Provisioning techniques

US 9,525,548 B2
Filed: 10/21/2010
Issued: 12/20/2016
Est. Priority Date: 10/21/2010
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a provisioning service, the method comprising:

locating a particular public key of a plurality of public keys that are stored by the provisioning service, the particular public key corresponding to a particular mobile communication device and located using a particular identifier of the particular mobile communication device that is included in a request received via a network, wherein the particular identifier identifies a secure element of the particular mobile communication device that stores a particular private key corresponding to the particular public key;

communicating the particular public key of the particular mobile communication device via the network to a service provider; and

supporting protected communications between the service provider and the particular mobile communication device using the provisioning service as an intermediary,wherein the particular public key is configured to encrypt the protected communications,wherein the secure element of the particular mobile computing device is implemented using hardware and is configured to decrypt the protected communications using the particular private key,wherein the particular private key is not exposed outside of the hardware that implements the secure element, andwherein the provisioning service is verified as being prevented from decrypting the protected communications.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provisioning techniques are described. In implementations, a particular one of a plurality of public keys are located using an identifier included in a request received via a network. The located public key is communicated via the network, the public key configured to encrypt data that is to be decrypted by a secure element of a mobile communication device, the secure element implemented using hardware and including a private key that is configured to decrypt the data that was encrypted using the public key.

182 Citations

20 Claims

1. A method implemented by a provisioning service, the method comprising:
- locating a particular public key of a plurality of public keys that are stored by the provisioning service, the particular public key corresponding to a particular mobile communication device and located using a particular identifier of the particular mobile communication device that is included in a request received via a network, wherein the particular identifier identifies a secure element of the particular mobile communication device that stores a particular private key corresponding to the particular public key;
  
  communicating the particular public key of the particular mobile communication device via the network to a service provider; and
  
  supporting protected communications between the service provider and the particular mobile communication device using the provisioning service as an intermediary,wherein the particular public key is configured to encrypt the protected communications,wherein the secure element of the particular mobile computing device is implemented using hardware and is configured to decrypt the protected communications using the particular private key,wherein the particular private key is not exposed outside of the hardware that implements the secure element, andwherein the provisioning service is verified as being prevented from decrypting the protected communications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as described in claim 1, wherein the particular identifier is a serial number of an integrated circuit that implements the secure element of the particular mobile communication device.
  - 3. The method as described in claim 1, wherein the plurality of public keys are located on one or more devices of the provisioning service that are auditable by an outside party to determine that information stored by the one or more devices is not configured to decrypt data encrypted by one or more of the plurality of public keys.
  - 4. The method as described in claim 1, wherein the request is received by the provisioning service from the service provider.
  - 5. The method as described in claim 4, wherein the request is sent by the originator service provider to the provisioning service responsive to a request by the particular mobile computing device to obtain an application that is associated with the originator service provider.
  - 6. The method as described in claim 1, wherein the request is received by the provisioning service from the particular computing device.
  - 7. The method as described in claim 6, wherein the request identifies a particular application that the particular mobile communication device is attempting to obtain from the service provider.
  - 8. The method as described in claim 1, wherein the supporting protected communications comprises:
    - receiving the protected communications at the provisioning service from the service provider; and
      
      sending the protected communications from the provisioning service to the particular mobile communication device.
  - 9. The method as described in claim 8, wherein the secure element is configured to decrypt the protected communications without exposing the particular private key.
  - 10. The method as described in claim 1, wherein the particular mobile communication device is configured to include telephone functionality.
  - 11. The method as described in claim 1, wherein the protected communications are usable by the particular mobile communication device to at least one of:
    - make a purchase using information relating to a credit card,provide an identifier for use as a transit access card,provide an identifier associated with a loyalty card, orprovide credentials usable by the particular mobile communication device to access a premises.

12. A mobile computing device comprising:
- a secure circuit storing a particular private key of the mobile computing device;
  
  a hardware processor; and
  
  a hardware computer-readable memory device storing instructions which, when executed by the hardware processor, cause the hardware processor to;
  
  send a request to a provisioning service that stores a particular public key that corresponds to the particular private key stored in the secure circuit of the mobile computing device, wherein the request is directed to a service provider to obtain a service from the service provider and includes an identifier of the mobile computing device;
  
  receive, from the provisioning service, encrypted communications generated by the service provider related to the service requested by the mobile computing device; and
  
  decrypt the encrypted communications using the particular private key, whereinthe provisioning service uses the identifier included in the request to retrieve the particular public key and provide the particular public key to the service provider, andwherein the provisioning service is verified as being prevented from decrypting the encrypted communications.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The mobile computing device of claim 12, wherein the identifier included in the request is a serial number of the secure circuit.
  - 14. The mobile computing device of claim 12, wherein the service involves obtaining a third-party application from the service provider.
  - 15. The mobile computing device of claim 12, wherein the encrypted communications comprise other keys provided by the service provider to the mobile computing device.
  - 16. The mobile computing device of claim 15, wherein the instructions, when executed by the hardware processor, cause the hardware processor to:
    - encrypt other communications with the other keys and send the other communications to the service provider.

17. A provisioning system comprising:
- a hardware processor; and
  
  a hardware computer-readable memory device storing instructions which, when executed by the hardware processor, cause the hardware processor to;
  
  receive, from a particular mobile computing device, a request to access a third party service, the request including a particular identifier of the particular mobile computing device;
  
  at the provisioning system, identify a particular public key of the particular mobile computing device using the particular identifier, wherein the particular mobile computing device stores a corresponding particular private key that is not accessible to the provisioning system;
  
  send the particular public key of the particular mobile computing device from the provisioning system to the third party service;
  
  receive encrypted communications from the third party service, the encrypted communications being encrypted with the particular public key of the particular mobile computing device; and
  
  send the encrypted communications to the particular mobile computing device,wherein the provisioning system is verified as being prevented from decrypting the encrypted communications.
- View Dependent Claims (18, 19, 20)
- - 18. The provisioning system of claim 17, wherein the particular identifier is a serial number of a secure component on the particular mobile computing device.
  - 19. The provisioning system of claim 17, wherein the particular identifier is a serial number of a secure integrated circuit on the particular mobile computing device.
  - 20. The provisioning system of claim 19, wherein the instructions, when executed by the hardware processor, cause the hardware processor to:
    - identify the particular public key by;
      
      sending the serial number of the secure integrated circuit to an auditable reference service; and
      
      in response, receiving the particular public key from the auditable reference service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Marshall, Alan L., Zargahi, Kamran Rajabi, Abel, Miller Thomas, Krishnan, Murali, Anantha, Anoop
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
VU, PHY ANH TRAN

Application Number

US12/909,178
Publication Number

US 20120099727A1
Time in Patent Office

2,252 Days
Field of Search

380/255
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0442   wherein the sending and rec...

H04L 9/0825   using asymmetric-key encryp...

H04W 12/02   Protecting privacy or anony...

H04W 12/35   Protecting application or s...

Provisioning techniques

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

182 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning techniques

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

182 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links