Wallet application for interacting with a secure element application without a trusted server for authentication

US 8,646,059 B1
Filed: 09/26/2011
Issued: 02/04/2014
Est. Priority Date: 12/17/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for communication within payment devices configured to conduct payments via contactless communication, comprising:

supporting a first secure and isolated memory of a secure element embedded within a chip of a payment device configured to conduct a payment via contactless communication;

locating a control applet and a first sharable interface object (SIO) owned by the control applet within the first secure and isolated memory;

selecting, on a software application of the payment device, a selected card applet to configure from a registered list of card applets, the registered list of card applets comprising application identifiers (AIDs) of card applets within the secure element;

supporting a second secure and isolated memory of the secure element embedded within the chip;

locating the selected card applet and a second SIO owned by the selected card applet within the second secure and isolated memory;

transmitting, through a secure channel, to the control applet within the first secure and isolated memory, an AID associated with the selected card applet and a computer-coded instruction for a selected function to be performed on the selected card applet;

requesting data access from the control applet located within the first secure and isolated memory to the second SIO located within the second secure and isolated memory across a secure firewall within the secure element;

invoking, by the control applet, process method function calls of a card runtime environment, wherein the process method function calls perform the selected function on the selected card applet; and

executing, by the card runtime environment, the process method function calls, thereby performing the selected function on the selected card applet.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communication between a software application midlet of a contactless payment device and a control applet resident within a secure element of the contactless payment device includes selecting, on the software application midlet, a card applet to configure from a registered list of card applets, the list comprising application identifiers (AIDs) of card applets resident in the secure element; transmitting, through a secure channel, to the control applet on the secure element, the selected card applet'"'"'s AID and an instruction for a selected function to be performed on the selected card applet; invoking, by the control applet, process method function calls of a card runtime environment, wherein the process method function calls are defined by the card issuer or the card runtime environment for performing the selected function on the selected card applet; and rendering the process method function calls, thereby performing the selected function on the selected card applet.

429 Citations

20 Claims

1. A computer-implemented method for communication within payment devices configured to conduct payments via contactless communication, comprising:
- supporting a first secure and isolated memory of a secure element embedded within a chip of a payment device configured to conduct a payment via contactless communication;
  
  locating a control applet and a first sharable interface object (SIO) owned by the control applet within the first secure and isolated memory;
  
  selecting, on a software application of the payment device, a selected card applet to configure from a registered list of card applets, the registered list of card applets comprising application identifiers (AIDs) of card applets within the secure element;
  
  supporting a second secure and isolated memory of the secure element embedded within the chip;
  
  locating the selected card applet and a second SIO owned by the selected card applet within the second secure and isolated memory;
  
  transmitting, through a secure channel, to the control applet within the first secure and isolated memory, an AID associated with the selected card applet and a computer-coded instruction for a selected function to be performed on the selected card applet;
  
  requesting data access from the control applet located within the first secure and isolated memory to the second SIO located within the second secure and isolated memory across a secure firewall within the secure element;
  
  invoking, by the control applet, process method function calls of a card runtime environment, wherein the process method function calls perform the selected function on the selected card applet; and
  
  executing, by the card runtime environment, the process method function calls, thereby performing the selected function on the selected card applet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising updating, in the secure element, the registered list of card applet AIDs, wherein the selected card applet AID entry is edited or tagged with a computer code responsive to the function performed.
  - 3. The method according to claim 1, wherein the software application is a user-interface software application configured to receive the selected function from a plurality of available functions.
  - 4. The method according to claim 1, wherein the card runtime environment is a Java Card Runtime Environment (JCRE).
  - 5. The method according to claim 1, wherein the secure channel is provided by authenticating the computer-coded instruction from the software application using issuer security domain (ISD) key protected process method function calls within the secure element for performing the function responsive to the computer-coded instruction.
  - 6. The method according to claim 1, wherein the process method function calls are application programmable interface (API) functions configured to execute within the card runtime environment.
  - 7. The method according to claim 1, wherein the card applet is a smart card application software package or a software instance to be installed within an existing smart card application package, the software package or instance comprising information to access a credit card account, a debit card account, a loyalty card account, a web-based coupon account, a membership account, a gift card account, or an access card account.
  - 8. The method according to claim 2, wherein the list of card applet AIDs in the secure element is located in one of the control applet or a directory applet, the directory applet comprising only activated card applet AIDs for transaction purposes with an external card reader.
  - 9. The method according to claim 8, wherein the directory applet is only updated to indicate if the selected card applet is activated, deactivated, blocked, or unblocked.

10. A payment device, comprising:
- a secure element embedded within a chip, the secure element comprising;
  
  a first memory,a second memory,a control applet,a first sharable interface object (SIO) within the first memory and owned by the control applet,a plurality of card applets,a second SIO within the second memory and owned by one of the plurality of card applets,a firewall operable to separate the first SIO within the first memory and the second SIO within the second memory and to support secure data access and transfer between the first SIO within the first memory and the second SIO within the second memory through the firewall, anda registered list of the card applets, wherein the registered list comprises an application identifier (AID) for each of the card applets resident in the secure element,a software application midlet that receives an input of a selection of at least one of the plurality of card applets to configure from the registered list of card applets, anda secure channel via which the selected card applet'"'"'s AID and a computer-coded instruction for a selected function to be performed on the selected card applet are communicated to the control applet on the secure element,wherein the control applet requests data access to the second SIO across the firewall and invokes process method function calls of a card runtime environment, wherein the process method function calls are defined by a card issuer corresponding to the selected card applet to perform the selected function on the selected card applet, andwherein the card runtime environment executes the process method function calls, thereby performing the selected function on the selected card applet.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The device according to claim 10, wherein the secure element updates the registered list of card applet AIDs, and wherein the selected card applet AID entry is edited or tagged with a computer code responsive to the function performed.
  - 12. The device according to claim 10, wherein the software application midlet is a user-interface software application configured to receive an input of the selected function from a plurality of available functions.
  - 13. The device according to claim 10, wherein the card runtime environment is a Java Card Runtime Environment (JCRE).
  - 14. The device according to claim 10, wherein the secure channel is provided by authenticating the computer-coded instruction from the software application midlet using issuer security domain (ISD) key protected process method function calls within the secure element for performing the function responsive to the computer-coded instruction.
  - 15. The device according to claim 10, wherein the process method function calls are application programmable interface (API) functions configured to execute within the card runtime environment.
  - 16. The device according to claim 10, wherein the card applet is a smart card application software package or a software instance to be installed within an existing smart card application package, the software package or instance comprising information to access a credit card account, a debit card account, a loyalty card account, a web-based coupon account, a membership account, a gift card account, or an access card account.
  - 17. The device according to claim 11, wherein the list of card applet AIDs in the secure element is located in one of the control applet or a directory applet, wherein the directory applet comprises only activated card applet AIDs for transaction purposes with an external card reader.
  - 18. The device according to claim 17, wherein the directory applet is only updated to indicate if the selected card applet is activated, deactivated, blocked, or unblocked.

19. A payment device, comprising:
- a secure element embedded within a chip of a device used for payments;
  
  a first memory embedded within the secure element, the first memory operable to store a control application and a first sharable interface object (SIO) within and owned by the control application;
  
  a second memory embedded within the secure element, the second memory operable to store a card application and a second SIO within and owned by the card application;
  
  a secure firewall embedded within the secure element operable to separate the first SIO and the second SIO, the secure firewall being further operable to support secure data transfer between the first SIO and the second SIO through the firewall in response to the control applet requesting data access from to the second SIO through the secure firewall; and
  
  a card runtime environment operable to receive, from a remote trusted service manager (TSM), a received application identifier (AID) code and one or more computer-coded instructions, wherein the one or more computer coded instructions support performing a function upon the card application through the secure firewall in response to the received AID corresponding to an AID associated with the card application.
- View Dependent Claims (20)
- - 20. The device according to claim 19, wherein the device is a mobile communications device or a card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
von Behren, Rob, Wall, Jonathan, Muehlberg, Alexej, Meyn, Hauke
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Salehi, Helai

Application Number

US13/244,777
Time in Patent Office

862 Days
Field of Search

726/9, 719311-320, 719/328, 719/329
US Class Current

726/9
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 9/44552   Conflict resolution, i.e. e...

G06F 9/45508   Runtime interpretation or e...

G06Q 20/02   involving a neutral party, ...

G06Q 20/3263   characterised by activation...

G06Q 20/3563   Software being resident on ...

G06Q 20/3574   Multiple applications on card

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

Wallet application for interacting with a secure element application without a trusted server for authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

429 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Wallet application for interacting with a secure element application without a trusted server for authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

429 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others