Writing application data to a secure element

US 8,806,199 B2
Filed: 11/27/2012
Issued: 08/12/2014
Est. Priority Date: 12/17/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for writing application data to secure elements of user computing devices, comprising:

assigning, by a control software application in a secure element namespace of a secure element of a user computing device, one or more memory blocks of the secure element namespace to a first software application from a software application provider;

transmitting, from the user computing device to a remote trusted service manager (TSM) computer, a request for application data for the first software application assigned to the one or more memory blocks of the secure element and an access key for a write access type, the application data to be written to the secure element namespace;

receiving, in a secure memory of the user computing device, from the remote TSM computer, the requested application data and the requested access key; and

writing, by the control software application in the secure element, the requested application data from the secure memory to the one or more data memory blocks of the secure element namespace assigned to the first software application, wherein the one or more data memory blocks of the secure element namespace are accessed by the control software application using the requested access key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element.

154 Citations

30 Claims

1. A computer-implemented method for writing application data to secure elements of user computing devices, comprising:
- assigning, by a control software application in a secure element namespace of a secure element of a user computing device, one or more memory blocks of the secure element namespace to a first software application from a software application provider;
  
  transmitting, from the user computing device to a remote trusted service manager (TSM) computer, a request for application data for the first software application assigned to the one or more memory blocks of the secure element and an access key for a write access type, the application data to be written to the secure element namespace;
  
  receiving, in a secure memory of the user computing device, from the remote TSM computer, the requested application data and the requested access key; and
  
  writing, by the control software application in the secure element, the requested application data from the secure memory to the one or more data memory blocks of the secure element namespace assigned to the first software application, wherein the one or more data memory blocks of the secure element namespace are accessed by the control software application using the requested access key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein an access control to the data memory blocks of the secure element namespace is defined, at least in part, by the access key for the write access type and a read access key for a read access type, the access keys defined in an access memory block of the secure element namespace.
  - 3. The method of claim 2, wherein a copy of the access keys are maintained by the control software application.
  - 4. The method according to claim 1, wherein the requested application data comprises at least one of the first software application or data to support the first software application.
  - 5. The method according to claim 1, further comprising:
    - receiving, in the secure memory from the remote TSM computer, an application identifier (AID) for the first software application and a directory access key, the directory access key for writing to an application directory table in a directory memory block in the secure element namespace; and
      
      writing, by the control software application, the AID of the first software application and the memory block location of the written first software application into the application directory table, wherein the directory memory block is accessed by the control software application using the directory access key.
  - 6. The method according to claim 1, further comprising:
    - receiving, in the secure memory, from the remote TSM computer, a new access key, wherein the new access key overwrites the requested access key; and
      
      replacing, by the control software application, in the access memory block the requested first access key with the new first access key, wherein write access to the data memory block and the access memory block are granted using the requested access key, and wherein a copy of the new access key is maintained by the control software application.
  - 7. The method according to claim 1, wherein the secure element comprises the secure memory.
  - 8. The method according to claim 1, wherein a second application executing on the user computing device outside the secure element transmits the request for application data to the TSM computer.
  - 9. The method according to claim 8, wherein the second application resident outside the secure element executes in an operating system of the user computing device, the user computing device comprising the secure element and an input device for accepting a user input.
  - 10. The method according to claim 1, wherein writing the requested application data from the secure memory to a data memory block comprises an installation step when the application data is the first software application, thereby configuring the first software application to execute within the secure element for initiating transactions with an external card reader device.
  - 11. The method according to claim 1, wherein the TSM computer is an external card reader device in radio frequency contact with the user computing device comprising the secure element.

12. A computer-implemented system for writing application data to secure elements of user computing devices, comprising:
- a computer comprising a secure element and that transmits, to a remote trusted service manager (TSM) computer, a request for application data and an access key for a write access type, the application data to be written to a secure element namespace of the secure element;
  
  a temporary memory in the computer that receives, from the remote TSM computer, the requested application data and the requested access key; and
  
  a control software application operating in the secure element of the computer that assigns one or more memory blocks of the secure element namespace to a first software application from a software application provider, and that writes the requested application data from the temporary memory to the one or more data memory blocks of the secure element namespace assigned to the first software application, the one or more data memory blocks of the secure element namespace being accessed by the control software application using the requested access key.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system according to claim 12, the secure element comprising the temporary memory.
  - 14. The system according to claim 12, wherein an access control to the data memory blocks of the secure element namespace is defined, at least in part, by the access key for the write access type and a read access key for a read access type, the access keys defined in an access memory block of the secure element namespace.
  - 15. The system of claim 14, wherein the control software application maintains a copy of the access keys defined in the access memory blocks of the secure element namespace.
  - 16. The system according to claim 12, wherein the requested application data comprises at least one of the first software application or data required to support the first software application.
  - 17. The system according to claim 12, the temporary memory receiving from the remote TSM computer an application identifier (AID) for the first software application and a directory access key, the directory access key for writing to an application directory table in a directory memory block in the secure element namespace, andthe control software application in the secure element writing the AID of the first software application and the memory block location of the first software application into the application directory table, wherein the directory memory block is accessed by the control software application using the directory access key.
  - 18. The system according to claim 12, wherein the temporary memory receives, from the remote TSM computer, a new access key, the new access key for replacing the requested access key, andwherein the control software application in the secure element replaces in the access memory block the requested access key with the new access key, wherein write access to the data memory block and the access memory block is granted using the requested access key, and wherein a copy of the new access key is maintained in the control software application.
  - 19. The system according to claim 12, wherein writing the requested application data from the temporary memory to a data memory block comprises an installation step when the application data is the first software application, thereby configuring the first software application to execute within the secure element for initiating transactions with an external card reader device.
  - 20. The system according to claim 12, wherein the TSM computer is an external card reader device in radio frequency contact with the computer.

21. A mobile computing device, comprising:
- a secure element comprising a secure element namespace;
  
  a first software application executing outside the secure element that transmits, to a remote trusted service manager (TSM) computer, a request for application data and at least an access key for a write access type, the application data to be written to the secure element namespace;
  
  a temporary memory that receives, from the remote TSM computer, the requested application data and the requested access key; and
  
  a control software application executing in the secure element that assigns one or more memory blocks of the secure element namespace to a second software application from a software application provider, and that writes the requested application data from the temporary memory to the one or more data memory blocks of the secure element namespace assigned to the second software application from the software application provider, andwherein the one or more data memory blocks of the secure element namespace are accessed by the control software application using the requested access key.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The device according to claim 21, wherein the secure element comprises the temporary memory.
  - 23. The device according to claim 21, wherein an access control to the data memory blocks of the secure element namespace is defined, at least in part, by the access key for the write access type and a read access key for a read access type the access keys defined in an access memory block of the secure element namespace.
  - 24. The device of claim 23, wherein a copy of the access keys are maintained by the control software application.
  - 25. The device according to claim 21, wherein the requested application data comprises at least one of the second software application from the software application provider or data required to support the second software application.
  - 26. The device according to claim 21, wherein the temporary memory receives, from the remote TSM computer, an application identifier (AID) for the second software application from the software application provider and a directory access key, the directory access key for writing to an application directory table in a directory memory block in the secure element namespace, andwherein the control software application in the secure element writes the AID of the second software application from the software application provider and the memory block location of the written software application into the application directory table, wherein the directory memory block is accessed by the control software application using the directory access key.
  - 27. The device according to claim 21, wherein the temporary memory receives, from the remote TSM computer, a new access key, wherein the new access key is for replacing the requested access key, andwherein the control software application replaces in the access memory block the requested access key with the new access key, wherein write access to the data memory block and the access memory block has been granted using the requested access key, and wherein a copy of the new access key is maintained in the control software application.
  - 28. The device according to claim 21, wherein writing the requested application data from the temporary memory to a data memory block comprises an installation step when the application data is the second software application, thereby configuring the installed second software application to execute within the secure element for initiating transactions with an external card reader device.
  - 29. The device according to claim 21, wherein the TSM computer is an external card reader device in radio frequency contact with the device.
  - 30. The device according to claim 21, wherein the first software application resident outside the secure element is a user-interface software application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
von Behren, Rob, Wall, Jonathan, Paya, Ismail Cem, Muehlberg, Alexej, Meyn, Hauke
Primary Examiner(s)
HENNING, MATTHEW T

Application Number

US13/686,887
Publication Number

US 20130111207A1
Time in Patent Office

623 Days
Field of Search

713/164
US Class Current

713/164
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3563   Software being resident on ...

G06Q 20/35765   Access rights to memory zones

G07F 7/1008   Active credit-cards provide...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/08   Key distribution or managem...

H04L 9/0897   involving additional device...

H04W 12/35   Protecting application or s...

H04W 4/80   Services using short range ...

Writing application data to a secure element

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

154 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Writing application data to a secure element

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links