Trusted remote attestation agent (TRAA)

US 9,734,496 B2
Filed: 03/31/2010
Issued: 08/15/2017
Est. Priority Date: 05/29/2009
Status: Active Grant

First Claim

Patent Images

1. A system for use with a service provider, the system comprising:

a consumer electronic device, having a hardware secure element;

an agent module stored in the hardware secure element and having access to an identity, stored in the hardware secure element, of a provisioning subscriber identity module (SIM) for a financial instrument on the consumer electronic device; and

a processor of the consumer electronic device configured to execute the agent module to cause the system to perform operations comprising;

performing an integrity verification of the agent module;

determining a presence on the consumer electronic device of a SIM that matches the identity of the provisioning SIM;

determining a connectivity of the consumer electronic device to the service provider;

determining a connectivity of the consumer electronic device to a home mobile network;

locking the financial instrument based on one or more of;

a failure of the integrity verification, an absence on the consumer electronic device of the SIM that matches the identity of the provisioning SIM, an unavailability of the connectivity to the service provider, and an unavailability of the connectivity to the home mobile network; and

re-enabling the locked financial instrument based on i)a confirmation from the service provider that indicates a successful integrity verification, ii) a determination that the SIM matching the identity of the provisioning SIM is present on the consumer electronic device, iii) a determination that the connectivity to the service provider has become available, and iv) a determination that the connectivity to the home mobile network has become available.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for use with a service provider and a consumer electronic device include a trusted remote attestation agent (TRAA) configured to perform a set of checking procedures or mechanisms to determine the security status of a consumer electronic device (e.g., mobile terminal or phone) holding financial instruments. Checking procedures may include: self-verifying integrity by the TRAA; checking for presence of a provisioning SIM card (one present when financial instruments were enabled on the device); checking that communication connectivity between the device and service provider is available and active; and that communication connectivity to a home mobile network is available and active. Frequency of the checking mechanisms may be adjusted according to a risk-profile of a user associated with the device or the GPS location of the device. The checks may be used to temporarily disable or limit the use of the financial instruments from the device.

Citations

20 Claims

1. A system for use with a service provider, the system comprising:
- a consumer electronic device, having a hardware secure element;
  
  an agent module stored in the hardware secure element and having access to an identity, stored in the hardware secure element, of a provisioning subscriber identity module (SIM) for a financial instrument on the consumer electronic device; and
  
  a processor of the consumer electronic device configured to execute the agent module to cause the system to perform operations comprising;
  
  performing an integrity verification of the agent module;
  
  determining a presence on the consumer electronic device of a SIM that matches the identity of the provisioning SIM;
  
  determining a connectivity of the consumer electronic device to the service provider;
  
  determining a connectivity of the consumer electronic device to a home mobile network;
  
  locking the financial instrument based on one or more of;
  
  a failure of the integrity verification, an absence on the consumer electronic device of the SIM that matches the identity of the provisioning SIM, an unavailability of the connectivity to the service provider, and an unavailability of the connectivity to the home mobile network; and
  
  re-enabling the locked financial instrument based on i)a confirmation from the service provider that indicates a successful integrity verification, ii) a determination that the SIM matching the identity of the provisioning SIM is present on the consumer electronic device, iii) a determination that the connectivity to the service provider has become available, and iv) a determination that the connectivity to the home mobile network has become available.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the processor of the consumer electronic device is configured to execute the agent module to cause the system to perform further operations comprising:
    - placing a predetermined restriction on the consumer electronic device in response to determining that the connectivity to the service provider is unavailable and the connectivity to the home mobile network is unavailable.
  - 3. The system of claim 2, wherein:
    - the predetermined restriction prevents the consumer electronic device from using the financial instrument to perform financial transactions above a threshold amount.
  - 4. The system of claim 1, wherein:
    - a risk-profile is associated with the consumer electronic device and a user of the consumer electronic device.
  - 5. The system of claim 1, wherein the processor of the consumer electronic device is configured to execute the agent module to cause the system to perform further operations comprising:
    - periodically verifying whether an identity of a SIM present on the consumer electronic device matches the identity of the provisioning SIM stored in the hardware secure element.
  - 6. The system of claim 1, wherein the processor of the consumer electronic device is configured to execute the agent module to cause the system to perform further operations comprising:
    - periodically checking the connectivity of the consumer electronic device to the home mobile network, wherein the home mobile network includes a trusted service manager (TSM) of the service provider.
  - 7. The system of claim 1, wherein the processor of the consumer electronic device is configured to execute the agent module to cause the system to perform further operations comprising:
    - periodically checking connectivity of the consumer electronic device to a financial services provider (FSP).
  - 8. The system of claim 1, wherein the processor of the consumer electronic device is configured to execute the agent module to cause the system to perform further operations comprising:
    - responsive to determining that an identity of a SIM present on the consumer electronic device is different than the identity of the provisioning SIM stored in the hardware secure element, placing the financial instrument in a hold state.

9. A method for use with a consumer electronic device and a service provider, the method comprising:
- performing, by a processor of the consumer electronic device executing an agent module stored in a hardware secure element of the consumer electronic device, a self-verification of integrity of the agent module;
  
  determining, by the agent module executing on the processor of the consumer electronic device, whether a subscriber identity module (SIM) card that matches an identity of a provisioning SIM is present on the consumer electronic device;
  
  responsive to determining that the SIM card that matches the identity of the provisioning SIM is present on the consumer electronic device,determining, by the agent module executing on the processor of the consumer electronic device, whether a network connection to a server processor of the service provider is available, anddetermining, by the agent module executing on the processor of the consumer electronic device, whether a network connection to a home mobile network is available;
  
  locking a financial instrument on the consumer electronic device based on one or more of;
  
  a failure of the integrity verification of the agent module, an absence on the consumer electronic device of the SIM card that matches the identity of the provisioning SIM, an unavailability of the network connection to the server processor of the service provider, and an unavailability of the network connection to the home mobile network; and
  
  re-enabling the locked financial instrument based on i) a confirmation from the service provider that indicates a successful integrity verification, ii) a determination that the SIM card matching the identity of the provisioning SIM is present on the consumer electronic device, iii) a determination that the network connection to the server processor of the service provider has become available, and iv) a determination that the network connection to the home mobile network has become available.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein re-enabling the financial instrument based on a confirmation from the service provider that indicates a successful integrity verification includes receiving an indication that a digital signature of the agent module has been verified.
  - 11. The method of claim 9, further comprising:
    - responsive to determining that an identity of the SIM card present on the consumer electronic device is different than the identity of the provisioning SIM stored in the hardware secure element of the consumer electronic device, placing the financial instrument in a hold state.
  - 12. The method of claim 9, wherein the service provider includes a trusted service manager for the financial instrument, the trusted service manager connected to the home mobile network of the consumer electronic device, and further comprising:
    - in response to determining that the network connection to the server processor of the service provider is unavailable, putting the financial instrument in a cap state, wherein financial transactions for more than a predetermined cap value are denied to the consumer electronic device.
  - 13. The method of claim 12, wherein:
    - the financial instrument remains in the cap state until i) a SIM card matching the identity of the provisioning SIM card is present on the consumer electronic device, ii) a network connection to the trusted service manager via the home mobile network is available, and iii) a network connection to a financial service provider (FSP) is available.
  - 14. The method of claim 9, wherein:
    - a risk-profile is associated with the consumer electronic device and a user of the consumer electronic device.
  - 15. The method of claim 14, further comprising:
    - adjusting a frequency of one or more of;
      
      i) performing the self-verification of integrity of the agent module, ii) determining whether the SIM card present on the consumer electronic device matches the identity of the provisioning SIM, iii) determining whether the network connection to the server processor of the service provider is available, and iv) determining whether the network connection to the home mobile network is available, wherein the adjustment is based on the risk-profile associated with the consumer electronic device and the user of the consumer electronic device, and a location of the consumer electronic device.

16. A tangible, non-transitory computer-readable medium or media storing machine-readable instructions executable to cause a consumer electronic device to perform operations comprising:
- storing an agent module in a hardware secure element of the consumer electronic device;
  
  performing, by the agent module, a self-verification of integrity of the agent module;
  
  determining, by the agent module, whether a subscriber identity module (SIM) card that matches an identity of a provisioning SIM is present on the consumer electronic device;
  
  determining, by the agent module, whether a network connection to a server processor of a service provider is available;
  
  determining, by the agent module, whether a network connection to a home mobile network is available;
  
  locking a financial instrument on the consumer electronic device based on one or more of;
  
  a failure of the integrity verification of the agent module, an absence on the consumer electronic device of the SIM that matches the identity of the provisioning SIM, an unavailability of the network connection to the server processor of the service provider, and an unavailability of the network connection to the home mobile network; and
  
  re-enabling the locked financial instrument based on i) a confirmation from the service provider that indicates a successful integrity verification, ii) a determination that the SIM card matching the identity of the provisioning SIM is present on the consumer electronic device, iii) a determination that the network connection to the server processor of the service provider has become available, and iv) a determination that the network connection to the home mobile network has become available.
- View Dependent Claims (17, 18, 19)
- - 17. The tangible, non-transitory computer-readable medium or media of claim 16, wherein performing, by the agent module, the self-verification includes using one or more of a digital signature verification or an oblivious hashing (OH) technique applied to the computer readable code.
  - 18. The tangible, non-transitory computer-readable medium or media of claim 16, wherein the machine-readable instructions are executable to cause the consumer electronic device to perform further operations comprising:
    - adjusting a frequency of one or more of;
      
      i) performing the self-verification of integrity of the agent module, ii) determining whether the SIM card present on the consumer electronic device matches the identity of the provisioning SIM, iii) determining whether the network connection to the server processor of the service provider is available, and iv) determining whether the network connection to the home mobile network is available,wherein the adjustment is based on a risk-profile associated with the consumer electronic device and a location of the consumer electronic device determined when a transaction is being performed, wherein the location of the consumer electronic device is determined using a global positioning system (GPS).
  - 19. The tangible, non-transitory computer-readable medium or media of claim 16, wherein the consumer electronic device is a mobile phone.

20. A non-transitory, machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:
- installing an agent module to a hardware secure element of the machine;
  
  performing, by the agent module, a self-verification of integrity of the agent module;
  
  determining, by the agent module, whether a provisioning uniquely identifiable network communication element that was present when the machine was provisioned with a financial instrument is present on the machine;
  
  determining, by the agent module, whether a network connection to a server processor of a service provider is available;
  
  determining, by the agent module, whether a network connection to a home mobile network is available;
  
  locking the financial instrument based on one or more of;
  
  a failure of the integrity verification, an unavailability of the provisioning uniquely identifiable network communication element that was present when the machine was provisioned with a financial instrument, an unavailability of the network connection to the server processor of the service provider, and an unavailability of the network connection to the home mobile network; and
  
  re-enabling the locked financial instrument based on i) a confirmation from the service provider that indicates a successful integrity verification, ii) the presence on the machine of the uniquely identifiable network communication element that was present when the machine was provisioned with a financial instrument, iii) a determination that the network connection to the server processor of the service provider has become available, and iv) a determination that the network connection to the home mobile network has become available.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Nahari, Hadi
Primary Examiner(s)
GEORGALAS, ANNE MARIE

Application Number

US12/751,733
Publication Number

US 20100306107A1
Time in Patent Office

2,694 Days
Field of Search

705 261, 705 271
US Class Current
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/32   using wireless devices

G06Q 20/3227   using secure elements embed...

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 30/0613   Third-party assisted

H04L 63/126   the source of the received ...

H04L 63/14   for detecting or protecting...

H04W 12/00   Security arrangements; Auth...

H04W 12/10   Integrity

H04W 12/67   Risk-dependent, e.g. select...

Trusted remote attestation agent (TRAA)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted remote attestation agent (TRAA)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links