Local trusted services manager for a contactless smart card

US 8,793,508 B2
Filed: 12/17/2012
Issued: 07/29/2014
Est. Priority Date: 12/17/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for implementing trusted service managers (TSM) locally in secure elements of computing devices used for contactless communications, comprising:

storing, a TSM software application in a secure element of a computing device used for contactless communication, a private encryption key assigned to the TSM software application, and a corresponding public encryption key;

transmitting, by the TSM software application in the secure element of the computing device, a request for application data to a registered remote non-TSM computer configured to access the public key;

receiving, in the computing device from the remote non-TSM computer, the requested application data for installation in the secure element of the computing device, the requested application data comprising at least one of a software application, other than the TSM application, executable in the secure element or data to support an existing software application, other than the TSM application, in the secure element, the received requested application data having been encrypted by the remote non-TSM computer using the public encryption key;

decrypting, by the TSM software application in the secure element of the computing device, the received encrypted application data using the private key stored in the secure element of the computing device; and

writing, by the TSM software application in the secure element of the computing device, the decrypted application data to one or more memory blocks of the secure element.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.

177 Citations

26 Claims

1. A computer-implemented method for implementing trusted service managers (TSM) locally in secure elements of computing devices used for contactless communications, comprising:
- storing, a TSM software application in a secure element of a computing device used for contactless communication, a private encryption key assigned to the TSM software application, and a corresponding public encryption key;
  
  transmitting, by the TSM software application in the secure element of the computing device, a request for application data to a registered remote non-TSM computer configured to access the public key;
  
  receiving, in the computing device from the remote non-TSM computer, the requested application data for installation in the secure element of the computing device, the requested application data comprising at least one of a software application, other than the TSM application, executable in the secure element or data to support an existing software application, other than the TSM application, in the secure element, the received requested application data having been encrypted by the remote non-TSM computer using the public encryption key;
  
  decrypting, by the TSM software application in the secure element of the computing device, the received encrypted application data using the private key stored in the secure element of the computing device; and
  
  writing, by the TSM software application in the secure element of the computing device, the decrypted application data to one or more memory blocks of the secure element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising selecting, by the TSM application in the secure element of the computing device, at least one memory block in the secure element for writing the received application data to the selected at least one memory block.
  - 3. The method according to claim 1, the requested application data comprising at least one of a software application, other than the TSM application, executable in the secure element or data to support an existing software application, other than the TSM application, in the secure element.
  - 4. The method according to claim 1, further comprising managing, by a user-interface software application on the computing device and resident outside the secure element, the TSM software application in the secure element, the TSM software application in the secure element of the computing device transmitting the request for the application data in response to inputs received by the user-interface software application.
  - 5. The method according to claim 4, wherein the user-interface software application transmits user inputs from a display or a keypad of the computing device to the TSM software application in the secure element via a secure communication channel.
  - 6. The method according to claim 1, wherein the encrypted application data is received in the secure element or a secure memory outside the secure element of the computing device, the secure memory connected to the secure element via a secure communication channel.
  - 7. The method according to claim 1, wherein the remote non-TSM computer is registered for deploying application data to the computing device only when the remote non-TSM computer is in possession of the public key.
  - 8. The method according to claim 1, wherein the TSM software application in the secure element of the computing device provides permissions for performing various life-cycle functions on the encrypted application data received in the computing device, the life-cycle functions including at least one of an initialize function, a start function, a stop function, and a destroy function.
  - 9. The method according to claim 1, wherein the computing device is one of a services identity module (SIM) card, a secure digital (SD) memory card, a universal integrated circuit card (UICC), or a mobile communication device having the secure element disposed therein.

10. A computer program product, comprising:
- a non-transitory computer-executable secure element having computer-readable program instructions embodied thereon that when executed by a computing device perform a method for implementing a trusted service managers (TSM) locally in secure elements of computing devices used for contactless communications, the computer-executable program instructions comprising;
  
  computer-executable program instructions to transmit a request for application data to a registered remote non-TSM computer configured to access a public key stored in the secure element and assigned to the computing program product;
  
  computer-executable program instructions to receive, from the remote non-TSM computer, the requested application data for installation in the secure element of the computing device, the received requested application data having been encrypted by the remote non-TSM computer using the public encryption key, the application data comprising at least one of a software application, other than the TSM application, executable in the secure element or data to support an existing software application, other than the TSM application, in the secure element;
  
  computer-executable program instructions to decrypt the received encrypted application data using a private key corresponding to the public key and stored in the secure element;
  
  computer-executable program instructions to write the decrypted application data to one or more memory blocks of the secure element.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer program product of claim 10, further comprising:
    - computer-executable program instructions to select the one or more memory blocks of the secure element to write the application data to.
  - 12. The computer program product of claim 10, the requested application data comprising at least one of a software application, other than the TSM application, executable in the secure element, or data to support an existing software application, other than the TSM application, in the secure element.
  - 13. The computer program product of claim 10, wherein the encrypted application data is received in the secure element or a secure memory outside the secure element of the computing device, the secure memory connected to the secure element via a secure communication channel.
  - 14. The computer program product of claim 10, wherein the remote non-TSM computer is registered for deploying application data to the computing device only when the remote non-TSM computer is in possession of the public key.
  - 15. The computer program product of claim 10, further comprising:
    - computer-executable program instructions to provide permissions for performing various life-cycle functions on the received encrypted application data, the life-cycle functions including at least one of an initialize function, a start function, a stop function, and a destroy function.
  - 16. The computer program product of claim 10, wherein the computing device is one of a services identity module (SIM) card, a secure digital (SD) memory card, a universal integrated circuit card (UICC), or a mobile communication device having the secure element disposed therein.

17. A computer-implemented system for implementing a trusted service manager (TSM) locally within secure elements of computing devices used for contactless communications, the system comprising:
- a computing device comprising a secure element having a TSM software application resident therein, the TSM software application configured to execute in the secure element of the computing device and to;
  
  store a private encryption key assigned to a TSM software application and a corresponding public encryption key in the secure element;
  
  transmit a request for application data to a registered remote non-TSM computer configured to access the public key;
  
  receive from the remote non-TSM computer the requested application data for installation in the secure element, the requested application data encrypted by the non-TSM computer using the public key, the application data comprising at least one of a software application, other than the TSM application, executable in the secure element or data to support an existing software application, other than the TSM application, in the secure element;
  
  write the requested application data received from the remote non-TSM computer to the secure element.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The system of claim 17, the TSM software application being further configured to decrypt the received encrypted application data using the private key.
  - 19. The system of claim 17, the TSM software application being further configured to select at least one memory block in the secure element for writing the requested application data to the selected at least one memory block.
  - 20. The system according to claim 17, further comprising a user-interface software application resident on the computing device and outside the secure element that manages the TSM software application in the secure element, the TSM software application in the secure element of the computing device transmitting the request for the application data in response to inputs received by the user-interface software application.
  - 21. The system according to claim 20, wherein the user-interface software application transmits user inputs from a display or a keypad of the computing device to the TSM software application in the secure element via a secure communication channel.
  - 22. The system according to claim 17, wherein the encrypted application data is received in the secure element or a secure memory outside the secure element of the computing device, the secure memory connected to the secure element via a secure communication channel.
  - 23. The system according to claim 17, wherein each registered remote non-TSM computer is registered for deploying application data to the computing device only when the registered remote non-TSM computer is in possession of the public key.
  - 24. The system according to claim 17, the requested application data comprising at least one of a software application, other than the TSM application, executable in the secure element or data to support an existing software application, other than the TSM application, in the secure element.
  - 25. The system according to claim 17, the TSM software application being further configured to provide permissions for performing various life-cycle functions on the encrypted application data received in the computing device, the life-cycle functions including at least one of an initialize function, a start function, a stop function, and a destroy function.
  - 26. The system according to claim 17, wherein the computing device is one of a services identity module (SIM) card, a secure digital (SD) memory card, a universal integrated circuit card (UICC), or a mobile communication device having the secure element disposed therein.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
von Behren, Rob, Wall, Jonathan, Paya, Ismail Cem
Primary Examiner(s)
Vaughan, Michael R

Application Number

US13/717,686
Publication Number

US 20130121493A1
Time in Patent Office

589 Days
Field of Search

None
US Class Current

713/192
CPC Class Codes

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/35765   Access rights to memory zones

G06Q 20/3823   combining multiple encrypti...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

Local trusted services manager for a contactless smart card

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

177 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Local trusted services manager for a contactless smart card

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

177 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links