Apparatus and method for managing use of secure tokens

US 10,122,534 B2
Filed: 07/11/2016
Issued: 11/06/2018
Est. Priority Date: 10/04/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A communication device comprising:

a secure element having a secure element memory with first executable instructions, wherein the secure element, responsive to executing the first executable instructions, facilitates performance of first operations, the first operations comprising;

storing a secure token in the secure element memory;

modifying the secure token utilizing identification information resulting in a modified secure token; and

receiving token adjustment instructions over a network from a secure token application function of a server, wherein the token adjustment instructions are received via a remote management server;

a secure device processing system including a processor and having a secure device processing system memory with second executable instructions, wherein the secure device processing system is in communication with the secure element, wherein the secure device processing system, responsive to executing the second executable instructions, facilitates performance of second operations, the second operations comprising;

receiving the modified secure token from the secure element, wherein the secure device processing system does not have access to the secure token stored in the secure element memory; and

providing the modified secure token over the network to a receiving device to enable the receiving device to provide the modified secure token to the secure token application function of the server for decrypting the modified secure token to analyze the identification information and to obtain token information for use by the receiving device, wherein the server, the communication device and the receiving device are remote from each other; and

a device processing system including processor that is separate from the secure device processing system and in communication with the secure device processing system, wherein the device processing system facilitates wireless communications between the communication device and the receiving device, and wherein the secure device processing system is separate from the secure element.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that incorporates the subject disclosure may perform, for example, operations including receiving an encrypted secure token from a secure token application function that is remote from the communication device, storing the encrypted secure token in a secure element memory of the secure element, accessing user input requesting the encrypted secure token where the secure device processor is separate from the secure element and is in communication with the secure element, generating a modified secure token by adding identification information to the encrypted secure token and by performing a second encryption of the encrypted secure token with the identification information, receiving the modified secure token from the secure element, and providing the modified secure token to a receiving device. Other embodiments are disclosed.

232 Citations

20 Claims

1. A communication device comprising:
- a secure element having a secure element memory with first executable instructions, wherein the secure element, responsive to executing the first executable instructions, facilitates performance of first operations, the first operations comprising;
  
  storing a secure token in the secure element memory;
  
  modifying the secure token utilizing identification information resulting in a modified secure token; and
  
  receiving token adjustment instructions over a network from a secure token application function of a server, wherein the token adjustment instructions are received via a remote management server;
  
  a secure device processing system including a processor and having a secure device processing system memory with second executable instructions, wherein the secure device processing system is in communication with the secure element, wherein the secure device processing system, responsive to executing the second executable instructions, facilitates performance of second operations, the second operations comprising;
  
  receiving the modified secure token from the secure element, wherein the secure device processing system does not have access to the secure token stored in the secure element memory; and
  
  providing the modified secure token over the network to a receiving device to enable the receiving device to provide the modified secure token to the secure token application function of the server for decrypting the modified secure token to analyze the identification information and to obtain token information for use by the receiving device, wherein the server, the communication device and the receiving device are remote from each other; and
  
  a device processing system including processor that is separate from the secure device processing system and in communication with the secure device processing system, wherein the device processing system facilitates wireless communications between the communication device and the receiving device, and wherein the secure device processing system is separate from the secure element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The communication device of claim 1, wherein the token adjustment instructions include a command to delete the secure token from the secure element memory.
  - 3. The communication device of claim 1, wherein the token adjustment instructions include a command to replace the secure token in the secure element memory with another secure token.
  - 4. The communication device of claim 1, wherein the token adjustment instructions include a command to change encryption keys associated with the secure token stored in the secure element memory.
  - 5. The communication device of claim 1, wherein the identification information comprises a digital signature, a time stamp or a combination thereof.
  - 6. The communication device of claim 5, wherein the secure element comprises a universal integrated circuit card, wherein keysets are utilized for mutual authentication of the secure element and the secure device processing system with the remote management server, and wherein the first operations of the secure element further comprise receiving an encrypted secure token from the secure token application function that is remote from the communication device.
  - 7. The communication device of claim 1, wherein the modifying the secure token is via a hash function.
  - 8. The communication device of claim 1, wherein the second operations of the secure device processing system further comprise accessing user input requesting the secure token, wherein the receiving of the modified secure token from the secure element is responsive to the accessing of the user input.
  - 9. The communication device of claim 8, wherein the secure token comprises a two dimensional bar code, and wherein the receiving device comprises a two dimensional bar code reader.
  - 10. The communication device of claim 9, wherein the second operations of the secure device processing system further comprise:
    - receiving, by the secure device processing system, a secure token descriptor associated with the secure token from the secure token application function; and
      
      storing the secure token descriptor in the secure device processing system memory, wherein the user input is a selection based on the secure token descriptor.
  - 11. The communication device of claim 1, wherein the identification information comprises a digital signature.

12. A method comprising:
- modifying, by a communication device comprising a processing system including a processor, a secure token based on identification information resulting in a modified secure token;
  
  providing, by the communication device, the modified secure token over a network to a receiving device to enable the receiving device to provide the modified secure token over the network to a secure token application function of a server for decrypting the modified secure token to analyze the identification information and to obtain token information for use by the receiving device, wherein the server, the communication device and the receiving device are remote from each other; and
  
  receiving, by the communication device, token adjustment instructions over the network from the secure token application function, wherein the token adjustment instructions are received via a remote management server, and wherein keysets are utilized for authentication with the remote management server.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein the identification information comprises a digital signature, a time stamp or a combination thereof and further comprising:
    - receiving, by the communication device, a secure token descriptor associated with the secure token from the secure token application function, wherein a request for the secure token is based on a selection according to the secure token descriptor.
  - 14. The method of claim 13, wherein the request is generated by an application being executed on the communication device and further comprising providing wireless communications between the communication device and the receiving device utilizing a device processor of the communication device.
  - 15. The method of claim 13, wherein the request is generated by a remote source.
  - 16. The method of claim 12, wherein the identification information is added to the secure token using a hash function.
  - 17. The method of claim 12, wherein the token adjustment instructions include one of a command to delete the secure token, a command to replace the secure token with another secure token, or a command to change encryption keys associated with the secure token.

18. A non-transitory, machine-readable storage medium, comprising executable instructions that, when executed by a processing system including a processor executing a secure token application function, facilitate performance of operations, comprising:
- receiving over a network a modified secure token from a receiving device that obtained the modified secure token over the network from a communication device according to user input associated with a token descriptor, wherein the processing system, the receiving device and the communication device are remote from each other;
  
  decrypting the modified secure token to obtain an encrypted secure token and to obtain identification information;
  
  verifying the identification information;
  
  decrypting the encrypted secure token to obtain a secure token;
  
  analyzing the secure token to obtain token information;
  
  providing a notification over the network to the receiving device indicating a result of the analyzing of the token information; and
  
  providing token adjustment instructions over the network to the communication device, wherein the token adjustment instructions are provided via a remote management server,wherein the encrypted secure token is provided over the network to the communication device via the remote management server.
- View Dependent Claims (19, 20)
- - 19. The non-transitory, machine-readable storage medium of claim 18, wherein the token adjustment instructions include one of a command to delete the encrypted secure token, a command to replace the encrypted secure token with another encrypted secure token, or a command to change encryption keys associate with the encrypted secure token.
  - 20. The non-transitory, machine-readable storage medium of claim 18, wherein the operations further comprise comparing the secure token obtained from the decrypting to another secure token that was generated and stored by the secure token application function, wherein the decrypting of the encrypted secure token to obtain the secure token utilizes a transport key, and wherein keysets are utilized for mutual authentication of a secure element and a secure device processor of the communication device with the remote management server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.), AT&T Mobility II LLC (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.), AT&T Mobility II LLC (AT&T, Inc.)
Inventors
Chastain, Walter Cooper, Chin, Stephen Emille, King, Samuel, Suozzo, Michael, Vondrak, Nicholas, Wane, Ismaila
Primary Examiner(s)
Okeke, Izunna
Assistant Examiner(s)
Song, Hee K

Application Number

US15/206,975
Publication Number

US 20160323111A1
Time in Patent Office

848 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04W 12/069   using certificates or pre-s...

Apparatus and method for managing use of secure tokens

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

232 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and method for managing use of secure tokens

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

232 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others