Trusted service manager (TSM) architectures and methods
First Claim
Patent Images
1. A trusted service manager (TSM) server comprising:
- a non-transitory machine-readable memory containing instructions to facilitate transactions via short message service (SMS) over a network; and
one or more hardware processors coupled to the non-transitory machine-readable memory and configured to read instructions from the non-transitory machine-readable memory to cause the TSM server to perform operations comprising;
generating a random key for a client device;
encrypting the random key using a public certificate of the client device;
transmitting, via a first encrypted channel, the random key to a crypto secure element included in the client device;
registering the client device with the TSM server via the crypto secure element by storing authentication data in the crypto secure element, the client device being registered exclusive of an app secure element that is physically separate from the crypto secure element, wherein the random key, the authentication data, and data corresponding to a payment instrument are excluded from the app secure element;
signing a payment application using a public key of the TSM server;
transmitting, via a second encrypted channel, the payment application to the app secure element of the client device;
after the transmitting the payment application to the app secure element, receiving, from the payment application, an encrypted SMS message comprising a payment certificate and an address of a service provider (SP), wherein the payment certificate is sent from the crypto secure element to the payment application in response to the crypto secure element authenticating biometric information of a user associated with the client device inputted to the crypto secure element via a secure tunnel, and wherein the SMS message from the client device is encrypted in accordance with the random key;
decrypting the SMS message using the random key and determining the address of the SP;
re-encrypting the SMS message using a second stored key corresponding to the SP; and
forwarding the re-encrypted SMS message to the SP.
2 Assignments
0 Petitions
Accused Products
Abstract
A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.
103 Citations
20 Claims
-
1. A trusted service manager (TSM) server comprising:
-
a non-transitory machine-readable memory containing instructions to facilitate transactions via short message service (SMS) over a network; and one or more hardware processors coupled to the non-transitory machine-readable memory and configured to read instructions from the non-transitory machine-readable memory to cause the TSM server to perform operations comprising; generating a random key for a client device; encrypting the random key using a public certificate of the client device; transmitting, via a first encrypted channel, the random key to a crypto secure element included in the client device; registering the client device with the TSM server via the crypto secure element by storing authentication data in the crypto secure element, the client device being registered exclusive of an app secure element that is physically separate from the crypto secure element, wherein the random key, the authentication data, and data corresponding to a payment instrument are excluded from the app secure element; signing a payment application using a public key of the TSM server; transmitting, via a second encrypted channel, the payment application to the app secure element of the client device; after the transmitting the payment application to the app secure element, receiving, from the payment application, an encrypted SMS message comprising a payment certificate and an address of a service provider (SP), wherein the payment certificate is sent from the crypto secure element to the payment application in response to the crypto secure element authenticating biometric information of a user associated with the client device inputted to the crypto secure element via a secure tunnel, and wherein the SMS message from the client device is encrypted in accordance with the random key; decrypting the SMS message using the random key and determining the address of the SP; re-encrypting the SMS message using a second stored key corresponding to the SP; and forwarding the re-encrypted SMS message to the SP. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of facilitating transactions via short message service (SMS) over a network comprising:
-
generating, by a trusted service manager (TSM) server, a random key for a client device; encrypting the random key using a public certificate of the client device; transmitting, via a first encrypted channel, the random key to a crypto secure element included in the client device; registering the client device with the TSM server via the crypto secure element by storing authentication data in the crypto secure element, the client device being registered exclusive of an app secure element that is physically separate from the crypto secure element, wherein the random key, the authentication data, and data corresponding to a payment instrument are excluded from the app secure element; signing a payment application using a public key of the TSM server; transmitting, via a second encrypted channel, the payment application to the app secure element of the client device; after the transmitting the payment application to the app secure element, receiving, from the payment application, an encrypted SMS message comprising a payment certificate and an address of a service provider (SP), wherein the payment certificate is sent from the crypto secure element to the payment application in response to the crypto secure element authenticating biometric information of a user associated with the client device inputted to the crypto secure element via a secure tunnel, and wherein the SMS message from the client device is encrypted in accordance with the random key; decrypting the SMS message using the random key and determining the address of the SP; re-encrypting the SMS message using a second stored key corresponding to the SP; and forwarding the re-encrypted SMS message to the SP. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a trusted service manager (TSM) server to perform operations comprising:
-
generating a random key for a client device; encrypting the random key using a public certificate of the client device; transmitting, via a first encrypted channel, the random key to a crypto secure element included in the client device; registering the client device with the TSM server via the crypto secure element by storing authentication data in the crypto secure element, the client device being registered exclusive of an app secure element that is physically separate from the crypto secure element, wherein the random key, the authentication data, and data corresponding to a payment instrument are excluded from the app secure element; signing a payment application using a public key of the TSM server; transmitting, via a second encrypted channel, the payment application to the app secure element of the client device; after the transmitting the payment application to the app secure element, receiving, from the payment application, an encrypted SMS message comprising a payment certificate and an address of a service provider (SP), wherein the payment certificate is sent from the crypto secure element to the payment application in response to the crypto secure element authenticating biometric information of a user associated with the client device inputted to the crypto secure element via a secure tunnel, and wherein the SMS message from the client device is encrypted in accordance with the random key; decrypting the SMS message using the random key and determining the address of the SP; re-encrypting the SMS message using a second stored key corresponding to the SP; and forwarding the re-encrypted SMS message to the SP. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification