Methods, system and mobile device capable of enabling credit card personalization using a wireless network

US 7,628,322 B2
Filed: 09/28/2005
Issued: 12/08/2009
Est. Priority Date: 03/07/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating one or more shared secret keys known to a user equipment and a personalization application server;

transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and

using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel for OTA transmission of personalization data from the personalization application server to the user equipment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods of creating a secure channel over which credit card personalization data can be transmitted over the air (OTA) are provided. In particular, Generic Authentication Architecture (GAA) may be used to establish a secure communication channel between the user equipment (UE) and a personalization application server or bureau acting as a network application function (NAF) server. An user equipment, personalization application service (e.g., a NAF server), a system embodying a personalization application server and an user equipment, and a computer program product are also provided for creating a secure channel, such as via GAA, over which credit card personalization data can be transmitted OTA.

201 Citations

47 Claims

1. A method comprising:
- generating one or more shared secret keys known to a user equipment and a personalization application server;
  
  transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and
  
  using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel for OTA transmission of personalization data from the personalization application server to the user equipment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the user equipment comprises a mobile device having an EMV-certified chip embedded therein.
  - 3. The method of claim 1, wherein the user equipment comprises a mobile device further comprising a universal integrated circuit card (UICC) having one or more EMV applications stored thereon.
  - 4. The method of claim 3, wherein the UICC is configured to be removed from the mobile device and used in connection with another mobile device.
  - 5. The method of claim 1, wherein the step of generating one or more shared secret keys known to said user equipment and said personalization application server is performed in accordance with a Generic Authentication Architecture (GAA), and wherein the personalization application server comprises a network application function (NAF) server.
  - 6. The method of claim 5, further comprising:
    - using a bootstrapping server function (BSF) server in communication with said NAF server and said user equipment, wherein said BSF facilitates in the generation of said one or more shared secret keys.
  - 7. The method of claim 1 further comprising:
    - storing said one or more shared secret keys on said user equipment.
  - 8. The method of claim 1, wherein said personalization data comprises credit card personalization data.
  - 9. The method of claim 1, wherein said personalization data comprises public transport ticketing data.

10. A method comprising:
- generating one or more shared secret keys known to a first and second entity using a Generic Authentication Architecture (GAA);
  
  transmitting one or more issuer security domain keys from said second entity to said first entity, wherein said one or more issuer security domain keys are encrypted using said one or more shared secret keys;
  
  using said one or more issuer security domain keys to create an issuer security domain between said first and said second entities;
  
  establishing a secure channel between said first and second entities using said issuer security domain; and
  
  transmitting personalization data over said secure channel.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein said first entity is a network application function (NAF) server, and said second entity is a user equipment.
  - 12. The method of claim 11, further comprising:
    - using a bootstrapping server function (BSF) server in communication with said NAF server and said user equipment, wherein said BSF facilitates in the generation of said one or more shared secret keys.
  - 13. The method of claim 10, wherein the second entity comprises a mobile device having an EMV-certified chip embedded therein.
  - 14. The method of claim 10, wherein the second entity comprises a mobile device further comprising a universal integrated circuit card (UICC) having one or more EMV applications stored thereon.
  - 15. The method of claim 14, wherein the UICC is configured to be removed from the mobile device and used in connection with another mobile device.
  - 16. The method of claim 10, wherein said personalization data comprises credit card personalization data.
  - 17. The method of claim 10, wherein said personalization data comprises public transport ticketing data.

18. An apparatus comprising:
- at least one processor, andat least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus to perform the following;
  
  obtain at least one secret key unique to said apparatus from a user identification module,-said processor in communication with said user identification module;
  
  store one or more shared secret keys known to a personalization application server and said apparatus, said one or more shared secret keys generated using said at least one unique secret key; and
  
  receive one or more issuer security domain keys encrypted by said one or more shared secret keys, said one or more issuer security domain keys being used to create an issuer security domain, said issuer security domain being used to establish a secure channel over which said apparatus is configured to receive personalization data.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The apparatus of claim 18, wherein said one or more shared secret keys are generated in accordance with Generic Authentication Architecture (GAA), and wherein the personalization application server comprises a network application function (NAF) server.
  - 20. The apparatus of claim 19 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause an apparatus to:
    - store one or more GAA supporting applications in a computer-readable medium, said GAA supporting applications in communication with said user identification module and said processor, wherein said GAA supporting applications are configured to communicate with said NAF server and a Bootstrapping Server Function (BSF) server in order to generate said one or more shared secret keys.
  - 21. The apparatus of claim 18, wherein said personalization data comprises credit card personalization data.
  - 22. The apparatus of claim 18, wherein said personalization data comprises public transport ticketing data.

23. A system comprising:
- a personalization application server; and
  
  a user equipment in communication with said personalization application server over a secure channel, said secure channel used to transmit personalization data over the air (OTA) from the personalization application server to the user equipment, wherein one or more issuer security domain keys are encrypted using one or more shared secret keys known to the personalization application server and the user equipment and transmitted from the personalization application server to the user equipment, said issuer security domain keys used to create an issuer security domain that is configured to be used to establish the secure channel.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The system of claim 23, wherein said one or more shared secret keys are generated in accordance with a Generic Authentication Architecture (GAA), and wherein the personalization application server comprises a network application function (NAF) server.
  - 25. The system of claim 24, further comprising:
    - a bootstrapping server function (BSF) server in communication with said NAF server and said user equipment, wherein said BSF facilitates in the generation of said one or more shared secret keys.
  - 26. The system of claim 23, wherein said one or more shared secret keys are stored on said user equipment.
  - 27. The system of claim 23, wherein the user equipment comprises a mobile device having an EMV-certified chip embedded therein.
  - 28. The system of claim 23, wherein the user equipment comprises a mobile device further comprising a universal integrated circuit card (UICC) having one or more EMV applications stored thereon.
  - 29. The system of claim 28, wherein the UICC is configured to be removed from the mobile device and used in connection with another mobile device.

30. A system comprising:
- means for generating one or more shared secret keys known to a user equipment and a personalization application server;
  
  means for transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and
  
  means for using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel for OTA transmission of personalization data from the personalization application server to the user equipment.
- View Dependent Claims (31, 32, 33)
- - 31. The system of claim 30, wherein said means for generating one or more shared secret keys known to said user equipment and said personalization application server comprises means for generating said one or more shared secret keys in accordance with a Generic Authentication Architecture (GAA), and wherein the personalization application server comprises a network application function (NAF) server.
  - 32. The system of claim 31, further comprising:
    - means for using a bootstrapping server function (BSF) server in communication with said NAF server and said user equipment, wherein said BSF facilitates in the generation of said one or more shared secret keys.
  - 33. The system of claim 30 further comprising:
    - means for storing said one or more shared secret keys on said user equipment.

34. A computer program product, wherein the computer program product comprises at least one computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
- a first executable portion for generating one or more shared secret keys known to a user equipment and a personalization application server;
  
  a second executable portion for transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and
  
  a third executable portion for using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel for OTA transmission of personalization data from the personalization application server to the user equipment.
- View Dependent Claims (35, 36, 37)
- - 35. The computer program product of claim 34, wherein generating one or more shared secret keys known to said user equipment and said personalization application server comprises generating said one or more shared secret keys in accordance with a Generic Authentication Architecture (GAA), and wherein the personalization application server comprises a network application function (NAF) server.
  - 36. The system of claim 35, further comprising:
    - a fourth executable portion for using a bootstrapping server function (BSF) server in communication with said NAF server and said user equipment, wherein said BSF facilitates in the generation of said one or more shared secret keys.
  - 37. The computer program product of claim 34 further comprising:
    - a fourth executable portion for storing said one or more shared secret keys on said user equipment.

38. An apparatus comprising:
- means for generating one or more shared secret keys known to a user equipment and a personalization application server;
  
  means for storing said one or more shared secret keys on said user equipment;
  
  means for transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and
  
  means for using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel over which said user equipment is configured to receive said personalization data.

39. An apparatus comprising:
- at least one processor, andat least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus to perform the following;
  
  receive a request for security data;
  
  transmit an authentication challenge in response to the request, said challenge comprising a request that a shared secret key be used for authentication;
  
  receive a response encrypted using the shared secret key;
  
  verify the response;
  
  encrypt the security data requested, upon verification, using the shared secret key;
  
  transmit the encrypted security data, wherein the encrypted security data is configured to be used to create an issuer security domain configured to be used to establish a secure channel; and
  
  transmit personalization data over the secure channel, upon establishment.
- View Dependent Claims (40, 41, 42)
- - 40. The apparatus of claim 39, wherein the shared secret key is generated in accordance with a Generic Authentication Architecture (GAA), and wherein the personalization application server comprises a network application function (NAF) server.
  - 41. The apparatus of claim 39, wherein the security data comprises one or more issuer security domain keys.
  - 42. The apparatus of claim 41, wherein the security data further comprises a lifetime and a creation time of the one or more issuer security domain keys.

43. An apparatus comprising:
- means for receiving a request for security data;
  
  means for transmitting an authentication challenge in response to the request, said challenge comprising a request that a shared secret key be used for authentication;
  
  means for receiving a response encrypted using the shared secret key;
  
  means for verifying the response;
  
  means for, upon verification, encrypting the security data requested using the shared secret key;
  
  means for transmitting the encrypted security data, wherein the encrypted security data is configured to be used to create an issuer security domain configured to be used to establish a secure channel; and
  
  means for transmitting personalization data over the secure channel.

44. An apparatus comprising:
- at least one processor, andat least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus to perform the following;
  
  send a request for security data;
  
  receive an authentication challenge in response to the security data request, said authentication challenge comprising a request that a shared secret key be used for authentication;
  
  encrypt an authentication response using the shared secret key;
  
  send the authentication response;
  
  receive the requested security data, in response to being authenticated, said requested security data encrypted using the shared secret key;
  
  decrypt the requested security data using the shared secret key;
  
  create an issuer security domain using the security data;
  
  establish a secure channel using the issuer security domain; and
  
  receive personalization data over the secure channel.
- View Dependent Claims (45, 46, 47)
- - 45. The apparatus of claim 44, wherein the shared secret key is generated in accordance with a Generic Authentication Architecture (GAA).
  - 46. The apparatus of claim 44, wherein the security data comprises one or more issuer security domain keys.
  - 47. The apparatus of claim 46, wherein the security data further comprises a lifetime and a creation time of the one or more issuer security domain keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Laitinen, Pekka, Holtmanns, Silke
Primary Examiner(s)
Hess; Daniel A

Application Number

US11/237,811
Publication Number

US 20060196931A1
Time in Patent Office

1,532 Days
Field of Search

235/380, 380/247, 455/411, 713/168
US Class Current

235/380
CPC Class Codes

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/3552   Downloading or loading of p...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 9/083   involving central third par...

H04L 9/321   involving a third party or ...

H04L 9/3273   for mutual authentication n...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/35   Protecting application or s...

H04W 12/45   using multiple identity mod...

Methods, system and mobile device capable of enabling credit card personalization using a wireless network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

201 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, system and mobile device capable of enabling credit card personalization using a wireless network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

201 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links