Trusted security zone containers for the protection and confidentiality of trusted service manager data

US 9,049,013 B2
Filed: 03/14/2013
Issued: 06/02/2015
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method for providing access to a trusted security zone of a mobile device, comprising:

receiving, by an application, trusted service manager validation data from a trusted service manager, wherein the trusted service manager validation data is uniquely associated with the trusted service manager;

receiving, by the application, a trusted security zone master key;

hashing, by the application, the trusted service manager validation data with the trusted security zone master key to generate a trusted security zone sub key configured to provide access to a set of one or more trusted security zone containers of the plurality of trusted security zone containers, wherein the hashing is completed using a one-way secure hash function;

generating, by the application, the trusted security zone sub key based on hashing to access the set of one or more trusted security zone containers of the trusted security zone;

transmitting at least one message to provision at least in part the set of one or more trusted security zone containers with the trusted security zone sub key; and

providing, by the application, the trusted security zone sub key to the trusted service manager so that the trusted service manager may access the set of one or more trusted security zone containers, wherein the trusted security zone comprises a hardware assisted trust zone.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments relate generally to systems and methods for providing access to a trusted security zone container within a trusted security zone of a mobile device. An application may receive trusted service manager validation data from a trusted service manager. The application may also receive a trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone. The application may hash the trusted service manager validation data with the trusted security zone master key. The application may generate the trusted security zone sub key based on hashing to access one or more containers. One or more signal may be transmitted to provision the set of one or more trusted security zone containers with the trusted security zone sub key. The application may provide the sub key to the trusted service manager to access a container.

Citations

20 Claims

1. A method for providing access to a trusted security zone of a mobile device, comprising:
- receiving, by an application, trusted service manager validation data from a trusted service manager, wherein the trusted service manager validation data is uniquely associated with the trusted service manager;
  
  receiving, by the application, a trusted security zone master key;
  
  hashing, by the application, the trusted service manager validation data with the trusted security zone master key to generate a trusted security zone sub key configured to provide access to a set of one or more trusted security zone containers of the plurality of trusted security zone containers, wherein the hashing is completed using a one-way secure hash function;
  
  generating, by the application, the trusted security zone sub key based on hashing to access the set of one or more trusted security zone containers of the trusted security zone;
  
  transmitting at least one message to provision at least in part the set of one or more trusted security zone containers with the trusted security zone sub key; and
  
  providing, by the application, the trusted security zone sub key to the trusted service manager so that the trusted service manager may access the set of one or more trusted security zone containers, wherein the trusted security zone comprises a hardware assisted trust zone.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the application is configured to hide the content of the trusted security zone sub key from a first trusted service manager and hide the content of the trusted security zone master key from a second trusted service manager, wherein the first trusted service manager provides the trusted security zone master key to the application and the second trusted service manager is associated with the trusted service manager validation data.
  - 3. The method of claim 1, wherein the trusted service manager validation data is generated by a master trusted service manager and provided to the trusted service manager upon validation of the trusted service manager by the master trusted service manager.
  - 4. The method of claim 1, wherein the trusted service manager validation data expires after a predetermined amount of time and the application rejects the trusted service manager validation data after the predetermined amount of time.
  - 5. The method of claim 1, wherein the trusted service manager validation data expires after a predetermined number of attempts and the application rejects the trusted service manager validation data after the predetermined number of attempts.
  - 6. The method of claim 1, wherein the trusted security zone is located on a mobile device.
  - 7. The method of claim 1, wherein the application is stored on a network server in communication with a mobile device.
  - 8. The method of claim 1, wherein the trusted security zone sub key is configured to provide access to a specific set of one or more trusted security zone containers of the plurality of trusted security zone containers based on the trusted service manager validation data.

9. A method for providing access to a trusted security zone of a mobile device, comprising:
- receiving, by an application, trusted service manager validation data from a trusted service manager, wherein the trusted service manager validation data is generated by a master trusted service manager and associated with the trusted service manager;
  
  receiving, by the application, a trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone, wherein the trusted security zone comprises a hardware assisted trust zone; and
  
  generating, by the application, a trusted security zone sub key by hashing the trusted service manager validation data with the trusted security zone master key, wherein the trusted service manager validation data is used by the application to generate the trusted security zone sub key dedicated to a set of one or more trusted security zone containers of the plurality of trusted security zone containers, and wherein the hashing is completed using a one-way secure hash function.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the application is configured to hide the content of the trusted security zone sub key from a first trusted service manager and hide the content of the trusted security zone master key from a second trusted service manager, wherein the first trusted service manager provides the trusted security zone master key to the application and the second trusted service manager is associated with the trusted service manager validation data.
  - 11. The method of claim 9, wherein the trusted service manager validation data expires after a predetermined amount of time and the application rejects the trusted service manager validation data after the predetermined amount of time.
  - 12. The method of claim 9, wherein the trusted service manager validation data expires after a predetermined number of attempts and the application rejects the trusted service manager validation data after the predetermined number of attempts.
  - 13. The method of claim 9, wherein the application is stored on a network server in communication with a mobile device comprising the trusted security zone.
  - 14. The method of claim 9, wherein the trusted security zone sub key is configured to provide access to a specific set of one or more trusted security zone containers of the plurality of trusted security zone containers based on the trusted service manager validation data.

15. A method for protecting data of two or more different trusted service managers stored in a trusted security zone of a mobile device comprising:
- validating a first trusted service manager, wherein validating the first trusted service manager comprises obtaining one or more service manager server credentials;
  
  providing a trusted security zone key to the first trusted service manager in response to validating the first trusted service manager, wherein the first trusted service manager uses the trusted security zone key to access a first set of one or more trusted security zone containers;
  
  receiving, by an application, a second trusted service manager validation data associated with a second trusted service manager;
  
  receiving, by the application, the trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone;
  
  hashing, by the application, the second trusted service manager validation data with the trusted security zone master key to generate a trusted security zone sub key configured to provide access to a second and different set of one or more trusted security zone containers of the plurality of trusted security zone containers, wherein the hashing is completed using a one-way secure hash function;
  
  generating, by the application, the trusted security zone sub key based on hashing to provide to the second trusted service manager access to the second set of one or more trusted security zone containers;
  
  transmitting one or more signals to provision the second set of one or more trusted security zone containers with only the trusted security zone sub key so that first trusted service manager may not access the second set of one or more trusted security zone containers with the trusted security zone master key; and
  
  providing, by the application, the trusted security zone sub key to the second trusted service manager so that the second trusted service manager may access the second set of one or more trusted security zone containers, wherein the trusted security zone comprises a hardware assisted trust zone.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the application receives the trusted security zone master key from the first trusted service manager in response to the second trusted service manager presenting the second trusted service manager validation data to the application.
  - 17. The method of claim 15, wherein the trusted security zone master key is the only trusted security zone master key associated with the trusted security zone of a specific mobile device.
  - 18. The method of claim 15, wherein the second set of one or more trusted security zone containers are provisioned with the trusted security zone sub key to expire after a predetermined amount of time and the second trusted service manager server loses access to the second set of one or more trusted security zone containers after the predetermined period of time.
  - 19. The method of claim 15, wherein the second set of one or more trusted security zone containers are provisioned with the trusted security zone sub key to expire after a predetermined number of attempts and the second trusted service manager server loses access to the second set of one or more trusted security zone containers after the predetermined number of attempts.
  - 20. The method of claim 15, further comprising:
    - receiving, by the application, a third trusted service manager validation data associated with a third trusted service manager;
      
      receiving, by the application, the trusted security zone master key;
      
      hashing, by the application, the third trusted service manager validation data with the trusted security zone master key to generate a second trusted security zone sub key configured to provide access to a third and different set of one or more trusted security zone containers of the plurality of trusted security zone containers, wherein the hashing is completed using a one-way secure hash function;
      
      generating, by the application, the second trusted security zone sub key based on hashing to provide to the third trusted service manager access to the third set of one or more trusted security zone containers;
      
      transmitting one or more signals to provision the third set of one or more trusted security zone containers with only the second trusted security zone sub key so that first trusted service manager and the second trusted service manager may not access the third set of one or more trusted security zone containers with the trusted security zone sub key or the trusted security zone master key; and
      
      providing, by the application, the second trusted security zone sub key to the third trusted service manager so that the third trusted service manager may access the third set of one or more trusted security zone containers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew C.
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
O'HARA, WILLIAM

Application Number

US13/831,463
Publication Number

US 20140281544A1
Time in Patent Office

810 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06Q 10/00   Administration; Management

H04L 2209/80   Wireless

H04L 9/0866   involving user or device id...

H04W 12/04   Key management, e.g. using ...

H04W 12/08   Access security

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

Trusted security zone containers for the protection and confidentiality of trusted service manager data

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted security zone containers for the protection and confidentiality of trusted service manager data

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links