Trust-zone-based end-to-end security

US 10,193,700 B2
Filed: 02/25/2016
Issued: 01/29/2019
Est. Priority Date: 02/27/2015
Status: Active Grant

First Claim

Patent Images

1. A method for exchanging encrypted information by an electronic device, the method comprising:

generating, by the device, a device signing certificate and a device signing public private key pair, and a device encryption certificate and a device encryption public private key pair, each of the device signing and encryption certificates signed using a device unique private key that is pre-stored on the electronic device;

transmitting, by the device, the device signing and device encryption certificates to a token service provider (TSP) server;

receiving, by the device, a TSP signing certificate and a TSP encryption certificate from the TSP server;

identifying, by the device a TSP signing public key and a TSP encryption public key of the TSP server based on the received TSP signing and the received TSP encryption certificates; and

transmitting a message including (i) information encrypted based on the TSP encryption public key and (ii) a signature of the electronic device based on the device signing private key,wherein the device unique private key is stored on the electronic device by a manufacturer of the electronic device for access by a trusted application of the electronic device and wherein the information includes information for registering payment information with the TSP, the payment information associated with the electronic device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, electronic devices, and systems for exchanging encrypted information. A method for exchanging encrypted information by an electronic device includes generating one or more device certificates and one or more device public private key pairs. The one or more device certificates are signed using a device unique private key that is pre-stored on the electronic device. The method also includes sending the one or more device certificates to a server of a token service provider (TSP). The method further includes receiving one or more TSP certificates from the TSP server. The method includes identifying one or more TSP public keys of the TSP server based on the one or more received TSP certificates. Additionally, the method includes transmitting a message including the information encrypted based on the one or more identified TSP public keys and a signature of the electronic device.

198 Citations

14 Claims

1. A method for exchanging encrypted information by an electronic device, the method comprising:
- generating, by the device, a device signing certificate and a device signing public private key pair, and a device encryption certificate and a device encryption public private key pair, each of the device signing and encryption certificates signed using a device unique private key that is pre-stored on the electronic device;
  
  transmitting, by the device, the device signing and device encryption certificates to a token service provider (TSP) server;
  
  receiving, by the device, a TSP signing certificate and a TSP encryption certificate from the TSP server;
  
  identifying, by the device a TSP signing public key and a TSP encryption public key of the TSP server based on the received TSP signing and the received TSP encryption certificates; and
  
  transmitting a message including (i) information encrypted based on the TSP encryption public key and (ii) a signature of the electronic device based on the device signing private key,wherein the device unique private key is stored on the electronic device by a manufacturer of the electronic device for access by a trusted application of the electronic device and wherein the information includes information for registering payment information with the TSP, the payment information associated with the electronic device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein:
    - a certificate of the device unique private key is signed using a root certificate authority (CA) private key of the manufacturer of the electronic device.
  - 3. The method of claim 2, wherein a public key for a root CA private key of the manufacturer of the electronic device is provided to the TSP by the manufacturer of the electronic device prior to the generating of the one or more device certificates and the one or more device public private key pairs.
  - 4. The method of claim 1, wherein identifying the TSP signing and TSP encryption public keys of the TSP server based on the received TSP signing and TSP encryption certificates comprises:
    - identifying a root certificate authority (CA) certificate of the TSP that is pre-stored on the electronic device for access by a trusted application of the electronic device;
      
      verifying authenticity of the one or more received TSP signing and TSP encryption certificates based on the TSP root CA certificate using the trusted application; and
      
      identifying the TSP signing and TSP encryption public keys in response to verifying the authenticity of the received TSP signing and TSP encryption certificates.
  - 5. The method of claim 1, wherein the information in the message is encrypted using a unique session key and the unique session key is encrypted using the TSP encryption key of a TSP encryption public private key pair.

6. An electronic device for exchanging encrypted information, the electronic device comprising:
- at least one hardware processor configured to generate a device signing certificate and a device signing public private key pair, and to generate a device encryption certificate and a device encryption public private key pair, the device signing and encryption certificates signed using a device unique private key that is pre-stored on the electronic device; and
  
  a transceiver configured to transmit the device signing and encryption certificates to a token service provider (TSP) server and to receive a TSP signing certificate and TSP encryption certificate from the TSP server,wherein the at least one hardware processor is further configured to identify a TSP signing public key and a TSP encryption public key of the TSP server based on the received TSP signing and encryption certificates, andwherein the transceiver is configured to transmit a message including (i) information encrypted based on the TSP encryption public key and (ii) a signature of the electronic device based on the device signing private key,wherein the device unique private key is stored on the electronic device by a manufacturer of the electronic device for access by a trusted application of the electronic device and wherein the information includes information for registering payment information with the TSP, the payment information associated with the electronic device.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The electronic device of claim 6, wherein:
    - a certificate of the device unique private key is signed using a root certificate authority (CA) private key of the manufacturer of the electronic device.
  - 8. The electronic device of claim 7, wherein a public key for a root CA private key of the manufacturer of the electronic device is provided to the TSP by the manufacturer of the electronic device prior to generating of the one or more device certificates and the one or more device public private key pairs.
  - 9. The electronic device of claim 6, wherein to identify the TSP signing and TSP encryption public keys of the TSP server based on the received TSP signing and TSP encryption certificates, the at least one hardware processor is configured to:
    - identify a root certificate authority (CA) certificate of the TSP that is pre-stored on the electronic device for access by a trusted application of the electronic device;
      
      verify authenticity of the received TSP signing and TSP encryption certificates based on the TSP root CA certificate using the trusted application; and
      
      identify the TSP signing and TSP encryption public keys in response to verifying the authenticity of the received TSP signing and TSP encryption certificates.
  - 10. The electronic device of claim 6, wherein the information in the message is encrypted using a unique session key and the unique session key is encrypted using the TSP encryption public key of a TSP encryption public private key pair.

11. A system for exchanging encrypted information of a token service provider (TSP), the system comprising:
- a TSP server comprising;
  
  at least one hardware processor configured to generate a TSP signing certificate and a TSP signing public private key pair, and a TSP encryption certificate and a TSP encryption public private key pair, the TSP signing and TSP encryption certificates signed using a TSP root certificate authority (CA) private key; and
  
  a transceiver configured to transmit the TSP signing and TSP encryption certificates to an electronic device and to receive a device signing certificate and a device encryption certificate from the electronic device,wherein the at least one hardware processor is further configured to verify an authenticity of the device signing and device encryption certificates based on a public key for a root CA private key of a manufacturer of the electronic device, andwherein the transceiver is configured to receive, from the electronic device, a message including (i) information encrypted based on the TSP encryption public key of the TSP encryption public private key pair and (ii) a signature of the electronic device,wherein a device unique private key is stored on the electronic device by the manufacturer for access by a trusted application of the electronic device and wherein the information includes information for registering payment information with the TSP, the payment information associated with the electronic device.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein:
    - the transceiver is configured to receive a root CA certificate of the manufacturer of the electronic device during a secure certificate exchange with a server of the manufacturer, andthe at least one hardware processor is further configured to identify the public key for the root CA private key of the manufacturer based on the received root CA certificate of the manufacturer.
  - 13. The system of claim 12, wherein the transceiver is configured to provide a root certificate authority (CA) certificate of the TSP to the server of the manufacturer during the secure certificate exchange for storage on the electronic device and verification of the TSP.
  - 14. The system of claim 11, wherein the information in the message is encrypted using a unique session key and the unique session key is encrypted using the TSP encryption public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Liu, An, Venkataram, Balakrishna, Peng, Pai, Kasman, Bulent, Patel, Kunal
Primary Examiner(s)
Abedin, Shanto

Application Number

US15/054,020
Publication Number

US 20160254918A1
Time in Patent Office

1,069 Days
Field of Search

713156, 713175, 705 67, 705 75, 705 76
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

H04W 12/069   using certificates or pre-s...

Trust-zone-based end-to-end security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

198 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Trust-zone-based end-to-end security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

198 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links