System and method for providing secure data communication functionality to a variety of applications on a portable communication device

US 8,745,716 B2
Filed: 10/21/2011
Issued: 06/03/2014
Est. Priority Date: 11/17/2010
Status: Active Grant

First Claim

Patent Images

1. A system for providing a first application associated with a portable communication device the ability to communicate via a secure element disposed on the portable communication device, the system comprising:

a first digital identifier and a first digital token operably associated with the first application, wherein the first digital token is a global constant communicated by a server to other portable communication devices that also receive the first application;

a card services module disposed on the portable communication device and operably associated with the secure element to provide an application programming interface to the secure element;

a secure data table electronically associated with the card services module and stored on the portable communication device, the secure data table including a list of one or more trusted applications each being identifiable by a paired set of digital identifier and digital token,wherein the card services module includes means for comparing the first digital identifier and the first digital token with each of the identifier-token pairs in the secure data table until a match indicates that the first application is a first trusted application; and

means for generating a second digital token that is a function of the first digital identifier and the first digital token, and for storing the second digital token in the secure data table in association with the first trusted application,wherein the card services module issues one or more commands to the secure element in conjunction with presentation of the first digital token during an initial launch of the first trusted application and in conjunction with presentation of the second digital token, instead of the first digital token, in a subsequent launch of the first trusted application.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing an application associated with a portable communication device the ability to communicate via a secure element. The system has a digital identifier and digital token operably associated with the application; a card services module that provides an application programming interface to the secure element; and a secure data table associated with the card services module. The secure data table includes a list of trusted applications each identifiable by paired digital identifier and token. The card services module [includes] compares the identifier and the token with each of the identifier-token pairs in the table until a match indicates the application is trusted. The card services module issues commands to the secure element based on an action requested by a trusted application in conjunction with the presentation of the digital token. A method of providing an application with the ability to communicate via secure element is also disclosed.

46 Citations

View as Search Results

20 Claims

1. A system for providing a first application associated with a portable communication device the ability to communicate via a secure element disposed on the portable communication device, the system comprising:
- a first digital identifier and a first digital token operably associated with the first application, wherein the first digital token is a global constant communicated by a server to other portable communication devices that also receive the first application;
  
  a card services module disposed on the portable communication device and operably associated with the secure element to provide an application programming interface to the secure element;
  
  a secure data table electronically associated with the card services module and stored on the portable communication device, the secure data table including a list of one or more trusted applications each being identifiable by a paired set of digital identifier and digital token,wherein the card services module includes means for comparing the first digital identifier and the first digital token with each of the identifier-token pairs in the secure data table until a match indicates that the first application is a first trusted application; and
  
  means for generating a second digital token that is a function of the first digital identifier and the first digital token, and for storing the second digital token in the secure data table in association with the first trusted application,wherein the card services module issues one or more commands to the secure element in conjunction with presentation of the first digital token during an initial launch of the first trusted application and in conjunction with presentation of the second digital token, instead of the first digital token, in a subsequent launch of the first trusted application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system according to claim 1 wherein the one or more commands result in the secure element providing data for presentation on a user interface, the card services module passing the data to the first trusted application for display.
  - 3. The system according to claim 2 wherein the first trusted application requests a first action that requires presentation of a first argument, and wherein the card services module issues the one or more commands to the secure element based on both the first action and the first argument.
  - 4. The system according to claim 1 wherein the first trusted application requests a first action that requires presentation of a first argument, and wherein the card services module issues the one or more commands to the secure element based on both the first action and the first argument.
  - 5. The system according to claim 4 wherein the card services module further includes means for replacing the global constant with a pseudo-randomly generated value based on a preselected seed, the pseudo-randomly generated value being saved as the first digital token in the secure data table and in operable association with the first application.
  - 6. The system according to claim 5 wherein the secure element generates the pseudo-randomly generated value.
  - 7. The system according to claim 6 wherein the preselected seed is selected from the group comprising the first digital token global constant, the first digital identifier, an issuer of the first trusted application, and combinations thereof.
  - 8. The system according to claim 1 wherein the second digital token further is a function of an issuer identifier that identifies an issuer of the first trusted application.
  - 9. The system according to claim 8 wherein the secure element generates the pseudo-randomly generated value.
  - 10. The system according to claim 9 wherein the preselected seed is selected from the group comprising the first digital token global constant, the first digital identifier, an issuer of the first trusted application, and combinations thereof.
  - 11. The system according to claim 1 wherein the card services module receives the first digital token in association with the first digital identifier from a central database for storage in the secure data table.

12. A method for providing a first application associated with a portable communication device the ability to communicate via a secure element disposed on the portable communication device, the method comprising:
- determining that the first application is a first trusted application on the portable communication device by comparing a first digital identifier and a first digital token operably associated with the first application with each paired set of digital identifier and digital token associated with a known trusted application until a match indicates that the first application is a trusted application, the paired sets having been stored in a secure data table on the portable communication device, wherein the first digital token is a global constant communicated by a server to other portable communication devices that also receive the first application;
  
  verifying that the first digital token is associated with the first trusted application in the secure data table;
  
  generating a second digital token that is a function of the first digital identifier and the first digital token;
  
  storing the second digital token in the secure data table in association with the first trusted application; and
  
  issuing one or more commands to the secure element in conjunction with presentation of the first digital token during an initial launch of the first trusted application and in conjunction with presentation of the second digital token, instead of the first digital token, in a subsequent launch of the first trusted application.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method according to claim 12 wherein determining that the first application is the first trusted application comprisesbinding the first application to the secure element on the portable communication device in response to determining that the first application is trusted.
  - 14. The method according to claim 13 wherein the method further comprises:
    - replacing the global constant with a pseudo-randomly generated value based on a pre-selected seed, andsaving the pseudo-randomly generated value as the first digital token in the secure data table and in operable association with the first application.
  - 15. The method according to claim 14 further comprises generating the pseudo-randomly generated value via the secure element.
  - 16. The method according to claim 15 further comprising selecting the seed for the pseudo-randomly generated value from the group comprising the first digital token global constant, the first digital identifier, an issuer of the first trusted application, and combinations thereof.
  - 17. The method according to claim 14 wherein the one or more commands result in the secure element providing data for presentation on a user interface, the method further comprising passing the data from the secure element to the first trusted application for display on the portable communication device.
  - 18. The method according to claim 14 wherein the first trusted application requests a first action that requires presentation of a first argument, the method further comprising issuing the one or more commands to the secure element based on both the first action and the first argument.
  - 19. The method according to claim 12 wherein the one or more commands result in the secure element providing data for presentation on a user interface, the method further comprising passing the data from the secure element to the first trusted application for display on the portable communication device.
  - 20. The method according to claim 12, further comprising:
    - storing, in the secure data table, an issuer identifier and a permission level associated with the first trusted application, wherein the issuer identifier identifies an issuer of the first trusted application, and wherein the permission level identifies what permission the first trusted application has to change a credential stored by the secure element, andwherein the second digital token further is a function of the issuer identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TIS Incorporated (It Holdings Corporation)
Original Assignee
Sequent Software, Inc.
Inventors
Brudnicki, David, Craft, Michael, Reisgies, Hans, Weinstein, Andrew
Primary Examiner(s)
SHAW, BRIAN F

Application Number

US13/279,184
Publication Number

US 20120124658A1
Time in Patent Office

956 Days
Field of Search

726/9, 726/26, 726/2, 726/4, 726/5, 726/30, 726/18, 726/19, 726/27, 726/16, 726/22, 726/17, 705/16, 705/71, 705/44, 705/41, 705/14.23, 705/14.38, 705/64, 705/65, 713/167, 713/165, 713/193, 713/168, 717/167, 380/232, 455/411, 455/558, 235/380, 235/382
US Class Current

726/9
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/74   operating in dual or compar...

G06Q 20/204   comprising interface for re...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/3567   Software being in the reader

G06Q 20/3574   Multiple applications on card

G06Q 20/401   Transaction verification

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/20   for managing network securi...

System and method for providing secure data communication functionality to a variety of applications on a portable communication device

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing secure data communication functionality to a variety of applications on a portable communication device

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links