Apparatus and method for securely managing the accessibility to content and applications

US 9,240,994 B2
Filed: 10/28/2013
Issued: 01/19/2016
Est. Priority Date: 10/28/2013
Status: Active Grant

First Claim

Patent Images

1. A communication device comprising:

a secure element having a secure element memory with first executable instructions, wherein the secure element, responsive to executing the first executable instructions, performs first operations comprising;

receiving secret information and non-secret information from a secure download application function, wherein the secure download application function is remote from the communication device; and

storing the secret information and the non-secret information in the secure element memory;

a secure device processor having a secure device processor memory with second executable instructions, wherein the secure device processor is separate from the secure element and in communication with the secure element, wherein the secure device processor, responsive to executing the second executable instructions, performs second operations comprising;

providing a request for a first verification to the secure element, the first verification being associated with access to content that is sourced via the secure download application function;

receiving the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor;

receiving the non-secret information from the secure element; and

generating a second verification for the access based on the non-secret information,wherein the non-secret information includes device permissions, wherein the content includes file permissions, and wherein presentation of the content by the communication device is according to the device permissions and the file permissions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that incorporates the subject disclosure may perform, for example, receive secret information and non-secret information from a secure download application function, provide a request for a first verification to a secure element where the first verification is associated with access to content and/or an application that is accessible via the secure download application function, receive the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor, receive the non-secret information from the secure element, and generate a second verification for the access based on the non-secret information, where the content and/or application is accessible from the secure download application function responsive to the first and second verifications. Other embodiments are disclosed.

121 Citations

20 Claims

1. A communication device comprising:
- a secure element having a secure element memory with first executable instructions, wherein the secure element, responsive to executing the first executable instructions, performs first operations comprising;
  
  receiving secret information and non-secret information from a secure download application function, wherein the secure download application function is remote from the communication device; and
  
  storing the secret information and the non-secret information in the secure element memory;
  
  a secure device processor having a secure device processor memory with second executable instructions, wherein the secure device processor is separate from the secure element and in communication with the secure element, wherein the secure device processor, responsive to executing the second executable instructions, performs second operations comprising;
  
  providing a request for a first verification to the secure element, the first verification being associated with access to content that is sourced via the secure download application function;
  
  receiving the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor;
  
  receiving the non-secret information from the secure element; and
  
  generating a second verification for the access based on the non-secret information,wherein the non-secret information includes device permissions, wherein the content includes file permissions, and wherein presentation of the content by the communication device is according to the device permissions and the file permissions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The communication device of claim 1, wherein the content is received from the secure download application function responsive to the first and second verifications, wherein the secure element comprises a universal integrated circuit card, wherein the receiving of the secret and non-secret information from the secure download application function is via a remote management server, wherein a download path of the content from the secure download application function does not include the remote management server, wherein the remote management server is remote from the communication device and the secure download application function, and wherein the first operations further comprise:
    - receiving update information from the secure download application function via the remote management server, wherein the update information is responsive to a presentation of the content by the communication device; and
      
      adjusting the secret information and the non-secret information based on the update information.
  - 3. The communication device of claim 2, wherein the second operations further comprise:
    - providing consumption information to the secure download application function, the consumption information indicating that the content has been presented by the communication device;
      
      receiving access instructions from the secure download application function responsive to the consumption information; and
      
      preventing the communication device from accessing the content according to the access instructions,wherein the receiving of the update information is responsive to the consumption information.
  - 4. The communication device of claim 1, wherein the second operations further comprise:
    - providing consumption information to the secure element, the consumption information indicating that the content has been presented by the communication device;
      
      receiving access instructions from the secure element responsive to the consumption information; and
      
      preventing the communication device from accessing the content according to the access instructions.
  - 5. The communication device of claim 1, further comprising a device processor that is separate from the secure device processor and in communication with the secure device processor, wherein the device processor facilitates wireless communications between the communication device and the secure download application function, and wherein the content is accessed from storage on the communication device responsive to the first and second verifications.
  - 6. The communication device of claim 1, wherein the secret information includes a decryption key for content playback and an authentication credential.
  - 7. The communication device of claim 1, wherein the non-secret information includes a user identification, a device identification, digital rights management data, and a validity time period.
  - 8. The communication device of claim 1, wherein the receiving of the secret and non-secret information is via a remote management server, and wherein keysets are utilized for mutual authentication of the secure element and the secure device processor with the remote management server.
  - 9. The communication device of claim 8, wherein the content is stored at the communication device, and wherein the first operations further comprise:
    - receiving update information from the secure download application function via the remote management server, wherein the update information is received prior to a presentation of the content by the communication device; and
      
      adjusting the secret information and the non-secret information based on the update information.
  - 10. The communication device of claim 1, wherein the second operations further comprise:
    - receiving user input requesting content browsing access, wherein the user input includes user credentials;
      
      providing the user credentials to the secure element;
      
      receiving browsing access credentials from the secure element responsive to an authentication of the user credentials by the secure element; and
      
      facilitating establishing a browsing channel between the communication device and the secure download application function responsive to the browsing access credentials, wherein the browsing channel enables browsing a group of content accessible via the secure download application function.

11. A method comprising:
- receiving, by a secure element of a communication device, secret information and non-secret information from a secure download application function that is remote from the communication device;
  
  storing the secret information in a secure element memory of the secure element;
  
  providing, by a secure device processor of the communication device, a request for a first verification to the secure element, wherein the secure device processor is separate from the secure element and is in communication with the secure element, and wherein the first verification is associated with access to an application that is sourced via the secure download application function;
  
  receiving, by the secure device processor, the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor;
  
  receiving, by the secure device processor, the non-secret information from the secure element;
  
  generating a second verification for the access based on the non-secret information, wherein the application is accessible by the communication device responsive to the first and second verificationsproviding, by the secured device processor, consumption information to at least one of the secure element or the secure download application function, the consumption information indicating that the application has been executed by the communication device;
  
  receiving, at the secure device processor, access instructions from the at least one of the secure element or the secure download application function responsive to the consumption information; and
  
  preventing the communication device from accessing the application according to the access instructions.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, comprising:
    - receiving user input requesting browsing access, wherein the user input includes user credentials;
      
      providing the user credentials to the secure element;
      
      receiving browsing access credentials from the secure element responsive to an authentication of the user credentials by the secure element; and
      
      facilitating establishing a browsing channel between the communication device and the secure download application function responsive to the browsing access credentials, wherein the browsing channel enables browsing a group of applications accessible via the secure download application function.
  - 13. The method of claim 11, wherein the receiving of the secret and non-secret information is via a remote management server, wherein keysets are utilized for mutual authentication of the secure element and the secure device processor with the remote management server and further comprising:
    - receiving update information from the secure download application function via the remote management server; and
      
      adjusting the secret information and the non-secret information based on the update information.
  - 14. The method of claim 11, comprising facilitating, by a device processor of the communication device, wireless communications between the communication device and the secure download application function, wherein the device processor is separate from the secure device processor and in communication with the secure device processor, wherein the secret information includes a decryption key for application execution and an authentication credential, and wherein the non-secret information includes a user identification, a device identification, digital rights management data, and a validity time period, and wherein the application is stored in a storage device of the communication device and is accessible by the communication device from the storage device responsive to the first and second verifications.
  - 15. The method of claim 11, comprising:
    - requesting, by the secure device processor, a decryption key from the secure element;
      
      receiving the decryption key at the secure device processor; and
      
      performing, by the secure device processor, a decryption of the application using the decryption key; and
      
      enabling execution of the application at the communication device responsive to the decryption.

16. A method, comprising:
- receiving, by a communication device comprising a secure element having a secure element memory and a secure device processor having a secure device processor memory, secret information and non-secret information from a secure download application function, wherein the secure download application function is remote from the communication device; and
  
  storing, by the communication device, the secret information and the non-secret information in the secure element memory;
  
  providing, by the communication device, a request for a first verification to the secure element, the first verification being associated with access to content that is sourced via the secure download application function;
  
  receiving, by the communication device, the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor;
  
  receiving, by the communication device, the non-secret information from the secure element; and
  
  generating, by the communication device, a second verification for the access based on the non-secret information, wherein the non-secret information includes device permissions, wherein the content includes file permissions, and wherein presentation of the content by the communication device is according to the device permissions and the file permissions.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising:
    - providing consumption information to the secure download application function, the consumption information indicating that the content has been presented by the communication device;
      
      receiving access instructions from the secure download application function responsive to the consumption information; and
      
      preventing the communication device from accessing the content according to the access instructions.
  - 18. The method of claim 16, further comprising:
    - providing consumption information to the secure element, the consumption information indicating that the content has been presented by the communication device;
      
      receiving access instructions from the secure element responsive to the consumption information; and
      
      preventing the communication device from accessing the content according to the access instructions.
  - 19. The method of claim 16, wherein the secret information includes a decryption key for content playback and an authentication credential.
  - 20. The method of claim 16, wherein the non-secret information includes a user identification, a device identification, digital rights management data, and a validity time period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Chastain, Walter Cooper, Chin, Stephen Emille
Primary Examiner(s)
Sholeman, Abu
Assistant Examiner(s)
LWIN, MAUNG T

Application Number

US14/065,010
Publication Number

US 20150121487A1
Time in Patent Office

813 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0869   for achieving mutual authen...

H04L 63/108   when the policy decisions a...

H04L 63/123   received data contents, e.g...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/45   using multiple identity mod...

Apparatus and method for securely managing the accessibility to content and applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

121 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for securely managing the accessibility to content and applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links