Apparatus and method for secure delivery of data from a communication device
First Claim
1. A computer-readable storage device comprising executable instructions which, responsive to being executed by a secure device processor of a mobile communication device, cause the secure device processor to perform operations comprising:
- requesting an upload transport key and a data protection key from a secure element of the mobile communication device, and wherein the secure element stores master keys from which the upload transport key and the data protection key are generated by the secure element, wherein the secure element receives the master keys over a network from a remote management server, wherein the secure device processor and the secure element perform a mutual authentication with each other utilizing a keyset received via the remote management server;
receiving the upload transport key and the data protection key from the secure element without receiving the master keys;
receiving an upload request from a recipient device, another communication device, an application being executed by the mobile communication device, or a user input received at the mobile communication device;
obtaining data for transmission to the recipient device, wherein the obtaining of the data is in response to the receiving of the upload request;
encrypting the data using the data protection key to generate a single encrypted data; and
encrypting the single encrypted data using the upload transport key to generate a double encrypted data,wherein the mobile communication device comprises a mobile processor device that facilitates wireless communications by the secure device processor and by the secure element, andwherein the mobile processor device, the secure element and the secure device processor are physically separated components that are housed in the mobile communication device and are in communication with each other.
1 Assignment
0 Petitions
Accused Products
Abstract
A system that incorporates the subject disclosure may perform, for example, providing an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a modification of data according to a data protection key to generate modified data and to perform an encryption of the modified data according to an upload transport key to generate encrypted modified data where the secure device processor is separate from and in communication with a secure element of the mobile communication device, and where the secure element receives master keys from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor. Other embodiments are disclosed.
121 Citations
19 Claims
-
1. A computer-readable storage device comprising executable instructions which, responsive to being executed by a secure device processor of a mobile communication device, cause the secure device processor to perform operations comprising:
-
requesting an upload transport key and a data protection key from a secure element of the mobile communication device, and wherein the secure element stores master keys from which the upload transport key and the data protection key are generated by the secure element, wherein the secure element receives the master keys over a network from a remote management server, wherein the secure device processor and the secure element perform a mutual authentication with each other utilizing a keyset received via the remote management server; receiving the upload transport key and the data protection key from the secure element without receiving the master keys; receiving an upload request from a recipient device, another communication device, an application being executed by the mobile communication device, or a user input received at the mobile communication device; obtaining data for transmission to the recipient device, wherein the obtaining of the data is in response to the receiving of the upload request; encrypting the data using the data protection key to generate a single encrypted data; and encrypting the single encrypted data using the upload transport key to generate a double encrypted data, wherein the mobile communication device comprises a mobile processor device that facilitates wireless communications by the secure device processor and by the secure element, and wherein the mobile processor device, the secure element and the secure device processor are physically separated components that are housed in the mobile communication device and are in communication with each other. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A communication device, comprising:
-
a mobile processing device comprising a control element to control a transceiver of the communications device; a secure element having a secure element memory that stores first executable instructions that, when executed by the secure element, facilitate performance of first operations, comprising; receiving master keys over a network from a remote management server; storing the master keys in the secure element memory; and generating an upload transport key and a data protection key from the master keys; a secure device processor comprising a secure device processor memory that stores second executable instructions that, when executed by the secure device processor, facilitate performance of second operations, comprising; receiving the upload transport key and the data protection key from the secure element without receiving the master keys; receiving an upload request from a recipient device, another communication device, an application being executed by the communication device, or a user input received at the mobile communication device; obtaining data for transmission to a recipient device, wherein the obtaining of the data is in response to the receiving of the upload request; modifying the data using the data protection key to generate a modified data; and encrypting the modified data using the upload transport key to generate an encrypted modified data, wherein the secure device processor, the secure element and the mobile processing device are separate components in communication with each other and are housed in the communication device, and wherein the secure device processor and the secure element perform a mutual authentication with each other utilizing a keyset received via the remote management server. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
providing, by a server including a processor, an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a first encryption of data according to a data protection key to generate a single encrypted data and to perform a second encryption of the single encrypted data according to an upload transport key to generate a double encrypted data, wherein the secure device processor is separate from and in communication with a secure element of the mobile communication device, wherein the mobile communication device comprises a mobile processor device that facilitates communications of by the secure device processor and by the secure element, wherein the mobile processor device, the secure element and the secure device processor are separate components in communication with each other and housed in the mobile communication device, and wherein the secure element receives master keys over a network from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor; receiving, by the server from the secure device processor, the double encrypted data; obtaining, by the server, a corresponding upload transport key; decrypting, by the server, the double encrypted data utilizing the corresponding upload transport key to obtain the single encrypted data; and storing, by the server, the single encrypted data in a memory accessible to the server wherein the secure device processor and the secure element perform a mutual authentication with each other utilizing a keyset received via the remote management server, wherein the upload request is received from another communication device, and wherein the data is obtained by the secure device processor in response to the upload request. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification