System and method for provisioning over the air of confidential information on mobile communicative devices with non-UICC secure elements

US 9,161,218 B2
Filed: 12/02/2011
Issued: 10/13/2015
Est. Priority Date: 12/30/2010
Status: Active Grant

First Claim

Patent Images

1. A method for over-the-air (OTA) provisioning a non-Universal Integrated Circuit Card (UICC) type secure element (SE) of a mobile device, the method comprising:

selecting, by the mobile device, a payment card of a service provider among a plurality of service providers after the service provider has been pre-registered into a Trusted Service Manager (TSM) system, wherein the TSM system has held all of the information from the plurality of service providers through a pre-registration process;

sending, by the service provider, to the TSM system, a request for issuance of the selected payment card when the service provider receives from the mobile device a request to provision the selected payment card, wherein the request for issuance includes identifying information and encrypted account related information;

receiving, by the mobile device, a request to initialize an OTA proxy of the mobile device from the TSM system without the mobile device interacting with the service provider;

initializing, by the mobile device, the OTA proxy;

preparing, by the TSM system, provisioning data;

receiving, by the mobile device, the provisioning data through the OTA proxy from the TSM system without the mobile device interacting with the service provider, wherein (a) the TSM system has determined a mode of provisioning and sent the provisioning data through the determined mode of provisioning, (b) the TSM system has checked a status of the SE and a type of the SE prior to sending the provisioning data based on information of the mobile device and of the SE having been received from the mobile device, and (c) after the TSM system has determined the status of the SE, the TSM system has analyzed the type of the SE to determine a type of protocol to be used within the OTA proxy of the mobile device in order to provision into the SE; and

provisioning, by the mobile device, the received provisioning data into the SE, wherein the preparing of the provisioning data further includes processing a protocol to enable the SE to be provisioned when the SE type is a Micro secure digital (SD) type,wherein the method further comprises preparing the SE for provisioning, and the preparing of the SE for provisioning comprises;

retrieving mobile device information and SE information, wherein the SE information comprises an SE status and an SE type;

receiving a key for accessing the SE from the TSM system; and

securing the SE based on the SE status.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for over-the-air (OTA) provisioning a non-Universal Integrated Circuit Card (UICC) type secure element (SE) of a mobile device, including receiving a request to initialize an OTA proxy of a mobile device; initializing the OTA proxy; receiving provisioning data through the OTA proxy; and provisioning the received data into the SE, in which the SE is a non-UICC type SE. A mobile device to provision secure data OTA in a non-UICC type SE including an OTA proxy to connect to a Trusted Service Manager (TSM) system, and to receive provisioning data from the TSM system; a near-field-communication (NFC) enabled chip to conduct a contactless transaction; and a SE to store information provisioned through OTA proxy, in which the SE is a non-UICC type SE.

Citations

21 Claims

1. A method for over-the-air (OTA) provisioning a non-Universal Integrated Circuit Card (UICC) type secure element (SE) of a mobile device, the method comprising:
- selecting, by the mobile device, a payment card of a service provider among a plurality of service providers after the service provider has been pre-registered into a Trusted Service Manager (TSM) system, wherein the TSM system has held all of the information from the plurality of service providers through a pre-registration process;
  
  sending, by the service provider, to the TSM system, a request for issuance of the selected payment card when the service provider receives from the mobile device a request to provision the selected payment card, wherein the request for issuance includes identifying information and encrypted account related information;
  
  receiving, by the mobile device, a request to initialize an OTA proxy of the mobile device from the TSM system without the mobile device interacting with the service provider;
  
  initializing, by the mobile device, the OTA proxy;
  
  preparing, by the TSM system, provisioning data;
  
  receiving, by the mobile device, the provisioning data through the OTA proxy from the TSM system without the mobile device interacting with the service provider, wherein (a) the TSM system has determined a mode of provisioning and sent the provisioning data through the determined mode of provisioning, (b) the TSM system has checked a status of the SE and a type of the SE prior to sending the provisioning data based on information of the mobile device and of the SE having been received from the mobile device, and (c) after the TSM system has determined the status of the SE, the TSM system has analyzed the type of the SE to determine a type of protocol to be used within the OTA proxy of the mobile device in order to provision into the SE; and
  
  provisioning, by the mobile device, the received provisioning data into the SE, wherein the preparing of the provisioning data further includes processing a protocol to enable the SE to be provisioned when the SE type is a Micro secure digital (SD) type,wherein the method further comprises preparing the SE for provisioning, and the preparing of the SE for provisioning comprises;
  
  retrieving mobile device information and SE information, wherein the SE information comprises an SE status and an SE type;
  
  receiving a key for accessing the SE from the TSM system; and
  
  securing the SE based on the SE status.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - requesting the OTA proxy to be installed from the TSM system;
      
      receiving the OTA proxy to be installed; and
      
      installing the received OTA proxy in the mobile device.
  - 3. The method of claim 1, wherein the initializing of the OTA proxy comprises:
    - waking the OTA proxy from a dormant state;
      
      gathering mobile device information of the mobile device;
      
      communicating, by the mobile device, with the TSM system through the OTA proxy; and
      
      transmitting the mobile device information to the TSM system.
  - 4. The method of claim 1, wherein the receiving of the provisioning data through the OTA proxy comprises:
    - receiving the provisioning data as Application Protocol Data Unit (APDU) commands through the OTA proxy, wherein the TSM system converts the provisioning data into the APDU commands.
  - 5. The method of claim 4, wherein the provisioning of the received data into the SE comprises provisioning the APDU commands.
  - 6. The method of claim 1, wherein the request to initialize the OTA proxy is received through a push server.
  - 7. The method of claim 1, wherein the mobile device information comprises at least one of International Mobile Equipment Identity (IMEI), Mobile Equipment Identifier (MEID), and Mobile Subscriber Integrated Services Digital Network Number (MSISDN).
  - 8. The method of claim 1, wherein the key comprises at least one of an initial issuer master key and a final issuer master key.
  - 9. The method of claim 8, wherein the securing of the SE comprises providing the initial issuer master key and the final issuer master key to the SE in response to a determination that the SE status is Operating System (OS) native.
  - 10. The method of claim 8, wherein the securing of the SE comprises providing the final issuer master key to the SE in response to a determination that SE status is initialized.
  - 11. The method of claim 3, wherein the communicating, by the mobile device, with the TSM system through the OTA proxy comprises reattempting to communicate with the TSM system in response to a failure to communicate with the TSM system by the mobile device.
  - 12. The method of claim 1, wherein the receiving of the provisioning data comprises reconnecting to the TSM system and requesting to receive the provisioning data in response to receipt of unusable data or in response to a session disconnection during an attempted receiving of the provisioning data.

13. A method for over-the-air (OTA) provisioning a non-Universal Integrated Circuit Card (UICC) type secure element (SE) device, the method comprising:
- selecting, by the mobile device, a payment card of a service provider among a plurality of service providers after the service provider has been pre-registered into a Trusted Service Manager (TSM) system, wherein the TSM system has held all of the information from the plurality of service providers through a pre-registration process;
  
  sending, by the service provider, to the TSM system a request for issuance of the selected payment card when the service provider receives from the mobile device a request to provision the selected payment card, wherein the request for issuance includes identifying information and encrypted account related information;
  
  receiving, by the mobile device, a request to initialize an OTA proxy of the mobile device from the TSM system without the mobile device interacting with the service provider;
  
  initializing, by the mobile device, the OTA proxy;
  
  communicating, by the mobile device, with the TSM system through the OTA proxy;
  
  retrieving, by the mobile device through the OTA proxy, mobile device information and SE information, wherein the SE information comprises an SE status and an SE type;
  
  receiving, by the mobile device through the OTA proxy, a key from the TSM system for accessing the SE, wherein the key comprises at least one of an initial issuer master key and a final issuer master key;
  
  securing, by the mobile device through the OTA proxy, the SE by providing the corresponding key to the SE based on a the status of the SE;
  
  preparing, by the TSM system, provisioning data;
  
  receiving, by the mobile device through the OTA proxy, the provisioning data from the TSM system without the mobile device interacting with the service provider, wherein (a) the TSM system has determined a mode of provisioning and sent the provisioning data through the determined mode of provisioning, (b) the TSM system has checked the status of the SE and the type of the SE prior to sending the provisioning data based on information of the mobile device and of the SE having been received from the mobile device, and (c) after the TSM system has determined the status of the SE, the TSM system has analyzed the type of the SE to determine a type of protocol to be used within the OTA proxy of the mobile device in order to provision into the SE; and
  
  provisioning, by the mobile device through the OTA proxy, the received data into the SE, wherein the preparing of the provisioning data includes processing a protocol to enable the SE to be provisioned when the SE type is a Micro secure digital (SD) type.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the processing of the protocol comprises processing the protocol to receive the provisioning data.
  - 15. The method of claim 13, wherein the request to initialize the OTA proxy is received at the mobile device through a push server.

16. A mobile device configured to provision secure data over-the-air (OTA) in a non-Universal Integrated Circuit Card (UICC) type secure element (SE), the mobile device comprising:
- an OTA proxy configured to connect to a Trusted Service Manager (TSM) system, to select a payment card of a service provider among a plurality of service providers after the service provider has been pre-registered into the TSM system, and to receive provisioning data from the TSM system, wherein (i) the TSM system has held all of the information from the plurality of service providers through a pre-registration process, (ii) the TSM system has determined a mode of provisioning and sent the provisioning data through the determined mode of provisioning, (iii) the TSM system has checked a status of the SE and a type of the SE prior to sending the provisioning data based on information of the mobile device and of the SE having been received from the mobile device, and (iv) after the TSM system has determined the status of the SE, the TSM system has analyzed the type of the SE to determine type of protocol to be used within the OTA proxy of the mobile device in order to provision into the SE;
  
  a near-field-communication (NFC) enabled device configured to conduct a contactless transaction; and
  
  a SE configured to store information provisioned through the OTA proxy,wherein the mobile device is configured to interact with the TSM system without service providers (SPs), the TSM system holding all of the information related to a provisioning procedure from the service providers (SPs) through a pre-registration process,wherein the OTA proxy of the mobile device is configured to be initialized when the mobile device receives a request to initialize the OTA proxy transmitted from the TSM system,wherein the OTA proxy is further configured to receive a protocol to prepare the SE to be provisioned,wherein the mobile device is configured to send to the service provider a request to provision the selected payment card, whereby the TSM system receives, from the service provider, a request for issuance of the selected payment card to the mobile device, wherein the request for issuance includes identifying information and encrypted account related information,wherein the OTA proxy is configured to transmit mobile device information and SE information to the TSM system, and the SE information comprises the SE status and the SE type; and
  
  wherein the type of SE is a Micro secure digital (SD) type.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The mobile device of claim 16, wherein the mobile device information comprises at least one of International Mobile Equipment Identity (IMEI), Mobile Equipment Identifier (MEID), and Mobile Subscriber Integrated Services Digital Network Number (MSISDN).
  - 18. The mobile device of claim 16, wherein the OTA proxy is configured to receive a key from the TSM system to access the SE based on the SE information sent to the TSM system, wherein the key comprises at least one of an initial issuer master key and a final issuer master key.
  - 19. The mobile device of claim 16, wherein the mobile device further comprises a mobile wallet application comprising a widget corresponding to the information stored in the SE.
  - 20. The mobile device of claim 16, wherein the OTA proxy is an OTA proxy installed in the mobile device.
  - 21. The mobile device of claim 19, wherein the information stored in the SE comprises:
    - a Payment Procedure Secure Elements (PPSE) configured to store a contactless card applet; and
      
      a wallet management applet (WMA) corresponding to the contactless card applet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mozido Corfire-Korea Limited
Original Assignee
Mozido Corfire-Korea Limited
Inventors
Kim, Donghyun, Bae, Sungwoo, Lim, Jaemin, Kwon, Daeman, You, Youngjin, Cheong, Kido
Primary Examiner(s)
Torres, Marcos
Assistant Examiner(s)
DU, HUNG K

Application Number

US13/310,344
Publication Number

US 20120172089A1
Time in Patent Office

1,411 Days
Field of Search

455/410, 455/411, 455/414.1, 455/558, 726/16, 726/17, 726/18, 726/27, 726/28, 726/30, 705/16, 705/41
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/57   Certifying or maintaining t...

G06F 21/88   Detecting or preventing the...

G06F 2221/2153   Using hardware token as a s...

G06Q 20/3227   using secure elements embed...

G06Q 20/3263   characterised by activation...

G06Q 20/354   Card activation or deactiva...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/363   with the personal data of a...

H04L 63/067   using one-time keys cryptog...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/086   using security domains

H04W 12/35   Protecting application or s...

H04W 12/71   Hardware identity

H04W 12/72   Subscriber identity

H04W 4/50   Service provisioning or rec...

H04W 4/80   Services using short range ...

System and method for provisioning over the air of confidential information on mobile communicative devices with non-UICC secure elements

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for provisioning over the air of confidential information on mobile communicative devices with non-UICC secure elements

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links