Trusted service manager (TSM) architectures and methods

US 9,852,418 B2
Filed: 03/11/2013
Issued: 12/26/2017
Est. Priority Date: 06/06/2008
Status: Active Grant

First Claim

Patent Images

1. A trusted service manager (TSM) server comprising:

a non-transitory machine-readable memory containing instructions to facilitate transactions via short message service (SMS) over a network; and

one or more hardware processors coupled to the non-transitory machine-readable memory and configured to read instructions from the non-transitory machine-readable memory to cause the TSM server to perform operations comprising;

generating a random key for a client device;

encrypting the random key using a public certificate of the client device;

transmitting, via a first encrypted channel, the random key to a crypto secure element included in the client device;

registering the client device with the TSM server via the crypto secure element by storing authentication data in the crypto secure element, the client device being registered exclusive of an app secure element that is physically separate from the crypto secure element, wherein the random key, the authentication data, and data corresponding to a payment instrument are excluded from the app secure element;

signing a payment application using a public key of the TSM server;

transmitting, via a second encrypted channel, the payment application to the app secure element of the client device;

after the transmitting the payment application to the app secure element, receiving, from the payment application, an encrypted SMS message comprising a payment certificate and an address of a service provider (SP), wherein the payment certificate is sent from the crypto secure element to the payment application in response to the crypto secure element authenticating biometric information of a user associated with the client device inputted to the crypto secure element via a secure tunnel, and wherein the SMS message from the client device is encrypted in accordance with the random key;

decrypting the SMS message using the random key and determining the address of the SP;

re-encrypting the SMS message using a second stored key corresponding to the SP; and

forwarding the re-encrypted SMS message to the SP.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.

103 Citations

View as Search Results

20 Claims

1. A trusted service manager (TSM) server comprising:
- a non-transitory machine-readable memory containing instructions to facilitate transactions via short message service (SMS) over a network; and
  
  one or more hardware processors coupled to the non-transitory machine-readable memory and configured to read instructions from the non-transitory machine-readable memory to cause the TSM server to perform operations comprising;
  
  generating a random key for a client device;
  
  encrypting the random key using a public certificate of the client device;
  
  transmitting, via a first encrypted channel, the random key to a crypto secure element included in the client device;
  
  registering the client device with the TSM server via the crypto secure element by storing authentication data in the crypto secure element, the client device being registered exclusive of an app secure element that is physically separate from the crypto secure element, wherein the random key, the authentication data, and data corresponding to a payment instrument are excluded from the app secure element;
  
  signing a payment application using a public key of the TSM server;
  
  transmitting, via a second encrypted channel, the payment application to the app secure element of the client device;
  
  after the transmitting the payment application to the app secure element, receiving, from the payment application, an encrypted SMS message comprising a payment certificate and an address of a service provider (SP), wherein the payment certificate is sent from the crypto secure element to the payment application in response to the crypto secure element authenticating biometric information of a user associated with the client device inputted to the crypto secure element via a secure tunnel, and wherein the SMS message from the client device is encrypted in accordance with the random key;
  
  decrypting the SMS message using the random key and determining the address of the SP;
  
  re-encrypting the SMS message using a second stored key corresponding to the SP; and
  
  forwarding the re-encrypted SMS message to the SP.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The trusted service manager server of claim 1, wherein the operations further comprise:
    - signing a second payment application using the public key of the TSM server, the second payment application corresponding to a second SP that is different from the SP; and
      
      transmitting the second payment application to the app secure element, wherein the transmitting the payment application and the transmitting the second payment application are performed based on the registering the client device with the TSM server.
  - 3. The trusted service manager server of claim 1, wherein the random key is established using Diffie-Hellman (D-H) key exchange.
  - 4. The trusted service manager server of claim 1, wherein the encrypted SMS message is a secure SMS message addressed to the trusted service manager (TSM) and comprising the address for the service provider (SP) to which the TSM server is to forward the encrypted SMS message.
  - 5. The trusted service manager server of claim 1, wherein the encrypted SMS message is sent by a secure SMS, wherein when an SMS is sent, the message is encrypted using AES-256, and SHA-512 HMAC is attached.
  - 6. The trusted service manager server of claim 1, wherein:
    - the encrypted SMS message is sent by a secure SMS, wherein when an SMS is sent, the message is encrypted using AES-256, and SHA-512 HMAC is attached, andthe SHA-512 HMAC is 64 bytes in binary and truncation is used to bring data to 32 bytes of BASE-64 encoding.
  - 7. The trusted service manager server of claim 1, wherein:
    - the encrypted SMS message is sent by a secure SMS, wherein when an SMS is sent, the message is encrypted using AES-256, and SHA-512 HMAC is attached, anda counter tags the encrypted SMS message for replay protection.

8. A method of facilitating transactions via short message service (SMS) over a network comprising:
- generating, by a trusted service manager (TSM) server, a random key for a client device;
  
  encrypting the random key using a public certificate of the client device;
  
  transmitting, via a first encrypted channel, the random key to a crypto secure element included in the client device;
  
  registering the client device with the TSM server via the crypto secure element by storing authentication data in the crypto secure element, the client device being registered exclusive of an app secure element that is physically separate from the crypto secure element, wherein the random key, the authentication data, and data corresponding to a payment instrument are excluded from the app secure element;
  
  signing a payment application using a public key of the TSM server;
  
  transmitting, via a second encrypted channel, the payment application to the app secure element of the client device;
  
  after the transmitting the payment application to the app secure element, receiving, from the payment application, an encrypted SMS message comprising a payment certificate and an address of a service provider (SP), wherein the payment certificate is sent from the crypto secure element to the payment application in response to the crypto secure element authenticating biometric information of a user associated with the client device inputted to the crypto secure element via a secure tunnel, and wherein the SMS message from the client device is encrypted in accordance with the random key;
  
  decrypting the SMS message using the random key and determining the address of the SP;
  
  re-encrypting the SMS message using a second stored key corresponding to the SP; and
  
  forwarding the re-encrypted SMS message to the SP.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the random key comprises AES-256 and SHA-512.
  - 10. The method of claim 8, wherein the random key is established using Diffie-Hellman (D-H) key exchange.
  - 11. The method of claim 8, wherein the encrypted SMS message is a secure SMS message addressed to the trusted service manager (TSM) server and comprising the address for the service provider (SP) to which the TSM server is to forward the encrypted SMS message.
  - 12. The method of claim 8, wherein the encrypted SMS message is sent by a secure SMS, wherein when an SMS is sent, the message is encrypted using AES-256, and SHA-512 HMAC is attached.
  - 13. The method of claim 8, wherein:
    - the encrypted SMS message is sent by a secure SMS, wherein when an SMS is sent, the message is encrypted using AES-256, and SHA-512 HMAC is attached, andthe SHA-512 HMAC is 64 bytes in binary and truncation is used to bring data to 32 bytes of BASE-64 encoding.
  - 14. The method of claim 8, wherein:
    - the encrypted SMS message is sent by a secure SMS, wherein when an SMS is sent, the message is encrypted using AES-256, and SHA-512 HMAC is attached, anda counter tags the encrypted SMS message for replay protection.

15. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a trusted service manager (TSM) server to perform operations comprising:
- generating a random key for a client device;
  
  encrypting the random key using a public certificate of the client device;
  
  transmitting, via a first encrypted channel, the random key to a crypto secure element included in the client device;
  
  registering the client device with the TSM server via the crypto secure element by storing authentication data in the crypto secure element, the client device being registered exclusive of an app secure element that is physically separate from the crypto secure element, wherein the random key, the authentication data, and data corresponding to a payment instrument are excluded from the app secure element;
  
  signing a payment application using a public key of the TSM server;
  
  transmitting, via a second encrypted channel, the payment application to the app secure element of the client device;
  
  after the transmitting the payment application to the app secure element, receiving, from the payment application, an encrypted SMS message comprising a payment certificate and an address of a service provider (SP), wherein the payment certificate is sent from the crypto secure element to the payment application in response to the crypto secure element authenticating biometric information of a user associated with the client device inputted to the crypto secure element via a secure tunnel, and wherein the SMS message from the client device is encrypted in accordance with the random key;
  
  decrypting the SMS message using the random key and determining the address of the SP;
  
  re-encrypting the SMS message using a second stored key corresponding to the SP; and
  
  forwarding the re-encrypted SMS message to the SP.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable medium of claim 15, wherein the random key comprises AES-256 and SHA-512.
  - 17. The non-transitory machine-readable medium of claim 15, wherein the random key is established using Diffie-Hellman (D-H) key exchange.
  - 18. The non-transitory machine-readable medium of claim 15, wherein the encrypted SMS message is a secure SMS message addressed to the trusted service manager (TSM) server and comprising the address for the service provider (SP) to which the TSM is to forward the encrypted SMS message.
  - 19. The non-transitory machine-readable medium of claim 15, wherein the encrypted SMS message is sent by a secure SMS, wherein when an SMS is sent, the message is encrypted using AES-256, and SHA-512 HMAC is attached.
  - 20. The non-transitory machine-readable medium of claim 15, wherein:
    - the encrypted SMS message is sent by a secure SMS, wherein when an SMS is sent, the message is encrypted using AES-256, and SHA-512 HMAC is attached, andthe SHA-512 HMAC is 64 bytes in binary and truncation is used to bring data to 32 bytes of BASE-64 encoding.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Mardikar, Upendra
Primary Examiner(s)
OBEID, MAMON A

Application Number

US13/794,025
Publication Number

US 20130198086A1
Time in Patent Office

1,751 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/1085   involving automatic teller ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/204   comprising interface for re...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3227   using secure elements embed...

G06Q 20/3265   characterised by personalis...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40145   Biometric identity checks

G06Q 40/00   Finance; Insurance; Tax str...

G07C 9/257   electronically G07C9/26 tak...

G07F 7/0826   Embedded security module

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0823 : using certificates cryptogr...

H04L 63/0861 : using biometrical features,...

H04L 9/3231 : Biological data, e.g. finge...

H04W 12/069 : using certificates or pre-s...

H04W 4/80 : Services using short range ...

View All

Trusted service manager (TSM) architectures and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted service manager (TSM) architectures and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links