Apparatus and method for secure delivery of data from a communication device
First Claim
1. A computer-readable storage device comprising executable instructions which, responsive to being executed by a secure device processor of a mobile communication device, cause the secure device processor to perform operations comprising:
- receiving a user credential via a user interface;
providing the user credential to a secure element of the mobile communication device;
receiving a user authentication from the secure element based on the user credential;
responsive to the receiving of the user authentication, receiving an upload transport key and a data protection key from the secure element without receiving master keys, wherein the secure element stores master keys from which the upload transport key and the data protection key are generated by the secure element, wherein the secure element receives the master keys over a network from a remote management server;
responsive to an upload request, obtaining data for transmission to a recipient device;
encrypting the data using the data protection key to generate a single encrypted data; and
encrypting the single encrypted data using the upload transport key to generate a double encrypted data,wherein the mobile communication device comprises a mobile processor device that facilitates wireless communications by the secure device processor and by the secure element, andwherein the mobile processor device, the secure element and the secure device processor are physically separated components that are housed in the mobile communication device and are in communication with each other,wherein the secure device processor and the secure element perform a mutual authentication with each other utilizing a keyset received via the remote management server.
1 Assignment
0 Petitions
Accused Products
Abstract
A system that incorporates the subject disclosure may perform, for example, providing an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a modification of data according to a data protection key to generate modified data and to perform an encryption of the modified data according to an upload transport key to generate encrypted modified data where the secure device processor is separate from and in communication with a secure element of the mobile communication device, and where the secure element receives master keys from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor. Other embodiments are disclosed.
-
Citations
20 Claims
-
1. A computer-readable storage device comprising executable instructions which, responsive to being executed by a secure device processor of a mobile communication device, cause the secure device processor to perform operations comprising:
-
receiving a user credential via a user interface; providing the user credential to a secure element of the mobile communication device; receiving a user authentication from the secure element based on the user credential; responsive to the receiving of the user authentication, receiving an upload transport key and a data protection key from the secure element without receiving master keys, wherein the secure element stores master keys from which the upload transport key and the data protection key are generated by the secure element, wherein the secure element receives the master keys over a network from a remote management server; responsive to an upload request, obtaining data for transmission to a recipient device; encrypting the data using the data protection key to generate a single encrypted data; and encrypting the single encrypted data using the upload transport key to generate a double encrypted data, wherein the mobile communication device comprises a mobile processor device that facilitates wireless communications by the secure device processor and by the secure element, and wherein the mobile processor device, the secure element and the secure device processor are physically separated components that are housed in the mobile communication device and are in communication with each other, wherein the secure device processor and the secure element perform a mutual authentication with each other utilizing a keyset received via the remote management server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A communication device, comprising:
-
a mobile processing device comprising a control element to control a transceiver of the communications device; a secure element having a secure element memory that stores first executable instructions that, when executed by the secure element, facilitate performance of first operations, comprising; receiving master keys over a network from a remote management server; storing the master keys in the secure element memory; and generating an upload transport key and a data protection key from the master keys; a secure device processor comprising a secure device processor memory that stores second executable instructions that, when executed by the secure device processor, facilitate performance of second operations, comprising; receiving the upload transport key and the data protection key from the secure element without receiving the master keys; responsive to an upload request, obtaining data for transmission to a recipient device; modifying the data using the data protection key to generate a modified data; encrypting the modified data using the upload transport key to generate an encrypted modified data; and deleting the upload transport key and the data protection key after the modifying the data and the encrypting the modified data, wherein the secure device processor, the secure element and the mobile processing device are separate components in communication with each other and are housed in the communication device, and wherein the secure device processor and the secure element perform a mutual authentication with each other utilizing a keyset received via the remote management server. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
receiving, by a server from a secure device processor of a mobile communication device, double encrypted data, wherein the double encrypted data is generated from data based on a data protection key that generates a single encrypted data and a second encryption of the single encrypted data according to an upload transport key, wherein the secure device processor is separate from and in communication with a secure element of the mobile communication device, wherein the secure element and the secure device processor are separate components in communication with each other and housed in the mobile communication device, wherein the secure element receives master keys over a network from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor; obtaining, by the server, a corresponding upload transport key; decrypting, by the server, the double encrypted data utilizing the corresponding upload transport key to obtain the single encrypted data; and storing, by the server, the single encrypted data in a memory accessible to the server, wherein the secure device processor and the secure element perform a mutual authentication with each other utilizing a keyset received via the remote management server. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification