Provisioning techniques
First Claim
Patent Images
1. A method implemented by a provisioning service, the method comprising:
- locating a particular public key of a plurality of public keys that are stored by the provisioning service, the particular public key corresponding to a particular mobile communication device and located using a particular identifier of the particular mobile communication device that is included in a request received via a network, wherein the particular identifier identifies a secure element of the particular mobile communication device that stores a particular private key corresponding to the particular public key;
communicating the particular public key of the particular mobile communication device via the network to a service provider; and
supporting protected communications between the service provider and the particular mobile communication device using the provisioning service as an intermediary,wherein the particular public key is configured to encrypt the protected communications,wherein the secure element of the particular mobile computing device is implemented using hardware and is configured to decrypt the protected communications using the particular private key,wherein the particular private key is not exposed outside of the hardware that implements the secure element, andwherein the provisioning service is verified as being prevented from decrypting the protected communications.
3 Assignments
0 Petitions
Accused Products
Abstract
Provisioning techniques are described. In implementations, a particular one of a plurality of public keys are located using an identifier included in a request received via a network. The located public key is communicated via the network, the public key configured to encrypt data that is to be decrypted by a secure element of a mobile communication device, the secure element implemented using hardware and including a private key that is configured to decrypt the data that was encrypted using the public key.
-
Citations
20 Claims
-
1. A method implemented by a provisioning service, the method comprising:
-
locating a particular public key of a plurality of public keys that are stored by the provisioning service, the particular public key corresponding to a particular mobile communication device and located using a particular identifier of the particular mobile communication device that is included in a request received via a network, wherein the particular identifier identifies a secure element of the particular mobile communication device that stores a particular private key corresponding to the particular public key; communicating the particular public key of the particular mobile communication device via the network to a service provider; and supporting protected communications between the service provider and the particular mobile communication device using the provisioning service as an intermediary, wherein the particular public key is configured to encrypt the protected communications, wherein the secure element of the particular mobile computing device is implemented using hardware and is configured to decrypt the protected communications using the particular private key, wherein the particular private key is not exposed outside of the hardware that implements the secure element, and wherein the provisioning service is verified as being prevented from decrypting the protected communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A mobile computing device comprising:
-
a secure circuit storing a particular private key of the mobile computing device; a hardware processor; and a hardware computer-readable memory device storing instructions which, when executed by the hardware processor, cause the hardware processor to; send a request to a provisioning service that stores a particular public key that corresponds to the particular private key stored in the secure circuit of the mobile computing device, wherein the request is directed to a service provider to obtain a service from the service provider and includes an identifier of the mobile computing device; receive, from the provisioning service, encrypted communications generated by the service provider related to the service requested by the mobile computing device; and decrypt the encrypted communications using the particular private key, wherein the provisioning service uses the identifier included in the request to retrieve the particular public key and provide the particular public key to the service provider, and wherein the provisioning service is verified as being prevented from decrypting the encrypted communications. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A provisioning system comprising:
- a hardware processor; and
a hardware computer-readable memory device storing instructions which, when executed by the hardware processor, cause the hardware processor to; receive, from a particular mobile computing device, a request to access a third party service, the request including a particular identifier of the particular mobile computing device; at the provisioning system, identify a particular public key of the particular mobile computing device using the particular identifier, wherein the particular mobile computing device stores a corresponding particular private key that is not accessible to the provisioning system; send the particular public key of the particular mobile computing device from the provisioning system to the third party service; receive encrypted communications from the third party service, the encrypted communications being encrypted with the particular public key of the particular mobile computing device; and send the encrypted communications to the particular mobile computing device, wherein the provisioning system is verified as being prevented from decrypting the encrypted communications. - View Dependent Claims (18, 19, 20)
- a hardware processor; and
Specification