US20120171992A1 - System and method for secure containment of sensitive financial information stored in a mobile communication terminal - Google Patents
System and method for secure containment of sensitive financial information stored in a mobile communication terminal Download PDFInfo
- Publication number
- US20120171992A1 US20120171992A1 US13/310,063 US201113310063A US2012171992A1 US 20120171992 A1 US20120171992 A1 US 20120171992A1 US 201113310063 A US201113310063 A US 201113310063A US 2012171992 A1 US2012171992 A1 US 2012171992A1
- Authority
- US
- United States
- Prior art keywords
- information
- mobile terminal
- mobile
- type
- tsm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/88—Detecting or preventing theft or loss
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
- G06Q20/3263—Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/354—Card activation or deactivation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/363—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/086—Access security using security domains
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/50—Service provisioning or reconfiguring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Definitions
- the following description relates to securing of sensitive data in a mobile terminal.
- mobile terminals e.g. mobile telephones and other mobile devices
- mobile terminals have steadily evolved from a mere mobile terminal with communicative functions to a terminal that incorporates various advanced functions, such as electronic mail, computer office application functions, video telephony, and more recently, mobile payment functionalities.
- advanced functions such as electronic mail, computer office application functions, video telephony, and more recently, mobile payment functionalities.
- consumer friendly utilities While integrating various consumer friendly utilities into the mobile terminal may provide convenience to its user, it also raises security concerns with regard to these mobile terminals.
- Security concerns associated with the greater usability of mobile terminals may be elevated by improper usage associated with misplacing, loss, theft of these mobile terminals, as well as other mishaps that may be incurred.
- various techniques have been proposed for remotely locking mobile terminals to disable their functions, when mobile terminals are misplaced or stolen. With these techniques, if a mobile terminal is to be locked during a normal operating state, its functions can be disabled, thus making it possible to reduce improper usage or the theft of private information stored in the mobile terminal.
- SE removable secure element
- a method of data deletion may be used to provide reliable security.
- the remote data deletion in the SE is limited to SEs conforming to industry standard Short Messaging Service-Point to Point (SMS-PP) protocol or Bearer Independent Protocol (BIP) (i.e. Universal Integrated Circuit Card (UICC) type SEs).
- SMS-PP Short Messaging Service-Point to Point
- BIP Bearer Independent Protocol
- UICC Universal Integrated Circuit Card
- remote data deletion in the SE may not feasible.
- Exemplary embodiments of the present invention provide a method for securing information stored in a non-Universal Integrated Circuit Card (UICC) type secure element (SE) over-the-air (OTA).
- exemplary embodiments of the present invention also provide a method for authenticating a mobile terminal with a Trusted Service Manager (TSM) and reconstructing a mobile wallet application.
- UICC Universal Integrated Circuit Card
- TSM Trusted Service Manager
- Exemplary embodiments of the present invention provide a method for securing information OTA in a non-UICC type SE of a mobile terminal including receiving a request to initialize an OTA proxy of a mobile terminal, initializing the OTA proxy, receiving a request to secure information stored in the SE, and securing, using the OTA proxy, the information stored in the non-UICC type SE.
- Exemplary embodiments of the present invention provide a method for authenticating a mobile terminal including receiving mobile terminal information and SE information from the mobile terminal; comparing the received information with stored mobile terminal information and SE information; and transmitting a command based on the comparison result.
- Exemplary embodiments of the present invention provide a method for reconstructing a mobile wallet application of a mobile terminal including receiving a request to reconstruct the mobile wallet application of a user; transmitting stored mobile wallet application information associated with the user to the mobile terminal; receiving mobile terminal information and SE information; and transmitting a stored application associated with the mobile wallet application information to the mobile terminal.
- Exemplary embodiments of the present invention provide a mobile terminal to secure information over-the-air (OTA) in a non-UICC type SE including an OTA proxy configured to connect to a TSM, and to receive a securing command from the TSM; and a non-UICC type SE.
- OTA over-the-air
- FIG. 1 is a system diagram of a trusted service manager (TSM) ecosystem according to an exemplary embodiment of the present invention.
- TSM trusted service manager
- FIG. 2 is a system diagram illustrating a method for deleting sensitive credit card credentials and related mobile wallet information from the secure element (SE) and the mobile wallet application according to an exemplary embodiment of the present invention.
- FIG. 3 is a system diagram illustrating a method for synchronizing mobile wallet application to authenticate the mobile terminal and SE accessing the wallet management system according to an exemplary embodiment of the present invention.
- FIG. 4 is a system diagram illustrating a method for reconstructing the financial information credentials and related mobile wallet application through a push method according to an exemplary embodiment of the present invention.
- FIG. 5 is a system diagram illustrating a method for reconstructing financial information credentials and related mobile wallet application through a pull method according to an exemplary embodiment of the present invention.
- X, Y, and Z will be construed to mean X only, Y only, Z only, or any combination of two or more items X, Y, and Z (e.g. XYZ, XZ, and YZ).
- XYZ, XZ, and YZ any combination of two or more items X, Y, and Z (e.g. XYZ, XZ, and YZ).
- FIG. 1 is a system diagram of a trusted service manager (TSM) ecosystem according to an exemplary embodiment of the present invention.
- TSM trusted service manager
- an example system employing TSM technology with over-the-air (OTA) proxy provisioning includes a TSM 10 ; mobile terminal 11 ; network 15 ; third party messaging platform 16 ; financial institution 18 ; mobile network operator (MNO) 19 ; handset manufacturer 20 ; and a card manufacturer 21 .
- service providers such as identified in 18 - 21 may go through a pre-registration process.
- the network 15 may refer to a cellular network, which may include one or more base stations to enable mobile terminal 11 to communicate with other mobile terminals or third party entities.
- network 15 may also include any other type of suitable communication network, such as the Internet, traditional wired telephone lines, and other suitable network technologies.
- the handset manufacturers 20 may include embedded secure element (SE) producers, and card manufacturers 21 may include producers of micro secure digital (SD) SE (i.e. non-Universal Integrated Circuit Card (UICC) SEs).
- SE embedded secure element
- SD micro secure digital
- UICC Universal Integrated Circuit Card
- handset manufacturers 20 and card manufacturers 21 may provide their OTA keys to TSM 10 in the pre-registration process mentioned above for future processing.
- the handset manufacturers 20 and card manufacturers 21 may provide their respective OTA keys upon request without going through the pre-registration process.
- a more detailed explanation of the pre-registration process is provided in the co-pending application 61/428,853.
- OTA proxy may be initialized or configured to be connected with TSM 10 during usage of a mobile wallet application to conserve technical resources. As such, OTA proxy will be in a sleep mode as a default until it is awaken for its utility.
- a third party messaging platform 16 e.g. Cloud to Device Messaging (C2DM)
- C2DM Cloud to Device Messaging
- the third party messaging platform 16 may be utilized to wake the OTA proxy, which in turn will connect with the TSM 10 for usage. If the TSM 10 sends a message to a third party messaging platform 16 with the wake-up command and identifying information, the third party messaging platform 16 in turn sends a is message to the identified mobile terminal 11 to wake up OTA proxy residing within the mobile terminal 11 .
- OTA proxy Once awake, OTA proxy will connect to the TSM 10 for provisioning or other utility.
- OTA proxy may be connected at higher frequencies or continuously to avoid the wake-up process described above.
- NFC Near Field Communication
- POS Point-of-Sale
- the acquirer network 23 and payment processor 22 may work together to ensure the payment gets updated at the financial institution 18 .
- This end user application does not involve the described TSM ecosystem and is illustrated to provide a description of a complete ecosystem.
- a method for deleting of sensitive information, such as credit card credentials, from the SE of the mobile terminal is described below in reference to FIG. 2 . While only the method for deletion is described in this exemplary figure, it will be understood other methods for securing sensitive information may be used, such as locking access to information stored in the SE.
- FIG. 2 is a system diagram illustrating a method for deleting sensitive credit card credentials from the SE.
- FIGS. 2-5 it will be understood that any communication that is conducted between the external parties or service providers ( 18 - 21 ), TSM 10 , and the mobile terminal 11 is provided through Network 15 as shown in FIG. 1 or other suitable methods.
- the sensitive information is not limited to credit card information, and the reference to credit card information is used merely as an example for the purposes of this disclosure.
- Service Provider such as Financial Institution 18 , makes a request with the identifying information, such as a Mobile Subscriber Integrated Services Digital Network (MSISDN) to delete its credentials (e.g. credit card number, expiration date, security code, personal identification number (PIN)) from the stolen/lost mobile terminal 11 .
- MSISDN Mobile Subscriber Integrated Services Digital Network
- Such a request may be initiated by the owner of the mobile terminal 11 or the individual SP.
- the request may be specific to the credit card information belonging to a specific SP or it may be to delete the all of credit card information residing in the SE, if not all of the sensitive information stored within the SE. While the request may typically be limited to only the credit card information belonging to the requesting SP, if an agreement is met by various financial institutions, credit card information of other agreeing SPs may be also deleted.
- the request sent by the SP may be to lock the entire SE containing credit card credentials, or to lock just the respective secure domain within the SE, which stores the respective credit card information.
- the request for locking or deleting specific security domain or SE may be specified by the SPs or may be catered to meet other business rules/requirements.
- the request to secure the information stored in the SE may be initiated by the mobile terminal 11 owner contacting the TSM 10 directly.
- the request in step 201 may be initiated by SP by its own volition or in response to a request by the owner of the mobile terminal 11 .
- the TSM 10 receives the request from SP and updates the respective mobile terminal account to “delete” status within its database.
- TSM 10 conducts an internal query to verify whether the mobile terminal 11 in question has a mobile wallet application 31 installed, such as a SK C&C mobile wallet application 31 .
- a mobile wallet application 31 installed, such as a SK C&C mobile wallet application 31 .
- TSM 10 modifies the request to delete related contactless applets, Wallet Management Application (WMA) 21 credit card credentials residing within the SE (wallet management applets), and the widgets residing within the SK C&C mobile wallet application 31 .
- WMA Wallet Management Application
- TSM 10 makes a determination on the type of SE equipped on the lost/stolen mobile terminal 11 .
- Micro SD's and Embedded SEs i.e. non-UICC type SEs
- SAT Subscriber Identity Module Application Toolkit
- USAT Universal Subscriber Identity Module Application Toolkit
- CAT Card Application Toolkit
- the deletion command composed by TSM 10 may go through OTA proxy in order to make any deletion of the information stored in the non-UICC type SEs, such as microSDs or embedded SEs.
- OTA proxy may also support SEs supported by traditional SAT/USAT/CAT framework as well, such as UICC, Services Identity Module (SIM), or Universal Subscriber Identity Module (USIM) (herein referred collectively as UICC).
- SEs supported by traditional SAT/USAT/CAT framework such as UICC, Services Identity Module (SIM), or Universal Subscriber Identity Module (USIM) (herein referred collectively as UICC).
- SIM Services Identity Module
- USIM Universal Subscriber Identity Module
- a push request is made to mobile push server, such as a Cloud to Device Messaging (C2DM) platform, in step 203 .
- mobile push server such as a Cloud to Device Messaging (C2DM) platform
- step 204 the mobile push server pushes the message to wake up the OTA proxy residing in the lost/stolen mobile terminal 11 .
- the OTA proxy retrieves mobile terminal 11 and associated SE specific information such as MSISDN and Card Image Number (CIN) and sends them to TSM 10 .
- SE information may also include Card Reference Number (CRN), Card is Production Life Cycle (CPLC), and Card Serial Number (CSN).
- TSM 10 checks the status of SE. As processing of stored SE may be based on its status, analysis of SE status and corresponding processes may be conducted prior to accessing the information stored in the SE. More specifically, based on the SE status, some preparation steps may be executed to secure the SE for processing commands received through the OTA proxy.
- SE equipped in the mobile terminal 11 may have any of the 3 statuses: operating system (OS) native, initialized, and secured. If the status of the SE is determined to be “secured” no further preparation steps may be executed.
- the “secured” state for the SE may refer to an intended operating card life cycle state in post issuance.
- TSM 10 may provide a final issuer master key to secure the SE.
- the “initialized” state for the SE may refer to an administrative card production state.
- pre-personalization process may be conducted, which may include providing an initial issuer master key and a final issuer master key to the SE.
- the “OS native” state for the SE may refer to a status that SE is not initialized by manufacturer's initialization method.
- an analysis of SE type may be performed to determine the type of protocol that should run within OTA proxy in order to provision into the identified SE. If the SE is a UICC type or an embedded type, SE may be accessed to modify the information stored in the SE. Alternatively, if the SE is a Micro SD type, additional process specific protocol may be executed to access or to modify the information stored in the SE. Since a person ordinarily skilled in the art understands what type of protocols may be used to access the Micro SD type, discussion thereof is omitted herein.
- TSM 10 processes the provided information along with the “delete” command and converts them into Application Protocol Data Unit (APDU) commands and sends the converted APDU commands to the OTA proxy.
- APDU Application Protocol Data Unit
- OTA proxy relays the received APDU commands to the SE where credit card credentials may reside.
- Credit card credentials may reside as contactless card applets as well as within a wallet management applet (WMA) 21 . Please refer to the co-related application No. 61/428,846 for further details on how a corresponding WMA 21 is created.
- results are sent to the OTA proxy in step 208 .
- OTA proxy relays the result back to the TSM 10 .
- TSM 10 in turn sends a notification to the SP of the outcome of its request in step 210 .
- the “delete” functionality disclosed in FIG. 2 may be provided if the mobile terminal 11 is powered on and has reception to a network.
- FIG. 3 a system diagram is provided for synchronizing the mobile wallet application 31 residing within the mobile terminal 11 .
- multiple external parties or SPs may request changes to be made to user's mobile wallet application 31 configuration using the TSM/Wallet Management System (WMS), which may store the master configuration of the user's mobile wallet application 31 .
- the external parties or SPs may include, without limitation, Financial Institutions 18 , Mobile Network Operator (MNO) 19 , Handset Manufacturer 20 , and Card manufacturer 21 (collectively referred to as “service providers” or “SPs”).
- MNO Mobile Network Operator
- SPs Card manufacturer 21
- the TSM/WMS may serve as a central repository to allow various external parties to make change requests without regard to user's login status to the mobile wallet application 31 .
- the respective external parties or SPs may request additional contactless cards to be provisioned to the user's mobile wallet application 31 on their own time without regard to the user's status.
- TSM 10 itself may automatically recognize that the expiration date of a contactless card applet stored in the SE is approaching based on its own internal records and prompt the user to renew the contactless card applet information.
- the user of the mobile terminal 11 may be prompted by the mobile wallet application 31 or other suitable methods, such as emails, texts, and voicemails.
- User may be prompted by the TSM 10 by other methods as well, such as texts, emails, voicemails or other suitable methods of providing notification.
- the user of the mobile terminal 11 may re-provision the respective contactless card applet through the TSM 10 system or by contacting the SP responsible for the soon to be expired contactless card applet.
- step 302 when the user logs into the mobile wallet application 31 on the mobile terminal 11 , the OTA proxy residing within the mobile wallet application 31 will retrieve specific mobile terminal 11 information and SE specific information (e.g. MSISDN, International Mobile Equipment Identity (IMEI)/Mobile Equipment Identifier (MEID), CIN/Integrated Circuit Card Identification (ICCID)) and send them to TSM 10 for analysis.
- SE specific information e.g. MSISDN, International Mobile Equipment Identity (IMEI)/Mobile Equipment Identifier (MEID), CIN/Integrated Circuit Card Identification (ICCID)
- step 303 TSM 10 upon receipt of the provided information, conducts an internal verification of the provided information by OTA proxy with the stored information.
- Sensitive information may include account specific information related to financial institution 18 that may be stored in the SE, such as credit card numbers, expiration date, personal identification number, and other related information. Further, sensitive information may also include user security information or other private information stored in the SE.
- a thief may steal a removable SE, such as a micro SD, from a mobile terminal 11 and use it on a different mobile terminal before the user even realizes the SE is missing from his or her mobile terminal 11 .
- TSM 10 will recognize whether the registered SE is being equipped on different non-registered mobile terminal 11 .
- TSM 10 may handle recognition of inconsistent devices in a different manner than described in step 304 .
- TSM 10 may handle such an event according to the business rules provided by the parties involved, such as opting to prompt the user for a password, security key, or other verification methods.
- Additional or different directions may be provided by the consumers or SPs in handling such event according to their business rules.
- This synchronization check may also be conducted when a request is made to provision another contactless card applet 23 or whenever OTA proxy is requested to connect with the TSM 10 or equivalent system.
- FIG. 4 illustrates an exemplary system diagram of a push system for reconstructing mobile wallet application 31 .
- the user of the device may contact one of the SPs or TSM 10 to reconstruct its mobile wallet application 31 and all of the previously stored contents therein.
- mobile wallet application 31 may include the widgets residing within the mobile wallet application 31 , contactless card Applet 23 and associated WMA 21 stored in the SE, and an optional OTA proxy.
- a mobile wallet application 31 may include less than all of the elements described herein or more than the elements described herein.
- step 401 the user of the mobile terminal 11 contacts SP notifying procurement of a new mobile terminal 11 .
- SP may conduct its own authentication to verify the correct user of the mobile terminal 11 .
- the user may also notify MNO 19 or TSM 10 directly as well.
- SP Once SP has authenticated the user, SP sends a request to TSM 10 to re-provision the user's new mobile terminal 11 with the SP's contactless application and related credentials in step 402 .
- TSM 10 performs an internal check to verify whether the user has any other SP accounts that it had provisioned prior to losing his or her phone. If there are other SP accounts held by the user, a request is made to the respective SPs for its provisioning information.
- step 405 another internal check is conducted to verify what mobile wallet application 31 the user previously had in his or her mobile terminal 11 .
- the mobile wallet application 31 may include various types, such as a SK C&C mobile wallet application 31 or other mobile wallet applications offered by different manufacturers.
- the system will retrieve the same version and user preference settings associated with the mobile wallet application 31 to transmit to the user in step 406 .
- the respective mobile wallet application 31 along with its configured user preferences may be sent to the user mobile terminal 11 through a mobile push server prior to moving to step 407 .
- the mobile wallet application 31 includes a corresponding OTA proxy, which may be installed by the mobile terminal 11 upon receipt of the application or by a separate process.
- TSM 10 sends a push message to wake up OTA proxy to a mobile push server, such as a C2DM system.
- a mobile push server such as a C2DM system.
- the mobile wallet application 31 may be sent prior to OTA proxy, at the same time as the mobile wallet application 31 , or before the mobile wallet application 31 .
- the mobile push server relays the received wake up command to OTA Proxy in step 408 .
- the OTA proxy retrieves mobile terminal 11 and SE specific information such as MSISDN and CIN and sends it to TSM 10 .
- TSM 10 processes the information along with the provisioning commands and converts them into APDU commands to send over to OTA proxy in step 410 .
- the provisioning commands may include specific instructions, such as install or delete specific information or application, and account specific information for a contactless card applet, which may be provided by the Financial Institution 18 .
- account specific information is received for the contactless card applet or other sensitive information, such information may be duplicated to be provisioned into the WMA 21 .
- a version of the associated widget for the mobile wallet application 31 of the mobile terminal 11 is also obtained by the TSM 10 to be provisioned directly into the wallet application 31 .
- OTA proxy relays the received APDU commands to the SE where credit card credentials, contactless applets, may be provisioned. If the user was a previous user of a mobile wallet application 31 , APDU commands will be relayed to provision account information corresponding to the contactless applets to be installed within the WMA 21 , which is also located within the SE. In addition, corresponding widget application will be installed in the mobile wallet application 31 to provide a graphic display of the installed account.
- results are sent back to the OTA proxy in step 412 .
- OTA Proxy relays the results back to the TSM 10 in step 413 and the TSM 10 updates its system with the results of the request.
- Notification of the outcome of the SP provisioning request is sent to the respective SP(s) in step 414 .
- the user's mobile wallet application 31 may be reconstructed through a pull mechanism, which may be initiated by the mobile terminal 11 owner as illustrated in FIG. 5 .
- step 501 the owner of the mobile terminal 11 attempts to reinstall the mobile wallet application 31 from the mobile terminal 11 and a request is made from the new or replaced mobile terminal 11 .
- a command request is sent along with mobile identification information to TSM 10 .
- TSM 10 receives the request with its related identification information, and in step 502 , an authentication process takes place to verify the user.
- the requesting user may be verified through a password, security question, social security number, or through other suitable verification methods.
- a check is conducted for an existing account. If it is found that a mobile wallet application 31 was previously installed, then the system will retrieve the same version and user preference settings related to the mobile wallet application 31 and send to the user in step 503 for downloading.
- the respective mobile wallet application 31 along with its configured user preferences may be sent to the user mobile terminal 11 through a mobile push server.
- a new account is created in the TSM 10 and a mobile wallet application 31 may be sent to the mobile terminal 11 through a mobile push server.
- the mobile wallet application 31 includes a corresponding OTA proxy, which may be installed by the mobile terminal 11 upon receipt of the application or by a separate process.
- TSM 10 checks the requesting user account for related SP account information. If one or more SP accounts are associated with the requesting user's account, notification may be sent to each SP, requesting provisioning information to be sent to the requesting user. While steps 503 and 504 were configured as separate steps, steps 503 and 504 may be conducted in conjunction or in a reverse order as well.
- the present disclosure provides for a mobile wallet application 31 and widgets related to the SP separately. However, it may also possible to gather all of the necessary widgets and the mobile wallet application 31 from the SP, so that the TSM 10 can relay both the widgets and the mobile wallet application 31 simultaneously to the user. Alternatively, if TSM 10 is allowed to store account specific information, the mobile wallet application 31 and the widgets may be provided by the TSM 10 without making additional requests to the SPs.
- TSM 10 sends a push message to wake up OTA proxy to the mobile push server, such as a C2DM system. While it is illustrated that mobile wallet application 31 is sent prior to OTA proxy, it should be noted that OTA proxy may be sent at the same time as the mobile wallet application 31 , or before the mobile wallet application 31 as well.
- the mobile push server relays the received wake up command to OTA Proxy in step 507 .
- the OTA proxy gathers mobile terminal 11 specific information such as MSISDN and CIN along with the provisioning commands and sends it to TSM 10 .
- the provisioning commands may include specific instructions, such as install or delete specific information or application, and account specific information for a contactless card applet, which may be provided by the Financial Institution 18 .
- Other sensitive information such as a key to the SE may be provided either by the other SPs or the TSM 10 . Sensitive information may be provided by the SPs in real-time using the TSM 10 as an intermediary or in advance for storage in the TSM 10 .
- TSM 10 processes the information along with the provisioning commands and converts them into APDU commands and sends them to OTA proxy in step 509 . Also, if provisioning commands including account specific information of the contactless card applet is received, such information may be duplicated to be provisioned into the WMA 21 . In addition, a version of the associated widget for the wallet application 31 is also obtained by the TSM 10 to be provisioned directly into the mobile wallet application 31 .
- OTA proxy relays the received APDU commands to the SE where credit card credentials, contactless applets, may be provisioned. If the user was a previous mobile wallet application 31 user, APDU commands may be relayed to provision account information corresponding to the contactless applets to be installed within the WMA 21 , which is also located within the SE. In addition, corresponding widget application may be installed in the mobile wallet application 31 to provide a graphic display of the installed account.
- results are sent back to the OTA proxy in step 511 .
- OTA Proxy relays the result back to the TSM 10 in step 512 and the TSM 10 will update its system with the result of the request.
- Notification of the outcome of the SP provisioning request will be sent to the respective SP(s) in step 513 .
Abstract
A method for securing information over-the-air (OTA) in a non-Universal Integrated Circuit Card (UICC) type secure element (SE) of a mobile terminal including receiving a request to initialize an OTA proxy of a mobile terminal, initializing the OTA proxy, receiving a request to secure information, and securing, using the OTA proxy, the requested information in the non-UICC type SE. A method for reconstructing a mobile wallet application including receiving a request to reconstruct the mobile wallet application for a user; transmitting stored mobile wallet application information associated with the user to the mobile terminal; receiving mobile terminal information and SE information; and transmitting a stored application associated with the mobile wallet application information to the mobile terminal. A mobile terminal to secure information OTA in a non-UICC type SE including an OTA proxy to receive a securing command from a TSM, and a non-UICC SE.
Description
- This application claims priority from and the benefit under 35 U.S.C. §119(a) of U.S. Provisional Patent Application No. 61/428,852, filed on Dec. 30, 2010, which is incorporated by reference for all purposes as if fully set forth herein. Also, the present application is related to co-pending U.S. Provisional Patent Application Nos. 61/428,846, 61/428,851 and 61/428,853, all of which have been filed on Dec. 30, 2010. Applicants hereby incorporate by reference the above-mentioned co-pending provisional applications, which are not admitted to be prior art with respect to the present invention by their mention here or in the background section that follows.
- 1. Field
- The following description relates to securing of sensitive data in a mobile terminal.
- 2. Discussion of the Background
- With the recent advancement in the mobile technology field, the size and weight of mobile terminals became dramatically reduced, thus increasing their portability and accelerating the tendency for a user to carry the mobile terminal at all times. As mobile terminals (e.g. mobile telephones and other mobile devices) are becoming more widely used, mobile terminals have steadily evolved from a mere mobile terminal with communicative functions to a terminal that incorporates various advanced functions, such as electronic mail, computer office application functions, video telephony, and more recently, mobile payment functionalities. While integrating various consumer friendly utilities into the mobile terminal may provide convenience to its user, it also raises security concerns with regard to these mobile terminals.
- Security concerns associated with the greater usability of mobile terminals may be elevated by improper usage associated with misplacing, loss, theft of these mobile terminals, as well as other mishaps that may be incurred. In order to alleviate these security concerns, various techniques have been proposed for remotely locking mobile terminals to disable their functions, when mobile terminals are misplaced or stolen. With these techniques, if a mobile terminal is to be locked during a normal operating state, its functions can be disabled, thus making it possible to reduce improper usage or the theft of private information stored in the mobile terminal.
- However, with the advancement of technology, the thieving population has evolved in their intelligence as well. The more educated thieves may easily break into the remotely locked mobile terminals by “jail-breaking” to retrieve sensitive information. Thus, it is no longer enough to merely lock an apparatus or application from usage, more must be done to prevent misappropriation of sensitive data stored within the mobile terminals.
- Further, with the introduction of a removable secure element (SE), further complication in the security realm has been provided. As many of these SEs, which store sensitive information, may be removed before they can be locked, a simple locking security feature on these devices may not be sufficient.
- A method of data deletion may be used to provide reliable security. However, currently, the remote data deletion in the SE is limited to SEs conforming to industry standard Short Messaging Service-Point to Point (SMS-PP) protocol or Bearer Independent Protocol (BIP) (i.e. Universal Integrated Circuit Card (UICC) type SEs). In the event the device owner has a SE that does not allow access via the industry standard protocols, such as micro (secure digital) SD cards or embedded SEs (i.e. non-UICC type SEs), remote data deletion in the SE may not feasible.
- Lastly, even if sensitive stored data has been able to be deleted, there is no easy way to replace the lost data upon recovering/replacing the lost mobile terminal. Thus, even if the mobile terminal storing sensitive information is lost and then replaced, the mobile terminal must be reinstalled with all of the applications and stored data from scratch.
- Exemplary embodiments of the present invention provide a method for securing information stored in a non-Universal Integrated Circuit Card (UICC) type secure element (SE) over-the-air (OTA). Exemplary embodiments of the present invention also provide a method for authenticating a mobile terminal with a Trusted Service Manager (TSM) and reconstructing a mobile wallet application.
- Additional features of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention.
- Exemplary embodiments of the present invention provide a method for securing information OTA in a non-UICC type SE of a mobile terminal including receiving a request to initialize an OTA proxy of a mobile terminal, initializing the OTA proxy, receiving a request to secure information stored in the SE, and securing, using the OTA proxy, the information stored in the non-UICC type SE.
- Exemplary embodiments of the present invention provide a method for authenticating a mobile terminal including receiving mobile terminal information and SE information from the mobile terminal; comparing the received information with stored mobile terminal information and SE information; and transmitting a command based on the comparison result.
- Exemplary embodiments of the present invention provide a method for reconstructing a mobile wallet application of a mobile terminal including receiving a request to reconstruct the mobile wallet application of a user; transmitting stored mobile wallet application information associated with the user to the mobile terminal; receiving mobile terminal information and SE information; and transmitting a stored application associated with the mobile wallet application information to the mobile terminal.
- Exemplary embodiments of the present invention provide a mobile terminal to secure information over-the-air (OTA) in a non-UICC type SE including an OTA proxy configured to connect to a TSM, and to receive a securing command from the TSM; and a non-UICC type SE.
- It is to be understood that both foregoing general descriptions and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. Other features and aspects will be apparent from the following detailed description, the drawings, and the claims.
- The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention, and together with the description serve to explain the principles of the invention.
-
FIG. 1 is a system diagram of a trusted service manager (TSM) ecosystem according to an exemplary embodiment of the present invention. -
FIG. 2 is a system diagram illustrating a method for deleting sensitive credit card credentials and related mobile wallet information from the secure element (SE) and the mobile wallet application according to an exemplary embodiment of the present invention. -
FIG. 3 is a system diagram illustrating a method for synchronizing mobile wallet application to authenticate the mobile terminal and SE accessing the wallet management system according to an exemplary embodiment of the present invention. -
FIG. 4 is a system diagram illustrating a method for reconstructing the financial information credentials and related mobile wallet application through a push method according to an exemplary embodiment of the present invention. -
FIG. 5 is a system diagram illustrating a method for reconstructing financial information credentials and related mobile wallet application through a pull method according to an exemplary embodiment of the present invention. - The invention is described more fully hereinafter with references to the accompanying drawings, in which exemplary embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure is thorough, and will fully convey the scope of the invention to those skilled in the art. It will be understood that for the purposes of this disclosure, “at least one of each” will be interpreted to mean any combination the enumerated elements following the respective language, including combination of multiples of the enumerated elements. For example, “at least one of X, Y, and Z” will be construed to mean X only, Y only, Z only, or any combination of two or more items X, Y, and Z (e.g. XYZ, XZ, and YZ). Throughout the drawings and the detailed description, unless otherwise described, the same drawing reference numerals are understood to refer to the same elements, features, and structures. The relative size and depiction of these elements may be exaggerated for clarity, illustration, and convenience.
-
FIG. 1 is a system diagram of a trusted service manager (TSM) ecosystem according to an exemplary embodiment of the present invention. - As shown in
FIG. 1 , an example system employing TSM technology with over-the-air (OTA) proxy provisioning includes aTSM 10;mobile terminal 11;network 15; thirdparty messaging platform 16;financial institution 18; mobile network operator (MNO) 19;handset manufacturer 20; and acard manufacturer 21. Before TSM 10 may be fully utilized by the user and its participants, service providers (SP) such as identified in 18-21 may go through a pre-registration process. In an example, thenetwork 15 may refer to a cellular network, which may include one or more base stations to enablemobile terminal 11 to communicate with other mobile terminals or third party entities. In addition,network 15 may also include any other type of suitable communication network, such as the Internet, traditional wired telephone lines, and other suitable network technologies. - The
handset manufacturers 20 may include embedded secure element (SE) producers, andcard manufacturers 21 may include producers of micro secure digital (SD) SE (i.e. non-Universal Integrated Circuit Card (UICC) SEs). As different SE manufacturer may provide for OTA keys that are different from the OTA keys provided for traditional UICC SE devices,handset manufacturers 20 andcard manufacturers 21 may provide their OTA keys toTSM 10 in the pre-registration process mentioned above for future processing. Alternatively, thehandset manufacturers 20 andcard manufacturers 21 may provide their respective OTA keys upon request without going through the pre-registration process. A more detailed explanation of the pre-registration process is provided in the co-pending application 61/428,853. - In an example, OTA proxy may be initialized or configured to be connected with
TSM 10 during usage of a mobile wallet application to conserve technical resources. As such, OTA proxy will be in a sleep mode as a default until it is awaken for its utility. To provide for an awakening mechanism, a third party messaging platform 16 (e.g. Cloud to Device Messaging (C2DM)) may be utilized to wake the OTA proxy, which in turn will connect with theTSM 10 for usage. If the TSM 10 sends a message to a thirdparty messaging platform 16 with the wake-up command and identifying information, the thirdparty messaging platform 16 in turn sends a is message to the identifiedmobile terminal 11 to wake up OTA proxy residing within themobile terminal 11. Once awake, OTA proxy will connect to theTSM 10 for provisioning or other utility. Alternatively, if desired, OTA proxy may be connected at higher frequencies or continuously to avoid the wake-up process described above. - If
mobile terminal 11 is equipped with a Near Field Communication (NFC)-enabled chip and provisioned with contactless card applets that may use NFC technology, the owner of themobile terminal 11 may make a purchase at the NFC enabled Point-of-Sale (POS) merchant by waving themobile terminal 11 at the corresponding POS device. Subsequently, once a purchase is made with themobile terminal 11, theacquirer network 23 andpayment processor 22 may work together to ensure the payment gets updated at thefinancial institution 18. This end user application, however, does not involve the described TSM ecosystem and is illustrated to provide a description of a complete ecosystem. - A method for deleting of sensitive information, such as credit card credentials, from the SE of the mobile terminal is described below in reference to
FIG. 2 . While only the method for deletion is described in this exemplary figure, it will be understood other methods for securing sensitive information may be used, such as locking access to information stored in the SE. -
FIG. 2 is a system diagram illustrating a method for deleting sensitive credit card credentials from the SE. For purposes of the present disclosure, although not illustrated inFIGS. 2-5 , it will be understood that any communication that is conducted between the external parties or service providers (18-21),TSM 10, and themobile terminal 11 is provided throughNetwork 15 as shown inFIG. 1 or other suitable methods. Further, it will be understood that the sensitive information is not limited to credit card information, and the reference to credit card information is used merely as an example for the purposes of this disclosure. - As shown in
FIG. 2 , instep 201, Service Provider (SP), such asFinancial Institution 18, makes a request with the identifying information, such as a Mobile Subscriber Integrated Services Digital Network (MSISDN) to delete its credentials (e.g. credit card number, expiration date, security code, personal identification number (PIN)) from the stolen/lostmobile terminal 11. In an example, such a request may be initiated by the owner of themobile terminal 11 or the individual SP. The request may be specific to the credit card information belonging to a specific SP or it may be to delete the all of credit card information residing in the SE, if not all of the sensitive information stored within the SE. While the request may typically be limited to only the credit card information belonging to the requesting SP, if an agreement is met by various financial institutions, credit card information of other agreeing SPs may be also deleted. - Likewise in
step 201, the request sent by the SP may be to lock the entire SE containing credit card credentials, or to lock just the respective secure domain within the SE, which stores the respective credit card information. The request for locking or deleting specific security domain or SE may be specified by the SPs or may be catered to meet other business rules/requirements. In addition, while not illustrated in the provided figure, the request to secure the information stored in the SE may be initiated by themobile terminal 11 owner contacting theTSM 10 directly. Also, the request instep 201 may be initiated by SP by its own volition or in response to a request by the owner of themobile terminal 11. - In
step 202, theTSM 10 receives the request from SP and updates the respective mobile terminal account to “delete” status within its database. In addition,TSM 10 conducts an internal query to verify whether themobile terminal 11 in question has amobile wallet application 31 installed, such as a SK C&Cmobile wallet application 31. In an example, if theTSM 10 determines that a SK C&Cmobile wallet application 31 is installed in the respective lost/stolenmobile terminal 11,TSM 10 modifies the request to delete related contactless applets, Wallet Management Application (WMA) 21 credit card credentials residing within the SE (wallet management applets), and the widgets residing within the SK C&Cmobile wallet application 31. - In addition,
TSM 10 makes a determination on the type of SE equipped on the lost/stolenmobile terminal 11. As Micro SD's and Embedded SEs (i.e. non-UICC type SEs) cannot support conventional Subscriber Identity Module Application Toolkit (SAT)/Universal Subscriber Identity Module Application Toolkit (USAT)/Card Application Toolkit (CAT) framework, the deletion command composed byTSM 10 may go through OTA proxy in order to make any deletion of the information stored in the non-UICC type SEs, such as microSDs or embedded SEs. However, OTA proxy may also support SEs supported by traditional SAT/USAT/CAT framework as well, such as UICC, Services Identity Module (SIM), or Universal Subscriber Identity Module (USIM) (herein referred collectively as UICC). A more detailed explanation on the OTA proxy may be found in the co-pending application 61/428,851. - Once
TSM 10 completes modifying the user account status, a push request is made to mobile push server, such as a Cloud to Device Messaging (C2DM) platform, instep 203. - In
step 204, the mobile push server pushes the message to wake up the OTA proxy residing in the lost/stolenmobile terminal 11. - In
step 205, the OTA proxy retrievesmobile terminal 11 and associated SE specific information such as MSISDN and Card Image Number (CIN) and sends them toTSM 10. In an example, SE information may also include Card Reference Number (CRN), Card is Production Life Cycle (CPLC), and Card Serial Number (CSN). - Further, although not illustrated, once
TSM 10 receives mobile equipment and SE information,TSM 10 checks the status of SE. As processing of stored SE may be based on its status, analysis of SE status and corresponding processes may be conducted prior to accessing the information stored in the SE. More specifically, based on the SE status, some preparation steps may be executed to secure the SE for processing commands received through the OTA proxy. In an example, SE equipped in themobile terminal 11 may have any of the 3 statuses: operating system (OS) native, initialized, and secured. If the status of the SE is determined to be “secured” no further preparation steps may be executed. The “secured” state for the SE may refer to an intended operating card life cycle state in post issuance. On the other hand, if the status of the SE is determined to be “initialized” thenTSM 10 may provide a final issuer master key to secure the SE. The “initialized” state for the SE may refer to an administrative card production state. Lastly, if the status of the SE is determined to be “OS native”, then pre-personalization process may be conducted, which may include providing an initial issuer master key and a final issuer master key to the SE. The “OS native” state for the SE may refer to a status that SE is not initialized by manufacturer's initialization method. - After status of the SE has been determined, an analysis of SE type may be performed to determine the type of protocol that should run within OTA proxy in order to provision into the identified SE. If the SE is a UICC type or an embedded type, SE may be accessed to modify the information stored in the SE. Alternatively, if the SE is a Micro SD type, additional process specific protocol may be executed to access or to modify the information stored in the SE. Since a person ordinarily skilled in the art understands what type of protocols may be used to access the Micro SD type, discussion thereof is omitted herein.
- In
step 206,TSM 10 processes the provided information along with the “delete” command and converts them into Application Protocol Data Unit (APDU) commands and sends the converted APDU commands to the OTA proxy. - In
step 207, OTA proxy relays the received APDU commands to the SE where credit card credentials may reside. Credit card credentials may reside as contactless card applets as well as within a wallet management applet (WMA) 21. Please refer to the co-related application No. 61/428,846 for further details on how a correspondingWMA 21 is created. - Once the “delete” command has been processed successfully, results are sent to the OTA proxy in
step 208. - In
step 209, OTA proxy relays the result back to theTSM 10.TSM 10 in turn sends a notification to the SP of the outcome of its request instep 210. - The “delete” functionality disclosed in
FIG. 2 may be provided if themobile terminal 11 is powered on and has reception to a network. - In
FIG. 3 , a system diagram is provided for synchronizing themobile wallet application 31 residing within themobile terminal 11. - In
step 301, multiple external parties or SPs may request changes to be made to user'smobile wallet application 31 configuration using the TSM/Wallet Management System (WMS), which may store the master configuration of the user'smobile wallet application 31. For the purposes of this disclosure, the external parties or SPs may include, without limitation,Financial Institutions 18, Mobile Network Operator (MNO) 19,Handset Manufacturer 20, and Card manufacturer 21 (collectively referred to as “service providers” or “SPs”). As themobile wallet application 31 may not always be on, the TSM/WMS may serve as a central repository to allow various external parties to make change requests without regard to user's login status to themobile wallet application 31. For example, the respective external parties or SPs may request additional contactless cards to be provisioned to the user'smobile wallet application 31 on their own time without regard to the user's status. - Similarly,
TSM 10 itself may automatically recognize that the expiration date of a contactless card applet stored in the SE is approaching based on its own internal records and prompt the user to renew the contactless card applet information. In an example, the user of themobile terminal 11 may be prompted by themobile wallet application 31 or other suitable methods, such as emails, texts, and voicemails. User may be prompted by theTSM 10 by other methods as well, such as texts, emails, voicemails or other suitable methods of providing notification. In response to the prompt, the user of themobile terminal 11 may re-provision the respective contactless card applet through theTSM 10 system or by contacting the SP responsible for the soon to be expired contactless card applet. - Subsequently, in
step 302, when the user logs into themobile wallet application 31 on themobile terminal 11, the OTA proxy residing within themobile wallet application 31 will retrieve specific mobile terminal 11 information and SE specific information (e.g. MSISDN, International Mobile Equipment Identity (IMEI)/Mobile Equipment Identifier (MEID), CIN/Integrated Circuit Card Identification (ICCID)) and send them toTSM 10 for analysis. - In
step 303,TSM 10 upon receipt of the provided information, conducts an internal verification of the provided information by OTA proxy with the stored information. - If it is found that the provided handset information or the SE information conflicts with the registered information, the
TSM 10 logs the event and may order themobile wallet application 31 to lock or delete sensitive information until further verification or clarification can be provided instep 304. Sensitive information may include account specific information related tofinancial institution 18 that may be stored in the SE, such as credit card numbers, expiration date, personal identification number, and other related information. Further, sensitive information may also include user security information or other private information stored in the SE. - In an example, a thief may steal a removable SE, such as a micro SD, from a
mobile terminal 11 and use it on a different mobile terminal before the user even realizes the SE is missing from his or hermobile terminal 11. By cross referencing the registered SE with the registered mobile terminal identification,TSM 10 will recognize whether the registered SE is being equipped on different non-registeredmobile terminal 11. Further, it should be noted thatTSM 10 may handle recognition of inconsistent devices in a different manner than described instep 304.TSM 10 may handle such an event according to the business rules provided by the parties involved, such as opting to prompt the user for a password, security key, or other verification methods. - Additional or different directions may be provided by the consumers or SPs in handling such event according to their business rules.
- This synchronization check may also be conducted when a request is made to provision another
contactless card applet 23 or whenever OTA proxy is requested to connect with theTSM 10 or equivalent system. -
FIG. 4 illustrates an exemplary system diagram of a push system for reconstructingmobile wallet application 31. Once the user has found or replaced the mobile terminal, which may no longer contain all of the previous the user's financial credentials, the user of the device may contact one of the SPs orTSM 10 to reconstruct itsmobile wallet application 31 and all of the previously stored contents therein. For the purposes of the present disclosure,mobile wallet application 31 may include the widgets residing within themobile wallet application 31,contactless card Applet 23 and associatedWMA 21 stored in the SE, and an optional OTA proxy. However, amobile wallet application 31 may include less than all of the elements described herein or more than the elements described herein. - In
step 401, the user of the mobile terminal 11 contacts SP notifying procurement of a newmobile terminal 11. SP may conduct its own authentication to verify the correct user of themobile terminal 11. Similarly, the user may also notifyMNO 19 orTSM 10 directly as well. - Once SP has authenticated the user, SP sends a request to
TSM 10 to re-provision the user's new mobile terminal 11 with the SP's contactless application and related credentials instep 402. - In
step 403,TSM 10 performs an internal check to verify whether the user has any other SP accounts that it had provisioned prior to losing his or her phone. If there are other SP accounts held by the user, a request is made to the respective SPs for its provisioning information. - Once SPs receive requests for provisioning information, internal authentication and validation check may be conducted and the necessary information sent to
TSM 10 for processing instep 404. - In step 405, another internal check is conducted to verify what
mobile wallet application 31 the user previously had in his or hermobile terminal 11. Themobile wallet application 31 may include various types, such as a SK C&Cmobile wallet application 31 or other mobile wallet applications offered by different manufacturers. - In an example, if it is found that the
mobile wallet application 31 was previously installed, then the system will retrieve the same version and user preference settings associated with themobile wallet application 31 to transmit to the user instep 406. The respectivemobile wallet application 31 along with its configured user preferences may be sent to the usermobile terminal 11 through a mobile push server prior to moving to step 407. For the purposes of this disclosure, it is assumed themobile wallet application 31 includes a corresponding OTA proxy, which may be installed by themobile terminal 11 upon receipt of the application or by a separate process. - In
step 407,TSM 10 sends a push message to wake up OTA proxy to a mobile push server, such as a C2DM system. In an example, themobile wallet application 31 may be sent prior to OTA proxy, at the same time as themobile wallet application 31, or before themobile wallet application 31. - Subsequently, the mobile push server relays the received wake up command to OTA Proxy in
step 408. - In
step 409, the OTA proxy retrievesmobile terminal 11 and SE specific information such as MSISDN and CIN and sends it toTSM 10. - Once
TSM 10 receives the information sent by OTA Proxy,TSM 10 processes the information along with the provisioning commands and converts them into APDU commands to send over to OTA proxy instep 410. In an example, the provisioning commands may include specific instructions, such as install or delete specific information or application, and account specific information for a contactless card applet, which may be provided by theFinancial Institution 18. Also, when account specific information is received for the contactless card applet or other sensitive information, such information may be duplicated to be provisioned into theWMA 21. In addition, a version of the associated widget for themobile wallet application 31 of themobile terminal 11 is also obtained by theTSM 10 to be provisioned directly into thewallet application 31. - Next, in
step 411, OTA proxy relays the received APDU commands to the SE where credit card credentials, contactless applets, may be provisioned. If the user was a previous user of amobile wallet application 31, APDU commands will be relayed to provision account information corresponding to the contactless applets to be installed within theWMA 21, which is also located within the SE. In addition, corresponding widget application will be installed in themobile wallet application 31 to provide a graphic display of the installed account. - Once the provisioning command has been successfully processed, results are sent back to the OTA proxy in
step 412. - Subsequently, OTA Proxy relays the results back to the
TSM 10 instep 413 and theTSM 10 updates its system with the results of the request. - Notification of the outcome of the SP provisioning request is sent to the respective SP(s) in
step 414. - Similarly to
FIG. 4 , the user'smobile wallet application 31 may be reconstructed through a pull mechanism, which may be initiated by themobile terminal 11 owner as illustrated inFIG. 5 . - In
step 501, the owner of the mobile terminal 11 attempts to reinstall themobile wallet application 31 from themobile terminal 11 and a request is made from the new or replacedmobile terminal 11. A command request is sent along with mobile identification information toTSM 10. -
TSM 10 receives the request with its related identification information, and instep 502, an authentication process takes place to verify the user. The requesting user may be verified through a password, security question, social security number, or through other suitable verification methods. Once the user has been correctly identified, a check is conducted for an existing account. If it is found that amobile wallet application 31 was previously installed, then the system will retrieve the same version and user preference settings related to themobile wallet application 31 and send to the user instep 503 for downloading. The respectivemobile wallet application 31 along with its configured user preferences may be sent to the usermobile terminal 11 through a mobile push server. - In an example, if it is determined that the requesting user did not have a
mobile wallet application 31 previously, a new account is created in theTSM 10 and amobile wallet application 31 may be sent to themobile terminal 11 through a mobile push server. For the purposes of this disclosure, it is assumed themobile wallet application 31 includes a corresponding OTA proxy, which may be installed by themobile terminal 11 upon receipt of the application or by a separate process. - Next, in
step 504,TSM 10 checks the requesting user account for related SP account information. If one or more SP accounts are associated with the requesting user's account, notification may be sent to each SP, requesting provisioning information to be sent to the requesting user. Whilesteps steps mobile wallet application 31 and widgets related to the SP separately. However, it may also possible to gather all of the necessary widgets and themobile wallet application 31 from the SP, so that theTSM 10 can relay both the widgets and themobile wallet application 31 simultaneously to the user. Alternatively, ifTSM 10 is allowed to store account specific information, themobile wallet application 31 and the widgets may be provided by theTSM 10 without making additional requests to the SPs. - Once SPs receive requests for provisioning information, internal authentication and validation check may be conducted and the necessary information sent to
TSM 10 for processing instep 505. - In
step 506,TSM 10 sends a push message to wake up OTA proxy to the mobile push server, such as a C2DM system. While it is illustrated thatmobile wallet application 31 is sent prior to OTA proxy, it should be noted that OTA proxy may be sent at the same time as themobile wallet application 31, or before themobile wallet application 31 as well. - Subsequently, the mobile push server relays the received wake up command to OTA Proxy in
step 507. - In
step 508, the OTA proxy gathers mobile terminal 11 specific information such as MSISDN and CIN along with the provisioning commands and sends it toTSM 10. In an example, the provisioning commands may include specific instructions, such as install or delete specific information or application, and account specific information for a contactless card applet, which may be provided by theFinancial Institution 18. Other sensitive information such as a key to the SE may be provided either by the other SPs or theTSM 10. Sensitive information may be provided by the SPs in real-time using theTSM 10 as an intermediary or in advance for storage in theTSM 10. - Once
TSM 10 receives the information sent by OTA Proxy,TSM 10 processes the information along with the provisioning commands and converts them into APDU commands and sends them to OTA proxy instep 509. Also, if provisioning commands including account specific information of the contactless card applet is received, such information may be duplicated to be provisioned into theWMA 21. In addition, a version of the associated widget for thewallet application 31 is also obtained by theTSM 10 to be provisioned directly into themobile wallet application 31. - Next, in
step 510, OTA proxy relays the received APDU commands to the SE where credit card credentials, contactless applets, may be provisioned. If the user was a previousmobile wallet application 31 user, APDU commands may be relayed to provision account information corresponding to the contactless applets to be installed within theWMA 21, which is also located within the SE. In addition, corresponding widget application may be installed in themobile wallet application 31 to provide a graphic display of the installed account. - Once the provisioning command has been successfully processed, results are sent back to the OTA proxy in
step 511. - Subsequently, OTA Proxy relays the result back to the
TSM 10 instep 512 and theTSM 10 will update its system with the result of the request. - Notification of the outcome of the SP provisioning request will be sent to the respective SP(s) in
step 513. - It will be apparent to those skilled in the art that various modifications and variation can be made in the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.
Claims (33)
1. A method for securing information in a non-Universal Integrated Circuit Card (UICC) type secure element (SE) of a mobile terminal, comprising:
receiving a request to initialize an over-the-air (OTA) proxy of a mobile terminal;
initializing the OTA proxy;
receiving a request to secure information stored in the SE; and
securing, using the OTA proxy, the information stored in the SE, wherein the SE is a non-UICC type SE.
2. The method of claim 1 , further comprising:
requesting installation of the OTA proxy;
receiving OTA proxy installation information; and
installing the OTA proxy in the mobile terminal.
3. The method of claim 2 , wherein OTA proxy installation information is received from a Trusted Service Manager (TSM).
4. The method of claim 3 , wherein initializing the OTA proxy comprises:
waking the OTA proxy; and
transmitting mobile terminal information and SE information to the TSM,
wherein the SE information comprises an SE status and an SE type.
5. The method of claim 1 , wherein the request to secure information comprises an Application Protocol Data Unit (APDU) command.
6. The method of claim 5 , wherein securing the requested information in the non-UICC type SE comprises executing the APDU command for securing the requested information, wherein the non-UICC type SE comprises a Micro Secure Digital (SD), an Embedded SE, or a SE that does not support either a Short Message Service Point to Point (SMS-PP) protocol or a Bearer Independent Protocol (BIP).
7. The method of claim 1 , wherein securing the requested information in the SE comprises deleting information stored in the non-UICC type SE.
8. The method of claim 1 , wherein securing the requested information in the SE comprises locking access to information stored in the non-UICC type SE.
9. The method of claim 1 , wherein the request to initialize the OTA proxy is received from a push server.
10. The method of claim 1 , further comprising preparing the SE for securing information before securing the requested information, wherein preparing the SE comprises:
retrieving mobile terminal information and SE information, wherein the SE information comprises an SE status and an SE type;
receiving a key based on the SE status; and
using the key to access the SE.
11. The method of claim 10 , wherein the mobile terminal information comprises at least one of International Mobile Equipment Identity (IMEI), Mobile Equipment Identifier (MEID), and Mobile Subscriber Integrated Services Digital Network Number (MSISDN).
12. The method of claim 10 , wherein the key comprises at least one of an initial issuer master key and a final issuer master key.
13. The method of claim 12 , wherein securing the information stored in the SE comprises providing at least one of the initial issuer master key and the final issuer master key to the SE in response to a determination that the SE status is Operating System (OS) native.
14. The method of claim 12 , wherein securing the information stored in the SE comprises providing the final issuer master key to the SE in response to a determination that SE status is initialized.
15. The method of claim 10 , wherein using the key to access the SE further comprises processing a protocol for enabling provisioning of the SE, the SE type being a Micro Secure Digital (SD) type.
16. A method for authenticating a mobile terminal, comprising:
receiving mobile terminal information and secure element (SE) information from the mobile terminal;
comparing the received information with stored mobile terminal information and SE information; and
transmitting a command based on the comparison result.
17. The method of claim 16 , wherein the mobile terminal information comprises at least one of International Mobile Equipment Identity (IMEI), Mobile Equipment Identifier (MEID), and Mobile Subscriber Integrated Services Digital Network Number (MSISDN).
18. The method of claim 16 , wherein the SE information comprises at least one of Card Image Number (CIN), Card Reference Number (CRN), Card Production Life Cycle (CPLC), and Card Serial Number (CSN).
19. The method of claim 16 , wherein transmitting a command based on the comparison result comprises transmitting a command to delete information stored in the SE of the mobile terminal, in response to the received information being different from the stored information.
20. The method of claim 19 , wherein the SE is a non-Universal Integrated Circuit Card (UICC) type SE.
21. The method of claim 16 , wherein transmitting a command based on the comparison result comprises transmitting a command to lock access to the information stored in the SE of the mobile terminal, in response to the received information being different from the stored information.
22. The method of claim 21 , wherein the SE is non-UICC type SE.
23. A method for reconstructing a mobile wallet application of a mobile terminal, comprising:
receiving a request to reconstruct the mobile wallet application of a user;
transmitting stored mobile wallet application information associated with the user to the mobile terminal;
receiving mobile terminal information and secure element (SE) information; and
transmitting a stored application associated with the mobile wallet application information to the mobile terminal.
24. The method of claim 23 , wherein transmitting stored mobile wallet application information associated with the user to the mobile terminal comprises transmitting an over-the-air (OTA) proxy application associated with the user.
25. The method of claim 23 , wherein transmitting stored mobile wallet application information associated with the user to the mobile terminal comprises transmitting an OTA proxy application associated with the mobile wallet application information.
26. The method of claim 23 , wherein receiving a request to reconstruct the mobile wallet application comprises receiving identifying information associated with the user.
27. The method of claim 23 , wherein the stored application information associated with the mobile wallet application comprises at least one of a contactless card applet, a wallet management applet, and a widget application for interfacing the user.
28. A mobile terminal to secure information over-the-air (OTA) in a non-Universal Integrated Circuit Card (UICC) type secure element (SE), comprising:
an OTA proxy configured to connect to a Trusted Service Manager (TSM), and to receive a securing command from the TSM; and
a non-UICC type SE.
29. The mobile terminal of claim 28 , wherein the securing command is a command to delete information stored in the non-UICC type SE or to lock access to information stored in the non-UICC type SE.
30. The mobile terminal of claim 28 , wherein the OTA proxy is configured to transmit mobile terminal information and SE information to the TSM, wherein the SE information comprises an SE status and an SE type.
31. The mobile terminal of claim 30 , wherein the OTA proxy is further configured to receive a key from the TSM to access the SE based on the SE information sent to the TSM, wherein the key comprises at least one of an initial issuer master key and a final issuer master key.
32. The mobile terminal of claim 30 , wherein the OTA proxy is further configured to receive a protocol to prepare the SE to be provisioned, the SE type being a Micro Secure Digital (SD) type.
33. The mobile terminal of claim 28 , wherein the non-UICC type SE comprises:
a contactless card applet; and
a wallet management applet corresponding to the contactless card applet, wherein the wallet management applet comprises at least one of an account number associated with the contactless card applet, an expiration date, and a security code.
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/310,063 US20120171992A1 (en) | 2010-12-30 | 2011-12-02 | System and method for secure containment of sensitive financial information stored in a mobile communication terminal |
AU2011350196A AU2011350196A1 (en) | 2010-12-30 | 2011-12-20 | System and method for secure containment of sensitive financial information stored in a mobile communication terminal |
PCT/KR2011/009867 WO2012091350A2 (en) | 2010-12-30 | 2011-12-20 | System and method for secure containment of sensitive financial information stored in a mobile communication terminal |
SG2013042973A SG190986A1 (en) | 2010-12-30 | 2011-12-20 | System and method for secure containment of sensitive financial information stored in a mobile communication terminal |
KR1020137019430A KR101514753B1 (en) | 2010-12-30 | 2011-12-20 | System and method for secure containment of sensitive financial information stored in a mobile communication terminal |
EP11852733.2A EP2659694A4 (en) | 2010-12-30 | 2011-12-20 | System and method for secure containment of sensitive financial information stored in a mobile communication terminal |
CN201180061627.2A CN103270782B (en) | 2010-12-30 | 2011-12-20 | System and method for the safety container of storage sensitive financial information in mobile communication terminals |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201061428852P | 2010-12-30 | 2010-12-30 | |
US201061428851P | 2010-12-30 | 2010-12-30 | |
US201061428853P | 2010-12-30 | 2010-12-30 | |
US201061428846P | 2010-12-30 | 2010-12-30 | |
US13/310,063 US20120171992A1 (en) | 2010-12-30 | 2011-12-02 | System and method for secure containment of sensitive financial information stored in a mobile communication terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
US20120171992A1 true US20120171992A1 (en) | 2012-07-05 |
Family
ID=46381172
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/310,091 Active 2033-02-20 US8843125B2 (en) | 2010-12-30 | 2011-12-02 | System and method for managing mobile wallet and its related credentials |
US13/310,308 Active 2033-04-06 US9191813B2 (en) | 2010-12-30 | 2011-12-02 | System and method for managing OTA provisioning applications through use of profiles and data preparation |
US13/310,063 Abandoned US20120171992A1 (en) | 2010-12-30 | 2011-12-02 | System and method for secure containment of sensitive financial information stored in a mobile communication terminal |
US13/310,344 Active 2032-05-17 US9161218B2 (en) | 2010-12-30 | 2011-12-02 | System and method for provisioning over the air of confidential information on mobile communicative devices with non-UICC secure elements |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/310,091 Active 2033-02-20 US8843125B2 (en) | 2010-12-30 | 2011-12-02 | System and method for managing mobile wallet and its related credentials |
US13/310,308 Active 2033-04-06 US9191813B2 (en) | 2010-12-30 | 2011-12-02 | System and method for managing OTA provisioning applications through use of profiles and data preparation |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/310,344 Active 2032-05-17 US9161218B2 (en) | 2010-12-30 | 2011-12-02 | System and method for provisioning over the air of confidential information on mobile communicative devices with non-UICC secure elements |
Country Status (1)
Country | Link |
---|---|
US (4) | US8843125B2 (en) |
Cited By (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102917061A (en) * | 2012-10-19 | 2013-02-06 | 北京奇虎科技有限公司 | Resource synchronization method and system |
US20130171929A1 (en) * | 2011-12-28 | 2013-07-04 | Research In Motion Limited | Mobile communications device providing near field communication (nfc) card issuance features and related methods |
WO2013097038A1 (en) * | 2011-12-28 | 2013-07-04 | Research In Motion Limited | Mobile communications device providing near field communication (nfc) card issuance features and related methods |
US20130173736A1 (en) * | 2011-12-29 | 2013-07-04 | the Province of Ontario, Canada) | Communications system providing enhanced trusted service manager (tsm)verification features and related methods |
US8538845B2 (en) | 2011-06-03 | 2013-09-17 | Mozido, Llc | Monetary transaction system |
US20140089261A1 (en) * | 2012-09-25 | 2014-03-27 | Selim Aissi | System and Method for Maintaining Device State Coherency |
JP2014123224A (en) * | 2012-12-20 | 2014-07-03 | Toppan Printing Co Ltd | Terminal device and expiry date update method |
CN103944907A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data updating method and system |
CN104038523A (en) * | 2013-03-07 | 2014-09-10 | 联想(北京)有限公司 | Method and device for storing information |
US20140279566A1 (en) * | 2013-03-15 | 2014-09-18 | Samsung Electronics Co., Ltd. | Secure mobile payment using media binding |
WO2014189569A1 (en) * | 2013-05-21 | 2014-11-27 | Jvl Ventures, Llc | Systems, methods, and computer program products for managing states |
WO2014190445A3 (en) * | 2013-05-29 | 2015-01-22 | Kaba Ag | Method for managing media for wireless communication |
US20150223061A1 (en) * | 2011-12-29 | 2015-08-06 | Gemalto Sa | Method for initiating an ota session |
US20150319152A1 (en) * | 2014-05-01 | 2015-11-05 | At&T Intellectual Property I, Lp | Apparatus and method for managing security domains for a universal integrated circuit card |
US9208488B2 (en) | 2011-11-21 | 2015-12-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
US20150373535A1 (en) * | 2014-06-24 | 2015-12-24 | Huawei Technologies Co., Ltd. | Method, Apparatus, and System for Managing Device |
CN105227681A (en) * | 2015-10-28 | 2016-01-06 | 北京知易普道技术有限责任公司 | A kind of push server and display terminal |
KR20160026582A (en) * | 2014-09-01 | 2016-03-09 | 삼성전자주식회사 | Electronic device and method for managing reenrollment |
US20160253666A1 (en) * | 2015-02-27 | 2016-09-01 | Samsung Electronics Co., Ltd. | Method and device for controlling payment function |
US9479571B2 (en) | 2012-09-18 | 2016-10-25 | Google Inc. | Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements |
US20160337290A1 (en) * | 2014-01-10 | 2016-11-17 | Huawei Technologies Co., Ltd. | Message Push Method and Apparatus |
EP3104635A1 (en) * | 2015-06-09 | 2016-12-14 | Deutsche Telekom AG | Method for an improved installation of a secure-element-related service application in a secure element being located in a communication device, system and telecommunications network for an improved installation of a secure-element-related service application in a secure element being located in a communication device, program comprising a computer readable program code, and computer program product |
US9544759B2 (en) | 2011-11-01 | 2017-01-10 | Google Inc. | Systems, methods, and computer program products for managing states |
EP3053081A4 (en) * | 2013-09-30 | 2017-03-01 | Google, Inc. | Systems, methods, and computer program products for securely managing data on a secure element |
CN106658350A (en) * | 2015-10-30 | 2017-05-10 | 中国移动通信集团公司 | Method for collaborative management and device thereof |
US9652628B2 (en) | 2011-11-01 | 2017-05-16 | Google Inc. | Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements |
WO2017160814A1 (en) * | 2016-03-14 | 2017-09-21 | Jpmorgan Chase Bank, N.A. | Systems and methods for device authentication |
CN107801165A (en) * | 2017-10-31 | 2018-03-13 | 平安科技(深圳)有限公司 | Service note method for pushing, device, computer equipment and storage medium |
US9942227B2 (en) | 2013-11-01 | 2018-04-10 | At&T Intellectual Property I, L.P. | Apparatus and method for secure over the air programming of a communication device |
US10091655B2 (en) | 2013-09-11 | 2018-10-02 | At&T Intellectual Property I, L.P. | System and methods for UICC-based secure communication |
US10122534B2 (en) | 2013-10-04 | 2018-11-06 | At&T Intellectual Property I, L.P. | Apparatus and method for managing use of secure tokens |
US10127533B2 (en) | 2012-07-31 | 2018-11-13 | Google Llc | Managing devices associated with a digital wallet account |
US10193700B2 (en) | 2015-02-27 | 2019-01-29 | Samsung Electronics Co., Ltd. | Trust-zone-based end-to-end security |
US10200367B2 (en) | 2013-11-01 | 2019-02-05 | At&T Intellectual Property I, L.P. | Apparatus and method for secure provisioning of a communication device |
US10218719B2 (en) * | 2016-09-21 | 2019-02-26 | Apple Inc. | Credential modification notifications |
US10223688B2 (en) | 2012-09-24 | 2019-03-05 | Samsung Electronics Co., Ltd. | Competing mobile payment offers |
US10375085B2 (en) | 2013-10-28 | 2019-08-06 | At&T Intellectual Property I, L.P. | Apparatus and method for securely managing the accessibility to content and applications |
US10438196B2 (en) | 2011-11-21 | 2019-10-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
US10681534B2 (en) | 2012-11-16 | 2020-06-09 | At&T Intellectual Property I, L.P. | Methods for provisioning universal integrated circuit cards |
US10778670B2 (en) | 2013-10-23 | 2020-09-15 | At&T Intellectual Property I, L.P. | Apparatus and method for secure authentication of a communication device |
US10930139B1 (en) * | 2019-10-10 | 2021-02-23 | Bank Of America Corporation | Information card silent coercion alarm |
US11042861B2 (en) * | 2012-04-18 | 2021-06-22 | Google Llc | Processing payment transactions without a secure element |
US20210241262A1 (en) * | 2013-06-13 | 2021-08-05 | Blackberry Limited | Mobile wireless communications device having digital wallet with multi-mode user card and related methods |
US11087304B2 (en) | 2016-03-14 | 2021-08-10 | Jpmorgan Chase Bank, N.A. | Systems and methods for device authentication |
US20210264405A1 (en) * | 2006-09-24 | 2021-08-26 | Rfcyber Corp | Method and apparatus for payments between two mobile devices |
US11107047B2 (en) | 2015-02-27 | 2021-08-31 | Samsung Electronics Co., Ltd. | Electronic device providing electronic payment function and operating method thereof |
US11129018B2 (en) | 2015-02-27 | 2021-09-21 | Samsung Electronics Co., Ltd. | Payment means operation supporting method and electronic device for supporting the same |
US11182769B2 (en) | 2015-02-12 | 2021-11-23 | Samsung Electronics Co., Ltd. | Payment processing method and electronic device supporting the same |
US11568507B2 (en) | 2019-10-10 | 2023-01-31 | Bank Of America Corporation | Native-feature silent coercion alarm |
Families Citing this family (101)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10176476B2 (en) * | 2005-10-06 | 2019-01-08 | Mastercard Mobile Transactions Solutions, Inc. | Secure ecosystem infrastructure enabling multiple types of electronic wallets in an ecosystem of issuers, service providers, and acquires of instruments |
EP2667344A3 (en) | 2005-10-06 | 2014-08-27 | C-Sam, Inc. | Transactional services |
US20140089120A1 (en) | 2005-10-06 | 2014-03-27 | C-Sam, Inc. | Aggregating multiple transaction protocols for transacting between a plurality of distinct payment acquiring devices and a transaction acquirer |
US10628881B2 (en) * | 2009-01-22 | 2020-04-21 | First Data Corporation | Processing transactions with an extended application ID and dynamic cryptograms |
US10037524B2 (en) * | 2009-01-22 | 2018-07-31 | First Data Corporation | Dynamic primary account number (PAN) and unique key per card |
US10354321B2 (en) * | 2009-01-22 | 2019-07-16 | First Data Corporation | Processing transactions with an extended application ID and dynamic cryptograms |
EP2336986A1 (en) * | 2009-12-17 | 2011-06-22 | Gemalto SA | Method of personalizing an application embedded in a secured electronic token |
US20120303310A1 (en) | 2011-05-26 | 2012-11-29 | First Data Corporation | Systems and Methods for Providing Test Keys to Mobile Devices |
US20130019195A1 (en) * | 2011-07-12 | 2013-01-17 | Oracle International Corporation | Aggregating multiple information sources (dashboard4life) |
US10083247B2 (en) | 2011-10-01 | 2018-09-25 | Oracle International Corporation | Generating state-driven role-based landing pages |
US20140279479A1 (en) * | 2011-10-12 | 2014-09-18 | C-Sam, Inc. | Nfc paired bluetooth e-commerce |
IN2014KN00998A (en) * | 2011-10-12 | 2015-09-04 | C Sam Inc | |
US8918855B2 (en) * | 2011-12-09 | 2014-12-23 | Blackberry Limited | Transaction provisioning for mobile wireless communications devices and related methods |
JP6322143B2 (en) * | 2011-12-13 | 2018-05-09 | ビザ インターナショナル サービス アソシエーション | Integrated mobile trusted service manager |
US10949815B2 (en) | 2011-12-13 | 2021-03-16 | Visa International Service Association | Integrated mobile trusted service manager |
EP2800022A4 (en) * | 2011-12-30 | 2015-09-09 | Mozido Corfire Korea Ltd | System and method for controlling applet access |
US9923986B2 (en) | 2011-12-30 | 2018-03-20 | Mozido Corfire—Korea, Ltd. | Master TSM |
US20130254028A1 (en) * | 2012-03-22 | 2013-09-26 | Corbuss Kurumsal Telekom Hizmetleri A.S. | System and method for conducting mobile commerce |
US8838174B2 (en) | 2012-05-04 | 2014-09-16 | Apple Inc. | Device initiated card provisioning via bearer independent protocol |
CA2810360C (en) * | 2012-06-27 | 2016-05-10 | Rogers Communications Inc. | System and method for remote provisioning of embedded universal integrated circuit cards |
US8843398B2 (en) * | 2012-07-23 | 2014-09-23 | Wal-Mart Stores, Inc. | Transferring digital receipt data to mobile devices |
US9842333B2 (en) | 2012-07-23 | 2017-12-12 | Wal-Mart Stores, Inc. | Transferring digital receipt data to mobile devices |
US8738454B2 (en) * | 2012-07-23 | 2014-05-27 | Wal-Mart Stores, Inc. | Transferring digital receipt data to mobile devices |
EP2880607A4 (en) * | 2012-08-02 | 2015-09-23 | Visa Int Service Ass | Issuing and storing of payment credentials |
DE102012016164A1 (en) * | 2012-08-14 | 2014-02-20 | Giesecke & Devrient Gmbh | Security element and method for installing data in the security element |
JP2014072760A (en) * | 2012-09-28 | 2014-04-21 | Fujitsu Mobile Communications Ltd | Control program, wireless terminal device, and control method |
WO2014069871A1 (en) * | 2012-10-29 | 2014-05-08 | 주식회사 케이티 | Method of changing entity managing subscriber authentication module and device using same |
KR102025521B1 (en) * | 2012-10-29 | 2019-09-26 | 주식회사 케이티 | Method of changing entity for managing subscriber certification module and apparatus using the same |
US8959331B2 (en) | 2012-11-19 | 2015-02-17 | At&T Intellectual Property I, Lp | Systems for provisioning universal integrated circuit cards |
KR101460179B1 (en) | 2012-11-28 | 2014-11-10 | 에스케이씨앤씨 주식회사 | Method for Temporary Payment Card Set-up and Mobile Device using the same |
KR101436872B1 (en) * | 2012-11-29 | 2014-09-02 | 에스케이씨앤씨 주식회사 | Method and System for Information Management in Secure Element |
US9594896B2 (en) * | 2012-12-21 | 2017-03-14 | Blackberry Limited | Two factor authentication using near field communications |
US9947001B2 (en) | 2013-03-15 | 2018-04-17 | Mastercard International Incorporated | System and method for using multiple payment accounts using a single payment device |
AP2015008828A0 (en) | 2013-04-05 | 2015-10-31 | Visa Int Service Ass | Systems, methods and devices for transacting |
US9052891B2 (en) | 2013-05-14 | 2015-06-09 | International Business Machines Corporation | Declarative configuration and execution of card content management operations for trusted service manager |
KR102116860B1 (en) * | 2013-06-20 | 2020-06-05 | 삼성전자 주식회사 | Method and apparatus for combining different kind of wallets on a mobile device |
KR102168922B1 (en) | 2013-06-26 | 2020-10-22 | 삼성전자 주식회사 | Method and apparatus for transmitting wallets between mobile devices |
WO2015001167A1 (en) * | 2013-07-02 | 2015-01-08 | Nokia Corporation | Method and apparatus for mobile ticketing |
WO2015025282A2 (en) * | 2013-08-21 | 2015-02-26 | Visa International Service Association | Methods and systems for transferring electronic money |
EP3055978B1 (en) * | 2013-10-10 | 2019-02-27 | Google LLC | Systems, methods, and computer program products for managing communications |
SG10201900029SA (en) | 2013-11-19 | 2019-02-27 | Visa Int Service Ass | Automated account provisioning |
US9525997B2 (en) | 2013-11-25 | 2016-12-20 | At&T Intellectual Property I, L.P. | Method and apparatus for managing international mobile subscriber identity |
US9384485B1 (en) * | 2013-11-26 | 2016-07-05 | American Express Travel Related Services Company, Inc. | Systems and methods for rapidly provisioning functionality to one or more mobile communication devices |
US9413759B2 (en) | 2013-11-27 | 2016-08-09 | At&T Intellectual Property I, Lp | Apparatus and method for secure delivery of data from a communication device |
US9990786B1 (en) * | 2014-01-17 | 2018-06-05 | Microstrategy Incorporated | Visitor credentials |
US9825944B2 (en) | 2014-01-24 | 2017-11-21 | Microsoft Technology Licensing, Llc | Secure cryptoprocessor for authorizing connected device requests |
US10488909B2 (en) * | 2014-02-14 | 2019-11-26 | Hewlett-Packard Development Company, L.P. | Communicating commands to an embedded controller of a system |
US11282131B2 (en) | 2014-03-31 | 2022-03-22 | Monticello Enterprises LLC | User device enabling access to payment information in response to user input |
US11250493B2 (en) | 2014-03-31 | 2022-02-15 | Monticello Enterprises LLC | System and method for performing social media cryptocurrency transactions |
US10832310B2 (en) | 2014-03-31 | 2020-11-10 | Monticello Enterprises LLC | System and method for providing a search entity-based payment process |
US11080777B2 (en) | 2014-03-31 | 2021-08-03 | Monticello Enterprises LLC | System and method for providing a social media shopping experience |
US10511580B2 (en) | 2014-03-31 | 2019-12-17 | Monticello Enterprises LLC | System and method for providing a social media shopping experience |
US20150310421A1 (en) * | 2014-04-23 | 2015-10-29 | Rfcyber Corporation | Electronic payment transactions without POS terminals |
US10997592B1 (en) | 2014-04-30 | 2021-05-04 | Wells Fargo Bank, N.A. | Mobile wallet account balance systems and methods |
US11615401B1 (en) | 2014-04-30 | 2023-03-28 | Wells Fargo Bank, N.A. | Mobile wallet authentication systems and methods |
US11288660B1 (en) | 2014-04-30 | 2022-03-29 | Wells Fargo Bank, N.A. | Mobile wallet account balance systems and methods |
US11574300B1 (en) | 2014-04-30 | 2023-02-07 | Wells Fargo Bank, N.A. | Mobile wallet systems and methods using trace identifier using card networks |
US11610197B1 (en) | 2014-04-30 | 2023-03-21 | Wells Fargo Bank, N.A. | Mobile wallet rewards redemption systems and methods |
US9652770B1 (en) | 2014-04-30 | 2017-05-16 | Wells Fargo Bank, N.A. | Mobile wallet using tokenized card systems and methods |
US11461766B1 (en) | 2014-04-30 | 2022-10-04 | Wells Fargo Bank, N.A. | Mobile wallet using tokenized card systems and methods |
US11748736B1 (en) | 2014-04-30 | 2023-09-05 | Wells Fargo Bank, N.A. | Mobile wallet integration within mobile banking |
AU2015255887A1 (en) * | 2014-05-07 | 2016-10-13 | Visa International Service Association | Enhanced data interface for contactless communications |
KR20160002321A (en) | 2014-06-30 | 2016-01-07 | 삼성전자주식회사 | Method and apparatus for receiving/transmitting a profile for communication service in a mobile communication system |
US10445739B1 (en) | 2014-08-14 | 2019-10-15 | Wells Fargo Bank, N.A. | Use limitations for secondary users of financial accounts |
US10990941B1 (en) | 2014-08-15 | 2021-04-27 | Jpmorgan Chase Bank, N.A. | Systems and methods for facilitating payments |
CN105659662B (en) * | 2014-09-29 | 2019-10-18 | 华为技术有限公司 | A kind of method and device of shunting |
US11234105B2 (en) | 2014-09-29 | 2022-01-25 | Visa International Service Association | Methods and systems for asset obfuscation |
US20160124924A1 (en) * | 2014-10-09 | 2016-05-05 | Wrap Media, LLC | Displaying a wrap package of cards within an overlay window embedded in an application or web page |
US20160162893A1 (en) * | 2014-12-05 | 2016-06-09 | Mastercard International Incorporated | Open, on-device cardholder verification method for mobile devices |
US9509825B2 (en) * | 2014-12-07 | 2016-11-29 | Chon Hock LEOW | System and method of secure personal identification |
EP3231157B1 (en) * | 2014-12-12 | 2020-05-20 | Visa International Service Association | Provisioning platform for machine-to-machine devices |
US10334431B2 (en) * | 2014-12-23 | 2019-06-25 | Intel Corporation | Near field communications (NFC)-based offload of NFC operation |
US11853919B1 (en) | 2015-03-04 | 2023-12-26 | Wells Fargo Bank, N.A. | Systems and methods for peer-to-peer funds requests |
GB2538774A (en) * | 2015-05-28 | 2016-11-30 | Vodafone Ip Licensing Ltd | Setting a password on a device |
US10171537B2 (en) | 2015-08-07 | 2019-01-01 | At&T Intellectual Property I, L.P. | Segregation of electronic personal health information |
US9942747B2 (en) * | 2015-08-07 | 2018-04-10 | At&T Mobility Ii Llc | Dynamic utilization of services by a temporary device |
US10631192B2 (en) | 2015-08-14 | 2020-04-21 | At&T Intellectual Property I, L.P. | Policy enforced intelligent persona manager |
US10044780B2 (en) | 2015-08-26 | 2018-08-07 | At&T Intellectual Property I, L.P. | Dynamic segregated secure data connection |
EP3247136A1 (en) * | 2016-05-16 | 2017-11-22 | Gemalto Sa | Method for provisioning an applet with credentials of a terminal application provided by an application server and corresponding ota platform |
CN106875175B (en) * | 2016-06-28 | 2020-07-24 | 阿里巴巴集团控股有限公司 | Method and device convenient for payment subject expansion |
US10970715B1 (en) | 2016-08-23 | 2021-04-06 | Wells Fargo Bank. N.A. | Systems and methods for multi-channel onboarding of a mobile wallet |
US11468414B1 (en) | 2016-10-03 | 2022-10-11 | Wells Fargo Bank, N.A. | Systems and methods for establishing a pull payment relationship |
US10243930B2 (en) | 2017-01-11 | 2019-03-26 | Mastercard International Incorporated | Systems and methods for secure communication bootstrapping of a device |
FR3062539B1 (en) * | 2017-01-31 | 2019-03-29 | Stmicroelectronics (Tours) Sas | PORTABLE PHONE CASE |
US11030609B2 (en) * | 2017-02-17 | 2021-06-08 | Apple Inc. | Preventing duplicate wireless transactions |
RU2651251C1 (en) | 2017-04-28 | 2018-04-18 | АО "Лаборатория Касперского" | Method of downloading filtering rules to mobile device |
CN107274283B (en) * | 2017-05-31 | 2020-09-08 | 中国银联股份有限公司 | Over-the-air card issuing method and device |
KR102495672B1 (en) * | 2017-09-20 | 2023-02-03 | 삼성전자주식회사 | Electronic device for supporting backup and reinstallation of mobile card |
US11416852B1 (en) * | 2017-12-15 | 2022-08-16 | Worldpay, Llc | Systems and methods for generating and transmitting electronic transaction account information messages |
CN110062016B (en) * | 2018-01-18 | 2023-05-09 | 阿里巴巴集团控股有限公司 | Method and device for trusted service management |
US11295297B1 (en) | 2018-02-26 | 2022-04-05 | Wells Fargo Bank, N.A. | Systems and methods for pushing usable objects and third-party provisioning to a mobile wallet |
US11074577B1 (en) | 2018-05-10 | 2021-07-27 | Wells Fargo Bank, N.A. | Systems and methods for making person-to-person payments via mobile client application |
US11775955B1 (en) | 2018-05-10 | 2023-10-03 | Wells Fargo Bank, N.A. | Systems and methods for making person-to-person payments via mobile client application |
US10607214B1 (en) * | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10771254B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for email-based card activation |
US11551190B1 (en) | 2019-06-03 | 2023-01-10 | Wells Fargo Bank, N.A. | Instant network cash transfer at point of sale |
FR3099258B1 (en) * | 2019-07-26 | 2022-06-24 | Idemia Identity & Security France | Dynamic adaptation of a secure element execution environment to profiles |
EP4312448A3 (en) * | 2019-12-06 | 2024-04-10 | Samsung Electronics Co., Ltd. | Method and electronic device for managing digital keys |
CN112288425B (en) * | 2020-12-23 | 2021-04-13 | 中国银联股份有限公司 | Payment function opening method, terminal equipment, server, system and storage medium |
US11729163B2 (en) | 2021-03-19 | 2023-08-15 | The Toronto-Dominion Bank | System and method for establishing secure communication between applications |
US11935035B2 (en) * | 2021-04-20 | 2024-03-19 | Capital One Services, Llc | Techniques to utilize resource locators by a contactless card to perform a sequence of operations |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080126145A1 (en) * | 2006-07-06 | 2008-05-29 | Firethorn Holdings, Llc | Methods and Systems For Distribution of a Mobile Wallet for a Mobile Device |
US20090124234A1 (en) * | 2007-11-14 | 2009-05-14 | Mobile Candy Dish, Inc. | Method and system for securing transactions made through a mobile communication device |
US20100275269A1 (en) * | 2007-10-20 | 2010-10-28 | Andras Vilmos | Procedure for the preparation and performing of a post issuance process on a secure element |
US20100291904A1 (en) * | 2009-05-13 | 2010-11-18 | First Data Corporation | Systems and methods for providing trusted service management services |
US20100323681A1 (en) * | 2007-11-06 | 2010-12-23 | Gemalto S/A | Sharing or reselling nfc applications among mobile communication devices |
US20120095852A1 (en) * | 2010-10-15 | 2012-04-19 | John Bauer | Method and system for electronic wallet access |
US20120108204A1 (en) * | 2010-10-28 | 2012-05-03 | Schell Stephan V | Management systems for multiple access control entities |
US8666366B2 (en) * | 2007-06-22 | 2014-03-04 | Apple Inc. | Device activation and access |
US8768845B1 (en) * | 2009-02-16 | 2014-07-01 | Sprint Communications Company L.P. | Electronic wallet removal from mobile electronic devices |
Family Cites Families (64)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5221838A (en) | 1990-12-24 | 1993-06-22 | Motorola, Inc. | Electronic wallet |
US6157859A (en) * | 1996-05-16 | 2000-12-05 | Sulzer Intermedics, Inc. | Upgradable implantable medical device with post-shock pacing and redraw functions |
US6148405A (en) | 1997-11-10 | 2000-11-14 | Phone.Com, Inc. | Method and system for secure lightweight transactions in wireless data networks |
JP4176181B2 (en) | 1998-03-13 | 2008-11-05 | 富士通株式会社 | Electronic wallet management system, terminal device and computer-readable recording medium recording electronic wallet management program |
US6199762B1 (en) | 1998-05-06 | 2001-03-13 | American Express Travel Related Services Co., Inc. | Methods and apparatus for dynamic smartcard synchronization and personalization |
US6487403B2 (en) | 1999-08-19 | 2002-11-26 | Verizon Laboratories Inc. | Wireless universal provisioning device |
SE515327C2 (en) * | 1999-08-27 | 2001-07-16 | Ericsson Telefon Ab L M | Device for carrying out secure transactions in a communication device |
US7233926B2 (en) | 2000-03-07 | 2007-06-19 | Thomson Licensing | Electronic wallet system with secure inter-purses operations |
US6961858B2 (en) | 2000-06-16 | 2005-11-01 | Entriq, Inc. | Method and system to secure content for distribution via a network |
US7155411B1 (en) | 2000-09-28 | 2006-12-26 | Microsoft Corporation | Integrating payment accounts and an electronic wallet |
WO2002041601A2 (en) | 2000-11-16 | 2002-05-23 | Telefonaktiebolaget Lm Ericsson (Publ) | User authentication apparatus, controlling method thereof, and network system |
US6950939B2 (en) | 2000-12-08 | 2005-09-27 | Sony Corporation | Personal transaction device with secure storage on a removable memory device |
US7236742B2 (en) | 2001-06-18 | 2007-06-26 | Brigham Young University | System and method for wireless data transfer for a mobile unit |
US6976241B2 (en) * | 2001-11-14 | 2005-12-13 | Intel Corporation | Cross platform administrative framework |
US7149545B2 (en) | 2002-05-30 | 2006-12-12 | Nokia Corporation | Method and apparatus for facilitating over-the-air activation of pre-programmed memory devices |
CN1675879A (en) * | 2002-06-07 | 2005-09-28 | 索尼株式会社 | Data processing system, data processing device, data processing method, and computer program |
US7822688B2 (en) | 2002-08-08 | 2010-10-26 | Fujitsu Limited | Wireless wallet |
JP2004252665A (en) * | 2003-02-19 | 2004-09-09 | Canon Inc | Document processing method |
GB2398707B (en) | 2003-02-21 | 2005-03-30 | Schlumberger Holdings | Authentication method for enabling a user of a mobile station to access to private data or services |
WO2004098219A1 (en) | 2003-04-29 | 2004-11-11 | Sony Ericsson Mobile Communications Ab | Mobile apparatus with remote lock and control function |
WO2004105359A2 (en) | 2003-05-19 | 2004-12-02 | Einar Rosenberg | An apparatus and method for increased security of wireless transactions |
TWI350686B (en) * | 2003-07-14 | 2011-10-11 | Nagravision Sa | Method for securing an electronic certificate |
US20050071419A1 (en) * | 2003-09-26 | 2005-03-31 | Lewontin Stephen Paul | System, apparatus, and method for providing Web services using wireless push |
DK1687725T3 (en) * | 2003-11-26 | 2020-10-26 | Veroguard Systems Pty Ltd | SECURE PAYMENT SYSTEM |
US7146159B1 (en) | 2003-12-23 | 2006-12-05 | Sprint Communications Company L.P. | Over-the-air card provisioning system and method |
CA2495949A1 (en) | 2004-02-05 | 2005-08-05 | Simon Law | Secure wireless authorization system |
JP4917036B2 (en) | 2004-09-23 | 2012-04-18 | ジエマルト・エス・アー | System and method for communicating with a general purpose integrated circuit card in a mobile device using an internet protocol |
US7490775B2 (en) | 2004-12-30 | 2009-02-17 | Aol Llc, A Deleware Limited Liability Company | Intelligent identification of multimedia content for synchronization |
US7628322B2 (en) | 2005-03-07 | 2009-12-08 | Nokia Corporation | Methods, system and mobile device capable of enabling credit card personalization using a wireless network |
JP2006261990A (en) | 2005-03-16 | 2006-09-28 | Fujitsu Ltd | Mobile terminal and remote lock program |
US20140089120A1 (en) * | 2005-10-06 | 2014-03-27 | C-Sam, Inc. | Aggregating multiple transaction protocols for transacting between a plurality of distinct payment acquiring devices and a transaction acquirer |
CN100583118C (en) * | 2005-10-13 | 2010-01-20 | 株式会社Ntt都科摩 | Mobile terminal, access control management device, and access control management method |
US7819307B2 (en) | 2005-10-27 | 2010-10-26 | Hewlett-Packard Development Company, L.P. | Method and system for managing monetary value on a mobile device |
US7689205B2 (en) | 2005-12-23 | 2010-03-30 | Morgan Stanley | Systems and methods for configuration of mobile computing devices |
US20070150246A1 (en) * | 2005-12-28 | 2007-06-28 | Microsoft Corporation | Context-Supported Structures in a Modeling Language |
US9911114B2 (en) | 2006-07-06 | 2018-03-06 | Qualcomm Incorporated | Methods and systems for making a payment via a stored value card in a mobile environment |
US8467766B2 (en) | 2006-07-06 | 2013-06-18 | Qualcomm Incorporated | Methods and systems for managing payment sources in a mobile environment |
US7711392B2 (en) | 2006-07-14 | 2010-05-04 | Research In Motion Limited | System and method to provision a mobile device |
US7822439B2 (en) | 2006-08-14 | 2010-10-26 | Sandisk Il Ltd. | System for sharing credentials |
US7708194B2 (en) | 2006-08-23 | 2010-05-04 | Verizon Patent And Licensing Inc. | Virtual wallet |
US7469151B2 (en) | 2006-09-01 | 2008-12-23 | Vivotech, Inc. | Methods, systems and computer program products for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities |
US7527208B2 (en) | 2006-12-04 | 2009-05-05 | Visa U.S.A. Inc. | Bank issued contactless payment card used in transit fare collection |
WO2008046143A1 (en) * | 2006-10-17 | 2008-04-24 | Avega Systems Pty Ltd | Configuring and connecting to a media wireless network |
US10104432B2 (en) * | 2006-12-01 | 2018-10-16 | Time Warner Cable Enterprises Llc | Methods and apparatus for software provisioning of a network device |
US20080208742A1 (en) | 2007-02-22 | 2008-08-28 | First Data Corporation | Provisioning of a device for mobile commerce |
US7840687B2 (en) * | 2007-07-11 | 2010-11-23 | Intel Corporation | Generic bootstrapping protocol (GBP) |
CN101765846B (en) | 2007-08-01 | 2013-10-23 | Nxp股份有限公司 | Mobile communication device and method for disabling applications |
EP2043016A1 (en) | 2007-09-27 | 2009-04-01 | Nxp B.V. | Method, system, trusted service manager, service provider and memory element for managing access rights for trusted applications |
US7707113B1 (en) | 2007-09-28 | 2010-04-27 | Sprint Communications Company L.P. | Method and system for setting levels of electronic wallet security |
US7822840B2 (en) * | 2007-10-23 | 2010-10-26 | International Business Machines Corporation | Method and apparatus for dynamic web service client application update |
US7689508B2 (en) | 2007-11-20 | 2010-03-30 | Wells Fargo Bank N.A. | Mobile device credit account |
CN101939963B (en) | 2007-12-07 | 2016-11-16 | 法国电信公司 | For controlling the method for application, the security module being associated, mobile terminal and the server installed in the security module being associated with mobile terminal |
US8312270B1 (en) * | 2007-12-17 | 2012-11-13 | Trend Micro, Inc. | DHCP-based security policy enforcement system |
US20090307140A1 (en) | 2008-06-06 | 2009-12-10 | Upendra Mardikar | Mobile device over-the-air (ota) registration and point-of-sale (pos) payment |
US8743776B2 (en) * | 2008-06-12 | 2014-06-03 | At&T Mobility Ii Llc | Point of sales and customer support for femtocell service and equipment |
US10706402B2 (en) | 2008-09-22 | 2020-07-07 | Visa International Service Association | Over the air update of payment transaction data stored in secure memory |
US20100125495A1 (en) | 2008-11-17 | 2010-05-20 | Smith Steven M | System and method of providing a mobile wallet at a mobile telephone |
US8725574B2 (en) | 2008-11-17 | 2014-05-13 | Mastercard International Incorporated | Methods and systems for payment account issuance over a mobile network |
US8615466B2 (en) | 2008-11-24 | 2013-12-24 | Mfoundry | Method and system for downloading information into a secure element of an electronic device |
US20100211499A1 (en) * | 2009-02-13 | 2010-08-19 | Bank Of America Corporation | Systems, methods and computer program products for optimizing routing of financial payments |
US20100306076A1 (en) | 2009-05-29 | 2010-12-02 | Ebay Inc. | Trusted Integrity Manager (TIM) |
US9734496B2 (en) | 2009-05-29 | 2017-08-15 | Paypal, Inc. | Trusted remote attestation agent (TRAA) |
US10454693B2 (en) | 2009-09-30 | 2019-10-22 | Visa International Service Association | Mobile payment application architecture |
US9419956B2 (en) * | 2010-03-22 | 2016-08-16 | Bank Of America Corporation | Systems and methods for authenticating a user for accessing account information using a web-enabled device |
-
2011
- 2011-12-02 US US13/310,091 patent/US8843125B2/en active Active
- 2011-12-02 US US13/310,308 patent/US9191813B2/en active Active
- 2011-12-02 US US13/310,063 patent/US20120171992A1/en not_active Abandoned
- 2011-12-02 US US13/310,344 patent/US9161218B2/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080126145A1 (en) * | 2006-07-06 | 2008-05-29 | Firethorn Holdings, Llc | Methods and Systems For Distribution of a Mobile Wallet for a Mobile Device |
US8666366B2 (en) * | 2007-06-22 | 2014-03-04 | Apple Inc. | Device activation and access |
US20100275269A1 (en) * | 2007-10-20 | 2010-10-28 | Andras Vilmos | Procedure for the preparation and performing of a post issuance process on a secure element |
US20100323681A1 (en) * | 2007-11-06 | 2010-12-23 | Gemalto S/A | Sharing or reselling nfc applications among mobile communication devices |
US20090124234A1 (en) * | 2007-11-14 | 2009-05-14 | Mobile Candy Dish, Inc. | Method and system for securing transactions made through a mobile communication device |
US8768845B1 (en) * | 2009-02-16 | 2014-07-01 | Sprint Communications Company L.P. | Electronic wallet removal from mobile electronic devices |
US20100291904A1 (en) * | 2009-05-13 | 2010-11-18 | First Data Corporation | Systems and methods for providing trusted service management services |
US20120095852A1 (en) * | 2010-10-15 | 2012-04-19 | John Bauer | Method and system for electronic wallet access |
US20120108204A1 (en) * | 2010-10-28 | 2012-05-03 | Schell Stephan V | Management systems for multiple access control entities |
Non-Patent Citations (1)
Title |
---|
Calypso Networks Association WG1, Calypso Specification, 01/28/2009 * |
Cited By (80)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210264405A1 (en) * | 2006-09-24 | 2021-08-26 | Rfcyber Corp | Method and apparatus for payments between two mobile devices |
US9892386B2 (en) | 2011-06-03 | 2018-02-13 | Mozido, Inc. | Monetary transaction system |
US8538845B2 (en) | 2011-06-03 | 2013-09-17 | Mozido, Llc | Monetary transaction system |
US11295281B2 (en) | 2011-06-03 | 2022-04-05 | Fintiv, Inc. | Monetary transaction system |
US11120413B2 (en) | 2011-06-03 | 2021-09-14 | Fintiv, Inc. | Monetary transaction system |
US9652628B2 (en) | 2011-11-01 | 2017-05-16 | Google Inc. | Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements |
US9928382B2 (en) | 2011-11-01 | 2018-03-27 | Google Llc | Systems, methods, and computer program products for managing secure elements |
US9544759B2 (en) | 2011-11-01 | 2017-01-10 | Google Inc. | Systems, methods, and computer program products for managing states |
US10114976B2 (en) | 2011-11-01 | 2018-10-30 | Google Llc | Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements |
US10438196B2 (en) | 2011-11-21 | 2019-10-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
US11468434B2 (en) | 2011-11-21 | 2022-10-11 | Fintiv, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
US9208488B2 (en) | 2011-11-21 | 2015-12-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
US9154903B2 (en) * | 2011-12-28 | 2015-10-06 | Blackberry Limited | Mobile communications device providing near field communication (NFC) card issuance features and related methods |
US20130171929A1 (en) * | 2011-12-28 | 2013-07-04 | Research In Motion Limited | Mobile communications device providing near field communication (nfc) card issuance features and related methods |
WO2013097038A1 (en) * | 2011-12-28 | 2013-07-04 | Research In Motion Limited | Mobile communications device providing near field communication (nfc) card issuance features and related methods |
US9077769B2 (en) * | 2011-12-29 | 2015-07-07 | Blackberry Limited | Communications system providing enhanced trusted service manager (TSM) verification features and related methods |
US20150223061A1 (en) * | 2011-12-29 | 2015-08-06 | Gemalto Sa | Method for initiating an ota session |
US9402180B2 (en) * | 2011-12-29 | 2016-07-26 | Gemalto Sa | Method for initiating an OTA session |
US20130173736A1 (en) * | 2011-12-29 | 2013-07-04 | the Province of Ontario, Canada) | Communications system providing enhanced trusted service manager (tsm)verification features and related methods |
US11042861B2 (en) * | 2012-04-18 | 2021-06-22 | Google Llc | Processing payment transactions without a secure element |
US10127533B2 (en) | 2012-07-31 | 2018-11-13 | Google Llc | Managing devices associated with a digital wallet account |
US10949819B2 (en) | 2012-07-31 | 2021-03-16 | Google Llc | Managing devices associated with a digital wallet account |
US10924279B2 (en) | 2012-09-18 | 2021-02-16 | Google Llc | Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements |
US9479571B2 (en) | 2012-09-18 | 2016-10-25 | Google Inc. | Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements |
US10057773B2 (en) | 2012-09-18 | 2018-08-21 | Google Llc | Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements |
US11601273B2 (en) | 2012-09-18 | 2023-03-07 | Google Llc | Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements |
US10223688B2 (en) | 2012-09-24 | 2019-03-05 | Samsung Electronics Co., Ltd. | Competing mobile payment offers |
US20140089261A1 (en) * | 2012-09-25 | 2014-03-27 | Selim Aissi | System and Method for Maintaining Device State Coherency |
US9633098B2 (en) * | 2012-09-25 | 2017-04-25 | Visa International Service Association | System and method for maintaining device state coherency |
US10002174B2 (en) | 2012-09-25 | 2018-06-19 | Visa International Service Association | System and method for maintaining device state coherency |
CN102917061A (en) * | 2012-10-19 | 2013-02-06 | 北京奇虎科技有限公司 | Resource synchronization method and system |
US10834576B2 (en) | 2012-11-16 | 2020-11-10 | At&T Intellectual Property I, L.P. | Methods for provisioning universal integrated circuit cards |
US10681534B2 (en) | 2012-11-16 | 2020-06-09 | At&T Intellectual Property I, L.P. | Methods for provisioning universal integrated circuit cards |
JP2014123224A (en) * | 2012-12-20 | 2014-07-03 | Toppan Printing Co Ltd | Terminal device and expiry date update method |
CN104038523A (en) * | 2013-03-07 | 2014-09-10 | 联想(北京)有限公司 | Method and device for storing information |
US20140279566A1 (en) * | 2013-03-15 | 2014-09-18 | Samsung Electronics Co., Ltd. | Secure mobile payment using media binding |
WO2014189569A1 (en) * | 2013-05-21 | 2014-11-27 | Jvl Ventures, Llc | Systems, methods, and computer program products for managing states |
WO2014190445A3 (en) * | 2013-05-29 | 2015-01-22 | Kaba Ag | Method for managing media for wireless communication |
US20210241262A1 (en) * | 2013-06-13 | 2021-08-05 | Blackberry Limited | Mobile wireless communications device having digital wallet with multi-mode user card and related methods |
US11368844B2 (en) | 2013-09-11 | 2022-06-21 | At&T Intellectual Property I, L.P. | System and methods for UICC-based secure communication |
US10735958B2 (en) | 2013-09-11 | 2020-08-04 | At&T Intellectual Property I, L.P. | System and methods for UICC-based secure communication |
US10091655B2 (en) | 2013-09-11 | 2018-10-02 | At&T Intellectual Property I, L.P. | System and methods for UICC-based secure communication |
EP3053081A4 (en) * | 2013-09-30 | 2017-03-01 | Google, Inc. | Systems, methods, and computer program products for securely managing data on a secure element |
US10122534B2 (en) | 2013-10-04 | 2018-11-06 | At&T Intellectual Property I, L.P. | Apparatus and method for managing use of secure tokens |
US10778670B2 (en) | 2013-10-23 | 2020-09-15 | At&T Intellectual Property I, L.P. | Apparatus and method for secure authentication of a communication device |
US11005855B2 (en) | 2013-10-28 | 2021-05-11 | At&T Intellectual Property I, L.P. | Apparatus and method for securely managing the accessibility to content and applications |
US11477211B2 (en) | 2013-10-28 | 2022-10-18 | At&T Intellectual Property I, L.P. | Apparatus and method for securely managing the accessibility to content and applications |
US10375085B2 (en) | 2013-10-28 | 2019-08-06 | At&T Intellectual Property I, L.P. | Apparatus and method for securely managing the accessibility to content and applications |
US10701072B2 (en) | 2013-11-01 | 2020-06-30 | At&T Intellectual Property I, L.P. | Apparatus and method for secure provisioning of a communication device |
US10200367B2 (en) | 2013-11-01 | 2019-02-05 | At&T Intellectual Property I, L.P. | Apparatus and method for secure provisioning of a communication device |
US9942227B2 (en) | 2013-11-01 | 2018-04-10 | At&T Intellectual Property I, L.P. | Apparatus and method for secure over the air programming of a communication device |
US10567553B2 (en) | 2013-11-01 | 2020-02-18 | At&T Intellectual Property I, L.P. | Apparatus and method for secure over the air programming of a communication device |
US20160337290A1 (en) * | 2014-01-10 | 2016-11-17 | Huawei Technologies Co., Ltd. | Message Push Method and Apparatus |
US10009303B2 (en) * | 2014-01-10 | 2018-06-26 | Huawei Technologies Co., Ltd. | Message push method and apparatus |
CN103944907A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data updating method and system |
US9967247B2 (en) * | 2014-05-01 | 2018-05-08 | At&T Intellectual Property I, L.P. | Apparatus and method for managing security domains for a universal integrated circuit card |
US20150319152A1 (en) * | 2014-05-01 | 2015-11-05 | At&T Intellectual Property I, Lp | Apparatus and method for managing security domains for a universal integrated circuit card |
US10476859B2 (en) * | 2014-05-01 | 2019-11-12 | At&T Intellectual Property I, L.P. | Apparatus and method for managing security domains for a universal integrated circuit card |
US9713006B2 (en) * | 2014-05-01 | 2017-07-18 | At&T Intellectual Property I, Lp | Apparatus and method for managing security domains for a universal integrated circuit card |
US20150373535A1 (en) * | 2014-06-24 | 2015-12-24 | Huawei Technologies Co., Ltd. | Method, Apparatus, and System for Managing Device |
KR20160026582A (en) * | 2014-09-01 | 2016-03-09 | 삼성전자주식회사 | Electronic device and method for managing reenrollment |
CN106664310A (en) * | 2014-09-01 | 2017-05-10 | 三星电子株式会社 | Electronic device and method for managing re-registration |
KR102226411B1 (en) | 2014-09-01 | 2021-03-12 | 삼성전자주식회사 | Electronic device and method for managing reenrollment |
US11182769B2 (en) | 2015-02-12 | 2021-11-23 | Samsung Electronics Co., Ltd. | Payment processing method and electronic device supporting the same |
US20160253666A1 (en) * | 2015-02-27 | 2016-09-01 | Samsung Electronics Co., Ltd. | Method and device for controlling payment function |
US10193700B2 (en) | 2015-02-27 | 2019-01-29 | Samsung Electronics Co., Ltd. | Trust-zone-based end-to-end security |
US11129018B2 (en) | 2015-02-27 | 2021-09-21 | Samsung Electronics Co., Ltd. | Payment means operation supporting method and electronic device for supporting the same |
EP3262583A4 (en) * | 2015-02-27 | 2018-01-03 | Samsung Electronics Co., Ltd. | Method and device for controlling payment function |
US11107047B2 (en) | 2015-02-27 | 2021-08-31 | Samsung Electronics Co., Ltd. | Electronic device providing electronic payment function and operating method thereof |
EP3104635A1 (en) * | 2015-06-09 | 2016-12-14 | Deutsche Telekom AG | Method for an improved installation of a secure-element-related service application in a secure element being located in a communication device, system and telecommunications network for an improved installation of a secure-element-related service application in a secure element being located in a communication device, program comprising a computer readable program code, and computer program product |
US10097553B2 (en) | 2015-06-09 | 2018-10-09 | Deutsche Telekom Ag | Installation of a secure-element-related service application in a secure element in a communication device, system and telecommunications |
CN105227681A (en) * | 2015-10-28 | 2016-01-06 | 北京知易普道技术有限责任公司 | A kind of push server and display terminal |
CN106658350A (en) * | 2015-10-30 | 2017-05-10 | 中国移动通信集团公司 | Method for collaborative management and device thereof |
US11087304B2 (en) | 2016-03-14 | 2021-08-10 | Jpmorgan Chase Bank, N.A. | Systems and methods for device authentication |
US10776785B2 (en) | 2016-03-14 | 2020-09-15 | Jpmorgan Chase Bank, N.A. | Systems and methods for device authentication |
WO2017160814A1 (en) * | 2016-03-14 | 2017-09-21 | Jpmorgan Chase Bank, N.A. | Systems and methods for device authentication |
US10218719B2 (en) * | 2016-09-21 | 2019-02-26 | Apple Inc. | Credential modification notifications |
CN107801165A (en) * | 2017-10-31 | 2018-03-13 | 平安科技(深圳)有限公司 | Service note method for pushing, device, computer equipment and storage medium |
US10930139B1 (en) * | 2019-10-10 | 2021-02-23 | Bank Of America Corporation | Information card silent coercion alarm |
US11568507B2 (en) | 2019-10-10 | 2023-01-31 | Bank Of America Corporation | Native-feature silent coercion alarm |
Also Published As
Publication number | Publication date |
---|---|
US20120172089A1 (en) | 2012-07-05 |
US20120174189A1 (en) | 2012-07-05 |
US9191813B2 (en) | 2015-11-17 |
US9161218B2 (en) | 2015-10-13 |
US20120172026A1 (en) | 2012-07-05 |
US8843125B2 (en) | 2014-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20120171992A1 (en) | System and method for secure containment of sensitive financial information stored in a mobile communication terminal | |
KR101514754B1 (en) | System and method for provisioning over the air of confidential information on mobile communicative devices with non-uicc secure elements | |
SG190986A1 (en) | System and method for secure containment of sensitive financial information stored in a mobile communication terminal | |
RU2630419C2 (en) | Integrated mobile trusted services manager | |
JP2015517151A (en) | System, method, and computer program product for detecting and managing changes associated with a mobile wallet | |
KR20130116905A (en) | System and method for managing mobile wallet and its related credentials | |
KR20070021826A (en) | System and Method for Payment, Devices for Payment, Terminals for Payment, Mobile Devices and Recording Medium | |
US11620650B2 (en) | Mobile authentication method and system therefor | |
US10097553B2 (en) | Installation of a secure-element-related service application in a secure element in a communication device, system and telecommunications | |
WO2012146588A1 (en) | Method and system for communicating data to a contact-less communicating device | |
KR20100106256A (en) | Method for processing financial transaction by using mobile terminal | |
US20220248233A1 (en) | Subscriber Identification Module (SIM) Authentication Protections | |
KR20070016893A (en) | System and Method for Processing Financial Transaction by Using Mobile Devices, Devices for Processing Financial Transaction, Mobile Devices and Recording Medium | |
KR101413110B1 (en) | Method for Processing Financial Transaction by using Token Code | |
KR20130075752A (en) | Method for near field transaction by using providing dynamic created code | |
KR101561534B1 (en) | System and method for managing ota provisioning applications through use of profiles and data preparation | |
KR20120079044A (en) | System for providing financial transaction by using mobile one time code | |
KR101326100B1 (en) | Method for Providing Transaction by using Token Code | |
KR20120005996A (en) | Device for processing a payment | |
KR20200003767A (en) | System for Processing a Payment | |
KR20120079043A (en) | Method for processing financial transaction by using mobile one time code | |
KR101413120B1 (en) | Method for Integrating Wire and Wireless Network by using One Time Code | |
KR20120059474A (en) | Method for Certificating by using One Time Code | |
KR20120029454A (en) | Method mapping payment means | |
KR20100103441A (en) | Payment device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SK C&C, KOREA, REPUBLIC OF Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHEONG, KIDO;HONG, HYUNGJOON;KIM, HYUNJIN;REEL/FRAME:027427/0644 Effective date: 20111201 |
|
AS | Assignment |
Owner name: MOZIDO CORFIRE - KOREA, LTD., KOREA, REPUBLIC OF Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SK C&C CO., LTD.;REEL/FRAME:035404/0851 Effective date: 20141217 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |