service manager validation data from a trusted service manager, wherein the trusted service manager validation data is generated by a master trusted service manager and associated with the trusted service manager; receiving, by the application, a trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone, wherein the trusted security zone comprises a hardware assisted trust zone; and generating, by the application, a trusted security zone sub key by hashing the trusted service manager validation data with the trusted security zone master key, wherein the trusted service manager validation data is used by the application to generate the trusted security zone sub key dedicated to a set of one or more trusted security zone containers of the plurality of trusted security zone containers, and wherein the hashing is completed using a one-way secure hash function. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method for protecting data of two or more different trusted service managers stored in a trusted security zone of a mobile device comprising:
-
validating a first trusted service manager, wherein validating the first trusted service manager comprises obtaining one or more service manager server credentials; providing a trusted security zone key to the first trusted service manager in response to validating the first trusted service manager, wherein the first trusted service manager uses the trusted security zone key to access a first set of one or more trusted security zone containers; receiving, by an application, a second trusted service manager validation data associated with a second trusted service manager; receiving, by the application, the trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone; hashing, by the application, the second trusted service manager validation data with the trusted security zone master key to generate a trusted security zone sub key configured to provide access to a second and different set of one or more trusted security zone containers of the plurality of trusted security zone containers, wherein the hashing is completed using a one-way secure hash function; generating, by the application, the trusted security zone sub key based on hashing to provide to the second trusted service manager access to the second set of one or more trusted security zone containers; transmitting one or more signals to provision the second set of one or more trusted security zone containers with only the trusted security zone sub key so that first trusted service manager may not access the second set of one or more trusted security zone containers with the trusted security zone master key; and providing, by the application, the trusted security zone sub key to the second trusted service manager so that the second trusted service manager may access the second set of one or more trusted security zone containers, wherein the trusted security zone comprises a hardware assisted trust zone. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification