US2019172062A1PendingUtilityA1

Method and apparatus for personalizing secure elements in mobile devices

Assignee: RFCYBER CORPPriority: Sep 24, 2006Filed: Dec 28, 2018Published: Jun 6, 2019
Est. expirySep 24, 2026(~0.2 yrs left)· nominal 20-yr term from priority
H04L 67/141G06Q 30/0601G06Q 20/3674G06Q 20/401G06Q 20/367G06Q 20/352G06Q 20/3672G06Q 20/40G06Q 20/3552G06Q 20/3278G06Q 20/3227G06Q 20/322G06Q 20/325G06Q 20/32G06Q 20/341H04L 63/00
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Techniques for personalizing secure elements in mobile devices to enable various secure transactions over a network (wired and/or wireless network) are disclosed. With a personalized secure element (hence secured element) in place, techniques for provisioning various applications or services are also provided. Interactions among different parties are managed to effectuate a personalization or provisioning process flawlessly to enable a mobile device for a user thereof to start enjoying the convenience of commerce over a data network with minimum effort.

Claims

exact text as granted — not AI-modified
What we claim is: 
     
         1 . A method for personalizing a secure element, the method comprising:
 initiating by a mobile device to communicate with a server to determine whether the secure element is registered with a designated party, wherein the secure element is a component coupled to the mobile device remotely located with respect to the server;   receiving a request from the server after the server verifies that the secure element has been registered with the designated party, wherein the request is a command causing a module in the mobile device to retrieve device information of the secure element;   sending the device information of the secure element from the mobile device to the server in responding to the request, wherein the device information, preloaded in the secure element by a manufacturer thereof, includes an identifier of the secure element, manufacturer information and a batch number of the secure element;   updating certain data in the secure element when some of the device information has been updated and received via the server, wherein the some of the device information is maintained in a database coupled to the server;   receiving at least a first key set securely and wirelessly from the server, wherein the first key set is generated in the server from a master key in accordance with the device information of the secure element;   storing the first key set in the secure element; and   storing a second key set in the secure element, where the second key set is generated in the server and delivered to the secure element through a channel secured with the first key set.   
     
     
         2 . The method as recited in  claim 1 , further comprising: provisioning an application with the secure element by receiving a third key set in the secure element through a channel secured with the second key set, wherein the third key set allows the application executed in the mobile device to complete a secure transaction with another device. 
     
     
         3 . The method as recited in  claim 2 , wherein the mobile device is a Near Field Communication (NFC)-enabled device accommodating the secure element that must be personalized before the NFC-enabled device is used to provide various transactions with a party over a data network. 
     
     
         4 . The method as recited in  claim 3 , wherein the party is a financial agent, and one of the various transactions is related to a financial transaction with the financial agent. 
     
     
         5 . The method as recited in  claim 1 , wherein, based on the device information of the secure element, the server is caused to retrieve corresponding default Issuer Security Domain (ISD) information of the secure element from a provider thereof to generate the first key set. 
     
     
         6 . The method as recited in  claim 5 , wherein the secure element includes the default issuer security domain (ISD) for receiving the first key set from the server, the default ISD is then updated after the first key set from the server is received in the secure element. 
     
     
         7 . The method as recited in  claim 6 , wherein the first key set is generated only once while the second key set is generated pertaining to a service provider, an additional second key set is generated when there is another service provider, the third key set includes operation keys specifically for the application. 
     
     
         8 . The method as recited in  claim 7 , wherein an additional third key set is generated and stored in the secure element for each additional application installed in the mobile device. 
     
     
         9 . The method as recited in  claim 1 , further comprising:
 sending to a designated server an identifier identifying the application together with the device information of the secure element;   establishing a secured channel between the secure element and the designated server using a derived Issuer Security Domain (ISD) key set installed on the secure element; and   installing a supplemental security domains (SSD) key when there is no such a SSD associated with the application.   
     
     
         10 . The method as recited in  claim 9 , further comprising:
 receiving parameters through the supplemental SSD to activate the application; and   notifying a provider of the application about a status of the application with the secure element.   
     
     
         11 . A method for personalizing a secure element associated with a mobile device, the method comprising:
 receiving a demand in a server from a mobile device for communication therewith;   sending a request from the server to the mobile device to request device information of the secure element after the server determines that the mobile device is registered therewith, wherein the device information is a sequence of characters uniquely identifying the secure element, and the request is a command causing the mobile device to retrieve the mobile device information from the secure element;   generating at least a first key set in accordance with the device information;   delivering the first key set through a secured channel over a data network to the mobile device, wherein the first key set is caused to be stored in the secure element with the mobile device, wherein the secured channel is established by a default key originally in the secure element; and default key is replaced by the first key set; and   storing a second key set in the secure element, where the second key set is generated in the server and delivered to the secure element through a channel secured with the first key set; and   provisioning an application with the secure element by receiving a third key set in the secure element through a channel secured with the second key set, wherein the third key set allows the application executed in the mobile device to complete a secure transaction with another device.   
     
     
         12 . The method as recited in  claim 11 , further comprising:
 notifying related parties that the secure element is now personalized for subsequent trusted transactions.   
     
     
         13 . The method as recited in  claim 11 , wherein the server is part of a Trusted Service Management (TSM) which is a collection of services configured to distribute and manage contactless services for customers signed up with the TSM, and provide data exchanges among different parties to make commerce possible with the mobile device. 
     
     
         14 . The method as recited in  claim 11 , wherein the device information includes an identifier of the secure element, manufacturer information and a batch number. 
     
     
         15 . The method as recited in  claim 12 , further comprising: retrieving corresponding default Issuer Security Domain (ISD) information of the secure element from a provider thereof based on the device information of the secure element. 
     
     
         16 . The method as recited in  claim 11 , wherein the secure element is in form of a smart card or an integrated circuit (IC), and includes at least one issuer security domain (ISD). 
     
     
         17 . The method as recited in  claim 11 , wherein the secure element is a software module upgradable by overwriting some or all of components therein, the software module is obtained and updated by downloading updating components from a designated server. 
     
     
         18 . The method as recited in  claim 11 , wherein the mobile device is a Near Field Communication (NFC)-enabled device accommodating the secure element that must be personalized before the NFC-enabled device is used to provide various transactions with a party over a data network. 
     
     
         19 . The method as recited in  claim 18 , wherein the party is a financial agent, and one of the various transactions is related to a financial transaction with the financial agent. 
     
     
         20 . The method as recited in  claim 11 , further comprising:
 facilitating a designated server to receive an identifier identifying an application together with the device information of the secure element and establish a secured channel between the secure element and the designated server using a derived Issuer Security Domain (ISD) key set installed on the secure element; and   determining whether there is a supplemental security domain (SSD) key set associated with the application, and installing the SSD key when there is no such a SSD associated with the application.

Join the waitlist — get patent alerts

Track US2019172062A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.