Systems and methods for encrypting mobile device communications

US 9,154,477 B2
Filed: 05/25/2012
Issued: 10/06/2015
Est. Priority Date: 05/26/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for encrypting communications from a mobile device comprising one or more processors, the method comprising:

receiving, by the one or more processors, derivation information associated with a first symmetric key, from a trusted service manager;

deriving, by the one or more processors, the first symmetric key, wherein the first symmetric key is derived independently from a second symmetric key derived by the trusted service manager;

receiving, by the one or more processors, an asymmetric key encrypted by the independently derived second symmetric key;

decrypting, by the one or more processors, the asymmetric key using the independently derived first symmetric key;

generating, by the one or more processors executing a first application stored on a first memory of the mobile device, a message to be communicated to an intended recipient;

providing, by the first application to an authentication application stored on a secure element of the mobile device, the message, wherein the secure element is an embedded or separate securitized memory;

encrypting, by the one or more processors executing the authentication application, using the asymmetric key, the message;

providing, by the authentication application to the first application, the encrypted message; and

directing, by the first application, communication of the message to the intended recipient.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention can provide systems and methods for encrypting mobile device communications. According to one example embodiment of the invention, a method for encrypting mobile device communications is provided. The method can include generating, by a first application stored on a first memory of a mobile device, a message to be communicated to an intended recipient; providing, by the first application to an authentication application stored on a second memory of the mobile device, the message; encrypting, by the authentication application, the message; providing, by the authentication application to the first application, the encrypted message; and directing, by the first application, communication of the message to the intended recipient.

147 Citations

20 Claims

1. A computer-implemented method for encrypting communications from a mobile device comprising one or more processors, the method comprising:
- receiving, by the one or more processors, derivation information associated with a first symmetric key, from a trusted service manager;
  
  deriving, by the one or more processors, the first symmetric key, wherein the first symmetric key is derived independently from a second symmetric key derived by the trusted service manager;
  
  receiving, by the one or more processors, an asymmetric key encrypted by the independently derived second symmetric key;
  
  decrypting, by the one or more processors, the asymmetric key using the independently derived first symmetric key;
  
  generating, by the one or more processors executing a first application stored on a first memory of the mobile device, a message to be communicated to an intended recipient;
  
  providing, by the first application to an authentication application stored on a secure element of the mobile device, the message, wherein the secure element is an embedded or separate securitized memory;
  
  encrypting, by the one or more processors executing the authentication application, using the asymmetric key, the message;
  
  providing, by the authentication application to the first application, the encrypted message; and
  
  directing, by the first application, communication of the message to the intended recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, further comprising:
    - generating, by the authentication application, a message tag; and
      
      associating, by the authentication application, the generated tag with the message.
  - 3. The computer-implemented method of claim 1, further comprising:
    - receiving, by the authentication application, key information output by a trusted service manager,wherein encrypting the message comprises encrypting the message utilizing the received key information.
  - 4. The computer-implemented method of claim 3, wherein receiving key information comprises receiving an asymmetric key.
  - 5. The computer-implemented method of claim 3, wherein receiving key information comprises receiving key information encrypted by the trusted service manager utilizing a first symmetric key, and further comprising:
    - deriving, by the authentication application, a second symmetric key; and
      
      decrypting, by the authentication application, the key information utilizing the derived second symmetric key.
  - 6. The computer-implemented method of claim 5, wherein deriving the second symmetric key comprises deriving the second symmetric key utilizing card production life cycle (CPLC) information associated with the secure element.
  - 7. The computer-implemented method of claim 6, wherein deriving the second symmetric key further comprises deriving the second symmetric key utilizing derivation information received from the trusted service manager.
  - 8. The computer-implemented method of claim 1, further comprising:
    - transmitting, by the at least one processor, a registration request, to a trusted service manager; and
      
      receiving, by the at least one processor, a registration status, from the trusted service manager.

9. A system for encrypting communications from a mobile device, the system comprising:
- at least one secure element, wherein the at least one secure element is an embedded or separate securitized memory storing an authentication application;
  
  at least one memory configured to store computer-executable instructions; and
  
  at least one processor configured to access the at least one memory and execute the computer-executable instructions to;
  
  receive, by the at least one processor, from a trusted service manager derivation information associated with a first symmetric key;
  
  derive, by the at least one processor, the first symmetric key, wherein the first symmetric key is derived independently from a second symmetric key derived by the trusted service manager;
  
  receive, by the at least one processor, an asymmetric key encrypted by the independently derived second symmetric key;
  
  decrypt, by the at least one processor, the asymmetric key using the independently derived first symmetric key;
  
  generate, by the at least one processor executing a first application stored on a first memory of the mobile device, a message to be communicated to an intended recipient;
  
  provide, by the first application to the authentication application, the message;
  
  encrypt, by the at least one processor executing the authentication application, using the asymmetric key, the message;
  
  provide, by the authentication application to the first application, the encrypted message; and
  
  direct, by the first application, communication of the message to the intended recipient.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - generate, by the authentication application, a message tag; and
      
      associate, by the authentication application, the generated tag with the message.
  - 11. The system of claim 9, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - receive, by the authentication application, key information output by a trusted service manager,wherein encrypting the message comprises encrypting the message utilizing the received key information.
  - 12. The system of claim 11, wherein the computer-executable instructions to receive key information comprise instructions to receive an asymmetric key.
  - 13. The system of claim 11, wherein the computer-executable instructions to receive key information comprise instructions to receive key information encrypted by the trusted service manager utilizing a first symmetric key, and further comprise instructions to:
    - derive, by the authentication application, a second symmetric key; and
      
      decrypt, by the authentication application, the key information utilizing the derived second symmetric key.
  - 14. The system of claim 13, wherein the computer-executable instructions to derive the second symmetric key comprise instructions to derive the second symmetric key utilizing card production life cycle (CPLC) information associated with the secure element.
  - 15. The system of claim 14, wherein the computer-executable instructions to derive the second symmetric key further comprise instructions to derive the second symmetric key utilizing derivation information received from the trusted service manager.
  - 16. The system of claim 9, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - determine, by the at least one processor, that the mobile device is authenticated; and
      
      install, by the at least one processor, an administration software associated with the trusted service manager.

17. A method comprising:
- receiving, by at least one processor of a mobile device, from a trusted service manager derivation information associated with a first symmetric key;
  
  deriving, by the at least one processor, the first symmetric key, wherein the first symmetric key is derived independently from a second symmetric key derived by the trusted service manager;
  
  receiving, by the at least one processor, an asymmetric key encrypted by the independently derived second symmetric key;
  
  decrypting, by the at least one processor, the asymmetric key using the independently derived first symmetric key;
  
  generating, by the at least one processor executing at least one application stored in at least one memory of the mobile device, a message to be communicated to an intended recipient;
  
  providing, by the at least one application to an authentication application stored in at least one secure element of the mobile device, the message, wherein the at least one secure element is an embedded or separate securitized memory;
  
  encrypting, by the at least one processor executing the authentication application, using the asymmetric key, the message;
  
  providing, by the authentication application to the first application, the encrypted message; and
  
  directing, by the first application, communication of the message to the intended recipient.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - generating, by the authentication application, a message tag; and
      
      associating, by the authentication application, the generated tag with the message.
  - 19. The method of claim 17, further comprising:
    - receiving, by the authentication application, key information output by a trusted service manager,wherein encrypting the message comprises encrypting the message utilizing the received key information.
  - 20. The method of claim 19, wherein receiving key information comprises receiving an asymmetric key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Cambridge, Devin Michael, Kean, Brian, Meyers, Stephen M., Adkisson, Brent Dewayne, Davis, Norman Theodore Jr.
Primary Examiner(s)
ABYANEH, ALI S

Application Number

US13/481,387
Publication Number

US 20120300932A1
Time in Patent Office

1,229 Days
Field of Search

380/270, 713/165, 713/185
US Class Current

1/1
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/80   Wireless network architectu...

H04L 2463/061   applying further key deriva...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 9/3234   involving additional secure...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

Systems and methods for encrypting mobile device communications

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

147 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for encrypting mobile device communications

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links