Methods, system and mobile device capable of enabling credit card personalization using a wireless network
First Claim
Patent Images
1. A method comprising:
- generating one or more shared secret keys known to a user equipment and a personalization application server;
transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and
using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel for OTA transmission of personalization data from the personalization application server to the user equipment.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods of creating a secure channel over which credit card personalization data can be transmitted over the air (OTA) are provided. In particular, Generic Authentication Architecture (GAA) may be used to establish a secure communication channel between the user equipment (UE) and a personalization application server or bureau acting as a network application function (NAF) server. An user equipment, personalization application service (e.g., a NAF server), a system embodying a personalization application server and an user equipment, and a computer program product are also provided for creating a secure channel, such as via GAA, over which credit card personalization data can be transmitted OTA.
201 Citations
47 Claims
-
1. A method comprising:
-
generating one or more shared secret keys known to a user equipment and a personalization application server; transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel for OTA transmission of personalization data from the personalization application server to the user equipment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
generating one or more shared secret keys known to a first and second entity using a Generic Authentication Architecture (GAA); transmitting one or more issuer security domain keys from said second entity to said first entity, wherein said one or more issuer security domain keys are encrypted using said one or more shared secret keys; using said one or more issuer security domain keys to create an issuer security domain between said first and said second entities; establishing a secure channel between said first and second entities using said issuer security domain; and transmitting personalization data over said secure channel. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus comprising:
-
at least one processor, and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus to perform the following; obtain at least one secret key unique to said apparatus from a user identification module,-said processor in communication with said user identification module; store one or more shared secret keys known to a personalization application server and said apparatus, said one or more shared secret keys generated using said at least one unique secret key; and receive one or more issuer security domain keys encrypted by said one or more shared secret keys, said one or more issuer security domain keys being used to create an issuer security domain, said issuer security domain being used to establish a secure channel over which said apparatus is configured to receive personalization data. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A system comprising:
-
a personalization application server; and a user equipment in communication with said personalization application server over a secure channel, said secure channel used to transmit personalization data over the air (OTA) from the personalization application server to the user equipment, wherein one or more issuer security domain keys are encrypted using one or more shared secret keys known to the personalization application server and the user equipment and transmitted from the personalization application server to the user equipment, said issuer security domain keys used to create an issuer security domain that is configured to be used to establish the secure channel. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
-
30. A system comprising:
-
means for generating one or more shared secret keys known to a user equipment and a personalization application server; means for transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and means for using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel for OTA transmission of personalization data from the personalization application server to the user equipment. - View Dependent Claims (31, 32, 33)
-
-
34. A computer program product, wherein the computer program product comprises at least one computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
-
a first executable portion for generating one or more shared secret keys known to a user equipment and a personalization application server; a second executable portion for transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and a third executable portion for using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel for OTA transmission of personalization data from the personalization application server to the user equipment. - View Dependent Claims (35, 36, 37)
-
-
38. An apparatus comprising:
-
means for generating one or more shared secret keys known to a user equipment and a personalization application server; means for storing said one or more shared secret keys on said user equipment; means for transmitting one or more issuer security domain keys from the personalization application server to the user equipment, wherein said one or more issuer security domain keys are encrypted using the one or more shared secret keys; and means for using said one or more issuer security domain keys to create an issuer security domain, wherein said issuer security domain is configured to be used to establish a secure channel over which said user equipment is configured to receive said personalization data.
-
-
39. An apparatus comprising:
-
at least one processor, and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus to perform the following; receive a request for security data; transmit an authentication challenge in response to the request, said challenge comprising a request that a shared secret key be used for authentication; receive a response encrypted using the shared secret key; verify the response; encrypt the security data requested, upon verification, using the shared secret key; transmit the encrypted security data, wherein the encrypted security data is configured to be used to create an issuer security domain configured to be used to establish a secure channel; and transmit personalization data over the secure channel, upon establishment. - View Dependent Claims (40, 41, 42)
-
-
43. An apparatus comprising:
-
means for receiving a request for security data; means for transmitting an authentication challenge in response to the request, said challenge comprising a request that a shared secret key be used for authentication; means for receiving a response encrypted using the shared secret key; means for verifying the response; means for, upon verification, encrypting the security data requested using the shared secret key; means for transmitting the encrypted security data, wherein the encrypted security data is configured to be used to create an issuer security domain configured to be used to establish a secure channel; and means for transmitting personalization data over the secure channel.
-
-
44. An apparatus comprising:
-
at least one processor, and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus to perform the following; send a request for security data; receive an authentication challenge in response to the security data request, said authentication challenge comprising a request that a shared secret key be used for authentication; encrypt an authentication response using the shared secret key; send the authentication response; receive the requested security data, in response to being authenticated, said requested security data encrypted using the shared secret key; decrypt the requested security data using the shared secret key; create an issuer security domain using the security data; establish a secure channel using the issuer security domain; and receive personalization data over the secure channel. - View Dependent Claims (45, 46, 47)
-
Specification