Enabling users to select between secure service providers using a key escrow service
First Claim
1. A computer-implemented method to provide secure services to computing devices comprising secure elements, comprising:
- maintaining, by a key escrow service computing device, at least one cryptographic key for a secure element of a network computing device, the at least one cryptographic key operable to enable one of a plurality of trusted service managers (“
TSMs”
) to provide read and write access the secure element via a secure communication channel;
receiving, by the key escrow service computing device, a selection of one of the plurality of TSMs,wherein if the secure element comprises information related to a previous TSM that is different from the selected TSM, the key escrow service computing device revokes the at least one cryptographic key from the previous TSM in response to receiving the request to select the TSM; and
transmitting, by the key escrow service computing device, the at least one cryptographic key to the selected TSM in response to receiving the selection of the one of the plurality of TSMs to enable the selected TSM to access the secure element using the at least one cryptographic key.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described herein for enabling users to select from available secure service providers (each having a Trusted Service Manager (“TSM”)) for provisioning applications and services on a secure element installed on a device of the user. The device includes a service provider selector (“SPS”) module that provides a user interface for selecting the secure service provider. In one embodiment, the SPS communicates with a key escrow service that maintains cryptographic keys for the secure element and distributes the keys to the user selected secure service provider. The key escrow service also revokes the keys from deselected secure service providers. In another embodiment, the SPS communicates with a central TSM that provisions applications and service on behalf of the user selected secure service provider. The central TSM serves as a proxy between the secure service providers and the secure element.
-
Citations
31 Claims
-
1. A computer-implemented method to provide secure services to computing devices comprising secure elements, comprising:
-
maintaining, by a key escrow service computing device, at least one cryptographic key for a secure element of a network computing device, the at least one cryptographic key operable to enable one of a plurality of trusted service managers (“
TSMs”
) to provide read and write access the secure element via a secure communication channel;receiving, by the key escrow service computing device, a selection of one of the plurality of TSMs, wherein if the secure element comprises information related to a previous TSM that is different from the selected TSM, the key escrow service computing device revokes the at least one cryptographic key from the previous TSM in response to receiving the request to select the TSM; and transmitting, by the key escrow service computing device, the at least one cryptographic key to the selected TSM in response to receiving the selection of the one of the plurality of TSMs to enable the selected TSM to access the secure element using the at least one cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product, comprising:
-
a non-transitory computer-readable medium having computer-readable program code embodied therein that when executed by a computer cause the computer to provide secure services to computing devices, comprising; computer-readable program code to maintain at least one cryptographic key for a secure memory of a computing device, the at least one cryptographic key operable to enable one of a plurality of secure service providers to access the secure memory via a secure communication channel; computer-readable program code to receive a selection of one of the plurality of secure service providers, wherein if the secure memory comprises information related to a previous secure service provider that is different from the selected secure service provider, the at least one cryptographic key from the previous secure service provider is revoked in response to receiving the request to select the secure service provider; and computer-readable program code to transmit the at least one cryptographic key to the selected secure service provider in response to receiving the selection of one of the plurality of secure service providers to enable the selected secure service provider to access the secure memory using the at least one cryptographic key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system to provide secure services to computing devices comprising secure memories, comprising:
-
a key escrow service computing device that maintains at least one cryptographic key for a secure memory, the at least one cryptographic key operable to enable one of a plurality of trusted service managers (“
TSMs”
) to securely access the secure memory via a secure communication channel;a first network communication module that receives a selection of one of the plurality of TSMs, wherein if the secure memory comprises information related to a previous TSM that is different from the selected TSM, the key escrow service computing device revokes the at least one cryptographic key from the previous TSM in response to receiving the request to select the TSM; and a second network communication module that transmits the at least one cryptographic key to the selected TSM in response to receiving the selection of one of the plurality of TSMs to enable the selected TSM to securely access the secure memory using the at least one cryptographic key, wherein the key escrow service computing device is communicably coupled to the first network communication module and to the second network communication module. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
Specification