Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements

US 10,114,976 B2
Filed: 04/06/2017
Issued: 10/30/2018
Est. Priority Date: 11/01/2011
Status: Active Grant

First Claim

Patent Images

1. A system for interfacing between service providers and secure memories, comprising:

a mobile computing device, the mobile computing device comprising at least one secure storage;

a service provider computing device; and

one or more computing devices interfacing between the mobile computing device and the service provider computing device, the one or more computing device comprising at least one memory, and a processor communicatively coupled to the at least one memory, wherein the processor executed application code instructions that are stored in the at least one memory to cause the one or more computing device to;

receive, from a service provider computing device, a first request comprising a computing device identifier that corresponds to the mobile computing device;

query the at least one memory for a secure storage identifier that corresponds to the computing device identifier;

transmit the secure storage identifier to the service provider computing device;

receive, from the service provider computing device, a second request based at least in part on the secure storage identifier; and

transmit a third request to a secure storage of the mobile computing device that corresponds to the secure storage identifier, the third request based on the second request received from the service provider computing device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System, methods, and computer program products are provided for interfacing between one of a plurality of service provider (SP) trusted service managers (TSM) and one of a plurality of secure elements (SE). A first request including a mobile subscription identifier (MSI) is received from an SP TSM over a communications network. At least one memory is queried for SE data including an SE identifier corresponding to the MSI. The SE data is transmitted to the SP TSM over the communications network. A second request based on the SE data is received from the SP TSM over the communications network. A third request, based on the second request, is transmitted, over a mobile network, to an SE corresponding to the SE data. The mobile network is selected from multiple mobile networks, and is determined based on the SE data queried from the memory.

214 Citations

24 Claims

1. A system for interfacing between service providers and secure memories, comprising:
- a mobile computing device, the mobile computing device comprising at least one secure storage;
  
  a service provider computing device; and
  
  one or more computing devices interfacing between the mobile computing device and the service provider computing device, the one or more computing device comprising at least one memory, and a processor communicatively coupled to the at least one memory, wherein the processor executed application code instructions that are stored in the at least one memory to cause the one or more computing device to;
  
  receive, from a service provider computing device, a first request comprising a computing device identifier that corresponds to the mobile computing device;
  
  query the at least one memory for a secure storage identifier that corresponds to the computing device identifier;
  
  transmit the secure storage identifier to the service provider computing device;
  
  receive, from the service provider computing device, a second request based at least in part on the secure storage identifier; and
  
  transmit a third request to a secure storage of the mobile computing device that corresponds to the secure storage identifier, the third request based on the second request received from the service provider computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the second request is a request to perform pre-personalization of the secure storage, the pre-personalization comprising creating, on the secure storage, one or more security domains and installing, on the secure storage, one or more applications pre-stored on the at least one memory.
  - 3. The system of claim 1, wherein the second request comprises at least one of a request to (1) manage a communication, (2) process one or more predetermined scripts, and (3) activate a service.
  - 4. The system of claim 3, wherein the one or more predetermined scripts comprises one of a command to (1) personalize an application, and (2) perform key rotation to set a key provided by the service provider into a security domain in the secure storage.
  - 5. The system of claim 3, wherein the one or more predetermined scripts comprises one or more command application protocol data units, the one or more command protocol data units comprising commands for the secure storage.
  - 6. The system of claim 1, wherein the at least one memory comprises a database of a plurality of computing device identifiers and a plurality of corresponding secure storage identifiers.
  - 7. The system of claim 1, wherein the processor is further configured to execute computer-executable instructions stored in the at least one memory to case the one or more computing devices to validate the second request using the at least one memory.
  - 8. The system of claim 1, further comprising an enterprise service bus operable to process at least one of the first, second and third requests.

9. A method to interface between service providers and secure storages, comprising:
- receiving, by one or more computing devices and from a service provider, a first request comprising a computing device identifier that corresponds to a mobile computing device;
  
  querying, by the one or more computing devices, at least one memory for a secure storage identifier that corresponds to the computing device identifier;
  
  transmitting, by the one or more computing devices, the secure storage identifier to the service provider;
  
  receiving, by the one or more computing devices and from the service provider, a second request based at least in part on the secure storage identifier; and
  
  transmitting, by the one or more computing devices, a third request to a secure storage of the mobile computing device that corresponds to the secure storage identifier, the third request based on the second request received from the service provider.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the second request is a request to perform pre-personalization of the secure storage, the pre-personalization comprises:
    - creating, on the secure storage, one or more security domains; and
      
      installing, on the secure storage, one or more applications pre-stored on the at least one memory.
  - 11. The method of claim 9, wherein the second request comprises at least one of a request to (1) manage a communication, (2) process one or more predetermined scripts, and (3) activate a service.
  - 12. The method of claim 11, wherein the one or more predetermined scripts comprises one of a command to (1) personalize an application, and (2) perform key rotation to set a key provided by the service provider into a security domain in the secure storage.
  - 13. The method of claim 11, wherein the one or more predetermined scripts comprises one or more command application protocol data units, the one or more command application protocol data units comprising commands for the secure storage.
  - 14. The method of claim 9, wherein the at least one memory comprises a database of a plurality of computing device identifiers and a plurality of corresponding secure storage identifiers.
  - 15. The method of claim 9, further comprising validating, by the one or more computing devices, the second request using the at least one memory.
  - 16. The method of claim 9, wherein at least one of the first, second, and third requests are processed by an enterprise service bus.

17. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-executable program instructions embodied therein that when executed by a computer cause the computer to interface between service providers and secure storages, the computer-executable program instructions comprising;
  
  computer-executable program instructions to receive, from a service provider, a first request comprising a computing device identifier that corresponds to a mobile computing device;
  
  computer-executable program instructions to query at least one memory for a secure storage identifier that corresponds to the computing device identifier;
  
  computer-executable program instructions to transmit the secure storage identifier to the service provider;
  
  computer-executable program instructions to receive, from the service provider, a second request based at least in part on the secure storage identifier; and
  
  computer-executable program instructions to transmit a third request to a secure storage of the mobile computing device corresponding to the secure storage identifier, the third request based on the second request received from the service provider.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17, wherein the second request is a request to perform pre-personalization of the secure storage, the pre-personalization comprising creating, on the secure storage, one or more security domains and installing, on the secure storage, one or more applications pre-stored on the at least one memory.
  - 19. The computer program product of claim 17, wherein the second request comprises at least one of a request to (1) manage a communication, (2) process one or more predetermined scripts, and (3) activate a service.
  - 20. The computer program product of claim 19, wherein the one or more predetermined scripts comprises one of a command to (1) personalize an application, and (2) perform key rotation to set a key provided by the service provider into a security domain in the secure storage.
  - 21. The computer program product of claim 19, wherein the one or more predetermined scripts comprises one or more command application protocol data units, the one or more command application protocol data units comprising commands for the secure storage.
  - 22. The computer program product of claim 17, wherein the at least one memory comprises a database of a plurality of computing device identifiers and a plurality of corresponding secure storage identifiers.
  - 23. The computer program product of claim 17 further comprising computer-executable program instructions to validate the second request using the at least one memory.
  - 24. The computer program product of claim 17, further comprising computer-executable program instructions to process at least one of the first, second, and third requests using an enterprise service bus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Gargiulo, Michael J.
Primary Examiner(s)
Hoffman, Brandon S
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US15/481,420
Publication Number

US 20170213051A1
Time in Patent Office

572 Days
Field of Search

726 26
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 8/61   Installation

H04L 63/04   for providing a confidentia...

H04L 63/06   for supporting key manageme...

H04L 9/0891   Revocation or update of sec...

H04L 9/32   including means for verifyi...

H04W 12/02   Protecting privacy or anony...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

H05K 999/99   dummy group

Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

214 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

214 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links