Systems, methods, and computer program products for managing access control

US 9,495,558 B2
Filed: 03/25/2014
Issued: 11/15/2016
Est. Priority Date: 03/26/2013
Status: Active Grant

First Claim

Patent Images

1. A method to manage access control, comprising:

storing, by a mobile communication device, a first set of access control rules in a memory of the mobile communication device separate from a secure element communicatively coupled to the mobile communication device, the first set of access control rules governing access by one or more service applications resident on the mobile communication device to one or more applets resident on the secure element;

receiving, by the secure element from a trusted server via a communication network, a second set of access control rules comprising one or more updates to one or more of the first set of access control rules, wherein the second set of access control rules comprises at least an update to a particular access control rule governing access by a particular service application resident on the mobile communication device to one or more particular applets of the one or more applets resident on the secure element;

storing, by the secure element, the second set of access control rules received from the trusted server to replace the first set of access control rules stored in the secure element;

receiving, by the mobile communication device from the trusted server via the communication network, a notification message indicating that the particular access control rule has been updated by the trusted server in the secure element;

in response to receiving the notification message, retrieving, by the mobile communication device and from the secure element, the second set of access control rules comprising at least the updated particular access control rule;

updating, by the mobile communication device, the first set of access control rules based on the second set of access control rules retrieved from the secure element;

receiving, by the mobile communication device and from the particular service application resident on the mobile communication device, a request to access one or more of the one or more particular applets resident on the secure element, one or more applet identifiers corresponding to the one or more particular applets, and an identifier associated with the particular service application;

identifying, by the mobile communication device, one or more applicable access control rules of the updated first set of access control rules, wherein applicable access control rules state whether the particular service application identified by the identifier associated with the particular service application is permitted to access the one or more particular applets identified by the one or more corresponding applet identifiers; and

in response to identifying the one or more applicable access control rules, accessing the requested one or more of the one or more particular applets resident on the secure element via the particular service application resident on the mobile communication device, in accordance with the identified one or more applicable access control rules of the updated first set of access control rules.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer program products are provided for managing access control. A first set of access control rules is stored in a memory of mobile communication device. The mobile communication device receives from a trusted server over a communication network a notification message indicating that an access control rule has been updated in a secure element. In response to receiving the notification message, the mobile communication device retrieves from the secure element a second set of access control rules including at least the access control rule that has been updated. The first set of access control rules is updated based on the second set of access control rules retrieved from the secure element. An applet stored on the secure element is accessed via an application running on the mobile communication device, in accordance with the updated first set of access control rules.

138 Citations

18 Claims

1. A method to manage access control, comprising:
- storing, by a mobile communication device, a first set of access control rules in a memory of the mobile communication device separate from a secure element communicatively coupled to the mobile communication device, the first set of access control rules governing access by one or more service applications resident on the mobile communication device to one or more applets resident on the secure element;
  
  receiving, by the secure element from a trusted server via a communication network, a second set of access control rules comprising one or more updates to one or more of the first set of access control rules, wherein the second set of access control rules comprises at least an update to a particular access control rule governing access by a particular service application resident on the mobile communication device to one or more particular applets of the one or more applets resident on the secure element;
  
  storing, by the secure element, the second set of access control rules received from the trusted server to replace the first set of access control rules stored in the secure element;
  
  receiving, by the mobile communication device from the trusted server via the communication network, a notification message indicating that the particular access control rule has been updated by the trusted server in the secure element;
  
  in response to receiving the notification message, retrieving, by the mobile communication device and from the secure element, the second set of access control rules comprising at least the updated particular access control rule;
  
  updating, by the mobile communication device, the first set of access control rules based on the second set of access control rules retrieved from the secure element;
  
  receiving, by the mobile communication device and from the particular service application resident on the mobile communication device, a request to access one or more of the one or more particular applets resident on the secure element, one or more applet identifiers corresponding to the one or more particular applets, and an identifier associated with the particular service application;
  
  identifying, by the mobile communication device, one or more applicable access control rules of the updated first set of access control rules, wherein applicable access control rules state whether the particular service application identified by the identifier associated with the particular service application is permitted to access the one or more particular applets identified by the one or more corresponding applet identifiers; and
  
  in response to identifying the one or more applicable access control rules, accessing the requested one or more of the one or more particular applets resident on the secure element via the particular service application resident on the mobile communication device, in accordance with the identified one or more applicable access control rules of the updated first set of access control rules.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the notification message is pushed to the mobile communication device each time the trusted server transmits an update message to the secure element to cause at least one access control rule of the second set of access control rules to be updated.
  - 3. The method of claim 2, wherein the trusted server pushes the notification message to the mobile communication device by way of a notification server.
  - 4. The method of claim 1, further comprising:
    - accessing, in succession via the particular service application resident on the mobile communication device, a plurality of applets resident on the secure element, without performing a polling process of a refresh tag of the secure element in between each accessing.
  - 5. The method of claim 1, wherein the mobile communication device includes the secure element.

6. A system to manage access control, comprising:
- at least one memory separate from a memory of a secure element, operable to store a first set of access control rules, the first set of access control rules governing access by one or more service applications resident on a mobile communication device to one or more applets resident on the secure element; and
  
  a computer processor coupled to the at least one memory, the computer processor being operable to;
  
  receive, by the secure element, a second set of access control rules from a trusted server via a communication network and comprising one or more updates to one or more of the first set of access control rules, wherein the second set of access control rules comprises at least an update to a particular access control rule governing access by a particular service application resident on the mobile communication device to one or more particular applets of the one or more applets resident on the secure element;
  
  receive, from the trusted server via the communication network, a notification message indicating that the particular access control rule has been updated by the trusted server in the secure element;
  
  in response to receiving the notification message, retrieve from the secure element the second set of access control rules comprising at least the updated particular access control rule,update the first set of access control rules based on the second set of access control rules retrieved from the secure element;
  
  receive, from the particular service application, a request to access one or more of the one or more particular applets resident on the secure element, one or more applet identifiers corresponding to the one or more particular applets, and an identifier associated with the particular service application;
  
  identify one or more applicable access control rules of the updated first set of access control rules, wherein applicable access control rules state whether the particular service application identified by the identifier associated with the particular service application is permitted to access the one or more particular applets identified by the one or more corresponding applet identifiers; and
  
  in response to identifying the one or more applicable access control rules, access the requested one or more of the one or more particular applets resident on the secure element via the particular service application, in accordance with the identified one or more applicable access control rules of the updated first set of access control rules.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The system of claim 6, wherein the trusted server is communicatively coupled to the system via the communication network, andwherein the notification message is pushed to the computer processor each time the trusted server transmits an update message to the secure element to cause at least one access control rule of the second set of access control rules to be updated.
  - 8. The system of claim 7, wherein the trusted server pushes the notification message to the computer processor by way of a notification server.
  - 9. The system of claim 6, the computer processor being further operable to:
    - access, in succession a plurality of applets resident on the secure element in accordance with the updated first set of access control rules without performing a polling process of a refresh tag of the secure element in between each accessing.
  - 10. The system of claim 6, further comprising the secure element.
  - 11. The system of claim 6, wherein the computer processor is further operable to:
    - communicate the request to access the one or more of the one or more particular applets resident on the secure element,wherein the retrieval of the second set of access control rules from the secure element is performed before the communication of the request to access the one or more of the one or more particular applets resident on the secure element.
  - 12. The system of claim 6, wherein the access control rule that has been updated indicates whether the particular service application resident on the mobile communication device has permission to access the particular applet resident on the secure element.

13. A non-transitory computer readable medium having stored thereon sequences of instructions that, when executed by a computer processor, cause the computer processor to manage access control by:
- storing a first set of access control rules in a memory of a mobile communication device separate from a secure element communicatively coupled to the mobile communication device, the first set of access control rules governing access by one or more service applications resident on the mobile communication device to one or more applets resident on the secure element;
  
  receiving, by the secure element from a trusted server via a communication network, a second set of access control rules comprising one or more updates to one or more of the first set of access control rules, wherein the second set of access control rules comprises at least an update to a particular access control rule governing access by a particular service application on the mobile communication device to one or more particular applets of the one or more applets resident on the secure element;
  
  receiving, by the mobile communication device from the trusted server via the communication network, a notification message indicating that the particular access control rule has as been updated by the trusted server in the secure element;
  
  in response to receiving the notification message, retrieving, by the mobile communication device and from the secure element, the second set of access control rules comprising at least the updated particular access control rule,updating the first set of access control rules based on the second set of access control rules retrieved from the secure element;
  
  receiving, by the mobile communication device and from the particular service application resident on the mobile communication device, a request to access one or more of the one or more particular applets resident on the secure element, one or more applet identifiers corresponding to the one or more particular applets, and an identifier associated with the particular service application;
  
  identifying, by the mobile communication device, one or more applicable access control rules of the updated first set of access control rules, wherein applicable access control rules state whether the particular service application identified by the identifier associated with the particular service application is permitted to access the one or more particular applets identified by the one or more corresponding applet identifiers; and
  
  in response to identifying the one or more applicable access control rules, accessing the requested one or more of the one or more particular applets resident on the secure element via the particular service application resident on the mobile communication device, in accordance with the identified one or more applicable access control rules of the updated first set of access control rules.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer readable medium of claim 13, wherein the notification message is pushed to the mobile communication device each time the trusted server transmits an update message to the secure element to cause at least one access control of the second set of access control rules to be updated.
  - 15. The non-transitory computer readable medium of claim 14, wherein the trusted server pushes the notification message to the mobile communication device by way of a notification server.
  - 16. The non-transitory computer readable medium of claim 13, wherein the sequences of instructions, when executed by the computer processor, further cause the computer processor to:
    - access, in succession, a plurality of applets resident on the secure element in accordance with the updated first set of access control rules, without performing a polling process of a refresh tag of the secure element in between each accessing.
  - 17. The non-transitory computer readable medium of claim 13, wherein the sequences of instructions, when executed by the computer processor, further cause the computer processor to:
    - communicate the request to access the one or more of the one or more particular applets resident on the secure element,wherein the retrieval of the second set of access control rules from the secure element is performed at a time before the communication of the request to access the one or more of the one or more particular applets resident on the secure element.
  - 18. The non-transitory computer readable medium of claim 13, wherein the access control rule that has been updated indicates whether the particular service application resident on the mobile communication device has permission to access the particular applet resident on the secure element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Sung, Danny, Poon, Tommy
Primary Examiner(s)
LESNIEWSKI, VICTOR D

Application Number

US14/224,886
Publication Number

US 20140298484A1
Time in Patent Office

966 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6245   Protecting personal data, e...

G06F 21/629   to features or functions of...

H04W 12/08   Access security

Systems, methods, and computer program products for managing access control

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Systems, methods, and computer program products for managing access control

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others