Enabling users to select between secure service providers using a central trusted service manager

US 8,379,863 B1
Filed: 04/10/2012
Issued: 02/19/2013
Est. Priority Date: 09/15/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for providing secure services to a network device comprising a secure element, the method comprising:

maintaining, by a computer, at least one cryptographic key for the secure element, the at least one cryptographic key operable to provide secure access to the secure element via a secure communication channel;

receiving, by the computer, a selection of a trusted service manager (“

TSM”

) for facilitating the secure service;

obtaining, by the computer, from the selected TSM, information regarding the secure service and an application for the secure service;

provisioning, by the computer, the secure service at the secure element using the obtained information, the obtained application, and the at least one cryptographic key; and

removing, by the computer, information related to a previous TSM from the secure element.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described herein for enabling users to select from available secure service providers (each having a Trusted Service Manager (“TSM”)) for provisioning applications and services on a secure element installed on a device of the user. The device includes a service provider selector (“SPS”) module that provides a user interface for selecting the secure service provider. In one embodiment, the SPS communicates with a key escrow service that maintains cryptographic keys for the secure element and distributes the keys to the user selected secure service provider. The key escrow service also revokes the keys from deselected secure service providers. In another embodiment, the SPS communicates with a central TSM that provisions applications and service on behalf of the user selected secure service provider. The central TSM serves as a proxy between the secure service providers and the secure element.

156 Citations

37 Claims

1. A computer-implemented method for providing secure services to a network device comprising a secure element, the method comprising:
- maintaining, by a computer, at least one cryptographic key for the secure element, the at least one cryptographic key operable to provide secure access to the secure element via a secure communication channel;
  
  receiving, by the computer, a selection of a trusted service manager (“
  
  TSM”
  
  ) for facilitating the secure service;
  
  obtaining, by the computer, from the selected TSM, information regarding the secure service and an application for the secure service;
  
  provisioning, by the computer, the secure service at the secure element using the obtained information, the obtained application, and the at least one cryptographic key; and
  
  removing, by the computer, information related to a previous TSM from the secure element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, further comprising creating a secure communication channel between the computer and the selected TSM for obtaining the information regarding the secure service and the application for the secure service.
  - 3. The computer-implemented method of claim 1, further comprising executing business logic for the secure element on behalf of the selected TSM.
  - 4. The computer-implemented method of claim 1, wherein the removing step comprises transmitting a message to the secure element commanding the secure element to remove information and an application related to the previous TSM from the secure element.
  - 5. The computer-implemented method of claim 1, further comprising receiving confirmation of the selection of the selected TSM from another device other than the network device prior to provisioning the secure service at the secure element.
  - 6. The computer-implemented method of claim 1, wherein the computer comprises a managed TSM.
  - 7. The computer program product of claim 1, wherein the selection of the TSM for facilitating the secure service is received from the network device.
  - 8. The computer program product of claim 1, further comprising:
    - receiving, by the computer, a selection of a second TSM for facilitating a second secure service;
      
      obtaining, by the computer, from the second TSM, information regarding the second secure service and an application for the second secure service; and
      
      provisioning, by the computer, the second secure service at the secure element using the obtained information regarding the second secure service, the obtained application for the second secure service, and the at least one cryptographic key.
  - 9. The computer program product of claim 8, further comprising removing information related to a TSM other than the second TSM from the secure element.
  - 10. The computer-implemented method of claim 8, further comprising transmitting a message to the secure element commanding the secure element to remove information and an application related to a TSM other than the second TSM from the secure element.

11. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program code embodied therein for providing secure services to a communication device comprising secure memory, the computer-readable medium comprising;
  
  computer-readable program code for maintaining at least one cryptographic key for the secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel;
  
  computer-readable program code for receiving, a selection of a secure service provider for facilitating the secure service;
  
  computer-readable program code for obtaining, from the selected secure service provider, information regarding the secure service and an application for the secure service;
  
  computer-readable program code for provisioning the secure service at the secure memory using the obtained information, the obtained application, and the at least one cryptographic key; and
  
  computer-readable program code for removing information related to a previous secure service provider from the secure memory.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The computer program product of claim 11, further comprising computer-readable program code for creating a secure communication channel between the computer and the selected secure service provider for obtaining the information regarding the secure service and the application for the secure service.
  - 13. The computer program product of claim 11, further comprising computer-readable program code for executing business logic for the secure memory on behalf of the selected secure service provider.
  - 14. The computer program product of claim 11, wherein the computer-readable program code for removing information related to the previous secure service provider from the secure memory comprises computer-readable program code for transmitting a message to the secure memory requesting the secure memory to remove information and an application related to the previous secure service provider from the secure memory.
  - 15. The computer program product of claim 11, further comprising computer-readable program code for receiving confirmation of the selection of the selected secure service provider from another device other than the communication device prior to provisioning the secure service at the secure memory.
  - 16. The computer program product of claim 11, wherein the secure memory is a secure element.
  - 17. The computer program product of claim 11, wherein the selection of the secure service provider for facilitating the secure service is received from the communication device.

18. A system for providing secure services to a network device comprising a secure memory, the system comprising:
- a communication module that receives a selection of a trusted service manager (“
  
  TSM”
  
  ) for facilitating the secure service;
  
  a managed TSM communicably coupled to the communication module that;
  
  maintains at least one cryptographic key for the secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel;
  
  receives, from the selected TSM, information regarding the secure service and an application for the secure service;
  
  provisions the secure service at the secure memory using the received information, the received application, and the at least one cryptographic key; and
  
  causes information related to a previous TSM to be removed from the secure memory.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The system of claim 18, wherein the managed TSM creates a secure communication channel between the computer and the selected TSM for obtaining the information regarding the secure service and the application for the secure service.
  - 20. The system of claim 18, wherein the managed TSM executes business logic for the secure memory on behalf of the selected TSM.
  - 21. The system of claim 18, wherein the managed TSM causes information related to the previous TSM to be removed from the secure memory by transmitting, via the communication module, a message to the secure memory commanding the secure memory to remove information and an application related to the previous TSM from the secure memory.
  - 22. The system of claim 18, wherein the managed TSM receives confirmation of the selection of the selected TSM from another device other than the network device prior to provisioning the secure service at the secure memory.
  - 23. The system of claim 18, wherein the secure memory is a secure element.
  - 24. The system of claim 18, wherein the selection of the TSM for facilitating the secure service is received from the network device.

25. A computer-implemented method for providing secure services to a network device comprising a secure element, the method comprising:
- maintaining, by a computer, at least one cryptographic key for the secure element, the at least one cryptographic key operable to provide secure access to the secure element via a secure communication channel;
  
  receiving, by the computer, a selection of a trusted service manager (“
  
  TSM”
  
  ) for facilitating the secure service;
  
  obtaining, by the computer, from the selected TSM, information regarding the secure service and an application for the secure service;
  
  provisioning, by the computer, the secure service at the secure element using the obtained information, the obtained application, and the at least one cryptographic key; and
  
  transmitting, by the computer, a message to the secure element commanding the secure element to remove information and an application related to a previous TSM from the secure element.
- View Dependent Claims (26, 27, 28, 29)
- - 26. A computer-implemented method of claim 25, further comprising creating a secure communication channel between the computer and the selected TSM for obtaining the information regarding the secure service and the application for the secure service.
  - 27. A computer-implemented method of claim 25, further comprising executing business logic for the secure element on behalf of the selected TSM.
  - 28. A computer-implemented method of claim 25, further comprising receiving confirmation of the selection of the selected TSM from another device other than the communication device prior to provisioning the secure service at the secure element.
  - 29. A computer-implemented method of claim 25, wherein the computer comprises a managed TSM.

30. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program code embodied therein for providing secure services to a communication device comprising secure memory, the computer-readable medium comprising;
  
  computer-readable program code for maintaining at least one cryptographic key for the secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel;
  
  computer-readable program code for receiving, a selection of a secure service provider for facilitating the secure service;
  
  computer-readable program code for obtaining, from the selected secure service provider, information regarding the secure service and an application for the secure service;
  
  computer-readable program code for provisioning the secure service at the secure memory using the obtained information, the obtained application, and the at least one cryptographic key; and
  
  computer-readable program code for transmitting a message to the secure memory requesting the secure memory to remove information and an application related to a previous secure service provider from the secure memory.
- View Dependent Claims (31, 32, 33)
- - 31. A computer program product of claim 30, further comprising computer-readable program code for creating a secure communication channel between the computer and the selected secure service provider for obtaining the information regarding the secure service and the application for the secure service.
  - 32. A computer program product of claim 30, further comprising computer-readable program code for executing business logic for the secure memory on behalf of the selected secure service provider.
  - 33. A computer program product of claim 30, further comprising computer-readable program code for receiving confirmation of the selection of the selected secure service provider from another device other than the communication device prior to provisioning the secure service at the secure memory.

34. A system for providing secure services to a network device comprising a secure memory, the system comprising:
- a communication module that receives a selection of a trusted service manager (“
  
  TSM”
  
  ) for facilitating the secure service;
  
  a managed TSM communicably coupled to the communication module that;
  
  maintains at least one cryptographic key for the secure memory, the at least one cryptographic key operable to provide secure access to the secure memory via a secure communication channel;
  
  receives, from the selected TSM, information regarding the secure service and an application for the secure service;
  
  provisions the secure service at the secure memory using the received information, the received application, and the at least one cryptographic key; and
  
  transmits, via the communication module, a message to the secure memory commanding the secure memory to remove information and an application related to a previous TSM from the secure memory.
- View Dependent Claims (35, 36, 37)
- - 35. The system of claim 34, wherein the managed TSM creates a secure communication channel between the computer and the selected TSM for obtaining the information regarding the secure service and the application for the secure service.
  - 36. The system of claim 34, wherein the managed TSM executes business logic for the secure memory on behalf of the selected TSM.
  - 37. The system of claim 34, wherein the managed TSM receives confirmation of the selection of the selected TSM from another device other than the network device prior to provisioning the secure service at the secure memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Pelly, Nicholas Julian, Hamilton, Jeffrey William
Primary Examiner(s)
Song, Hosuk

Application Number

US13/443,671
Time in Patent Office

315 Days
Field of Search

726 1- 7, 726/9, 726 20- 21, 726 27- 30, 380/270, 380/277, 380/281, 380/284, 380/286, 713/155, 713/164, 713168-170, 713/182, 713/185, 713/189, 713193-194, 705/50, 705 64- 67, 705 75- 77
US Class Current

380/277
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2153   Using hardware token as a s...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/0897   involving additional device...

H04W 12/04   Key management, e.g. using ...

H04W 12/48   using secure binding, e.g. ...

H04W 4/80   Services using short range ...

Enabling users to select between secure service providers using a central trusted service manager

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

156 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling users to select between secure service providers using a central trusted service manager

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links