System and method for providing diverse secure data communication permissions to trusted applications on a portable communication device
Abstract
A system for providing first and second trusted applications diverse permission to communicate via a secure element. The system comprising first digital identifier and digital token operably associated with the first trusted application; a second digital identifier and digital token operably associated with the second trusted application. The system further includes a card services module that provides an application programming interface to the secure element supported by a secure data table including first and second sets of permissions. The card services module issues one or more commands to the secure element based on a first action requested by the first trusted application in conjunction with the presentation of the first digital token only if the one or more commands will not violate the first set of permissions. A method is also disclosed.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A system for providing first and second trusted applications diverse permission to communicate via a secure element associated with a portable communication device, the system comprising:
a first digital identifier and a first digital token operably associated with the first trusted application; a second digital identifier and a second digital token operably associated with the second trusted application; a card services module disposed on the portable communication device and operably associated with the secure element to provide an application programming interface to the secure element; and a secure data table electronically associated with the card services module, the secure data table including a first entry pairing the first digital identifier with the first digital token and a second entry pairing the second digital identifier with the second digital token, the first entry further including a first set of permissions and the second entry further including a second set of permissions, wherein the card services module issues one or more commands to the secure element based on a first action requested by the first trusted application in conjunction with the presentation of the first digital token only if the one or more commands will not violate the first set of permissions and the card services module issues one or more commands to the secure element based on a second action requested by the second trusted application in conjunction with the presentation of the second digital token only if the one more commands will not violate the second set of permissions.
2 . The system according to claim 1 wherein the first and second sets of permissions are different.
3 . The system according to claim 2 wherein the first and second sets of permissions govern reading, writing, activating/deactivating and downloading credentials.
4 . The system according to claim 3 wherein the first and second set of permissions apply independently to three categories: all credentials, own credentials and extended issuer credentials.
5 . The system according to claim 1 wherein the first and second sets of permissions govern reading, writing, activating/deactivating and downloading credentials.
6 . The system according to claim 5 wherein the first and second set of permissions apply independently to three categories: all credentials, own credentials and extended issuer credentials.
7 . A method for providing first and second trusted applications diverse permission to communicate via a secure element associated with a portable communication device, the method comprising:
assigning a first set of permissions to the first trusted application; assigning a second set of permissions to the second trusted application; requesting from the first trusted application that a card services module operably associated with the secure element implement a first action; and issuing one or more commands to the secure element based on the first action requested by the first trusted application only if the one or more commands will not violate the first set of permissions.
8 . The method of claim 7 further comprising:
requesting from the second trusted application that a card services module operably associated with the secure element implement a second action; and
issuing one or more commands to the secure element based on the second action requested by the second trusted application only if the one or more commands will not violate the second set of permissions.
9 . The method according to claim 8 wherein the first and second sets of permissions are different.
10 . The method according to claim 9 wherein the first and second sets of permissions govern reading, writing, activating/deactivating and downloading credentials.
11 . The method according to claim 10 wherein the first and second set of permissions apply independently to three categories: all credentials, own credentials and extended issuer credentials.
12 . The method according to claim 7 wherein the first and second sets of permissions govern reading, writing, activating/deactivating and downloading credentials.
13 . The method according to claim 12 wherein the first and second set of permissions apply independently to three categories: all credentials, own credentials and extended issuer credentials.
14 . The method according to claim 7 wherein the first set of permissions comprise a plurality of codes.
15 . The method according to claim 14 wherein each of the codes is a hexadecimal number.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.