System and method for providing secure data communication functionality to a variety of applications on a portable communication device

US 9,607,298 B2
Filed: 06/02/2014
Issued: 03/28/2017
Est. Priority Date: 11/17/2010
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a secure data table including a list of one or more trusted applications each being identifiable by a paired set of digital identifier and digital token;

a card services module configured to confirm that a first application is trusted based on determining that a first digital identifier and a first digital token associated with the first application match one of the digital identifier and digital token pairs; and

a token generator configured to generate a second digital token that is a function of the first digital token in response to confirming that the first application is trusted and to store the second digital token in the secure data table in association with the first application and in place of the first digital token, wherein the card services module issues one or more commands in response to receipt of a first action in association with the presentation of the second digital token by the first application, wherein the first digital token is presented during an initial launch of the first application and in subsequent launches the second digital token is presented instead of the first digital token.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing an application associated with a portable communication device the ability to communicate via a secure element. The system has a digital identifier and digital token operably associated with the application; a card services module that provides an application programming interface to the secure element; and a secure data table associated with the card services module. The secure data table includes a list of trusted applications each identifiable by paired digital identifier and token. The card services module [includes] compares the identifier and the token with each of the identifier-token pairs in the table until a match indicates the application is trusted. The card services module issues commands to the secure element based on an action requested by a trusted application in conjunction with the presentation of the digital token. A method of providing an application with the ability to communicate via secure element is also disclosed.

Citations

20 Claims

1. A system comprising:
- a secure data table including a list of one or more trusted applications each being identifiable by a paired set of digital identifier and digital token;
  
  a card services module configured to confirm that a first application is trusted based on determining that a first digital identifier and a first digital token associated with the first application match one of the digital identifier and digital token pairs; and
  
  a token generator configured to generate a second digital token that is a function of the first digital token in response to confirming that the first application is trusted and to store the second digital token in the secure data table in association with the first application and in place of the first digital token, wherein the card services module issues one or more commands in response to receipt of a first action in association with the presentation of the second digital token by the first application, wherein the first digital token is presented during an initial launch of the first application and in subsequent launches the second digital token is presented instead of the first digital token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system according to claim 1 further comprising means for determining that the first application is signed using a known issuer identifier.
  - 3. The system according to claim 1 further comprising means for receiving data associated with the one or more trusted applications at periodic time intervals.
  - 4. The system according to claim 1 wherein the first digital token is a constant associated with the first application.
  - 5. The system according to claim 4 wherein the constant is a global constant.
  - 6. The system according to claim 1 wherein the token generator is a pseudo-random number generator.
  - 7. The system according to claim 6 wherein the pseudo-random number generator is associated with a secure element.
  - 8. The system according to claim 1 wherein the token generator generates the second token based on a seed.
  - 9. The system according to claim 8 wherein the seed is selected from the group consisting of the first digital token, the first digital identifier, an issuer of the first application, and combinations thereof.
  - 10. The system according to claim 1, wherein the secure data table is stored in a secure memory and encrypted.

11. A computer-implemented method comprising:
- storing, by a secure data table, a list of one or more trusted applications each being identifiable by a paired set of digital identifier and digital token;
  
  confirming, by a card services module, that a first application is trusted based on determining that a first digital identifier and a first digital token associated with the first application match one of the digital identifier and digital token pairs; and
  
  generating, by a token generator, a second digital token that is a function of the first digital token in response to confirming that the first application is trusted and storing the second digital token in the secure data table in association with the first application and in place of the first digital token, wherein the card services module issues one or more commands in response to receipt of a first action in association with the presentation of the second digital token by the first application, wherein the first digital token is presented during an initial launch of the first application and in subsequent launches the second digital token is presented instead of the first digital token.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method according to claim 11 further comprising receiving data associated with the one or more trusted applications at periodic time intervals.
  - 13. The method according to claim 11 further comprising determining that the first application is signed using a known issuer identifier.
  - 14. The method according to claim 11 wherein the first digital token is a constant associated with the first application.
  - 15. The method according to claim 14 wherein the constant is a global constant.
  - 16. The method according to claim 11 wherein the token generator is a pseudo-random number generator.
  - 17. The method according to claim 16 wherein the pseudo-random number generator is associated with a secure element.
  - 18. The method according to claim 11 further comprising generating, by the token generator, the second token based on a seed.
  - 19. The method according to claim 18 further comprising selecting the seed from the group consisting of the first digital token, the first digital identifier, an issuer of the first application, and combinations thereof.
  - 20. The method according to claim 11, further comprising storing the secure data table in a secure memory, wherein the secure data table is encrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TIS Incorporated (It Holdings Corporation)
Original Assignee
Sequent Software, Inc.
Inventors
Craft, Michael K, Brudnicki, David, Reisgies, Hans, Weinstein, Andrew
Primary Examiner(s)
SHAW, BRIAN F

Application Number

US14/293,688
Publication Number

US 20140289119A1
Time in Patent Office

1,030 Days
Field of Search

455/411, 455/558, 705/44, 705/41, 705/14.23, 705/14.38, 705/64, 705/65, 705/71, 705/16, 235/380, 235/382, 726/26, 726/9, 726/6, 726/2, 726/5, 726/30, 726/4, 726/18, 726/19, 726/27, 726/16, 726/17, 726/22, 713/168, 713/194, 713/165, 713/167
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/74   operating in dual or compar...

G06Q 20/204   comprising interface for re...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/3567   Software being in the reader

G06Q 20/3574   Multiple applications on card

G06Q 20/401   Transaction verification

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/20   for managing network securi...

System and method for providing secure data communication functionality to a variety of applications on a portable communication device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing secure data communication functionality to a variety of applications on a portable communication device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links