US20120303310A1 - Systems and Methods for Providing Test Keys to Mobile Devices - Google Patents
Systems and Methods for Providing Test Keys to Mobile Devices Download PDFInfo
- Publication number
- US20120303310A1 US20120303310A1 US13/481,346 US201213481346A US2012303310A1 US 20120303310 A1 US20120303310 A1 US 20120303310A1 US 201213481346 A US201213481346 A US 201213481346A US 2012303310 A1 US2012303310 A1 US 2012303310A1
- Authority
- US
- United States
- Prior art keywords
- mobile device
- test
- key
- computer
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/50—Service provisioning or reconfiguring
Definitions
- Embodiments of the invention relate generally to mobile devices, and more specifically to systems and methods for providing test keys to mobile devices.
- Mobile devices such as cell phones, personal digital assistants (“PDAs”), smart phones, and other similar devices, have increasingly been utilized to provide additional functionality beyond traditional voice communications.
- One component of enabling the mobile devices to support these additional functionalities includes installing software applications on the mobile devices.
- Mobile device applications can facilitate a variety of services performed by or with the mobile devices, including payment applications (e.g., prepaid, credit, debit, etc.), loyalty or incentive applications, transportation payment applications, access control applications, entertainment applications, and the like.
- payment applications e.g., prepaid, credit, debit, etc.
- loyalty or incentive applications e.g., loyalty or incentive applications
- transportation payment applications e.g., transportation payment applications, access control applications, entertainment applications, and the like.
- a secure element such as a smart card chip, is incorporated into a mobile device to facilitate the secure management of data and the encryption of device communications.
- test keys will allow the mobile devices to be utilized within a testing environment. Accordingly, there is an opportunity for systems and methods for providing test keys to mobile devices.
- Embodiments of the invention may provide systems and methods for providing test keys to mobile devices.
- a method for providing test keys to mobile devices is provided. Identifying information for a mobile device or a secure element associated with the mobile device can be received. A test key to be provided to the mobile device is determined. The test key can be configured to facilitate the use of the mobile device within a test environment. The test key can be provided to the mobile device, wherein a production key stored on the secure element can be replaced by the test key.
- the operations of the method may be performed by one or more computers associated with a service provider.
- a system for providing test keys to mobile devices may include at least one memory and at least one processor.
- the at least one memory may be configured to store computer-executable instructions.
- the at least one processor may be configured to access the at least one memory and execute the computer-executable instructions to: system for providing test keys to mobile devices, the system comprising: receive identifying information for a mobile device or a secure element associated with the mobile device; determine a test key to be provided to the mobile device, the test key configured to facilitate the use of the mobile device within a test environment; and provide the determined test key to the mobile device; wherein a production key stored on the secure element is replaced by the test key.
- one or more operations can be performed by one or more computers associated with a service provider.
- a method for receiving test keys by mobile devices is provided. Identifying information from a mobile device or a secure element associated with the mobile device can be transmitted. A test key can be received at the mobile device, wherein the test key is configured to facilitate use of the mobile device within a test environment; and wherein a production key stored on the secure element is replaced by the test key. In certain embodiments, one or more operations can be performed by one or more processors associated with a mobile device.
- FIG. 1 illustrates a block diagram of an example key management system and associated integration, according to an example embodiment of the invention.
- FIG. 2 illustrates a block diagram of an example key management integration and associated data flow, according to an example embodiment of the invention.
- FIG. 3 illustrates a flow diagram of an example process for providing a test key to a mobile device, according to an example embodiment of the invention.
- FIG. 4 illustrates a flow diagram of an example process for providing a test key to a mobile device via over the air provisioning, according to an example embodiment of the invention.
- a mobile device may be registered with or otherwise interact with a key management server (“KMS”) or key management service provider.
- KMS key management server
- a production key associated with the mobile device or a secure element of the mobile device may be replaced with a test key.
- KMS key management server
- a wide variety of suitable methods may be utilized to facilitate the registration. For example, a registration request may be received by the KMS from the mobile device via a mobile or cellular communication.
- a registration request may be received by the KMS via one or more Web interfaces and/or Web servers associated with the KMS.
- the mobile device may be physically located near the KMS or near a kiosk associated with the KMS, and a registration request may be received via a contactless reader (e.g., a Near Field Communication (“NFC”) reader, etc.).
- a registration request may include identifying information for the mobile device and/or a secure element associated with the mobile device, as well as an identifier of a desired test environment. A wide variety of identifying information may be received as desired in various embodiments of the invention, such as card production life cycle (“CPLC”) information associated with the mobile device secure element.
- CPLC card production life cycle
- the service provider may determine or generate a test key for the mobile device.
- a secure communications channel may be established with the mobile device secure element, and the secure element may be authenticated prior to determining the test key.
- suitable information may be utilized as desired to determine the test key. For example, in certain embodiments, at least a portion of the identifying information and a base level key, such as a master test key for a desired testing environment, may be utilized to generate the test key. In other words, a device specific test key may be generated or derived for the mobile device. Once generated, the test key may be provided to the mobile device for storage by the secure element.
- the test key may facilitate use of the mobile device within a desired testing environment, such as a development (“DEV”) testing environment, a quality assurance (“QA”) testing environment, and/or a client acceptance testing (“CAT”) or unit acceptance testing (“UAT”) environment.
- a desired testing environment such as a development (“DEV”) testing environment, a quality assurance (“QA”) testing environment, and/or a client acceptance testing (“CAT”) or unit acceptance testing (“UAT”) environment.
- the test key may allow the mobile device and/or the secure element to be authenticated by a testing environment server.
- the test key and/or the production key may be stored by the KMS and/or provided to one or more other parties.
- the test key may be replaced by the production key at a subsequent point in time, thereby facilitating use of the mobile device and/or secure element within a commercial environment.
- the test key and/or production key may be provided to a trusted service manager (“TSM”) associated with a commercial operating environment.
- TSM trusted service manager
- the TSM may identify test devices and limit the provision of commercial applications to the test devices and/or the ability of the test devices (i.e., devices having test keys) to be utilized for commercial purposes (e.g., commercial transactions, account provisioning, etc.).
- the TSM may identify a test device by a test key and disallow commercial operations associated with the identified test device.
- the TSM may black list production keys that have been replaced by test keys, thereby limiting the use of the test devices outside of a testing environment.
- the KMS is described as being a separate entity from a TSM, in certain embodiments, at least a portion of the TSM functionality and the KSM functionality may be performed by a single entity.
- the TSM may facilitate the rotation or replacement of production keys with test keys.
- a KMS and/or a TSM may be a third party entity strategically positioned to provide mobile device key management, mobile device application provisioning services, and integration functionality for provisioning mobile devices with various keys, applications, and/or associated end user data.
- FIG. 1 represents a block diagram of an example system 100 for providing test keys to mobile devices, according to one embodiment of the invention.
- a key management server (“KMS”) computer 110 may be in communication via at least one network 170 and/or multiple carrier networks 180 a , 180 b , each of the carrier networks 180 a , 180 b being associated with a respective MNO computer 140 a , 140 b .
- KMS key management server
- MNO mobile network operator
- TSM trusted service provider
- the KMS computer 110 may include any number of processor-driven devices, including but not limited to, a server computer, a mainframe computer, one or more networked computers, a desktop computer, a personal computer, a laptop computer, a mobile computer, or any other processor-based device.
- the KMS computer 110 may further include one or more memory devices 112 , input/output (“I/O”) interface(s) 118 , and network interface(s) 119 .
- the memory 112 may be any computer-readable medium, coupled to the processor(s) 116 , such as RAM, ROM, and/or a removable storage device for storing data files and a database management system (“DBMS”) to facilitate management of data files and other data stored in the memory 112 and/or stored in one or more separate databases 138 .
- the memory 112 may also store various program modules, such as an operating system (“OS”), a TSM interface 121 , a mobile network operator interface 122 , an over the air provisioning provider interface 123 , a device registration interface 124 , a secure element preparation module 126 , and an over the air provisioning module 130 .
- OS operating system
- TSM interface 121 a mobile network operator interface 122
- an over the air provisioning provider interface 123 a device registration interface 124
- a secure element preparation module 126 a secure element preparation module 130 .
- the OS may be, but is not limited to, Microsoft Windows®, Apple OSXTM, Unix, a mainframe computer operating system (e.g., IBM z/OS, MVS, OS/390, etc.), or a specially designed operating system.
- Each of the interfaces and modules 121 , 122 , 123 , 124 , 126 , 130 may comprise computer-executable program instructions or software, including a dedicated program, for receiving, storing, extracting, managing, processing, and analyzing communications associated with test key provisioning to mobile devices 150 a , 150 b via any number of suitable networks, such as networks 170 and/or carrier networks 180 a , 180 b .
- networks 170 and/or carrier networks 180 a , 180 b such as networks 170 and/or carrier networks 180 a , 180 b .
- the I/O interface(s) 118 may facilitate communication between the processor 116 and various I/O devices, such as a keyboard, mouse, printer, microphone, speaker, monitor, bar code reader/scanner, RFID reader, contactless reader, or Hardware Security Modules (“HSMs”) 139 which facilitate secure key management (e.g., test key management for a variety of testing environments, etc.) and the like.
- HSMs Hardware Security Modules
- an HSM 139 may be external, such as connected to the KMS computer 110 via a network, or internally or proximately connected to the KMS computer 110 .
- the network interface(s) 119 may take any of a number of forms, such as, but not limited to, a network interface card, a modem, a wireless network card, a cellular network card, or any other means operable for facilitating communications with one or more carrier networks 180 a , 180 b and/or other networks 170 .
- the TSM computer 110 can communicate directly with mobile devices 150 a , 150 b via the carrier networks 180 a , 180 b , respectively, via network interface(s) 119 and/or via one or more of suitable Web servers 137 , the mobile network operator gateway 134 , the over the air services gateway 135 , and the device registration gateway 136 .
- the KMS computer 110 may be implemented on a particular machine, which may include a computer that is designed, customized, configured, or programmed to perform at least one or more functions of the interfaces and modules 121 , 122 , 123 , 124 , 126 , 130 , according to an example embodiment of the invention.
- the MNO computers 140 a , 140 b may include any number of processor-driven devices, including but not limited to, a server computer, a mainframe computer, one or more networked computers, a desktop computer, a personal computer, a laptop computer, a mobile computer, or any other processor-based device.
- each of the MNO computers 140 a , 140 b may further include one or more memory devices 142 a , 142 b , input/output (“I/O”) interface(s) 148 a , 148 b , and network interface(s) 149 a , 149 b .
- I/O input/output
- the memory 142 a , 142 b may be any computer-readable medium, coupled to the processor(s) 146 , such as RAM, ROM, and/or a removable storage device for storing data files and a DBMS to facilitate management of data files and other data stored in the memory 142 a , 142 b and/or stored in one or more separate databases.
- the memory 142 a , 142 b may also store various program modules, such as an operating system (“OS”), a communications module 144 a , 144 b , and an authentication module 145 a , 145 b .
- OS operating system
- a communications module 144 a , 144 b may also store various program modules, such as an authentication module 145 a , 145 b .
- the OS may be, but is not limited to, Microsoft Windows®, Apple OSXTM, Unix, a mainframe computer operating system (e.g., IBM z/OS, MVS, OS/390, etc.), or a specially designed operating system.
- the communications module 144 a , 144 b may comprise computer-executable program instructions or software, including a dedicated program, for facilitating communications with multiple mobile devices 150 a , 150 b operating on the respective carrier networks 180 a , 180 b , and for facilitating mobile device application provisioning and management via a common MNO messaging standard as implemented by the TSM computer 110 .
- the authentication module 145 a , 145 b may comprise computer-executable program instructions or software, including a dedicated program, for facilitating the authentication of mobile devices 150 a , 150 b and/or the establishment of secure communications channels with mobile devices 150 a , 150 b .
- a wide variety of authentication procedures may be utilized as desired by an authentication module 145 a , 145 b .
- an MNO computer 140 a , 140 b may authenticate a mobile device 150 a , 150 b in a similar manner as the TSM 110 .
- the I/O interface(s) 148 a , 148 b may facilitate communication between the processors 146 a , 146 b and various I/O devices, such as a keyboard, mouse, printer, microphone, speaker, monitor, bar code reader/scanner, RFID reader, and the like.
- the network interface(s) 149 a , 149 b may take any of a number of forms, such as, but not limited to, a network interface card, a modem, a wireless network card, a cellular network card, or any other means operable for facilitating communications with one or more carrier networks 180 a , 180 b and/or other network 170 .
- the MNO computers 140 a , 140 b may be implemented on a particular machine, which may include a computer that is designed, customized, configured, or programmed to perform at least one or more functions of the communications module 144 a , 144 b , according to an example embodiment of the invention.
- the mobile devices 150 a , 150 b may be any mobile processor-driven device, such as a mobile phone, radio, pager, laptop computer, handheld computer, PDA, and the like, or any other processor-based mobile device for facilitating communications over one or more carrier networks 180 a , 180 b and/or for facilitating communications within a testing environment.
- each mobile device 150 a , 150 b may be registered with a specific MNO computer 140 a , 140 b for communicating via the respective carrier network 180 a , 180 b .
- a mobile device 150 a , 150 b may not be registered with a specific MNO; however, the mobile device 150 a , 150 b may be specifically configured for operation within a testing environment.
- each of the mobile devices 150 a , 150 b may further include one or more memory devices 152 a , 152 b , input/output (“I/O”) interface(s) 158 a , 158 b , and network interface(s) 159 a , 159 b .
- the memory 152 a , 152 b may be any computer-readable medium, coupled to the processor(s) 156 , such as RAM, ROM, and/or a removable storage device for storing data files.
- the memory 152 a , 152 b may also include secure elements 155 a , 155 b for maintaining mobile device applications and confidential data, as may be provisioned via the TSM computer 110 and associated provisioning services.
- a secure element 155 a , 155 b may be configured to store a key information, such as test key information, as well as certain identification information for the mobile device and the secure element 155 a , 155 b (e.g., CPLC information, etc.).
- the secure element 155 a , 155 b may utilize at least a portion of this information to generate requests, such as provisioning requests and/or transaction requests within a testing environment.
- a mobile device 150 a , 150 b and/or an associated secure element 155 a , 155 b may be authenticated within the testing environment. Additionally, in certain embodiments, a secure element 155 a , 155 b may store an authentication module or program utilized by a mobile device 150 a , 150 b to tag an/or encrypt communications output by the mobile device 150 a , 150 b and/or to decrypt communications received by the mobile device 150 a , 150 b.
- the memory 152 a , 152 b may also store any number of data files 153 a , 153 b and/or various program modules, such as an operating system (“OS”), end user interface module(s), and a provisioning module 154 a , 154 b (also referred to interchangeably herein as “KMS and/or testing environment administration software”).
- the OS may be any mobile operating system, including proprietary operating systems by a mobile device manufacturer or mobile network operator, or third party software vendor mobile operating system, such as, but not limited to, Microsoft Windows CE®, Microsoft Windows Mobile®, Symbian OSTM, Apple iPhoneTM OS, RIM BlackBerry® OS, Palm OS® by ACCESS, or Google AndroidTM.
- the provisioning module 154 a , 154 b may comprise computer-executable program instructions or software, including a dedicated program, for facilitating mobile device application provisioning on general memory and/or on the secure elements 155 a , 155 b as carried out by the KMS computer 110 and/or various testing environment devices that are accessed once a test key has been loaded.
- the secure elements 155 a , 155 b may refer to any computer-readable storage in the memory 152 and/or may refer to any securitized medium having memory, such as a Universal Integrated Circuit Card (“UICC”), Subscriber Identity Module (“SIM”), and the like.
- UICC Universal Integrated Circuit Card
- SIM Subscriber Identity Module
- the secure elements 155 a , 155 b may be operable with a RFID device or other NFC device associated with the mobile devices 150 a , 150 b . It is also appreciated that the secure elements 155 a , 155 b may be a separate embedded secure element (e.g., smart card chip) or a separate element (e.g., removable memory card, a key fob; connected via Bluetooth, etc.). For example, a secure element chip may be embedded in a mobile device 150 a , 150 b separately from a general operation chip utilized by the mobile device 150 a , 150 b .
- a separate embedded secure element e.g., smart card chip
- a separate element e.g., removable memory card, a key fob; connected via Bluetooth, etc.
- a secure element chip may be embedded in a mobile device 150 a , 150 b separately from a general operation chip utilized by the mobile device 150 a , 150 b .
- the secure elements 155 a , 155 b may include any suitable hardware and/or software, such as memory, processing components, and communications components.
- the secure elements 155 a , 155 b may be configured to communicate with other elements of the mobile devices 150 a , 150 b , such as a general or shared memory chip associated with the mobile devices 150 a , 150 b .
- a mobile wallet may be stored in shared memory, and a secure element 155 a , 155 b may be accessed to encrypt and/or decrypt transactions generated by and/or received by the mobile wallet.
- the I/O interface(s) 158 a , 158 b may facilitate communication between the processors 156 a , 156 b and various I/O devices, such as a keypad, touch screen, keyboard, mouse, printer, microphone, speaker, screen display, RFID device, NFC device, and the like.
- the network interface(s) 159 a , 159 b may take any of a number of forms to permit wireless communications according to various communications standards, such as, but not limited to, Code Division Multiple Access (“CDMA”), Global System for Mobile Communication (“GSM”), Universal Wireless Communications (“UWC”), Universal Mobile Telecommunications System (“UMTS”), or General Packet Radio Service (“GPRS”) communication standards as may be implemented by one or more carrier networks 180 a , 180 b .
- the network interfaces(s) 159 a , 159 b may further permit access to other networks 170 , such as via one or more carrier networks 180 a , 180 b providing Internet or other network access, or via Wi-Fi communications onto a Wi-Fi network.
- the mobile devices 150 a , 150 b may be implemented on a particular machine, which may include a computer that is designed, customized, configured, or programmed to perform at least one or more functions of the provisioning module 154 a , 154 b and other mobile communications, including voice communications, data communications, short message service (“SMS”), wireless application protocol (“WAP”), multimedia message service (“MMS”), Internet communications, other wireless communications, and the like, according to an example embodiment of the invention.
- SMS short message service
- WAP wireless application protocol
- MMS multimedia message service
- Internet communications other wireless communications, and the like
- the TSM computers 160 may include any number of processor-driven devices, including but not limited to, a server computer, a mainframe computer, one or more networked computers, a desktop computer, a personal computer, a laptop computer, a mobile computer, or any other processor-based device.
- a TSM computer 160 may be configured to facilitate integration between multiple service providers and multiple mobile devices for various commercial purposes.
- a TSM may be a third party entity strategically positioned to provide mobile device application provisioning services and integration functionality for provisioning mobile device applications and associated end user data (e.g., encryption data, key information, etc.) to end users' mobile devices, to provide mobile device application-related lifecycle management services, to manage the many-to-many relationships between the multiple service providers and the MNOs operating the carrier networks, and/or to authenticate mobile devices during the processing of a wide variety of different requests and/or transactions.
- Applications that can be provisioned on mobile devices via a TSM can be any software application provided by a service provider and operable with a mobile device.
- NFC near field communication
- RFID radio frequency identification
- mobile device applications are not limited to NFC-based applications.
- Example mobile device applications may include, but are not limited to, open loop and closed loop payment applications (e.g., MasterCard® PayPassTM, Visa payWaveTM, American Express® ExpressPay, Discover® ZIP, NXP Mifare®, etc.), transit payment applications, loyalty applications, membership applications, electronic promotion and incentive applications, ticketing applications, access control and security applications, entertainment applications, retail shopping applications, and the like.
- a TSM may be configured to operate in conjunction with mobile devices that utilize production keys rather than test keys.
- the TSM computer 160 may be configured to receive information associated with mobile devices on which test keys have been loaded.
- the TSM computer 160 may identify test devices and limit or eliminate the operations of the test devices that may be performed in a commercial environment.
- the TSM computer 160 may prevent the provisioning of financial account information and/or financial applications to the test devices.
- each of the TSM computers 160 may further include one or more memory devices 162 , input/output (“I/O”) interface(s) 168 , and network interface(s) 169 .
- the memory 162 may be any computer-readable medium, coupled to the processor(s) 166 , such as RAM, ROM, and/or a removable storage device for storing data files and a DBMS to facilitate management of data files and other data stored in the memory 162 and/or stored in one or more separate databases 175 (e.g., a database of key information and/or authentication information, etc.).
- the memory 162 may also store various program modules, such as an operating system (“OS”) and a key management module 164 .
- OS operating system
- key management module 164 a key management module
- the OS may be, but is not limited to, Microsoft Windows®, Apple OSXTM, Unix, a mainframe computer operating system (e.g., IBM z/OS, MVS, OS/390, etc.), or a specially designed operating system.
- the key management module 164 may comprise computer-executable program instructions or software, including a dedicated program, for managing keys, authenticating mobile devices, and/or identifying test devices that are not suitable for operation within a commercial environment.
- the I/O interface(s) 168 may facilitate communication between the processors 166 and various I/O devices, such as a keyboard, mouse, printer, microphone, speaker, monitor, bar code reader/scanner, RFID reader, and the like.
- the network interface(s) 169 may take any of a number of forms, such as, but not limited to, a network interface card, a modem, a wireless network card, a cellular network card, or any other means operable for facilitating communications with the network 170 .
- the TSM computer 160 may be implemented on a particular machine, which may include a computer that is designed, customized, configured, or programmed to perform at least one or more functions of the key management module 164 and/or other TSM functions as described above, according to an example embodiment of the invention. Additionally, in certain embodiments, the TSM computer 160 may be combined with the KSM computer 110 . In other words, a single server may be provided that facilitates management and/or provisioning of both test devices and commercial devices (e.g., mobile devices having production keys, etc.).
- the network 170 may include any telecommunication and/or data network, whether public, private, or a combination thereof, including a local area network, a wide area network, an intranet, an internet, the Internet, intermediate handheld data transfer devices, a publicly switched telephone network (“PSTN”), a cellular network, and/or any combination thereof and may be wired and/or wireless.
- PSTN publicly switched telephone network
- the network 170 may also allow for real time, near real time, off-line, and/or batch transactions to be transmitted between or among the KMS computer 110 , the MNO computer(s) 140 a , 140 b , the mobile devices 150 a , 150 b , and the TSM computers 160 . Due to network connectivity, various methodologies as described herein may be practiced in the context of distributed computing environments.
- the network 170 may include a plurality of networks, each with devices such as gateways and routers for providing connectivity between or among networks 170 .
- devices such as gateways and routers for providing connectivity between or among networks 170 .
- dedicated communication links may be used to connect the various devices in accordance with an example embodiment.
- the mobile carrier networks 180 a , 180 b may include any cellular telecommunication network, each operated by a respective mobile network operator.
- the mobile carrier networks may be implemented to operate according to one or more wireless technology formats, including, but not limited to, CDMA, GSM, UWC, UMTS, GPRS, and/or any “generation” or version thereof.
- each mobile device 150 a , 150 b is configured to operate primarily on a certain carrier network 180 a , 180 b as operated by the mobile network operator with which the mobile device end user has an agreement and with which the mobile device is registered.
- mobile devices 150 a , 150 b and carrier networks 180 a , 180 b may be configured to permit interoperability of mobile devices on non-registered carrier networks 180 a , 180 b.
- each of the memories and data storage devices can store data and information for subsequent retrieval.
- the system 100 can store various received or collected information in memory or a database associated with one or more of the KMS computer(s) 110 , the MNO computer(s) 140 a , 140 b , the mobile devices 150 a , 150 b , and/or the TSM computer(s) 160 .
- the memories and databases can be in communication with each other and/or other databases, such as a centralized database, or other types of data storage devices.
- data or information stored in a memory or a database may be transmitted to a centralized database capable of receiving data, information, or data records from more than one database or other data storage devices.
- the databases shown can be integrated or distributed into any number of databases or other data storage devices.
- Suitable processors may comprise a microprocessor, an application-specific integrated circuit (“ASIC”), and/or state machine.
- Example processors can be those provided by Intel Corporation (Santa Clara, Calif.), AMD Corporation (Sunnyvale, Calif.), and Motorola Corporation (Schaumburg, Ill.).
- one or more of the computers can be configured as a multi-processor computer having multiple processors 116 , 146 a , 146 b , 156 a , 156 b , 166 providing parallel and/or redundant processing capabilities.
- Such processors comprise, or may be in communication with, media, for example, computer-readable media, which stores instructions that, when executed by the processor, cause the processor to perform the elements described herein.
- Computer-readable media include, but are not limited to, an electronic, optical, magnetic, or other storage or transmission device capable of providing a processor with computer-readable instructions.
- suitable media include, but are not limited to, a floppy disk, pen drive, CD-ROM, DVD, magnetic disk, memory chip, ROM, RAM, EPROM, EEPROM, a configured processor, all optical media, all magnetic tape or other magnetic media, or any other medium from which a computer processor can read instructions.
- various other forms of computer-readable media may transmit or carry instructions to a computer, including a router, gateway, private or public network, or other transmission device or channel, both wired and wireless.
- the instructions may comprise code from any computer-programming language, including but not limited to, assembly, C, C++, C#, Visual Basic, Java, Python, Perl, JavaScript, GPSS, LISP, SAS, Parlay, JAIN, or Open Mobile Architecture.
- the system 100 shown in and described with respect to FIG. 1 is provided by way of example only. Numerous other operating environments, system architectures, and device configurations are possible. Other system embodiments can include fewer or greater numbers of components and may incorporate some or all of the functionality described with respect to the system components shown in FIG. 1 . For example, a respective KMS may be provided for each of a plurality of testing environments.
- the designation of system components by “a” and “b” is not intended to limit the number of possible components, but instead are provided for illustrative purposes to indicate that more than one of the respective components can be provided. Accordingly, embodiments of the invention should not be construed as being limited to any particular operating environment, system architecture, or device configuration.
- FIG. 2 illustrates an example block diagram 200 illustrating data flow and integration points between the KMS computer 110 and the various other entities that may participate in mobile device test key rotation, such as multiple MNO computers 140 , and multiple mobile devices 150 , according to one embodiment of the invention.
- An example operation of the block diagram 200 of FIG. 2 will be described separately and in conjunction with the flow diagrams of FIGS. 3-4 .
- a KMS and associated KMS computer 110 may be operable to provide test keys to mobile devices and/or mobile device secure elements. These test keys allow the mobile devices to be utilized within various testing environments, such as a DEV environment, a QA environment, or a CAT or UAT environment.
- the KMS computer 110 may additionally be operable to load, delete, and manage mobile device applications and associated end user data on test mobile devices on behalf of various testing entities.
- one or more servers associated with testing entities may be configured to provide application management functionality.
- the KMS computer 110 and/or separate testing entity servers may be operable to facilitate the authentication of test mobile devices.
- the KMS computer 110 may be operable to provide, but is not limited to, one or more of the following functions: to act as a single point of integration between testing service providers, MNOs, and other TSMs; to load key information and/or mobile device applications over the air to mobile devices; to accept, prepare and personalize mobile device application end user data; to enable other entities to authenticate mobile devices and/or end users; to manage secured keys (e.g., cryptographic keys, master keys, rotated keys, test keys, etc.) used for testing application provisioning, personalization, and/or authentication of mobile devices; to manage mobile device application lifecycles on behalf of service providers over the life of an application; to manage mobile device lifecycles on behalf of MNOs over the life of a handset; and to provide billing and other administration functions to support relationships between MNOs and service providers, and between the KMS and each MNO and service provider.
- secured keys e.g., cryptographic keys, master keys, rotated keys, test keys, etc.
- the secure element preparation module 126 may be configured to facilitate preparing mobile device secure elements, such as requesting increased space allocated on the secure element for provisioning applications and verifying secure element properties with the MNO. According to various embodiments, the secure element preparation module 126 may further be configured to receive and/or provide personalization data associated with mobile device applications for each end user during provisioning.
- the KMS computer 110 may generate or identify a test key to be provided to a mobile device secure element, and the KMS computer 110 may coordinate the provisioning of the test key to the secure element.
- a wide variety of suitable techniques may be utilized to facilitate the provisioning of the test key to a mobile device, such as over the air provisioning via a carrier network, Web-based communications (e.g., communications managed by one or more Web servers 137 , and/or contactless provisioning (e.g., radio frequency provisioning, NFC provisioning, etc.) on mobile devices that are situated in relatively close proximity to the KMS computer 110 .
- Web-based communications e.g., communications managed by one or more Web servers 137
- contactless provisioning e.g., radio frequency provisioning, NFC provisioning, etc.
- the over the air provisioning module 130 may be configured to facilitate the OTA provisioning of mobile device applications and associated end user data with multiple mobile devices. As described in more detail herein, the OTA provisioning module 130 may facilitate communications with third party OTA provisioning providers via the OTA services gateway 135 , and/or can facilitate direct provisioning by the KMS computer 110 . It is appreciated that, according to some embodiments, the functions of the OTA provisioning module 130 may also be implemented in one or more of the MNO computers 140 and/or within functions implemented by the carrier networks 180 a , 180 b , either instead of, or in combination with, those provided in the TSM computer via the OTA provisioning module 130 .
- an authentication module may be provided and configured to provide administration and maintenance functions for secured keys (e.g., test keys, production keys, etc.) in accordance with KMS security policies, MNO security policies, test environment security policies, and/or TSM security policies.
- KMS security policies e.g., test keys, production keys, etc.
- MNO security policies e.g., test keys, production keys, etc.
- TSM security policies e.g., test keys, production keys, etc.
- Various functions performed by the KMS computer 110 may integrate with the authentication module to provide security for end users, MNOs, test environment devices, and TSMs.
- the authentication module may be configured to format key information, such as test key or rotated test key information, for communication to a mobile device and/or provisioning or storage on a secure element associated with the mobile device.
- the mobile device may be authenticated during subsequent requests within a testing environment or a TSM environment.
- each MNO computer 140 may be operable to provide the communications channel to reach and provision test key information and/or various mobile device applications and associated end user data on end users' mobile devices.
- each MNO computer 140 may be operable to provide, but is not limited to, one or more of the following functions: provide the TSM computer with information on mobile device secure elements and unique mobile device identity modules (e.g., Universal Subscriber Identity Modules (“USIMs”)) throughout the lifecycle; provide a communications gateway via a respective carrier network for OTA provisioning of mobile device applications; provide a mobile device user interface for accessing provisioned mobile device applications on each mobile device (e.g., a mobile wallet); facilitate management of secured keys used to securely load and delete mobile device applications on mobile device secure elements; interface with the KMS computer; facilitate authentication of the end user interfacing with the KMS; facilitate allocating memory for mobile device applications on the end users' mobile devices; communicate to the KMS computer that unique end user identity modules have changed; communicate to the KMS computer the status of
- An MNO gateway 134 and associated MNO interface 122 are operable for providing a common point of integration between the TSM computer 110 and the multiple MNO computers 140 .
- the MNO interface 122 is configured to communicate with each MNO according to the same common MNO message standard, as described further herein.
- the MNO gateway 134 and associated MNO interface 122 are further operable to permit the TSM computer 110 to communicate with mobile devices 150 via a respective carrier network operated by each MNO.
- the TSMs and associated TSM computers 160 are operable to provide one or more provisioning services, authentication services, key management services, and/or integration services to mobile devices that are utilized within commercial non-test environments.
- the TSM computers 160 may receive information associated with test devices (e.g., device identifiers, secure element identifiers, test keys, production keys, etc.), and the TSM computers 160 may limit commercial functionality provided for the test devices.
- test devices e.g., device identifiers, secure element identifiers, test keys, production keys, etc.
- a TSM gateway 133 and associated TSM interface 121 are operable for providing a common point of integration between the KMS computer 110 and the multiple TSMs 160 .
- the mobile devices 150 represent the respective end users that are utilized and/or will be utilized in test environments.
- a test mobile device 150 may have a contractual relationship with an MNOs (e.g., for operating on a respective carrier network).
- each mobile device 150 may be operable to provide, but is not limited to, one or more of the following functions: activate mobile devices and/or secure elements with an MNO and/or test environment; register for and request test keys and/or mobile device applications for use in a test environment; download mobile device applications and associated end user data on mobile device secure elements; authenticate the respective end user and/or mobile device within a test environment; and/or perform transactions within a test environment using the provisioned mobile device applications (e.g., a payment transaction at a retailer, etc.).
- provisioned mobile device applications e.g., a payment transaction at a retailer, etc.
- An OTA services gateway 135 and associated OTA services interface 123 are operable to facilitate provisioning of key information and/or mobile device applications and associated end user data to mobile devices 150 .
- the OTA services gateway 135 may be configured to permit the KSM computer 110 to transact with third party OTA provisioning providers to perform all or some of the OTA provisioning services with mobile devices 150 , such as by utilizing a common provisioning messaging standard for all third party OTA provisioning providers in a manner similar to that described with reference to the MNO interface 122 .
- the OTA services gateway 135 may be configured to permit the KMS computer 110 to provision mobile device applications and associated end user data directly to the mobile devices 150 , such as via one or more carrier networks.
- the MNO gateway 134 and associated MNO interface 122 may be utilized at least in part to provide OTA provisioning by the TSM computer 110 , such as for accessing and communicating over a respective MNO carrier network.
- a device registration gateway 136 and associated device registration interface 124 are operable to facilitate communications with mobile devices for registering to receive test keys and/or mobile device applications, and the like.
- MNO computers 140 and/or other service providers may provide registration applications for mobile devices (e.g., mobile device-based registration interface, Internet-based registration interface, etc.).
- the device registration gateway 136 and associated device registration interface 124 may provide a common integration point and associated common messaging standard for receiving and responding to such requests.
- the KMS computer 110 may be configured to provide similar registration services to mobile devices, such as may be performed on behalf of the MNOs and/or other service provider.
- a test key may be generated for a mobile device that facilitates use of the mobile device within a testing environment.
- a test key may be generated during the registration of a mobile device with a KMS computer 110 , and a production key for a mobile device secure element may be replaced with a test key.
- the provision of test keys is described for mobile devices, the provision of test keys may be performed for a wide variety of other devices, such as tablet computers and/or other devices that may not be capable of communications via a carrier network.
- FIG. 3 illustrates a flow diagram of an example method 300 for providing a test key to a mobile device, according to an example embodiment of the invention.
- the method 300 may be performed by a suitable key management system, such as the system 100 illustrated in FIG. 1 .
- the method 300 may begin at block 305 .
- registration request may be received for a mobile device, such as one of the mobile devices 150 illustrated in FIG. 1 .
- a registration request to activate the mobile device for use within a testing environment may be received.
- the request may be received utilizing a wide variety of suitable communication techniques.
- the request may be received via an MNO and/or carrier network.
- the request may be received via a suitable Web interface and/or Web server associated with the KMS computer 110 .
- the request may be received based upon a positioning of a mobile device 150 in proximity to a contactless reader/writer device or other suitable device, such as a kiosk or other reader/or writer device, that facilitates the provision of a test key to the mobile device 150 .
- a registration request may not be received, and the provision of a test key may be initiated by the KMS computer 110 .
- a wide variety of information may be received from the mobile device 150 during a registration request and/or in association with the provisioning of a test key to the mobile device 150 .
- suitable information examples include, but are not limited to, an identification information for the mobile device 150 , identification information for a secure element associated with the mobile device 150 (e.g., card production life cycle (“CPLC”) information and/or other identifying information associated with a secure element (e.g., the ICCID, IMSI, etc.)), information associated with a production key associated with the mobile device 150 , and/or an identifier of a desired testing environment (e.g., a DEV environment, a QA environment, or a CAT or UAT environment).
- CPLC card production life cycle
- ICCID e.g., the ICCID, IMSI, etc.
- a desired testing environment e.g., a DEV environment, a QA environment, or a CAT or UAT environment.
- a desired testing environment for the mobile device 150 may be identified. For example, information received from the mobile device 150 may be evaluated in order to determine or identify a desired testing environment. As another example, input received from other entities (e.g., a testing service provider) and/or via one or more I/O devices (e.g., a keyboard, mouse, etc.) may be evaluated in order to identify a desired testing environment. For example, a testing environment indication may be entered into a kiosk associated with the KMS computer 110 , directly entered into the KMS computer 110 by a user, and/or received via a Web server from a service provider conducting testing on the mobile device 150 .
- entities e.g., a testing service provider
- I/O devices e.g., a keyboard, mouse, etc.
- a test key may be generated, determined, or derived for the mobile device 150 and/or the secure element.
- a base level key such as a master key determined by a testing service provider or a mobile device manufacturer, may be utilized to generate or derive the rotated key.
- suitable rotation techniques e.g., a key schedule, etc.
- additional information may be combined with the base level key during a derivation of a test key.
- At least a portion of the received identifying information may be utilized in conjunction with the base level key to derive a test key.
- an identifier of the secure element may be combined (e.g., added, multiplied, etc.) with the base level key to derive a test key for the mobile device 150 .
- test keys may be specified by a testing entity for provision to mobile devices 150 and a next available test key may be selected. Indeed, a wide variety of suitable methods and/or techniques may be utilized to identify a suitable test key.
- the test keys that are utilized for a testing environment may be unique to the testing environment and/or determined based upon an identification of the testing environment.
- identifying information for the mobile device 150 may be modified or updated by the KMS computer 110 .
- received CPLC information may be modified or updated by the KMS computer 110 .
- a wide variety of different aspects of CPLC information and/or identifying information may be updated as desired in various embodiments, such as date information, version information, key version information, etc.
- the updated identifying information may be utilized in the derivation of a rotated key.
- the generated or derived test key and/or any updated identifying information may be provided by the KMS computer 110 to the mobile device 150 .
- the test key and/or identifying information may be provisioned or otherwise provided to a secure element of the mobile device 150 .
- a production key or manufacturer provided key associated with the secure element may be replaced with the test key.
- the test key may be utilized by the mobile device 150 to facilitate identification and/or authentication of the mobile device 150 within a designated testing environment, as well as for the encryption and/or decryption of communications within the testing environment.
- the KMS computer 110 may store or direct the storage of the generated test key, the production key that was originally stored on the mobile device 150 , and/or identifying information for the mobile device 150 and/or secure element in one or more suitable memory devices, such as the databases 138 illustrated in FIG. 1 .
- the KMS computer 110 and/or various testing environment servers may access the information to facilitate an authentication of the mobile device 150 at a subsequent point in time, such as during the processing of testing environment requests.
- the KMS computer 110 may access the information to facilitate a replacement of the test key on a mobile device 150 with the original production key that was previously removed from the secure element.
- information associated with the test key provision may be provided to a wide variety of other entities, such as a testing environment server and/or to a TSM.
- a wide variety of information may be provided as desired in various embodiments of the invention, such as identification information for the mobile device 150 and/or the secure element, test key information, and/or information associated with the product keys.
- a testing environment server may utilize the received information to facilitate the authentication of the mobile device 150 within the testing environment and/or to facilitate the provisioning of various applications to the mobile device 150 and the processing of various transactions associated with the mobile device 150 .
- a TSM may utilize the received information to facilitate the identification and/or blacklisting of test devices.
- a TSM that is utilized in a commercial environment may limit and/or prohibit the functionality of test devices within the commercial environment. Additionally, the TSM may identify and/or address various security breaches within a commercial environment. For example, the TSM may prevent a security breach resulting from an attempted fraudulent loading of a production key originally associated with a test device onto another device.
- the method 300 may end following block 330 .
- FIG. 4 illustrates a flow diagram of an example method 400 for providing a test key to a mobile device via over the air provisioning, according to an example embodiment of the invention.
- the method 400 may be one example of the operations that may be performed to facilitate the method 300 of FIG. 3 . It will be appreciated that other methods and/or techniques other than OTA provisioning, such as Web-based techniques and/or contactless reader communications, may be utilized to facilitate the provision of test keys to mobile devices.
- the method 400 may be performed by a suitable key management system, such as the system 100 illustrated in FIG. 1 .
- the method 400 may begin at block 402 .
- a user may activate a mobile device, such as one of the mobile devices 150 illustrated in FIG. 1 .
- the activation of the mobile device 150 may be an initial activation of the mobile device 150 .
- the mobile device 150 may attempt to facilitate a registration with the MNO computer 140 and/or a KMS computer, such as the KMS computer 110 illustrated in FIG. 1 .
- a mobile device 150 may be situated in close proximity to the KMS computer 110 or associated key rotation device, and the KMS computer 110 may initiate the key rotation.
- a user command may be received by the mobile device 150 , and a key rotation may be requested based at least in part upon receipt of the user command.
- a suitable authentication notification may be sent to the MNO computer 140 .
- the MNO computer 140 may validate the mobile device 150 , and an authentication token may be returned to the mobile device 150 .
- the authentication token may be utilized to form a relatively secure communications channel between the mobile device 150 and the MNO computer 140 .
- a registration request or key rotation request may be generated by the mobile device 150 , and the generated request may be output for communication to the MNO computer 140 .
- the request may include an identifier of a desired testing environment in which the mobile device 150 will be utilized.
- the request may be received and processed by the MNO computer 140 at block 406 .
- a request identifier may be output by the MNO computer 140 at block 408 for communication to the mobile device 150 .
- an instruction for the mobile device 150 to contact the KMS computer 110 for key rotation purposes utilizing the request identifier may also be communicated to the mobile device 150 .
- contact information for the KMS computer 110 may also be communicated to the mobile device 150 .
- the request identifier and/or associated information may be received by the mobile device 150 at block 410 .
- a test registration request may be generated by the mobile device 150 and output for communication to the KMS computer 110 .
- the request identifier may be utilized to generate the test registration request and/or direct the transmission of the test registration request to the KMS computer 110 .
- the test registration request may be received and processed by the KMS computer 110 at block 414 .
- any number of suitable networks and/or communications techniques may be utilized to facilitate the communication of the request to the KMS computer 110 .
- the request may be communicated via a suitable carrier network, such as one of the carrier networks 180 illustrated in FIG. 1 .
- the request may be communicated directly to the KMS computer 110 .
- the request may be communicated through any number of intermediary systems and/or devices, such as an MNO computer 140 .
- the KMS computer 110 may request an OTA proxy associated with the mobile device 150 be woken up or activated.
- a request for OTA proxy activation may be sent to the MNO computer 140 at block 416 .
- the MNO computer 140 may be requested to wake up an OTA proxy that is stored on a general or shared memory or general operation chip associated with the mobile device 150 .
- the MNO computer 140 may receive the request at block 418 and push or otherwise communicate a request to wake up the OTA proxy to the mobile device 150 .
- the OTA proxy wake up request may be received by the mobile device 150 .
- the OTA proxy associated with the mobile device 150 may be activated and/or woken up, and an OTA proxy message associated with the registration of the mobile device 150 may be communicated by the mobile device 150 to the KMS computer 110 at block 422 .
- the OTA proxy registration message may be received by the KMS computer 110 at block 424 .
- a secure communications channel may be established between the KMS computer 110 and the mobile device 150 (or the mobile device secure element). As desired, a wide variety of suitable techniques may be utilized to authenticate a secure communications channel.
- a registration identifier received from the mobile device 150 and a registration identifier received from the MNO computer 140 may be compared to facilitate the authentication of a secure communications channel.
- one or more Application Protocol Data Unit (“APDU”) commands may be utilized to facilitate the authentication of a secure communications channel.
- APDU Application Protocol Data Unit
- any number of suitable handshake procedures may be utilized to facilitate the authentication and/or the establishment of a secure communications channel.
- identifying information for the mobile device 150 and/or a mobile device secure element may be requested by the KMS computer 110 .
- the mobile device 150 may be requested to communicate identifying information to the KMS computer 110 via the secure communications channel.
- a wide variety of different types of identifying information may be requested as desired in various embodiments of the invention, including but not limited to, an identifier of a desired testing environment, an identifier of the secure element, CPLC information for the secure element, production key information stored on the secure element, and/or an identifier of production key information (e.g., a numerical identifier of a production key stored within a list of production keys, etc.).
- the request for identifying information may be received by the mobile device 150 via the secure communications channel, and the requested information may be returned to the KMS computer 110 by the mobile device 150 at block 430 .
- the KMS computer 110 may receive and process the requested identifying information.
- the KMS computer 110 may determine at block 434 whether the secure element may be authenticated. For example, at least a portion of the received identifying information may be compared to expected identifying information, and a determination may be made as to whether the secure element and/or the mobile device 150 is valid based at least in part upon the comparison.
- received CPLC information may be compared to stored CPLC information, such as CPLC information previously received from a device manufacturer or other third party data source. If it is determined at block 434 that the secure element is not authenticated, then operations may continue at block 436 , and the mobile device 150 may be marked as an invalid mobile device, and the key rotation process may end. As desired, a registration error message may be communicated by the KMS computer 110 to the mobile device 150 for display or other presentation to a user. The error message may be received and processed by the mobile device 150 at block 438 , and operations may end following block 438 .
- a test key may be generated or derived for the mobile device 150 and/or the secure element.
- a wide variety of suitable methods and/or techniques may be utilized as desired to generate or derive a test key. For example, a desired testing environment may be identified, and a next available test key for the desired testing environment may be accessed from memory and/or obtained from a device associated with the testing environment.
- a base level key associated with the testing environment such as a master key, may be utilized to generate or derive a test key for the testing environment.
- a wide variety of suitable rotation techniques e.g., a key schedule, etc.
- other methods or derivation techniques may be utilized as desired to derive a test key from the master key.
- additional information may be combined with the base level key during a derivation of a test key.
- at least a portion of the received identifying information such as CPLC information and/or an identifier of the secure element, may be utilized in conjunction with the base level key to derive a test key for the mobile device 150 .
- identifying information for the mobile device 150 may be modified or updated by the KMS computer 110 at block 440 .
- received CPLC information may be modified or updated by the KMS computer 110 .
- a wide variety of different aspects of CPLC information and/or identifying information may be updated as desired in various embodiments, such as date information, version information, key version information, etc.
- the updated identifying information may be utilized in the derivation of a test key.
- the generated or derived test key and/or any updated identifying information may be communicated or transmitted by the KMS computer 110 to the mobile device 150 .
- the test key and/or identifying information may be provisioned or otherwise provided to a secure element of the mobile device 150 via the OTA proxy.
- the mobile device 150 may receive and store the test key and/or identifying information at block 444 .
- the test key and/or identifying information may be stored on the secure element, and the production key may be replaced on the secure element.
- the test key may be utilized by the mobile device 150 and/or the secure element to facilitate identification of the mobile device 150 within the testing environment and/or the encrypt and/or decryption of communications within the testing environment.
- the test key, information utilized to derive the test key, received identifying information, updated identifying information, the production key, and/or information utilized to identify the production key may be stored by the KMS computer 110 in one or more suitable memory devices, such as the databases 138 illustrated in FIG. 1 .
- the stored information may be subsequently accessed to facilitate authentication of the mobile device 150 by the KMS computer 110 and, as desired, replacement of the test key with the production key.
- at least a portion of the information may be communicated by the KMS computer 110 to one or more TSMs 160 , such as a TSM that facilitates authentication and/or integration of mobile devices within a commercial environment.
- the TSM may facilitate subsequent identification of and/or blacklisting of the test mobile device 150 within a commercial environment. Additionally, the TSM may facilitate the identification of potential security risks based upon an attempted use of the production key associated with the test mobile device 150 within a commercial environment.
- the communicated information may be received and stored by the TSMs at block 448 .
- the method 400 may end following either block 438 or block 448 .
- These computer-executable program instructions may be loaded onto a special purpose computer or other particular machine, a processor, or other programmable data processing apparatus to produce a particular machine, such that the instructions that execute on the computer, processor, or other programmable data processing apparatus create means for implementing one or more functions specified in the flow diagram block or blocks.
- These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means that implement one or more functions specified in the flow diagram block or blocks.
- embodiments of the invention may provide for a computer program product, comprising a computer-usable medium having a computer-readable program code or program instructions embodied therein, said computer-readable program code adapted to be executed to implement one or more functions specified in the flow diagram block or blocks.
- the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational elements or steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions that execute on the computer or other programmable apparatus provide elements or steps for implementing the functions specified in the flow diagram block or blocks.
- blocks of the block diagrams and flow diagrams support combinations of means for performing the specified functions, combinations of elements or steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that each block of the block diagrams and flow diagrams, and combinations of blocks in the block diagrams and flow diagrams, can be implemented by special purpose, hardware-based computer systems that perform the specified functions, elements or steps, or combinations of special purpose hardware and computer instructions.
Abstract
Description
- This application claims priority to U.S. Ser. No. 61/490,501, titled “Trusted Service Manager,” filed on May 26, 2011, the contents of which are incorporated herein by reference.
- Embodiments of the invention relate generally to mobile devices, and more specifically to systems and methods for providing test keys to mobile devices.
- Mobile devices, such as cell phones, personal digital assistants (“PDAs”), smart phones, and other similar devices, have increasingly been utilized to provide additional functionality beyond traditional voice communications. One component of enabling the mobile devices to support these additional functionalities includes installing software applications on the mobile devices. Mobile device applications can facilitate a variety of services performed by or with the mobile devices, including payment applications (e.g., prepaid, credit, debit, etc.), loyalty or incentive applications, transportation payment applications, access control applications, entertainment applications, and the like. Given the sensitive nature of data that may be transmitted or communicated during the provision of a service, such as a payment service, authentication of mobile devices and/or the protection of data becomes critical. In some instances, a secure element, such as a smart card chip, is incorporated into a mobile device to facilitate the secure management of data and the encryption of device communications.
- As different service providers wish to test mobile devices and/or mobile device applications, the service providers may wish to replace production keys initially installed on the secure elements of the devices with test keys. The test keys will allow the mobile devices to be utilized within a testing environment. Accordingly, there is an opportunity for systems and methods for providing test keys to mobile devices.
- Embodiments of the invention may provide systems and methods for providing test keys to mobile devices. According to one example embodiment of the invention, a method for providing test keys to mobile devices is provided. Identifying information for a mobile device or a secure element associated with the mobile device can be received. A test key to be provided to the mobile device is determined. The test key can be configured to facilitate the use of the mobile device within a test environment. The test key can be provided to the mobile device, wherein a production key stored on the secure element can be replaced by the test key. In certain embodiments, the operations of the method may be performed by one or more computers associated with a service provider.
- According to another embodiment, a system for providing test keys to mobile devices is provided. The system may include at least one memory and at least one processor. The at least one memory may be configured to store computer-executable instructions. The at least one processor may be configured to access the at least one memory and execute the computer-executable instructions to: system for providing test keys to mobile devices, the system comprising: receive identifying information for a mobile device or a secure element associated with the mobile device; determine a test key to be provided to the mobile device, the test key configured to facilitate the use of the mobile device within a test environment; and provide the determined test key to the mobile device; wherein a production key stored on the secure element is replaced by the test key. In certain embodiments, one or more operations can be performed by one or more computers associated with a service provider.
- According to yet another embodiment of the invention, a method for receiving test keys by mobile devices is provided. Identifying information from a mobile device or a secure element associated with the mobile device can be transmitted. A test key can be received at the mobile device, wherein the test key is configured to facilitate use of the mobile device within a test environment; and wherein a production key stored on the secure element is replaced by the test key. In certain embodiments, one or more operations can be performed by one or more processors associated with a mobile device.
- Additional systems, methods, apparatus, features, and aspects are realized through the techniques of various embodiments of the invention. Other embodiments and aspects of the invention are described in detail herein and are considered a part of the claimed invention. Other advantages and features can be understood with reference to the description and to the drawings.
-
FIG. 1 illustrates a block diagram of an example key management system and associated integration, according to an example embodiment of the invention. -
FIG. 2 illustrates a block diagram of an example key management integration and associated data flow, according to an example embodiment of the invention. -
FIG. 3 illustrates a flow diagram of an example process for providing a test key to a mobile device, according to an example embodiment of the invention. -
FIG. 4 illustrates a flow diagram of an example process for providing a test key to a mobile device via over the air provisioning, according to an example embodiment of the invention. - Various embodiments of the invention are directed to the provision of test keys to mobile devices. In other words, various embodiments of the invention are directed to the replacement of mobile device and/or secure element production keys with test keys that facilitate the use of the mobile devices within a test environment. In certain embodiments, a mobile device may be registered with or otherwise interact with a key management server (“KMS”) or key management service provider. During the registration, a production key associated with the mobile device or a secure element of the mobile device may be replaced with a test key. A wide variety of suitable methods may be utilized to facilitate the registration. For example, a registration request may be received by the KMS from the mobile device via a mobile or cellular communication. As another example, a registration request may be received by the KMS via one or more Web interfaces and/or Web servers associated with the KMS. As yet another example, the mobile device may be physically located near the KMS or near a kiosk associated with the KMS, and a registration request may be received via a contactless reader (e.g., a Near Field Communication (“NFC”) reader, etc.). As desired, a registration request may include identifying information for the mobile device and/or a secure element associated with the mobile device, as well as an identifier of a desired test environment. A wide variety of identifying information may be received as desired in various embodiments of the invention, such as card production life cycle (“CPLC”) information associated with the mobile device secure element.
- Once a registration request (or other test key request) and identifying information have been received, the service provider may determine or generate a test key for the mobile device. As desired, a secure communications channel may be established with the mobile device secure element, and the secure element may be authenticated prior to determining the test key. A wide variety of suitable information may be utilized as desired to determine the test key. For example, in certain embodiments, at least a portion of the identifying information and a base level key, such as a master test key for a desired testing environment, may be utilized to generate the test key. In other words, a device specific test key may be generated or derived for the mobile device. Once generated, the test key may be provided to the mobile device for storage by the secure element. The test key may facilitate use of the mobile device within a desired testing environment, such as a development (“DEV”) testing environment, a quality assurance (“QA”) testing environment, and/or a client acceptance testing (“CAT”) or unit acceptance testing (“UAT”) environment. For example, the test key may allow the mobile device and/or the secure element to be authenticated by a testing environment server.
- Additionally, in certain embodiments, the test key and/or the production key may be stored by the KMS and/or provided to one or more other parties. In this regard, the test key may be replaced by the production key at a subsequent point in time, thereby facilitating use of the mobile device and/or secure element within a commercial environment. Additionally, the test key and/or production key may be provided to a trusted service manager (“TSM”) associated with a commercial operating environment. In this regard, the TSM may identify test devices and limit the provision of commercial applications to the test devices and/or the ability of the test devices (i.e., devices having test keys) to be utilized for commercial purposes (e.g., commercial transactions, account provisioning, etc.). For example, the TSM may identify a test device by a test key and disallow commercial operations associated with the identified test device. As another example, the TSM may black list production keys that have been replaced by test keys, thereby limiting the use of the test devices outside of a testing environment. Although the KMS is described as being a separate entity from a TSM, in certain embodiments, at least a portion of the TSM functionality and the KSM functionality may be performed by a single entity. For example, the TSM may facilitate the rotation or replacement of production keys with test keys.
- Various embodiments of the invention utilize trusted service management functionality, which may be implemented by a TSM or a KMS, to facilitate integration between multiple service providers and multiple mobile devices operating on any number of carrier networks, each operated by a different mobile network operator (“MNO”). In certain embodiments, a KMS and/or a TSM may be a third party entity strategically positioned to provide mobile device key management, mobile device application provisioning services, and integration functionality for provisioning mobile devices with various keys, applications, and/or associated end user data.
- Embodiments of the invention now will be described more fully hereinafter with reference to the accompanying drawings, in which embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout.
-
FIG. 1 represents a block diagram of anexample system 100 for providing test keys to mobile devices, according to one embodiment of the invention. As shown inFIG. 1 , a key management server (“KMS”)computer 110; multiple mobile network operator (“MNO”)computers mobile devices computers 160 may be in communication via at least onenetwork 170 and/ormultiple carrier networks carrier networks respective MNO computer - First, the
KMS computer 110 may include any number of processor-driven devices, including but not limited to, a server computer, a mainframe computer, one or more networked computers, a desktop computer, a personal computer, a laptop computer, a mobile computer, or any other processor-based device. In addition to having one ormore processors 116, theKMS computer 110 may further include one or more memory devices 112, input/output (“I/O”) interface(s) 118, and network interface(s) 119. The memory 112 may be any computer-readable medium, coupled to the processor(s) 116, such as RAM, ROM, and/or a removable storage device for storing data files and a database management system (“DBMS”) to facilitate management of data files and other data stored in the memory 112 and/or stored in one or moreseparate databases 138. The memory 112 may also store various program modules, such as an operating system (“OS”), aTSM interface 121, a mobilenetwork operator interface 122, an over the airprovisioning provider interface 123, adevice registration interface 124, a secureelement preparation module 126, and an over theair provisioning module 130. The OS may be, but is not limited to, Microsoft Windows®, Apple OSX™, Unix, a mainframe computer operating system (e.g., IBM z/OS, MVS, OS/390, etc.), or a specially designed operating system. Each of the interfaces andmodules mobile devices networks 170 and/orcarrier networks modules - Still referring to the
KMS computer 110, the I/O interface(s) 118 may facilitate communication between theprocessor 116 and various I/O devices, such as a keyboard, mouse, printer, microphone, speaker, monitor, bar code reader/scanner, RFID reader, contactless reader, or Hardware Security Modules (“HSMs”) 139 which facilitate secure key management (e.g., test key management for a variety of testing environments, etc.) and the like. With respect to HSMs, anHSM 139 may be external, such as connected to theKMS computer 110 via a network, or internally or proximately connected to theKMS computer 110. The network interface(s) 119 may take any of a number of forms, such as, but not limited to, a network interface card, a modem, a wireless network card, a cellular network card, or any other means operable for facilitating communications with one ormore carrier networks other networks 170. Indeed, theTSM computer 110 can communicate directly withmobile devices carrier networks suitable Web servers 137, the mobilenetwork operator gateway 134, the over theair services gateway 135, and thedevice registration gateway 136. It will be appreciated that theKMS computer 110 may be implemented on a particular machine, which may include a computer that is designed, customized, configured, or programmed to perform at least one or more functions of the interfaces andmodules - Second, the
MNO computers more processors MNO computers more memory devices memory memory memory communications module authentication module communications module mobile devices respective carrier networks TSM computer 110. Theauthentication module mobile devices mobile devices authentication module MNO computer mobile device TSM 110. - Still referring to each
MNO computer processors more carrier networks other network 170. It will be appreciated that theMNO computers communications module - Third, the
mobile devices more carrier networks mobile device specific MNO computer respective carrier network mobile device mobile device mobile devices more memory devices 152 a, 152 b, input/output (“I/O”) interface(s) 158 a, 158 b, and network interface(s) 159 a, 159 b. Thememory 152 a, 152 b may be any computer-readable medium, coupled to the processor(s) 156, such as RAM, ROM, and/or a removable storage device for storing data files. Thememory 152 a, 152 b may also includesecure elements 155 a, 155 b for maintaining mobile device applications and confidential data, as may be provisioned via theTSM computer 110 and associated provisioning services. In certain embodiments, asecure element 155 a, 155 b may be configured to store a key information, such as test key information, as well as certain identification information for the mobile device and thesecure element 155 a, 155 b (e.g., CPLC information, etc.). As desired, thesecure element 155 a, 155 b may utilize at least a portion of this information to generate requests, such as provisioning requests and/or transaction requests within a testing environment. In this regard, amobile device secure element 155 a, 155 b may be authenticated within the testing environment. Additionally, in certain embodiments, asecure element 155 a, 155 b may store an authentication module or program utilized by amobile device mobile device mobile device - The
memory 152 a, 152 b may also store any number of data files 153 a, 153 b and/or various program modules, such as an operating system (“OS”), end user interface module(s), and aprovisioning module 154 a, 154 b (also referred to interchangeably herein as “KMS and/or testing environment administration software”). The OS may be any mobile operating system, including proprietary operating systems by a mobile device manufacturer or mobile network operator, or third party software vendor mobile operating system, such as, but not limited to, Microsoft Windows CE®, Microsoft Windows Mobile®, Symbian OS™, Apple iPhone™ OS, RIM BlackBerry® OS, Palm OS® by ACCESS, or Google Android™. Theprovisioning module 154 a, 154 b may comprise computer-executable program instructions or software, including a dedicated program, for facilitating mobile device application provisioning on general memory and/or on thesecure elements 155 a, 155 b as carried out by theKMS computer 110 and/or various testing environment devices that are accessed once a test key has been loaded. According to various embodiments, thesecure elements 155 a, 155 b may refer to any computer-readable storage in the memory 152 and/or may refer to any securitized medium having memory, such as a Universal Integrated Circuit Card (“UICC”), Subscriber Identity Module (“SIM”), and the like. In one example, thesecure elements 155 a, 155 b may be operable with a RFID device or other NFC device associated with themobile devices secure elements 155 a, 155 b may be a separate embedded secure element (e.g., smart card chip) or a separate element (e.g., removable memory card, a key fob; connected via Bluetooth, etc.). For example, a secure element chip may be embedded in amobile device mobile device secure elements 155 a, 155 b may include any suitable hardware and/or software, such as memory, processing components, and communications components. In certain embodiments, thesecure elements 155 a, 155 b may be configured to communicate with other elements of themobile devices mobile devices secure element 155 a, 155 b may be accessed to encrypt and/or decrypt transactions generated by and/or received by the mobile wallet. - Still referring to each
mobile device more carrier networks other networks 170, such as via one ormore carrier networks mobile devices provisioning module 154 a, 154 b and other mobile communications, including voice communications, data communications, short message service (“SMS”), wireless application protocol (“WAP”), multimedia message service (“MMS”), Internet communications, other wireless communications, and the like, according to an example embodiment of the invention. - Fourth, the
TSM computers 160 may include any number of processor-driven devices, including but not limited to, a server computer, a mainframe computer, one or more networked computers, a desktop computer, a personal computer, a laptop computer, a mobile computer, or any other processor-based device. ATSM computer 160 may be configured to facilitate integration between multiple service providers and multiple mobile devices for various commercial purposes. In certain embodiments, a TSM may be a third party entity strategically positioned to provide mobile device application provisioning services and integration functionality for provisioning mobile device applications and associated end user data (e.g., encryption data, key information, etc.) to end users' mobile devices, to provide mobile device application-related lifecycle management services, to manage the many-to-many relationships between the multiple service providers and the MNOs operating the carrier networks, and/or to authenticate mobile devices during the processing of a wide variety of different requests and/or transactions. Applications that can be provisioned on mobile devices via a TSM can be any software application provided by a service provider and operable with a mobile device. According to one embodiment, near field communication (“NFC”) applications that enable subsequent transactions using NFC technology of the mobile device (e.g., radio frequency identification (“RFID”)) are among those mobile device applications provided by service providers. However, as used herein, mobile device applications are not limited to NFC-based applications. Example mobile device applications may include, but are not limited to, open loop and closed loop payment applications (e.g., MasterCard® PayPass™, Visa payWave™, American Express® ExpressPay, Discover® ZIP, NXP Mifare®, etc.), transit payment applications, loyalty applications, membership applications, electronic promotion and incentive applications, ticketing applications, access control and security applications, entertainment applications, retail shopping applications, and the like. - According to an aspect of the invention, a TSM may be configured to operate in conjunction with mobile devices that utilize production keys rather than test keys. Accordingly, the
TSM computer 160 may be configured to receive information associated with mobile devices on which test keys have been loaded. In this regard, theTSM computer 160 may identify test devices and limit or eliminate the operations of the test devices that may be performed in a commercial environment. For example, theTSM computer 160 may prevent the provisioning of financial account information and/or financial applications to the test devices. - In addition to having one or
more processors 166, each of theTSM computers 160 may further include one ormore memory devices 162, input/output (“I/O”) interface(s) 168, and network interface(s) 169. Thememory 162 may be any computer-readable medium, coupled to the processor(s) 166, such as RAM, ROM, and/or a removable storage device for storing data files and a DBMS to facilitate management of data files and other data stored in thememory 162 and/or stored in one or more separate databases 175 (e.g., a database of key information and/or authentication information, etc.). Thememory 162 may also store various program modules, such as an operating system (“OS”) and a key management module 164. The OS may be, but is not limited to, Microsoft Windows®, Apple OSX™, Unix, a mainframe computer operating system (e.g., IBM z/OS, MVS, OS/390, etc.), or a specially designed operating system. The key management module 164 may comprise computer-executable program instructions or software, including a dedicated program, for managing keys, authenticating mobile devices, and/or identifying test devices that are not suitable for operation within a commercial environment. - Still referring to each
TSM computer 160 the I/O interface(s) 168 may facilitate communication between theprocessors 166 and various I/O devices, such as a keyboard, mouse, printer, microphone, speaker, monitor, bar code reader/scanner, RFID reader, and the like. The network interface(s) 169 may take any of a number of forms, such as, but not limited to, a network interface card, a modem, a wireless network card, a cellular network card, or any other means operable for facilitating communications with thenetwork 170. It will be appreciated that theTSM computer 160 may be implemented on a particular machine, which may include a computer that is designed, customized, configured, or programmed to perform at least one or more functions of the key management module 164 and/or other TSM functions as described above, according to an example embodiment of the invention. Additionally, in certain embodiments, theTSM computer 160 may be combined with theKSM computer 110. In other words, a single server may be provided that facilitates management and/or provisioning of both test devices and commercial devices (e.g., mobile devices having production keys, etc.). - The
network 170 may include any telecommunication and/or data network, whether public, private, or a combination thereof, including a local area network, a wide area network, an intranet, an internet, the Internet, intermediate handheld data transfer devices, a publicly switched telephone network (“PSTN”), a cellular network, and/or any combination thereof and may be wired and/or wireless. Thenetwork 170 may also allow for real time, near real time, off-line, and/or batch transactions to be transmitted between or among theKMS computer 110, the MNO computer(s) 140 a, 140 b, themobile devices TSM computers 160. Due to network connectivity, various methodologies as described herein may be practiced in the context of distributed computing environments. It will also be appreciated that thenetwork 170 may include a plurality of networks, each with devices such as gateways and routers for providing connectivity between or amongnetworks 170. Instead of, or in addition to, anetwork 170, dedicated communication links may be used to connect the various devices in accordance with an example embodiment. - The
mobile carrier networks mobile device certain carrier network mobile devices carrier networks non-registered carrier networks - Generally, each of the memories and data storage devices, such as the
memories databases system 100 can store various received or collected information in memory or a database associated with one or more of the KMS computer(s) 110, the MNO computer(s) 140 a, 140 b, themobile devices - Suitable processors, such as the
processors multiple processors - The
system 100 shown in and described with respect toFIG. 1 is provided by way of example only. Numerous other operating environments, system architectures, and device configurations are possible. Other system embodiments can include fewer or greater numbers of components and may incorporate some or all of the functionality described with respect to the system components shown inFIG. 1 . For example, a respective KMS may be provided for each of a plurality of testing environments. In addition, the designation of system components by “a” and “b” is not intended to limit the number of possible components, but instead are provided for illustrative purposes to indicate that more than one of the respective components can be provided. Accordingly, embodiments of the invention should not be construed as being limited to any particular operating environment, system architecture, or device configuration. -
FIG. 2 illustrates an example block diagram 200 illustrating data flow and integration points between theKMS computer 110 and the various other entities that may participate in mobile device test key rotation, such asmultiple MNO computers 140, and multiplemobile devices 150, according to one embodiment of the invention. An example operation of the block diagram 200 ofFIG. 2 will be described separately and in conjunction with the flow diagrams ofFIGS. 3-4 . - As generally described above, a KMS and associated
KMS computer 110 may be operable to provide test keys to mobile devices and/or mobile device secure elements. These test keys allow the mobile devices to be utilized within various testing environments, such as a DEV environment, a QA environment, or a CAT or UAT environment. In certain embodiments, theKMS computer 110 may additionally be operable to load, delete, and manage mobile device applications and associated end user data on test mobile devices on behalf of various testing entities. In other embodiments, one or more servers associated with testing entities may be configured to provide application management functionality. Additionally, theKMS computer 110 and/or separate testing entity servers may be operable to facilitate the authentication of test mobile devices. According to various embodiments, theKMS computer 110 may be operable to provide, but is not limited to, one or more of the following functions: to act as a single point of integration between testing service providers, MNOs, and other TSMs; to load key information and/or mobile device applications over the air to mobile devices; to accept, prepare and personalize mobile device application end user data; to enable other entities to authenticate mobile devices and/or end users; to manage secured keys (e.g., cryptographic keys, master keys, rotated keys, test keys, etc.) used for testing application provisioning, personalization, and/or authentication of mobile devices; to manage mobile device application lifecycles on behalf of service providers over the life of an application; to manage mobile device lifecycles on behalf of MNOs over the life of a handset; and to provide billing and other administration functions to support relationships between MNOs and service providers, and between the KMS and each MNO and service provider. - Various services provided by the
KMS computer 110 can be implemented by one or more of the secureelement preparation module 126 and/or the over theair provisioning module 130. The secureelement preparation module 126 may be configured to facilitate preparing mobile device secure elements, such as requesting increased space allocated on the secure element for provisioning applications and verifying secure element properties with the MNO. According to various embodiments, the secureelement preparation module 126 may further be configured to receive and/or provide personalization data associated with mobile device applications for each end user during provisioning. In one example, theKMS computer 110 may generate or identify a test key to be provided to a mobile device secure element, and theKMS computer 110 may coordinate the provisioning of the test key to the secure element. As desired, a wide variety of suitable techniques may be utilized to facilitate the provisioning of the test key to a mobile device, such as over the air provisioning via a carrier network, Web-based communications (e.g., communications managed by one ormore Web servers 137, and/or contactless provisioning (e.g., radio frequency provisioning, NFC provisioning, etc.) on mobile devices that are situated in relatively close proximity to theKMS computer 110. - The over the
air provisioning module 130 may be configured to facilitate the OTA provisioning of mobile device applications and associated end user data with multiple mobile devices. As described in more detail herein, theOTA provisioning module 130 may facilitate communications with third party OTA provisioning providers via theOTA services gateway 135, and/or can facilitate direct provisioning by theKMS computer 110. It is appreciated that, according to some embodiments, the functions of theOTA provisioning module 130 may also be implemented in one or more of theMNO computers 140 and/or within functions implemented by thecarrier networks OTA provisioning module 130. - In certain embodiments, an authentication module may be provided and configured to provide administration and maintenance functions for secured keys (e.g., test keys, production keys, etc.) in accordance with KMS security policies, MNO security policies, test environment security policies, and/or TSM security policies. Various functions performed by the
KMS computer 110 may integrate with the authentication module to provide security for end users, MNOs, test environment devices, and TSMs. According to an aspect of the invention, the authentication module may be configured to format key information, such as test key or rotated test key information, for communication to a mobile device and/or provisioning or storage on a secure element associated with the mobile device. In this regard, the mobile device may be authenticated during subsequent requests within a testing environment or a TSM environment. - In certain embodiments, the MNOs and associated
MNO computers 140 may be operable to provide the communications channel to reach and provision test key information and/or various mobile device applications and associated end user data on end users' mobile devices. According to various embodiments, eachMNO computer 140 may be operable to provide, but is not limited to, one or more of the following functions: provide the TSM computer with information on mobile device secure elements and unique mobile device identity modules (e.g., Universal Subscriber Identity Modules (“USIMs”)) throughout the lifecycle; provide a communications gateway via a respective carrier network for OTA provisioning of mobile device applications; provide a mobile device user interface for accessing provisioned mobile device applications on each mobile device (e.g., a mobile wallet); facilitate management of secured keys used to securely load and delete mobile device applications on mobile device secure elements; interface with the KMS computer; facilitate authentication of the end user interfacing with the KMS; facilitate allocating memory for mobile device applications on the end users' mobile devices; communicate to the KMS computer that unique end user identity modules have changed; communicate to the KMS computer the status of unique mobile device identity modules (e.g., which USIMs have been lost, stolen, damaged, replaced by new mobile devices, etc.); and facilitate management of any tariffs and fees associated with application provisioning communications. - An
MNO gateway 134 and associatedMNO interface 122 are operable for providing a common point of integration between theTSM computer 110 and themultiple MNO computers 140. According to one embodiment, theMNO interface 122 is configured to communicate with each MNO according to the same common MNO message standard, as described further herein. Moreover, according to various embodiments, theMNO gateway 134 and associatedMNO interface 122 are further operable to permit theTSM computer 110 to communicate withmobile devices 150 via a respective carrier network operated by each MNO. - The TSMs and associated
TSM computers 160 are operable to provide one or more provisioning services, authentication services, key management services, and/or integration services to mobile devices that are utilized within commercial non-test environments. In accordance with an aspect of the invention, theTSM computers 160 may receive information associated with test devices (e.g., device identifiers, secure element identifiers, test keys, production keys, etc.), and theTSM computers 160 may limit commercial functionality provided for the test devices. In this regard, the use of the test devices may be limited to suitable test environments. ATSM gateway 133 and associatedTSM interface 121 are operable for providing a common point of integration between theKMS computer 110 and themultiple TSMs 160. - The
mobile devices 150 represent the respective end users that are utilized and/or will be utilized in test environments. In certain embodiments, a testmobile device 150 may have a contractual relationship with an MNOs (e.g., for operating on a respective carrier network). According to various embodiments, eachmobile device 150 may be operable to provide, but is not limited to, one or more of the following functions: activate mobile devices and/or secure elements with an MNO and/or test environment; register for and request test keys and/or mobile device applications for use in a test environment; download mobile device applications and associated end user data on mobile device secure elements; authenticate the respective end user and/or mobile device within a test environment; and/or perform transactions within a test environment using the provisioned mobile device applications (e.g., a payment transaction at a retailer, etc.). - An
OTA services gateway 135 and associated OTA services interface 123 are operable to facilitate provisioning of key information and/or mobile device applications and associated end user data tomobile devices 150. According to one embodiment, theOTA services gateway 135 may be configured to permit theKSM computer 110 to transact with third party OTA provisioning providers to perform all or some of the OTA provisioning services withmobile devices 150, such as by utilizing a common provisioning messaging standard for all third party OTA provisioning providers in a manner similar to that described with reference to theMNO interface 122. According to another embodiment, theOTA services gateway 135 may be configured to permit theKMS computer 110 to provision mobile device applications and associated end user data directly to themobile devices 150, such as via one or more carrier networks. According to various embodiments, theMNO gateway 134 and associatedMNO interface 122 may be utilized at least in part to provide OTA provisioning by theTSM computer 110, such as for accessing and communicating over a respective MNO carrier network. - A
device registration gateway 136 and associateddevice registration interface 124 are operable to facilitate communications with mobile devices for registering to receive test keys and/or mobile device applications, and the like. In certain embodiments,MNO computers 140 and/or other service providers may provide registration applications for mobile devices (e.g., mobile device-based registration interface, Internet-based registration interface, etc.). Thus, thedevice registration gateway 136 and associateddevice registration interface 124 may provide a common integration point and associated common messaging standard for receiving and responding to such requests. According to another embodiment, theKMS computer 110 may be configured to provide similar registration services to mobile devices, such as may be performed on behalf of the MNOs and/or other service provider. - According to an aspect of the invention, methods for providing test keys to mobile devices may be provided. In certain embodiments, a test key may be generated for a mobile device that facilitates use of the mobile device within a testing environment. For example, a test key may be generated during the registration of a mobile device with a
KMS computer 110, and a production key for a mobile device secure element may be replaced with a test key. Although the provision of test keys is described for mobile devices, the provision of test keys may be performed for a wide variety of other devices, such as tablet computers and/or other devices that may not be capable of communications via a carrier network.FIG. 3 illustrates a flow diagram of anexample method 300 for providing a test key to a mobile device, according to an example embodiment of the invention. Themethod 300 may be performed by a suitable key management system, such as thesystem 100 illustrated inFIG. 1 . Themethod 300 may begin atblock 305. - At
block 305, registration request may be received for a mobile device, such as one of themobile devices 150 illustrated inFIG. 1 . For example, a registration request to activate the mobile device for use within a testing environment may be received. The request may be received utilizing a wide variety of suitable communication techniques. For example, the request may be received via an MNO and/or carrier network. As another example, the request may be received via a suitable Web interface and/or Web server associated with theKMS computer 110. As yet another example, the request may be received based upon a positioning of amobile device 150 in proximity to a contactless reader/writer device or other suitable device, such as a kiosk or other reader/or writer device, that facilitates the provision of a test key to themobile device 150. In yet other embodiments, a registration request may not be received, and the provision of a test key may be initiated by theKMS computer 110. As desired, a wide variety of information may be received from themobile device 150 during a registration request and/or in association with the provisioning of a test key to themobile device 150. Examples of suitable information that may be received include, but are not limited to, an identification information for themobile device 150, identification information for a secure element associated with the mobile device 150 (e.g., card production life cycle (“CPLC”) information and/or other identifying information associated with a secure element (e.g., the ICCID, IMSI, etc.)), information associated with a production key associated with themobile device 150, and/or an identifier of a desired testing environment (e.g., a DEV environment, a QA environment, or a CAT or UAT environment). - At
block 310, a desired testing environment for themobile device 150 may be identified. For example, information received from themobile device 150 may be evaluated in order to determine or identify a desired testing environment. As another example, input received from other entities (e.g., a testing service provider) and/or via one or more I/O devices (e.g., a keyboard, mouse, etc.) may be evaluated in order to identify a desired testing environment. For example, a testing environment indication may be entered into a kiosk associated with theKMS computer 110, directly entered into theKMS computer 110 by a user, and/or received via a Web server from a service provider conducting testing on themobile device 150. - At
block 315, a test key may be generated, determined, or derived for themobile device 150 and/or the secure element. In certain embodiments, a base level key, such as a master key determined by a testing service provider or a mobile device manufacturer, may be utilized to generate or derive the rotated key. Additionally, a wide variety of suitable rotation techniques (e.g., a key schedule, etc.) and/or other methods or derivation techniques may be utilized as desired to derive a test key. For example, additional information may be combined with the base level key during a derivation of a test key. In certain embodiments, at least a portion of the received identifying information, such as CPLC information and/or an identifier of the secure element, may be utilized in conjunction with the base level key to derive a test key. For example, an identifier of the secure element may be combined (e.g., added, multiplied, etc.) with the base level key to derive a test key for themobile device 150. In other embodiments, test keys may be specified by a testing entity for provision tomobile devices 150 and a next available test key may be selected. Indeed, a wide variety of suitable methods and/or techniques may be utilized to identify a suitable test key. As desired, the test keys that are utilized for a testing environment may be unique to the testing environment and/or determined based upon an identification of the testing environment. - Additionally, in certain embodiments of the invention, identifying information for the
mobile device 150 may be modified or updated by theKMS computer 110. For example, received CPLC information may be modified or updated by theKMS computer 110. A wide variety of different aspects of CPLC information and/or identifying information may be updated as desired in various embodiments, such as date information, version information, key version information, etc. In certain embodiments, the updated identifying information may be utilized in the derivation of a rotated key. - At
block 315, the generated or derived test key and/or any updated identifying information may be provided by theKMS computer 110 to themobile device 150. For example, the test key and/or identifying information may be provisioned or otherwise provided to a secure element of themobile device 150. According to an aspect of the invention, a production key or manufacturer provided key associated with the secure element may be replaced with the test key. In this regard, the test key may be utilized by themobile device 150 to facilitate identification and/or authentication of themobile device 150 within a designated testing environment, as well as for the encryption and/or decryption of communications within the testing environment. - At
block 320, theKMS computer 110 may store or direct the storage of the generated test key, the production key that was originally stored on themobile device 150, and/or identifying information for themobile device 150 and/or secure element in one or more suitable memory devices, such as thedatabases 138 illustrated inFIG. 1 . In this regard, theKMS computer 110 and/or various testing environment servers may access the information to facilitate an authentication of themobile device 150 at a subsequent point in time, such as during the processing of testing environment requests. Additionally, theKMS computer 110 may access the information to facilitate a replacement of the test key on amobile device 150 with the original production key that was previously removed from the secure element. - At
block 330, which may be optional in certain embodiments of the invention, information associated with the test key provision may be provided to a wide variety of other entities, such as a testing environment server and/or to a TSM. A wide variety of information may be provided as desired in various embodiments of the invention, such as identification information for themobile device 150 and/or the secure element, test key information, and/or information associated with the product keys. A testing environment server may utilize the received information to facilitate the authentication of themobile device 150 within the testing environment and/or to facilitate the provisioning of various applications to themobile device 150 and the processing of various transactions associated with themobile device 150. A TSM may utilize the received information to facilitate the identification and/or blacklisting of test devices. In this regard, a TSM that is utilized in a commercial environment may limit and/or prohibit the functionality of test devices within the commercial environment. Additionally, the TSM may identify and/or address various security breaches within a commercial environment. For example, the TSM may prevent a security breach resulting from an attempted fraudulent loading of a production key originally associated with a test device onto another device. - The
method 300 may end followingblock 330. -
FIG. 4 illustrates a flow diagram of anexample method 400 for providing a test key to a mobile device via over the air provisioning, according to an example embodiment of the invention. Themethod 400 may be one example of the operations that may be performed to facilitate themethod 300 ofFIG. 3 . It will be appreciated that other methods and/or techniques other than OTA provisioning, such as Web-based techniques and/or contactless reader communications, may be utilized to facilitate the provision of test keys to mobile devices. Themethod 400 may be performed by a suitable key management system, such as thesystem 100 illustrated inFIG. 1 . Themethod 400 may begin atblock 402. - At block 402 a user may activate a mobile device, such as one of the
mobile devices 150 illustrated inFIG. 1 . In certain embodiments, the activation of themobile device 150 may be an initial activation of themobile device 150. Based upon an activation of themobile device 150, themobile device 150 may attempt to facilitate a registration with theMNO computer 140 and/or a KMS computer, such as theKMS computer 110 illustrated inFIG. 1 . As an alternative to an activation of themobile device 150 to initiate the request of a test key, amobile device 150 may be situated in close proximity to theKMS computer 110 or associated key rotation device, and theKMS computer 110 may initiate the key rotation. As yet another alternative, a user command may be received by themobile device 150, and a key rotation may be requested based at least in part upon receipt of the user command. - In certain embodiments, once the
mobile device 150 has been activated and/or once a user has logged into themobile device 150 and request a key rotation, a suitable authentication notification may be sent to theMNO computer 140. TheMNO computer 140 may validate themobile device 150, and an authentication token may be returned to themobile device 150. The authentication token may be utilized to form a relatively secure communications channel between themobile device 150 and theMNO computer 140. - At
block 404, a registration request or key rotation request may be generated by themobile device 150, and the generated request may be output for communication to theMNO computer 140. As desired, the request may include an identifier of a desired testing environment in which themobile device 150 will be utilized. The request may be received and processed by theMNO computer 140 atblock 406. In response to the request, a request identifier may be output by theMNO computer 140 atblock 408 for communication to themobile device 150. As desired, an instruction for themobile device 150 to contact theKMS computer 110 for key rotation purposes utilizing the request identifier may also be communicated to themobile device 150. In certain embodiments, contact information for theKMS computer 110 may also be communicated to themobile device 150. - The request identifier and/or associated information may be received by the
mobile device 150 atblock 410. Atblock 412, a test registration request may be generated by themobile device 150 and output for communication to theKMS computer 110. In certain embodiments, the request identifier may be utilized to generate the test registration request and/or direct the transmission of the test registration request to theKMS computer 110. The test registration request may be received and processed by theKMS computer 110 atblock 414. As desired in various embodiments, any number of suitable networks and/or communications techniques may be utilized to facilitate the communication of the request to theKMS computer 110. For example, the request may be communicated via a suitable carrier network, such as one of the carrier networks 180 illustrated inFIG. 1 . In certain embodiments, the request may be communicated directly to theKMS computer 110. In other embodiments, the request may be communicated through any number of intermediary systems and/or devices, such as anMNO computer 140. During the processing of the test registration request, theKMS computer 110 may request an OTA proxy associated with themobile device 150 be woken up or activated. For example, a request for OTA proxy activation may be sent to theMNO computer 140 atblock 416. In certain embodiments, theMNO computer 140 may be requested to wake up an OTA proxy that is stored on a general or shared memory or general operation chip associated with themobile device 150. TheMNO computer 140 may receive the request atblock 418 and push or otherwise communicate a request to wake up the OTA proxy to themobile device 150. - At
block 420, the OTA proxy wake up request may be received by themobile device 150. The OTA proxy associated with themobile device 150 may be activated and/or woken up, and an OTA proxy message associated with the registration of themobile device 150 may be communicated by themobile device 150 to theKMS computer 110 atblock 422. The OTA proxy registration message may be received by theKMS computer 110 atblock 424. In certain embodiments, a secure communications channel may be established between theKMS computer 110 and the mobile device 150 (or the mobile device secure element). As desired, a wide variety of suitable techniques may be utilized to authenticate a secure communications channel. For example, a registration identifier received from themobile device 150 and a registration identifier received from theMNO computer 140 may be compared to facilitate the authentication of a secure communications channel. As another example, one or more Application Protocol Data Unit (“APDU”) commands may be utilized to facilitate the authentication of a secure communications channel. As yet another example, any number of suitable handshake procedures may be utilized to facilitate the authentication and/or the establishment of a secure communications channel. - At
block 426, identifying information for themobile device 150 and/or a mobile device secure element may be requested by theKMS computer 110. For example, themobile device 150 may be requested to communicate identifying information to theKMS computer 110 via the secure communications channel. A wide variety of different types of identifying information may be requested as desired in various embodiments of the invention, including but not limited to, an identifier of a desired testing environment, an identifier of the secure element, CPLC information for the secure element, production key information stored on the secure element, and/or an identifier of production key information (e.g., a numerical identifier of a production key stored within a list of production keys, etc.). - At
block 428, the request for identifying information may be received by themobile device 150 via the secure communications channel, and the requested information may be returned to theKMS computer 110 by themobile device 150 atblock 430. Atblock 432, theKMS computer 110 may receive and process the requested identifying information. In certain embodiments of the invention, theKMS computer 110 may determine atblock 434 whether the secure element may be authenticated. For example, at least a portion of the received identifying information may be compared to expected identifying information, and a determination may be made as to whether the secure element and/or themobile device 150 is valid based at least in part upon the comparison. In one example embodiment, received CPLC information may be compared to stored CPLC information, such as CPLC information previously received from a device manufacturer or other third party data source. If it is determined atblock 434 that the secure element is not authenticated, then operations may continue atblock 436, and themobile device 150 may be marked as an invalid mobile device, and the key rotation process may end. As desired, a registration error message may be communicated by theKMS computer 110 to themobile device 150 for display or other presentation to a user. The error message may be received and processed by themobile device 150 atblock 438, and operations may end followingblock 438. - If, however, it is determined at
block 434, that the secure element is authenticated and/or that themobile device 150 is valid, then operations may continue atblock 440. Atblock 440, a test key may be generated or derived for themobile device 150 and/or the secure element. A wide variety of suitable methods and/or techniques may be utilized as desired to generate or derive a test key. For example, a desired testing environment may be identified, and a next available test key for the desired testing environment may be accessed from memory and/or obtained from a device associated with the testing environment. As another example, a base level key associated with the testing environment, such as a master key, may be utilized to generate or derive a test key for the testing environment. For example, a wide variety of suitable rotation techniques (e.g., a key schedule, etc.) and/or other methods or derivation techniques may be utilized as desired to derive a test key from the master key. As desired, additional information may be combined with the base level key during a derivation of a test key. For example, at least a portion of the received identifying information, such as CPLC information and/or an identifier of the secure element, may be utilized in conjunction with the base level key to derive a test key for themobile device 150. - Additionally, in certain embodiments of the invention, identifying information for the
mobile device 150 may be modified or updated by theKMS computer 110 atblock 440. For example, received CPLC information may be modified or updated by theKMS computer 110. A wide variety of different aspects of CPLC information and/or identifying information may be updated as desired in various embodiments, such as date information, version information, key version information, etc. In certain embodiments, the updated identifying information may be utilized in the derivation of a test key. - At
block 442, the generated or derived test key and/or any updated identifying information may be communicated or transmitted by theKMS computer 110 to themobile device 150. For example, the test key and/or identifying information may be provisioned or otherwise provided to a secure element of themobile device 150 via the OTA proxy. Themobile device 150 may receive and store the test key and/or identifying information atblock 444. For example, the test key and/or identifying information may be stored on the secure element, and the production key may be replaced on the secure element. In this regard, the test key may be utilized by themobile device 150 and/or the secure element to facilitate identification of themobile device 150 within the testing environment and/or the encrypt and/or decryption of communications within the testing environment. - At
block 446, the test key, information utilized to derive the test key, received identifying information, updated identifying information, the production key, and/or information utilized to identify the production key may be stored by theKMS computer 110 in one or more suitable memory devices, such as thedatabases 138 illustrated inFIG. 1 . In this regard, the stored information may be subsequently accessed to facilitate authentication of themobile device 150 by theKMS computer 110 and, as desired, replacement of the test key with the production key. Additionally or alternatively, in certain embodiments, at least a portion of the information may be communicated by theKMS computer 110 to one ormore TSMs 160, such as a TSM that facilitates authentication and/or integration of mobile devices within a commercial environment. In this regard, the TSM may facilitate subsequent identification of and/or blacklisting of the testmobile device 150 within a commercial environment. Additionally, the TSM may facilitate the identification of potential security risks based upon an attempted use of the production key associated with the testmobile device 150 within a commercial environment. The communicated information may be received and stored by the TSMs atblock 448. - The
method 400 may end following either block 438 or block 448. - The operations described and shown in the
methods FIGS. 3-4 may be carried out or performed in any suitable order as desired in various embodiments of the invention. Additionally, in certain embodiments, at least a portion of the operations may be carried out in parallel. Furthermore, in certain embodiments, less than or more than the operations described inFIGS. 3-4 may be performed. - The invention is described above with reference to block and flow diagrams of systems, methods, apparatuses, and/or computer program products according to example embodiments of the invention. It will be understood that one or more blocks of the block diagrams and flow diagrams, and combinations of blocks in the block diagrams and the flow diagrams, respectively, can be implemented by computer-executable program instructions. Likewise, some blocks of the block diagrams and flow diagrams may not necessarily need to be performed in the order presented, or may not necessarily need to be performed at all, according to some embodiments of the invention.
- Various block and/or flow diagrams of systems, methods, apparatus, and/or computer program products according to example embodiments of the invention are described above. It will be understood that one or more blocks of the block diagrams and flow diagrams, and combinations of blocks in the block diagrams and flow diagrams, respectively, can be implemented by computer-executable program instructions. Likewise, some blocks of the block diagrams and flow diagrams may not necessarily need to be performed in the order presented, or may not necessarily need to be performed at all, according to some embodiments of the invention.
- These computer-executable program instructions may be loaded onto a special purpose computer or other particular machine, a processor, or other programmable data processing apparatus to produce a particular machine, such that the instructions that execute on the computer, processor, or other programmable data processing apparatus create means for implementing one or more functions specified in the flow diagram block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means that implement one or more functions specified in the flow diagram block or blocks. As an example, embodiments of the invention may provide for a computer program product, comprising a computer-usable medium having a computer-readable program code or program instructions embodied therein, said computer-readable program code adapted to be executed to implement one or more functions specified in the flow diagram block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational elements or steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions that execute on the computer or other programmable apparatus provide elements or steps for implementing the functions specified in the flow diagram block or blocks.
- Accordingly, blocks of the block diagrams and flow diagrams support combinations of means for performing the specified functions, combinations of elements or steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that each block of the block diagrams and flow diagrams, and combinations of blocks in the block diagrams and flow diagrams, can be implemented by special purpose, hardware-based computer systems that perform the specified functions, elements or steps, or combinations of special purpose hardware and computer instructions.
- Many modifications and other embodiments of the invention set forth herein will be apparent having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the invention is not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/481,346 US20120303310A1 (en) | 2011-05-26 | 2012-05-25 | Systems and Methods for Providing Test Keys to Mobile Devices |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161490501P | 2011-05-26 | 2011-05-26 | |
US13/481,346 US20120303310A1 (en) | 2011-05-26 | 2012-05-25 | Systems and Methods for Providing Test Keys to Mobile Devices |
Publications (1)
Publication Number | Publication Date |
---|---|
US20120303310A1 true US20120303310A1 (en) | 2012-11-29 |
Family
ID=47219227
Family Applications (10)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/481,364 Active 2033-05-08 US9106633B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for authenticating mobile device communications |
US13/481,377 Expired - Fee Related US8752127B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for identifying devices by a trusted service manager |
US13/481,346 Abandoned US20120303310A1 (en) | 2011-05-26 | 2012-05-25 | Systems and Methods for Providing Test Keys to Mobile Devices |
US13/481,352 Active US9106632B2 (en) | 2011-05-26 | 2012-05-25 | Provisioning by delivered items |
US13/481,356 Active 2033-05-11 US9059980B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for authenticating mobile devices |
US13/481,387 Active 2032-12-16 US9154477B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for encrypting mobile device communications |
US13/481,394 Abandoned US20120303503A1 (en) | 2011-05-26 | 2012-05-25 | Systems and Methods for Tokenizing Financial Information |
US13/481,437 Expired - Fee Related US8775305B2 (en) | 2011-05-26 | 2012-05-25 | Card-present on-line transactions |
US13/481,433 Expired - Fee Related US8880886B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for authenticating mobile devices |
US14/268,703 Active US9331996B2 (en) | 2011-05-26 | 2014-05-02 | Systems and methods for identifying devices by a trusted service manager |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/481,364 Active 2033-05-08 US9106633B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for authenticating mobile device communications |
US13/481,377 Expired - Fee Related US8752127B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for identifying devices by a trusted service manager |
Family Applications After (7)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/481,352 Active US9106632B2 (en) | 2011-05-26 | 2012-05-25 | Provisioning by delivered items |
US13/481,356 Active 2033-05-11 US9059980B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for authenticating mobile devices |
US13/481,387 Active 2032-12-16 US9154477B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for encrypting mobile device communications |
US13/481,394 Abandoned US20120303503A1 (en) | 2011-05-26 | 2012-05-25 | Systems and Methods for Tokenizing Financial Information |
US13/481,437 Expired - Fee Related US8775305B2 (en) | 2011-05-26 | 2012-05-25 | Card-present on-line transactions |
US13/481,433 Expired - Fee Related US8880886B2 (en) | 2011-05-26 | 2012-05-25 | Systems and methods for authenticating mobile devices |
US14/268,703 Active US9331996B2 (en) | 2011-05-26 | 2014-05-02 | Systems and methods for identifying devices by a trusted service manager |
Country Status (1)
Country | Link |
---|---|
US (10) | US9106633B2 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140281504A1 (en) * | 2013-03-18 | 2014-09-18 | International Business Machines Corporation | Authorizing Use Of A Test Key Signed Build |
US9059980B2 (en) | 2011-05-26 | 2015-06-16 | First Data Corporation | Systems and methods for authenticating mobile devices |
WO2016037701A1 (en) * | 2014-09-11 | 2016-03-17 | Giesecke & Devrient Gmbh | Method and devices for testing a mobile terminal having a security element |
US20160125203A1 (en) * | 2014-10-31 | 2016-05-05 | Xiaomi Inc. | Method and apparatus of verifying terminal and medium |
US10353806B1 (en) | 2015-12-07 | 2019-07-16 | Mx Technologies, Inc. | Multi-platform testing automation |
Families Citing this family (374)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140019352A1 (en) | 2011-02-22 | 2014-01-16 | Visa International Service Association | Multi-purpose virtual card transaction apparatuses, methods and systems |
US8762263B2 (en) | 2005-09-06 | 2014-06-24 | Visa U.S.A. Inc. | System and method for secured account numbers in proximity devices |
US9047601B2 (en) * | 2006-09-24 | 2015-06-02 | RFCyber Corpration | Method and apparatus for settling payments using mobile devices |
US7739169B2 (en) | 2007-06-25 | 2010-06-15 | Visa U.S.A. Inc. | Restricting access to compromised account information |
US8121956B2 (en) | 2007-06-25 | 2012-02-21 | Visa U.S.A. Inc. | Cardless challenge systems and methods |
US7937324B2 (en) | 2007-09-13 | 2011-05-03 | Visa U.S.A. Inc. | Account permanence |
US8219489B2 (en) | 2008-07-29 | 2012-07-10 | Visa U.S.A. Inc. | Transaction processing using a global unique identifier |
CA2742963A1 (en) | 2008-11-06 | 2010-05-14 | Visa International Service Association | Online challenge-response |
KR101207178B1 (en) * | 2008-12-12 | 2012-11-30 | 에스케이플래닛 주식회사 | A system, a method, a service server, a mobile terminal, an end terminal and a storage means for service supply |
US20120035993A1 (en) * | 2009-03-09 | 2012-02-09 | Rajender Kumar Nangia | Method of providing brand promotion via mobile terminal and the system thereof |
US9715681B2 (en) | 2009-04-28 | 2017-07-25 | Visa International Service Association | Verification of portable consumer devices |
US9038886B2 (en) | 2009-05-15 | 2015-05-26 | Visa International Service Association | Verification of portable consumer devices |
US10846683B2 (en) | 2009-05-15 | 2020-11-24 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US8534564B2 (en) | 2009-05-15 | 2013-09-17 | Ayman Hammad | Integration of verification tokens with mobile communication devices |
US8893967B2 (en) | 2009-05-15 | 2014-11-25 | Visa International Service Association | Secure Communication of payment information to merchants using a verification token |
US8602293B2 (en) | 2009-05-15 | 2013-12-10 | Visa International Service Association | Integration of verification tokens with portable computing devices |
US7891560B2 (en) | 2009-05-15 | 2011-02-22 | Visa International Service Assocation | Verification of portable consumer devices |
US9105027B2 (en) | 2009-05-15 | 2015-08-11 | Visa International Service Association | Verification of portable consumer device for secure services |
US10140598B2 (en) | 2009-05-20 | 2018-11-27 | Visa International Service Association | Device including encrypted data for expiration date and verification value creation |
US8989705B1 (en) | 2009-06-18 | 2015-03-24 | Sprint Communications Company L.P. | Secure placement of centralized media controller application in mobile access terminal |
FR2951898B1 (en) * | 2009-10-27 | 2015-10-02 | Sagem Comm | METHOD FOR ESTABLISHING AN APPLICATION SESSION, DEVICE AND NOTIFICATION THEREOF |
US10255591B2 (en) | 2009-12-18 | 2019-04-09 | Visa International Service Association | Payment channel returning limited use proxy dynamic value |
CA3045817A1 (en) | 2010-01-12 | 2011-07-21 | Visa International Service Association | Anytime validation for verification tokens |
US10255601B2 (en) | 2010-02-25 | 2019-04-09 | Visa International Service Association | Multifactor authentication using a directory server |
US9245267B2 (en) | 2010-03-03 | 2016-01-26 | Visa International Service Association | Portable account number for consumer payment account |
US8645280B2 (en) * | 2010-06-04 | 2014-02-04 | Craig McKenzie | Electronic credit card with fraud protection |
US9172680B2 (en) * | 2010-06-07 | 2015-10-27 | Protected Mobility, Llc | Systems and methods for enabling secure messaging, command, and control of remote devices, communicated via a short message service or other message oriented communications mediums |
US9342832B2 (en) | 2010-08-12 | 2016-05-17 | Visa International Service Association | Securing external systems with account token substitution |
US10586227B2 (en) | 2011-02-16 | 2020-03-10 | Visa International Service Association | Snap mobile payment apparatuses, methods and systems |
BR112013021059A2 (en) | 2011-02-16 | 2020-10-27 | Visa International Service Association | Snap mobile payment systems, methods and devices |
BR112013021057A2 (en) | 2011-02-22 | 2020-11-10 | Visa International Service Association | universal electronic payment devices, methods and systems |
KR101895243B1 (en) | 2011-03-04 | 2018-10-24 | 비자 인터네셔널 서비스 어소시에이션 | Integration of payment capability into secure elements of computers |
WO2012142045A2 (en) | 2011-04-11 | 2012-10-18 | Visa International Service Association | Multiple tokenization for authentication |
US8538845B2 (en) | 2011-06-03 | 2013-09-17 | Mozido, Llc | Monetary transaction system |
US9639825B1 (en) | 2011-06-14 | 2017-05-02 | Amazon Technologies, Inc. | Securing multifactor authentication |
US9628875B1 (en) | 2011-06-14 | 2017-04-18 | Amazon Technologies, Inc. | Provisioning a device to be an authentication device |
US9355393B2 (en) | 2011-08-18 | 2016-05-31 | Visa International Service Association | Multi-directional wallet connector apparatuses, methods and systems |
US9582598B2 (en) | 2011-07-05 | 2017-02-28 | Visa International Service Association | Hybrid applications utilizing distributed models and views apparatuses, methods and systems |
WO2013006725A2 (en) | 2011-07-05 | 2013-01-10 | Visa International Service Association | Electronic wallet checkout platform apparatuses, methods and systems |
WO2013009284A1 (en) * | 2011-07-11 | 2013-01-17 | Research In Motion Limited | Data integrity for proximity-based communication |
US20130024383A1 (en) * | 2011-07-18 | 2013-01-24 | Sasikumar Kannappan | Mobile Device With Secure Element |
US9704155B2 (en) | 2011-07-29 | 2017-07-11 | Visa International Service Association | Passing payment tokens through an hop/sop |
US10825001B2 (en) | 2011-08-18 | 2020-11-03 | Visa International Service Association | Multi-directional wallet connector apparatuses, methods and systems |
US10242358B2 (en) | 2011-08-18 | 2019-03-26 | Visa International Service Association | Remote decoupled application persistent state apparatuses, methods and systems |
US9710807B2 (en) | 2011-08-18 | 2017-07-18 | Visa International Service Association | Third-party value added wallet features and interfaces apparatuses, methods and systems |
US9165294B2 (en) | 2011-08-24 | 2015-10-20 | Visa International Service Association | Method for using barcodes and mobile devices to conduct payment transactions |
US10223730B2 (en) | 2011-09-23 | 2019-03-05 | Visa International Service Association | E-wallet store injection search apparatuses, methods and systems |
US10142442B2 (en) * | 2011-10-26 | 2018-11-27 | Mastercard International Incorporated | Methods, systems and computer readable media for enabling a downloadable service to access components in a mobile device |
WO2013063446A1 (en) * | 2011-10-26 | 2013-05-02 | Mastercard International Incorporated | Methods, systems and computer readable media for enabling a downloadable service to access components in a mobile device |
US8875228B2 (en) | 2011-11-01 | 2014-10-28 | Jvl Ventures, Llc | Systems, methods, and computer program products for managing secure elements |
US9544759B2 (en) | 2011-11-01 | 2017-01-10 | Google Inc. | Systems, methods, and computer program products for managing states |
US9208488B2 (en) | 2011-11-21 | 2015-12-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
US10438196B2 (en) | 2011-11-21 | 2019-10-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
JP5643741B2 (en) * | 2011-12-02 | 2014-12-17 | 株式会社東芝 | Authentication apparatus, authentication method, and authentication program |
WO2013084054A1 (en) | 2011-12-08 | 2013-06-13 | Dark Matter Labs Inc. | Key creation and rotation for data encryption |
US9077769B2 (en) * | 2011-12-29 | 2015-07-07 | Blackberry Limited | Communications system providing enhanced trusted service manager (TSM) verification features and related methods |
CN104094302B (en) | 2012-01-05 | 2018-12-14 | 维萨国际服务协会 | Data protection is carried out with conversion |
US10223710B2 (en) | 2013-01-04 | 2019-03-05 | Visa International Service Association | Wearable intelligent vision device apparatuses, methods and systems |
US9830595B2 (en) | 2012-01-26 | 2017-11-28 | Visa International Service Association | System and method of providing tokenization as a service |
AU2013214801B2 (en) | 2012-02-02 | 2018-06-21 | Visa International Service Association | Multi-source, multi-dimensional, cross-entity, multimedia database platform apparatuses, methods and systems |
US10282724B2 (en) | 2012-03-06 | 2019-05-07 | Visa International Service Association | Security system incorporating mobile device |
US8712407B1 (en) | 2012-04-05 | 2014-04-29 | Sprint Communications Company L.P. | Multiple secure elements in mobile electronic device with near field communication capability |
WO2013155628A1 (en) | 2012-04-17 | 2013-10-24 | Zighra Inc. | Fraud detection system, method, and device |
US9619852B2 (en) | 2012-04-17 | 2017-04-11 | Zighra Inc. | Context-dependent authentication system, method and device |
US20130282588A1 (en) * | 2012-04-22 | 2013-10-24 | John Hruska | Consumer, Merchant and Mobile Device Specific, Real-Time Dynamic Tokenization Activation within a Secure Mobile-Wallet Financial Transaction System |
WO2013166501A1 (en) | 2012-05-04 | 2013-11-07 | Visa International Service Association | System and method for local data conversion |
US9027102B2 (en) | 2012-05-11 | 2015-05-05 | Sprint Communications Company L.P. | Web server bypass of backend process on near field communications and secure element chips |
US9094774B2 (en) | 2012-05-14 | 2015-07-28 | At&T Intellectual Property I, Lp | Apparatus and methods for maintaining service continuity when transitioning between mobile network operators |
US8875265B2 (en) | 2012-05-14 | 2014-10-28 | Qualcomm Incorporated | Systems and methods for remote credentials management |
US9148785B2 (en) | 2012-05-16 | 2015-09-29 | At&T Intellectual Property I, Lp | Apparatus and methods for provisioning devices to utilize services of mobile network operators |
US8862181B1 (en) | 2012-05-29 | 2014-10-14 | Sprint Communications Company L.P. | Electronic purchase transaction trust infrastructure |
US9524501B2 (en) | 2012-06-06 | 2016-12-20 | Visa International Service Association | Method and system for correlating diverse transaction data |
US9286491B2 (en) | 2012-06-07 | 2016-03-15 | Amazon Technologies, Inc. | Virtual service provider zones |
US10084818B1 (en) | 2012-06-07 | 2018-09-25 | Amazon Technologies, Inc. | Flexibly configurable data modification services |
US10075471B2 (en) | 2012-06-07 | 2018-09-11 | Amazon Technologies, Inc. | Data loss prevention techniques |
US9590959B2 (en) | 2013-02-12 | 2017-03-07 | Amazon Technologies, Inc. | Data security service |
US9473929B2 (en) | 2012-06-19 | 2016-10-18 | At&T Mobility Ii Llc | Apparatus and methods for distributing credentials of mobile network operators |
US8800015B2 (en) | 2012-06-19 | 2014-08-05 | At&T Mobility Ii, Llc | Apparatus and methods for selecting services of mobile network operators |
US11899711B2 (en) | 2012-06-19 | 2024-02-13 | Ondot Systems Inc. | Merchant logo detection artificial intelligence (AI) for injecting user control to ISO back-end transaction approvals between acquirer processors and issuer processors over data communication networks |
US20210133698A1 (en) * | 2012-06-19 | 2021-05-06 | Ondot Systems Inc. | Injecting user control for card-on-file merchant data and implicitly-identified recurring payment transaction parameters between acquirer processors and issuer processors over data communication networks |
US9282898B2 (en) | 2012-06-25 | 2016-03-15 | Sprint Communications Company L.P. | End-to-end trusted communications infrastructure |
US9066230B1 (en) | 2012-06-27 | 2015-06-23 | Sprint Communications Company L.P. | Trusted policy and charging enforcement function |
US8712044B2 (en) * | 2012-06-29 | 2014-04-29 | Dark Matter Labs Inc. | Key management system |
US8649770B1 (en) | 2012-07-02 | 2014-02-11 | Sprint Communications Company, L.P. | Extended trusted security zone radio modem |
US9547769B2 (en) | 2012-07-03 | 2017-01-17 | Visa International Service Association | Data protection hub |
US9160719B2 (en) | 2012-07-20 | 2015-10-13 | Protected Mobility, Llc | Hiding ciphertext using a linguistics algorithm with dictionaries |
US8667607B2 (en) | 2012-07-24 | 2014-03-04 | Sprint Communications Company L.P. | Trusted security zone access to peripheral devices |
US9846861B2 (en) | 2012-07-25 | 2017-12-19 | Visa International Service Association | Upstream and downstream data conversion |
US8863252B1 (en) * | 2012-07-25 | 2014-10-14 | Sprint Communications Company L.P. | Trusted access to third party applications systems and methods |
US9256871B2 (en) | 2012-07-26 | 2016-02-09 | Visa U.S.A. Inc. | Configurable payment tokens |
US8676709B2 (en) | 2012-07-31 | 2014-03-18 | Google Inc. | Merchant category codes in a proxy card transaction |
WO2014020523A1 (en) * | 2012-08-02 | 2014-02-06 | Visa International Service Association | Issuing and storing of payment credentials |
US9373121B1 (en) * | 2012-08-09 | 2016-06-21 | Sprint Communications Company L.P. | User communication device control with operating system action request messages |
US9665722B2 (en) | 2012-08-10 | 2017-05-30 | Visa International Service Association | Privacy firewall |
US9183412B2 (en) | 2012-08-10 | 2015-11-10 | Sprint Communications Company L.P. | Systems and methods for provisioning and using multiple trusted security zones on an electronic device |
US9015068B1 (en) | 2012-08-25 | 2015-04-21 | Sprint Communications Company L.P. | Framework for real-time brokering of digital content delivery |
US9215180B1 (en) | 2012-08-25 | 2015-12-15 | Sprint Communications Company L.P. | File retrieval in real-time brokering of digital content |
US8954588B1 (en) | 2012-08-25 | 2015-02-10 | Sprint Communications Company L.P. | Reservations in real-time brokering of digital content delivery |
EP2706770A1 (en) * | 2012-09-06 | 2014-03-12 | Gemalto SA | Method for cloning a secure element |
US8752140B1 (en) | 2012-09-11 | 2014-06-10 | Sprint Communications Company L.P. | System and methods for trusted internet domain networking |
AU2013315510B2 (en) | 2012-09-11 | 2019-08-22 | Visa International Service Association | Cloud-based Virtual Wallet NFC Apparatuses, methods and systems |
JP6072907B2 (en) | 2012-09-18 | 2017-02-01 | グーグル インコーポレイテッド | Systems, methods, and computer program products for interfacing trusted service managers and secure elements of multiple service providers |
US10445717B2 (en) * | 2012-10-10 | 2019-10-15 | Mastercard International Incorporated | System and methods for issuance of a mobile payment account |
US10176478B2 (en) | 2012-10-23 | 2019-01-08 | Visa International Service Association | Transaction initiation determination system utilizing transaction data elements |
US10057400B1 (en) | 2012-11-02 | 2018-08-21 | Majen Tech, LLC | Lock screen interface for a mobile device apparatus |
US10055727B2 (en) * | 2012-11-05 | 2018-08-21 | Mfoundry, Inc. | Cloud-based systems and methods for providing consumer financial data |
US9911118B2 (en) | 2012-11-21 | 2018-03-06 | Visa International Service Association | Device pairing via trusted intermediary |
CN103856938B (en) | 2012-12-04 | 2017-07-28 | 中兴通讯股份有限公司 | A kind of method of encrypting and decrypting, system and equipment |
US9881143B2 (en) * | 2012-12-06 | 2018-01-30 | Qualcomm Incorporated | Methods and apparatus for providing private expression protection against impersonation risks |
US20140180931A1 (en) * | 2012-12-07 | 2014-06-26 | David Lie | System and Method for Secure Wi-Fi- Based Payments Using Mobile Communication Devices |
WO2014087381A1 (en) | 2012-12-07 | 2014-06-12 | Visa International Service Association | A token generating component |
US9866382B2 (en) | 2012-12-21 | 2018-01-09 | Mobile Iron, Inc. | Secure app-to-app communication |
US9059974B2 (en) * | 2012-12-21 | 2015-06-16 | Mobile Iron, Inc. | Secure mobile app connection bus |
WO2014103308A1 (en) * | 2012-12-28 | 2014-07-03 | パナソニック株式会社 | Control method |
US10740731B2 (en) | 2013-01-02 | 2020-08-11 | Visa International Service Association | Third party settlement |
US9741051B2 (en) | 2013-01-02 | 2017-08-22 | Visa International Service Association | Tokenization and third-party interaction |
US9232394B2 (en) | 2013-01-02 | 2016-01-05 | International Business Machines Corporation | Authentication of phone caller identity |
US11431834B1 (en) | 2013-01-10 | 2022-08-30 | Majen Tech, LLC | Screen interface for a mobile device apparatus |
US10051103B1 (en) | 2013-01-10 | 2018-08-14 | Majen Tech, LLC | Screen interface for a mobile device apparatus |
US8869306B2 (en) * | 2013-01-24 | 2014-10-21 | Bank Of America Corporation | Application usage in device identification program |
MX348460B (en) | 2013-01-25 | 2017-06-14 | Google Inc | Systems, methods, and computer program products for managing data re-installation. |
US9161227B1 (en) | 2013-02-07 | 2015-10-13 | Sprint Communications Company L.P. | Trusted signaling in long term evolution (LTE) 4G wireless communication |
US9578664B1 (en) | 2013-02-07 | 2017-02-21 | Sprint Communications Company L.P. | Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system |
US9547771B2 (en) | 2013-02-12 | 2017-01-17 | Amazon Technologies, Inc. | Policy enforcement with associated data |
US10211977B1 (en) | 2013-02-12 | 2019-02-19 | Amazon Technologies, Inc. | Secure management of information using a security module |
US9300464B1 (en) * | 2013-02-12 | 2016-03-29 | Amazon Technologies, Inc. | Probabilistic key rotation |
US10467422B1 (en) | 2013-02-12 | 2019-11-05 | Amazon Technologies, Inc. | Automatic key rotation |
US9705674B2 (en) | 2013-02-12 | 2017-07-11 | Amazon Technologies, Inc. | Federated key management |
US9608813B1 (en) | 2013-06-13 | 2017-03-28 | Amazon Technologies, Inc. | Key rotation techniques |
US9367697B1 (en) | 2013-02-12 | 2016-06-14 | Amazon Technologies, Inc. | Data security with a security module |
US10210341B2 (en) | 2013-02-12 | 2019-02-19 | Amazon Technologies, Inc. | Delayed data access |
US9270336B2 (en) | 2013-02-25 | 2016-02-23 | Lexmark International, Inc. | Provisioning user attributes for use with mobile computing device |
US8909143B2 (en) | 2013-02-25 | 2014-12-09 | Lexmark International, Inc. | Provisioning user attributes for use with mobile computing device |
US9104840B1 (en) | 2013-03-05 | 2015-08-11 | Sprint Communications Company L.P. | Trusted security zone watermark |
US9613208B1 (en) | 2013-03-13 | 2017-04-04 | Sprint Communications Company L.P. | Trusted security zone enhanced with trusted hardware drivers |
US8881977B1 (en) | 2013-03-13 | 2014-11-11 | Sprint Communications Company L.P. | Point-of-sale and automated teller machine transactions using trusted mobile access device |
US9049013B2 (en) | 2013-03-14 | 2015-06-02 | Sprint Communications Company L.P. | Trusted security zone containers for the protection and confidentiality of trusted service manager data |
US9049186B1 (en) | 2013-03-14 | 2015-06-02 | Sprint Communications Company L.P. | Trusted security zone re-provisioning and re-use capability for refurbished mobile devices |
US10332142B2 (en) * | 2013-03-14 | 2019-06-25 | Datascape, Inc. | System and method for incentivizing wireless device users to interact with sponsor offers and advertising |
US9021585B1 (en) | 2013-03-15 | 2015-04-28 | Sprint Communications Company L.P. | JTAG fuse vulnerability determination and protection using a trusted execution environment |
US9374363B1 (en) | 2013-03-15 | 2016-06-21 | Sprint Communications Company L.P. | Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device |
US9191388B1 (en) | 2013-03-15 | 2015-11-17 | Sprint Communications Company L.P. | Trusted security zone communication addressing on an electronic device |
US8984592B1 (en) | 2013-03-15 | 2015-03-17 | Sprint Communications Company L.P. | Enablement of a trusted security zone authentication for remote mobile device management systems and methods |
JP5999256B2 (en) * | 2013-03-28 | 2016-09-28 | 富士通株式会社 | Information management apparatus, information management system, information management method, and information management program |
US9454723B1 (en) | 2013-04-04 | 2016-09-27 | Sprint Communications Company L.P. | Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device |
US9171243B1 (en) | 2013-04-04 | 2015-10-27 | Sprint Communications Company L.P. | System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device |
US9324016B1 (en) | 2013-04-04 | 2016-04-26 | Sprint Communications Company L.P. | Digest of biographical information for an electronic device with static and dynamic portions |
US9838869B1 (en) | 2013-04-10 | 2017-12-05 | Sprint Communications Company L.P. | Delivering digital content to a mobile device via a digital rights clearing house |
US9479922B2 (en) | 2013-04-12 | 2016-10-25 | Google Inc. | Provisioning a plurality of computing devices |
US9443088B1 (en) | 2013-04-15 | 2016-09-13 | Sprint Communications Company L.P. | Protection for multimedia files pre-downloaded to a mobile device |
FR3004884B1 (en) * | 2013-04-17 | 2016-09-09 | Oberthur Technologies | SECURE ELEMENT FOR TELECOMMUNICATIONS TERMINAL |
US9426604B1 (en) | 2013-04-30 | 2016-08-23 | Sprint Communications Company L.P. | Prevention of inductive coupling between components of a mobile communication device |
GB2513602A (en) * | 2013-05-01 | 2014-11-05 | Barclays Bank Plc | Authentication system for purchase delivery |
US11055710B2 (en) | 2013-05-02 | 2021-07-06 | Visa International Service Association | Systems and methods for verifying and processing transactions using virtual currency |
US10592890B2 (en) * | 2014-09-03 | 2020-03-17 | Intel Corporation | Methods and arrangements to complete online transactions |
US10198728B2 (en) * | 2013-05-15 | 2019-02-05 | Visa International Service Association | Methods and systems for provisioning payment credentials |
WO2014186635A1 (en) | 2013-05-15 | 2014-11-20 | Visa International Service Association | Mobile tokenization hub |
US9069952B1 (en) | 2013-05-20 | 2015-06-30 | Sprint Communications Company L.P. | Method for enabling hardware assisted operating system region for safe execution of untrusted code using trusted transitional memory |
EP3000247B1 (en) * | 2013-05-21 | 2019-06-05 | Google LLC | Systems, methods, and computer program products for managing states |
US9763067B2 (en) | 2013-05-28 | 2017-09-12 | Protected Mobility, Llc | Methods and apparatus for long-short wave, low-high frequency radio secure message service |
US9560519B1 (en) | 2013-06-06 | 2017-01-31 | Sprint Communications Company L.P. | Mobile communication device profound identity brokering framework |
US20140373184A1 (en) * | 2013-06-12 | 2014-12-18 | Lookout, Inc. | Mobile device persistent security mechanism |
WO2014204832A1 (en) * | 2013-06-17 | 2014-12-24 | Jvl Ventures, Llc | Systems, methods, and computer program products for processing a request relating to a mobile communication device |
US10878422B2 (en) | 2013-06-17 | 2020-12-29 | Visa International Service Association | System and method using merchant token |
US9183606B1 (en) | 2013-07-10 | 2015-11-10 | Sprint Communications Company L.P. | Trusted processing location within a graphics processing unit |
CN112116344A (en) | 2013-07-15 | 2020-12-22 | 维萨国际服务协会 | Secure remote payment transaction processing |
CN105580038A (en) | 2013-07-24 | 2016-05-11 | 维萨国际服务协会 | Systems and methods for interoperable network token processing |
EP3025291A1 (en) | 2013-07-26 | 2016-06-01 | Visa International Service Association | Provisioning payment credentials to a consumer |
US10496986B2 (en) | 2013-08-08 | 2019-12-03 | Visa International Service Association | Multi-network tokenization processing |
SG11201600909QA (en) | 2013-08-08 | 2016-03-30 | Visa Int Service Ass | Methods and systems for provisioning mobile devices with payment credentials |
US9208339B1 (en) | 2013-08-12 | 2015-12-08 | Sprint Communications Company L.P. | Verifying Applications in Virtual Environments Using a Trusted Security Zone |
US9646303B2 (en) * | 2013-08-15 | 2017-05-09 | Visa International Service Association | Secure remote payment transaction processing using a secure element |
US8904195B1 (en) | 2013-08-21 | 2014-12-02 | Citibank, N.A. | Methods and systems for secure communications between client applications and secure elements in mobile devices |
WO2015038551A1 (en) * | 2013-09-10 | 2015-03-19 | Visa International Service Association | Mobile payment application provisioning and personalization on a mobile device |
US9350550B2 (en) | 2013-09-10 | 2016-05-24 | M2M And Iot Technologies, Llc | Power management and security for wireless modules in “machine-to-machine” communications |
US9100175B2 (en) * | 2013-11-19 | 2015-08-04 | M2M And Iot Technologies, Llc | Embedded universal integrated circuit card supporting two-factor authentication |
US10181117B2 (en) | 2013-09-12 | 2019-01-15 | Intel Corporation | Methods and arrangements for a personal point of sale device |
RU2663476C2 (en) | 2013-09-20 | 2018-08-06 | Виза Интернэшнл Сервис Ассосиэйшн | Remote payment transactions protected processing, including authentication of consumers |
US10498530B2 (en) | 2013-09-27 | 2019-12-03 | Network-1 Technologies, Inc. | Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys |
US10878414B2 (en) | 2013-09-30 | 2020-12-29 | Apple Inc. | Multi-path communication of electronic device secure element data for online payments |
US20150095238A1 (en) * | 2013-09-30 | 2015-04-02 | Apple Inc. | Online payments using a secure element of an electronic device |
US11748746B2 (en) | 2013-09-30 | 2023-09-05 | Apple Inc. | Multi-path communication of electronic device secure element data for online payments |
RU2691843C2 (en) | 2013-10-11 | 2019-06-18 | Виза Интернэшнл Сервис Ассосиэйшн | Network token system |
US9978094B2 (en) | 2013-10-11 | 2018-05-22 | Visa International Service Association | Tokenization revocation list |
EP3058532A4 (en) * | 2013-10-14 | 2017-04-12 | Equifax, Inc. | Providing identification information to mobile commerce applications |
US11574299B2 (en) | 2013-10-14 | 2023-02-07 | Equifax Inc. | Providing identification information during an interaction with an interactive computing environment |
US10515358B2 (en) | 2013-10-18 | 2019-12-24 | Visa International Service Association | Contextual transaction token methods and systems |
US10489779B2 (en) | 2013-10-21 | 2019-11-26 | Visa International Service Association | Multi-network token bin routing with defined verification parameters |
US10366387B2 (en) | 2013-10-29 | 2019-07-30 | Visa International Service Association | Digital wallet system and method |
US9185626B1 (en) | 2013-10-29 | 2015-11-10 | Sprint Communications Company L.P. | Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning |
US8930274B1 (en) | 2013-10-30 | 2015-01-06 | Google Inc. | Securing payment transactions with rotating application transaction counters |
US9301132B2 (en) | 2013-11-07 | 2016-03-29 | International Business Machines Corporation | Managing distribution of software updates in near field communication (NFC) mobile devices |
US9191522B1 (en) | 2013-11-08 | 2015-11-17 | Sprint Communications Company L.P. | Billing varied service based on tier |
AU2014353151B2 (en) | 2013-11-19 | 2018-03-08 | Visa International Service Association | Automated account provisioning |
US10700856B2 (en) | 2013-11-19 | 2020-06-30 | Network-1 Technologies, Inc. | Key derivation for a module using an embedded universal integrated circuit card |
US20150142670A1 (en) * | 2013-11-20 | 2015-05-21 | Sue Zloth | Systems and methods for software based encryption |
US9161325B1 (en) | 2013-11-20 | 2015-10-13 | Sprint Communications Company L.P. | Subscriber identity module virtualization |
US8886933B1 (en) * | 2013-12-17 | 2014-11-11 | Google Inc. | Streamlined provisioning and configuration of computing devices |
AU2014368949A1 (en) | 2013-12-19 | 2016-06-09 | Visa International Service Association | Cloud-based transactions methods and systems |
US9922322B2 (en) | 2013-12-19 | 2018-03-20 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
US10552830B2 (en) * | 2013-12-23 | 2020-02-04 | Apple Inc. | Deletion of credentials from an electronic device |
US10433128B2 (en) | 2014-01-07 | 2019-10-01 | Visa International Service Association | Methods and systems for provisioning multiple devices |
US9846878B2 (en) | 2014-01-14 | 2017-12-19 | Visa International Service Association | Payment account identifier system |
US9118655B1 (en) | 2014-01-24 | 2015-08-25 | Sprint Communications Company L.P. | Trusted display and transmission of digital ticket documentation |
US9305149B2 (en) | 2014-02-07 | 2016-04-05 | Bank Of America Corporation | Sorting mobile banking functions into authentication buckets |
US9286450B2 (en) | 2014-02-07 | 2016-03-15 | Bank Of America Corporation | Self-selected user access based on specific authentication types |
US9317674B2 (en) | 2014-02-07 | 2016-04-19 | Bank Of America Corporation | User authentication based on fob/indicia scan |
US9223951B2 (en) | 2014-02-07 | 2015-12-29 | Bank Of America Corporation | User authentication based on other applications |
US9313190B2 (en) | 2014-02-07 | 2016-04-12 | Bank Of America Corporation | Shutting down access to all user accounts |
US9647999B2 (en) | 2014-02-07 | 2017-05-09 | Bank Of America Corporation | Authentication level of function bucket based on circumstances |
US9213974B2 (en) | 2014-02-07 | 2015-12-15 | Bank Of America Corporation | Remote revocation of application access based on non-co-location of a transaction vehicle and a mobile device |
US9331994B2 (en) | 2014-02-07 | 2016-05-03 | Bank Of America Corporation | User authentication based on historical transaction data |
US9208301B2 (en) | 2014-02-07 | 2015-12-08 | Bank Of America Corporation | Determining user authentication requirements based on the current location of the user in comparison to the users's normal boundary of location |
US9965606B2 (en) | 2014-02-07 | 2018-05-08 | Bank Of America Corporation | Determining user authentication based on user/device interaction |
US9317673B2 (en) | 2014-02-07 | 2016-04-19 | Bank Of America Corporation | Providing authentication using previously-validated authentication credentials |
US9213814B2 (en) | 2014-02-07 | 2015-12-15 | Bank Of America Corporation | User authentication based on self-selected preferences |
WO2015120873A1 (en) | 2014-02-17 | 2015-08-20 | Kaba Ag Group Innovation Management | System and method for managing application data of contactless card applications |
US9226145B1 (en) | 2014-03-28 | 2015-12-29 | Sprint Communications Company L.P. | Verification of mobile device integrity during activation |
US11080777B2 (en) | 2014-03-31 | 2021-08-03 | Monticello Enterprises LLC | System and method for providing a social media shopping experience |
US10511580B2 (en) | 2014-03-31 | 2019-12-17 | Monticello Enterprises LLC | System and method for providing a social media shopping experience |
US11282131B2 (en) | 2014-03-31 | 2022-03-22 | Monticello Enterprises LLC | User device enabling access to payment information in response to user input |
US10726472B2 (en) | 2014-03-31 | 2020-07-28 | Monticello Enterprises LLC | System and method for providing simplified in-store, product-based and rental payment processes |
US10026087B2 (en) | 2014-04-08 | 2018-07-17 | Visa International Service Association | Data passed in an interaction |
US9942043B2 (en) | 2014-04-23 | 2018-04-10 | Visa International Service Association | Token security on a communication device |
AU2015253182B2 (en) | 2014-05-01 | 2019-02-14 | Visa International Service Association | Data verification using access device |
US9848052B2 (en) | 2014-05-05 | 2017-12-19 | Visa International Service Association | System and method for token domain control |
US20150326545A1 (en) * | 2014-05-06 | 2015-11-12 | Apple Inc. | Secure key rotation for an issuer security domain of an electronic device |
US9397835B1 (en) | 2014-05-21 | 2016-07-19 | Amazon Technologies, Inc. | Web of trust management in a distributed system |
AU2015264124B2 (en) | 2014-05-21 | 2019-05-09 | Visa International Service Association | Offline authentication |
US10362010B2 (en) * | 2014-05-29 | 2019-07-23 | Apple Inc. | Management of credentials on an electronic device using an online resource |
US11017384B2 (en) | 2014-05-29 | 2021-05-25 | Apple Inc. | Apparatuses and methods for using a primary user device to provision credentials onto a secondary user device |
US9299072B2 (en) | 2014-05-29 | 2016-03-29 | Apple Inc. | Apparatuses and methods for operating a portable electronic device to conduct mobile payment transactions |
US9400977B2 (en) | 2014-05-29 | 2016-07-26 | Apple Inc. | User device enabling access to payment information in response to mechanical input detection |
US11023890B2 (en) | 2014-06-05 | 2021-06-01 | Visa International Service Association | Identification and verification for provisioning mobile application |
US9438421B1 (en) | 2014-06-27 | 2016-09-06 | Amazon Technologies, Inc. | Supporting a fixed transaction rate with a variably-backed logical cryptographic key |
US20160012426A1 (en) * | 2014-07-11 | 2016-01-14 | Google Inc. | Hands-free transactions with a challenge and response |
US9780953B2 (en) | 2014-07-23 | 2017-10-03 | Visa International Service Association | Systems and methods for secure detokenization |
US9230085B1 (en) | 2014-07-29 | 2016-01-05 | Sprint Communications Company L.P. | Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services |
US10484345B2 (en) | 2014-07-31 | 2019-11-19 | Visa International Service Association | System and method for identity verification across mobile applications |
US9788203B2 (en) | 2014-08-19 | 2017-10-10 | Zighra Inc. | System and method for implicit authentication |
US10187799B2 (en) | 2014-08-19 | 2019-01-22 | Zighra Inc. | System and method for implicit authentication |
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US9398428B2 (en) * | 2014-08-26 | 2016-07-19 | Verizon Patent And Licensing Inc. | Enterprise messaging client and messaging archive |
US9965627B2 (en) | 2014-09-14 | 2018-05-08 | Sophos Limited | Labeling objects on an endpoint for encryption management |
US10122687B2 (en) | 2014-09-14 | 2018-11-06 | Sophos Limited | Firewall techniques for colored objects on endpoints |
US9537841B2 (en) * | 2014-09-14 | 2017-01-03 | Sophos Limited | Key management for compromised enterprise endpoints |
US9866392B1 (en) | 2014-09-15 | 2018-01-09 | Amazon Technologies, Inc. | Distributed system web of trust provisioning |
US10140615B2 (en) | 2014-09-22 | 2018-11-27 | Visa International Service Association | Secure mobile device credential provisioning using risk decision non-overrides |
CN111866873B (en) | 2014-09-26 | 2023-09-05 | 维萨国际服务协会 | Remote server encrypted data storage system and method |
US11257074B2 (en) | 2014-09-29 | 2022-02-22 | Visa International Service Association | Transaction risk based token |
US9807607B2 (en) * | 2014-10-03 | 2017-10-31 | T-Mobile Usa, Inc. | Secure remote user device unlock |
US9288043B1 (en) * | 2014-10-17 | 2016-03-15 | Motorola Solutions, Inc. | Methods and systems for providing high-security cryptographic keys to mobile radios |
US10015147B2 (en) | 2014-10-22 | 2018-07-03 | Visa International Service Association | Token enrollment system and method |
GB201419016D0 (en) | 2014-10-24 | 2014-12-10 | Visa Europe Ltd | Transaction Messaging |
EP3217620B1 (en) * | 2014-11-07 | 2020-03-25 | Tendyron Corporation | Data interaction method and system |
EP3021516A1 (en) * | 2014-11-11 | 2016-05-18 | Giesecke & Devrient GmbH | Method and server for providing transaction keys |
US10325261B2 (en) | 2014-11-25 | 2019-06-18 | Visa International Service Association | Systems communications with non-sensitive identifiers |
AU2015353458A1 (en) | 2014-11-26 | 2017-04-20 | Visa International Service Association | Tokenization request via access device |
US10769315B2 (en) | 2014-12-01 | 2020-09-08 | T-Mobile Usa, Inc. | Anti-theft recovery tool |
US20160162900A1 (en) | 2014-12-09 | 2016-06-09 | Zighra Inc. | Fraud detection system, method, and device |
US9589264B2 (en) * | 2014-12-10 | 2017-03-07 | American Express Travel Related Services Company, Inc. | System and method for pre-provisioned wearable contactless payments |
US10257185B2 (en) | 2014-12-12 | 2019-04-09 | Visa International Service Association | Automated access data provisioning |
WO2016094122A1 (en) | 2014-12-12 | 2016-06-16 | Visa International Service Association | Provisioning platform for machine-to-machine devices |
US10187363B2 (en) | 2014-12-31 | 2019-01-22 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
US9779232B1 (en) | 2015-01-14 | 2017-10-03 | Sprint Communications Company L.P. | Trusted code generation and verification to prevent fraud from maleficent external devices that capture data |
US10096009B2 (en) | 2015-01-20 | 2018-10-09 | Visa International Service Association | Secure payment processing using authorization request |
US9853977B1 (en) | 2015-01-26 | 2017-12-26 | Winklevoss Ip, Llc | System, method, and program product for processing secure transactions within a cloud computing system |
US9838868B1 (en) | 2015-01-26 | 2017-12-05 | Sprint Communications Company L.P. | Mated universal serial bus (USB) wireless dongles configured with destination addresses |
US11250391B2 (en) | 2015-01-30 | 2022-02-15 | Visa International Service Association | Token check offline |
WO2016126729A1 (en) | 2015-02-03 | 2016-08-11 | Visa International Service Association | Validation identity tokens for transactions |
US10977657B2 (en) | 2015-02-09 | 2021-04-13 | Visa International Service Association | Token processing utilizing multiple authorizations |
US10164996B2 (en) | 2015-03-12 | 2018-12-25 | Visa International Service Association | Methods and systems for providing a low value token buffer |
US10735200B2 (en) * | 2015-03-27 | 2020-08-04 | Comcast Cable Communications, Llc | Methods and systems for key generation |
US10469477B2 (en) | 2015-03-31 | 2019-11-05 | Amazon Technologies, Inc. | Key export techniques |
US10505891B2 (en) * | 2015-04-02 | 2019-12-10 | Nicira, Inc. | Security policy selection for machines with dynamic addresses |
US9473945B1 (en) | 2015-04-07 | 2016-10-18 | Sprint Communications Company L.P. | Infrastructure for secure short message transmission |
AU2016245988B2 (en) | 2015-04-10 | 2021-05-20 | Visa International Service Association | Browser integration with cryptogram |
CN106161384A (en) * | 2015-04-15 | 2016-11-23 | 伊姆西公司 | For providing the method and system of the secure access to data in a mobile device |
US9998978B2 (en) | 2015-04-16 | 2018-06-12 | Visa International Service Association | Systems and methods for processing dormant virtual access devices |
EP3286710A4 (en) * | 2015-04-24 | 2018-12-19 | Capital One Services, LLC | One use wearable |
US9591434B1 (en) * | 2015-04-27 | 2017-03-07 | Sprint Communications Company L.P. | Virtual private network (VPN) tunneling in a user equipment (UE) brokered by a radio frequency identity (RFID) chip communicatively coupled to the user equipment |
US10013224B2 (en) * | 2015-04-28 | 2018-07-03 | Toshiba Tec Kabushiki Kaisha | System and method for extracting RFID metadata from a document |
US10552834B2 (en) | 2015-04-30 | 2020-02-04 | Visa International Service Association | Tokenization capable authentication framework |
US10482455B2 (en) * | 2015-05-01 | 2019-11-19 | Capital One Services, Llc | Pre-provisioned wearable token devices |
US10878411B2 (en) * | 2015-05-13 | 2020-12-29 | Sony Corporation | Method and apparatus for issued token management |
EP3104635B1 (en) * | 2015-06-09 | 2020-02-12 | Deutsche Telekom AG | Method for an improved installation of a secure-element-related service application in a secure element being located in a communication device, system and telecommunications network for an improved installation of a secure-element-related service application in a secure element being located in a communication device, program comprising a computer readable program code, and computer program product |
US10958648B2 (en) * | 2015-06-30 | 2021-03-23 | Amazon Technologies, Inc. | Device communication environment |
US10523537B2 (en) | 2015-06-30 | 2019-12-31 | Amazon Technologies, Inc. | Device state management |
US10075422B2 (en) | 2015-06-30 | 2018-09-11 | Amazon Technologies, Inc. | Device communication environment |
US9819679B1 (en) | 2015-09-14 | 2017-11-14 | Sprint Communications Company L.P. | Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers |
CA2997379A1 (en) | 2015-10-15 | 2017-04-20 | Visa International Service Association | Instant token issuance system |
US9641539B1 (en) | 2015-10-30 | 2017-05-02 | Bank Of America Corporation | Passive based security escalation to shut off of application based on rules event triggering |
US10021565B2 (en) | 2015-10-30 | 2018-07-10 | Bank Of America Corporation | Integrated full and partial shutdown application programming interface |
US9820148B2 (en) | 2015-10-30 | 2017-11-14 | Bank Of America Corporation | Permanently affixed un-decryptable identifier associated with mobile device |
US9729536B2 (en) | 2015-10-30 | 2017-08-08 | Bank Of America Corporation | Tiered identification federated authentication network system |
US10282719B1 (en) | 2015-11-12 | 2019-05-07 | Sprint Communications Company L.P. | Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit |
US9817992B1 (en) | 2015-11-20 | 2017-11-14 | Sprint Communications Company Lp. | System and method for secure USIM wireless network access |
EP3910908A1 (en) | 2015-12-04 | 2021-11-17 | Visa International Service Association | Unique code for token verification |
US10263927B2 (en) | 2015-12-08 | 2019-04-16 | International Business Machines Corporation | Decluttering general communication message for specific audience |
US9578122B1 (en) * | 2015-12-08 | 2017-02-21 | International Business Machines Corporation | Communicating an E-mail from a sender to a plurality of recipients |
KR102469562B1 (en) * | 2015-12-18 | 2022-11-22 | 삼성전자주식회사 | Apparatus and method for sharing personal electronic-health data |
US10754703B2 (en) * | 2015-12-22 | 2020-08-25 | Mcafee, Llc | Trusted computing resource meter |
US10546289B1 (en) | 2015-12-30 | 2020-01-28 | Wells Fargo Bank, N.A. | Mobile wallets with automatic element selection |
WO2017120605A1 (en) | 2016-01-07 | 2017-07-13 | Visa International Service Association | Systems and methods for device push provisioning |
WO2017136418A1 (en) | 2016-02-01 | 2017-08-10 | Visa International Service Association | Systems and methods for code display and use |
US11501288B2 (en) | 2016-02-09 | 2022-11-15 | Visa International Service Association | Resource provider account token provisioning and processing |
US10313321B2 (en) | 2016-04-07 | 2019-06-04 | Visa International Service Association | Tokenization of co-network accounts |
AU2016403734B2 (en) | 2016-04-19 | 2022-11-17 | Visa International Service Association | Systems and methods for performing push transactions |
US10902405B1 (en) | 2016-05-11 | 2021-01-26 | Wells Fargo Bank, N.A. | Transient mobile wallets |
US11250424B2 (en) | 2016-05-19 | 2022-02-15 | Visa International Service Association | Systems and methods for creating subtokens using primary tokens |
WO2017209767A1 (en) | 2016-06-03 | 2017-12-07 | Visa International Service Association | Subtoken management system for connected devices |
EP3255597A1 (en) * | 2016-06-12 | 2017-12-13 | Apple Inc. | Managing secure transactions between electronic devices and service providers |
US11068899B2 (en) | 2016-06-17 | 2021-07-20 | Visa International Service Association | Token aggregation for multi-party transactions |
CA3021357A1 (en) | 2016-06-24 | 2017-12-28 | Visa International Service Association | Unique token authentication cryptogram |
AU2017295842A1 (en) | 2016-07-11 | 2018-11-01 | Visa International Service Association | Encryption key exchange process using access device |
WO2018017068A1 (en) | 2016-07-19 | 2018-01-25 | Visa International Service Association | Method of distributing tokens and managing token relationships |
WO2018029324A1 (en) * | 2016-08-11 | 2018-02-15 | Sony Corporation | Authentication method, wearable device and mobile device |
US9967732B2 (en) | 2016-08-15 | 2018-05-08 | At&T Intellectual Property I, L.P. | Method and apparatus for managing mobile subscriber identification information according to registration errors |
US9838991B1 (en) | 2016-08-15 | 2017-12-05 | At&T Intellectual Property I, L.P. | Method and apparatus for managing mobile subscriber identification information according to registration requests |
US9843922B1 (en) * | 2016-09-14 | 2017-12-12 | At&T Intellectual Property I, L.P. | Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration errors |
US9794905B1 (en) | 2016-09-14 | 2017-10-17 | At&T Mobility Ii Llc | Method and apparatus for assigning mobile subscriber identification information to multiple devices according to location |
US9814010B1 (en) * | 2016-09-14 | 2017-11-07 | At&T Intellectual Property I, L.P. | Method and apparatus for utilizing mobile subscriber identification information with multiple devices based on registration requests |
US10509779B2 (en) | 2016-09-14 | 2019-12-17 | Visa International Service Association | Self-cleaning token vault |
US10015764B2 (en) | 2016-09-14 | 2018-07-03 | At&T Intellectual Property I, L.P. | Method and apparatus for assigning mobile subscriber identification information to multiple devices |
US9924347B1 (en) | 2016-09-14 | 2018-03-20 | At&T Intellectual Property I, L.P. | Method and apparatus for reassigning mobile subscriber identification information |
US9906943B1 (en) | 2016-09-29 | 2018-02-27 | At&T Intellectual Property I, L.P. | Method and apparatus for provisioning mobile subscriber identification information to multiple devices and provisioning network elements |
US9918220B1 (en) | 2016-10-17 | 2018-03-13 | At&T Intellectual Property I, L.P. | Method and apparatus for managing and reusing mobile subscriber identification information to multiple devices |
US10070303B2 (en) | 2016-11-11 | 2018-09-04 | At&T Intellectual Property I, L.P. | Method and apparatus for provisioning of multiple devices with mobile subscriber identification information |
CN117009946A (en) | 2016-11-28 | 2023-11-07 | 维萨国际服务协会 | Access identifier supplied to application program |
US10341842B2 (en) | 2016-12-01 | 2019-07-02 | At&T Intellectual Property I, L.P. | Method and apparatus for using temporary mobile subscriber identification information in a device to provide services for a limited time period |
US10070407B2 (en) | 2016-12-01 | 2018-09-04 | At&T Intellectual Property I, L.P. | Method and apparatus for using active and inactive mobile subscriber identification information in a device to provide services for a limited time period |
US10136305B2 (en) | 2016-12-01 | 2018-11-20 | At&T Intellectual Property I, L.P. | Method and apparatus for using mobile subscriber identification information for multiple device profiles for a device |
US10231204B2 (en) | 2016-12-05 | 2019-03-12 | At&T Intellectual Property I, L.P. | Methods, systems, and devices for registering a communication device utilizing a virtual network |
FR3060161A1 (en) * | 2016-12-08 | 2018-06-15 | Orange | TECHNIQUE FOR MANAGING A RIGHT OF ACCESS TO A SERVICE FOR A COMMUNICATOR DEVICE |
EP3340147A1 (en) * | 2016-12-22 | 2018-06-27 | Mastercard International Incorporated | Method for providing key identifier in transaction data |
US10915899B2 (en) | 2017-03-17 | 2021-02-09 | Visa International Service Association | Replacing token on a multi-token user device |
US10560263B2 (en) * | 2017-03-24 | 2020-02-11 | Micron Technology, Inc. | Secure memory arrangements |
AU2018253294B2 (en) | 2017-04-13 | 2022-09-15 | Equifax Inc. | Location-based detection of unauthorized use of interactive computing environment functions |
US10616186B2 (en) | 2017-04-14 | 2020-04-07 | International Business Machines Corporation | Data tokenization |
US10902418B2 (en) | 2017-05-02 | 2021-01-26 | Visa International Service Association | System and method using interaction token |
US11494765B2 (en) | 2017-05-11 | 2022-11-08 | Visa International Service Association | Secure remote transaction system using mobile devices |
US10438198B1 (en) | 2017-05-19 | 2019-10-08 | Wells Fargo Bank, N.A. | Derived unique token per transaction |
US10863359B2 (en) | 2017-06-29 | 2020-12-08 | Equifax Inc. | Third-party authorization support for interactive computing environment functions |
US10499249B1 (en) | 2017-07-11 | 2019-12-03 | Sprint Communications Company L.P. | Data link layer trust signaling in communication network |
US10491389B2 (en) | 2017-07-14 | 2019-11-26 | Visa International Service Association | Token provisioning utilizing a secure authentication system |
WO2019118682A1 (en) | 2017-12-14 | 2019-06-20 | Equifax Inc. | Embedded third-party application programming interface to prevent transmission of sensitive data |
WO2019171163A1 (en) | 2018-03-07 | 2019-09-12 | Visa International Service Association | Secure remote token release with online authentication |
US11328279B2 (en) | 2018-03-30 | 2022-05-10 | Block, Inc. | Multi-state merchant-facing device |
US11334861B2 (en) * | 2018-03-30 | 2022-05-17 | Block, Inc. | Temporarily provisioning functionality in a multi-device point-of-sale system |
US11514452B2 (en) * | 2018-03-30 | 2022-11-29 | Block, Inc. | Multi-device point-of-sale system having multiple merchant-facing devices |
CN111386513B (en) * | 2018-05-03 | 2021-09-07 | 华为技术有限公司 | Data processing method, device and system chip |
US10944562B2 (en) | 2018-06-03 | 2021-03-09 | Apple Inc. | Authenticating a messaging program session |
US11303632B1 (en) * | 2018-06-08 | 2022-04-12 | Wells Fargo Bank, N.A. | Two-way authentication system and method |
US11256789B2 (en) | 2018-06-18 | 2022-02-22 | Visa International Service Association | Recurring token transactions |
KR101901644B1 (en) * | 2018-07-04 | 2018-09-28 | 주식회사 유니온플레이스 | Apparatus for managing universal subscriber identity module and monitoring program |
DE102018005502A1 (en) * | 2018-07-11 | 2020-01-16 | Giesecke+Devrient Mobile Security Gmbh | Securing a data transfer |
WO2020041594A1 (en) | 2018-08-22 | 2020-02-27 | Visa International Service Association | Method and system for token provisioning and processing |
US10803542B2 (en) * | 2018-09-14 | 2020-10-13 | Buildinglink.com LLC | Physical asset recognition platform |
US11184162B1 (en) * | 2018-09-28 | 2021-11-23 | NortonLifeLock Inc. | Privacy preserving secure task automation |
US10841287B2 (en) * | 2018-11-04 | 2020-11-17 | Tala Secure, Inc. | System and method for generating and managing a key package |
EP3881258A4 (en) | 2018-11-14 | 2022-01-12 | Visa International Service Association | Cloud token provisioning of multiple tokens |
US11212090B1 (en) | 2019-02-27 | 2021-12-28 | Wells Fargo Bank, N.A. | Derived unique random key per transaction |
CA3061266A1 (en) * | 2019-04-08 | 2019-06-27 | Alibaba Group Holding Limited | Transferring digital tickets based on blockchain networks |
US10998937B2 (en) * | 2019-04-30 | 2021-05-04 | Bank Of America Corporation | Embedded tag for resource distribution |
US11234235B2 (en) | 2019-04-30 | 2022-01-25 | Bank Of America Corporation | Resource distribution hub generation on a mobile device |
US11196737B2 (en) | 2019-04-30 | 2021-12-07 | Bank Of America Corporation | System for secondary authentication via contactless distribution of dynamic resources |
WO2020236135A1 (en) | 2019-05-17 | 2020-11-26 | Visa International Service Association | Virtual access credential interaction system and method |
US11347411B2 (en) | 2019-07-17 | 2022-05-31 | Ubs Business Solutions Ag | Secure storing and processing of data |
US11201856B2 (en) | 2019-08-20 | 2021-12-14 | International Business Machines Corporation | Message security |
JP7429288B2 (en) | 2019-09-25 | 2024-02-07 | ジオ プラットフォームズ リミティド | Multiple closed-loop secure transaction systems and methods |
US20210182915A1 (en) * | 2019-12-11 | 2021-06-17 | Data Donate Technologies, Inc. | Platform for management of user data |
CN111414605B (en) * | 2020-03-17 | 2023-07-18 | Oppo(重庆)智能科技有限公司 | Unlocking method and device of embedded security unit, electronic equipment and storage medium |
CN112272257A (en) * | 2020-08-24 | 2021-01-26 | 南京信息工程大学 | Protection method for personal information and property after mobile phone loss based on mobile payment environment |
JP2022063537A (en) * | 2020-10-12 | 2022-04-22 | コニカミノルタ株式会社 | Management system, management device and program |
Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6282294B1 (en) * | 1998-01-07 | 2001-08-28 | Microsoft Corporation | System for broadcasting to, and programming, a motor device in a protocol, device, and network independent fashion |
US6411941B1 (en) * | 1998-05-21 | 2002-06-25 | Beeble, Inc. | Method of restricting software operation within a license limitation |
US20030060189A1 (en) * | 2001-08-15 | 2003-03-27 | Brian Minear | Test enabled application execution |
US20040146163A1 (en) * | 2002-10-28 | 2004-07-29 | Nokia Corporation | Device keys |
US20080170693A1 (en) * | 2007-01-16 | 2008-07-17 | Terence Spies | Format-preserving cryptographic systems |
US7418596B1 (en) * | 2002-03-26 | 2008-08-26 | Cellco Partnership | Secure, efficient, and mutually authenticated cryptographic key distribution |
US20090068988A1 (en) * | 2006-03-16 | 2009-03-12 | Cofta Piotr L | Sim based authentication |
US20090144205A1 (en) * | 2007-11-29 | 2009-06-04 | Visa Usa, Inc. | Serial number and payment data based payment card processing |
US20100153709A1 (en) * | 2008-12-10 | 2010-06-17 | Qualcomm Incorporated | Trust Establishment From Forward Link Only To Non-Forward Link Only Devices |
US20100192220A1 (en) * | 2008-09-08 | 2010-07-29 | Robin Heizmann | Apparatuses, methods and systems for providing a virtual development and deployment environment including real and synthetic data |
US20110185178A1 (en) * | 2008-03-31 | 2011-07-28 | Compugroup Holding Ag | Communication method of an electronic health insurance card with a reading device |
US8369521B2 (en) * | 2008-10-17 | 2013-02-05 | Oracle International Corporation | Smart card based encryption key and password generation and management |
US20130163764A1 (en) * | 2011-03-28 | 2013-06-27 | Nxp B.V. | Secure dynamic on chip key programming |
US8560851B1 (en) * | 2009-05-15 | 2013-10-15 | Sprint Communications Company L.P. | Managing digital certificates |
US8689012B1 (en) * | 2008-10-17 | 2014-04-01 | Sprint Communications Company L.P. | Diagnostics for secure elements in a mobile device |
US8750796B2 (en) * | 2007-05-17 | 2014-06-10 | Abbott Medical Optics Inc. | Exclusive pairing technique for short-range communication devices |
US8761401B2 (en) * | 2006-08-28 | 2014-06-24 | Motorola Mobility Llc | System and method for secure key distribution to manufactured products |
US8908870B2 (en) * | 2007-11-01 | 2014-12-09 | Infineon Technologies Ag | Method and system for transferring information to a device |
US9105027B2 (en) * | 2009-05-15 | 2015-08-11 | Visa International Service Association | Verification of portable consumer device for secure services |
Family Cites Families (149)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5491750A (en) | 1993-12-30 | 1996-02-13 | International Business Machines Corporation | Method and apparatus for three-party entity authentication and key distribution using message authentication codes |
US6163771A (en) | 1997-08-28 | 2000-12-19 | Walker Digital, Llc | Method and device for generating a single-use financial account number |
US6084969A (en) * | 1997-12-31 | 2000-07-04 | V-One Corporation | Key encryption system and method, pager unit, and pager proxy for a two-way alphanumeric pager network |
US6636833B1 (en) | 1998-03-25 | 2003-10-21 | Obis Patents Ltd. | Credit card system and method |
US6422462B1 (en) | 1998-03-30 | 2002-07-23 | Morris E. Cohen | Apparatus and methods for improved credit cards and credit card transactions |
US7357312B2 (en) * | 1998-05-29 | 2008-04-15 | Gangi Frank J | System for associating identification and personal data for multiple magnetic stripe cards or other sources to facilitate a transaction and related methods |
US6349290B1 (en) * | 1998-06-30 | 2002-02-19 | Citibank, N.A. | Automated system and method for customized and personalized presentation of products and services of a financial institution |
ATE360866T1 (en) | 1998-07-02 | 2007-05-15 | Cryptography Res Inc | LEAK-RESISTANT UPDATING OF AN INDEXED CRYPTOGRAPHIC KEY |
US6607136B1 (en) * | 1998-09-16 | 2003-08-19 | Beepcard Inc. | Physical presence digital authentication system |
US6044350A (en) | 1998-12-24 | 2000-03-28 | Pitney Bowes Inc. | Certificate meter with selectable indemnification provisions |
US7461010B2 (en) | 1999-09-13 | 2008-12-02 | Khai Hee Kwan | Computer network method for conducting payment over a network by debiting and crediting telecommunication accounts |
FI112418B (en) | 2000-02-01 | 2003-11-28 | Nokia Corp | Method for checking data integrity, system and mobile |
FR2804810B1 (en) | 2000-02-09 | 2003-09-12 | France Telecom | SERVICE ACTIVATION BY PRE-PAID VIRTUAL CARD |
WO2001065502A2 (en) | 2000-02-29 | 2001-09-07 | E-Scoring, Inc. | Systems and methods enabling anonymous credit transactions |
US6986046B1 (en) | 2000-05-12 | 2006-01-10 | Groove Networks, Incorporated | Method and apparatus for managing secure collaborative transactions |
US6829596B1 (en) * | 2000-05-23 | 2004-12-07 | Steve Frazee | Account/asset activation device and method |
KR20030019404A (en) * | 2000-05-25 | 2003-03-06 | 윌슨 하우 기어프 궤 | Transaction system and method |
US20020128977A1 (en) * | 2000-09-12 | 2002-09-12 | Anant Nambiar | Microchip-enabled online transaction system |
US20020091646A1 (en) | 2000-11-03 | 2002-07-11 | Lake Lawrence L. | Method and system for verifying the identity of on-line credit card purchasers through a proxy transaction |
US6931382B2 (en) * | 2001-01-24 | 2005-08-16 | Cdck Corporation | Payment instrument authorization technique |
US7292999B2 (en) * | 2001-03-15 | 2007-11-06 | American Express Travel Related Services Company, Inc. | Online card present transaction |
US20020156689A1 (en) | 2001-04-18 | 2002-10-24 | Far Soft, Inc. | System and method for securing transactions between buyer and credit authorizer |
EP1255372B1 (en) | 2001-05-03 | 2008-03-19 | Telefonaktiebolaget LM Ericsson (publ) | Method and system for data integrity protection |
US7783566B2 (en) | 2001-06-27 | 2010-08-24 | American Express Travel Related Services Company, Inc. | Consolidated payment account system and method |
CA2356823C (en) * | 2001-09-10 | 2010-05-11 | Research In Motion Limited | System and method for real time self-provisioning for a mobile communication device |
US7051932B2 (en) * | 2001-12-26 | 2006-05-30 | Vivotech, Inc. | Adaptor for magnetic stripe card reader |
US20040159700A1 (en) | 2001-12-26 | 2004-08-19 | Vivotech, Inc. | Method and apparatus for secure import of information into data aggregation program hosted by personal trusted device |
US8573486B2 (en) | 2010-10-13 | 2013-11-05 | Square, Inc. | Systems and methods for financial transaction through miniaturized card reader with confirmation of payment sent to buyer |
US9305314B2 (en) | 2002-02-05 | 2016-04-05 | Square, Inc. | Methods of transmitting information to mobile devices using cost effective card readers |
US7436966B2 (en) | 2002-08-21 | 2008-10-14 | International Business Machines Corporation | Secure approach to send data from one system to another |
JP4504192B2 (en) | 2002-09-16 | 2010-07-14 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | Secure access to subscription modules |
US7494055B2 (en) | 2002-09-17 | 2009-02-24 | Vivotech, Inc. | Collaborative negotiation techniques for mobile personal trusted device financial transactions |
US7548621B1 (en) * | 2002-09-26 | 2009-06-16 | Ncr Corporation | System and method for securing a base derivation key for use in injection of derived unique key per transaction devices |
US20060168089A1 (en) * | 2002-09-30 | 2006-07-27 | Sampson Scott E | Controlling incoming communication by issuing tokens |
US20040098312A1 (en) * | 2002-11-19 | 2004-05-20 | American Express Travel Related Service Co., Inc. | System and method for facilitating interaction between consumer and merchant |
US6685088B1 (en) | 2002-12-13 | 2004-02-03 | American Express Travel Related Services Company, Inc. | System and method for selecting an account |
US20060179305A1 (en) * | 2004-03-11 | 2006-08-10 | Junbiao Zhang | WLAN session management techniques with secure rekeying and logoff |
GB0312038D0 (en) | 2003-05-24 | 2003-07-02 | Edwards Michael | A security method |
US20050092839A1 (en) | 2003-10-31 | 2005-05-05 | Oram Thomas K. | Method and apparatus for providing and processing active barcodes |
US7702577B1 (en) | 2003-11-06 | 2010-04-20 | Jp Morgan Chase Bank, N.A. | System and method for conversion of initial transaction to final transaction |
US7543739B2 (en) * | 2003-12-17 | 2009-06-09 | Qsecure, Inc. | Automated payment card fraud detection and location |
US20050198506A1 (en) * | 2003-12-30 | 2005-09-08 | Qi Emily H. | Dynamic key generation and exchange for mobile devices |
US7353388B1 (en) | 2004-02-09 | 2008-04-01 | Avaya Technology Corp. | Key server for securing IP telephony registration, control, and maintenance |
US7797454B2 (en) | 2004-02-13 | 2010-09-14 | Hewlett-Packard Development Company, L.P. | Media data transcoding devices |
US7328011B2 (en) | 2004-03-31 | 2008-02-05 | The Boeing Company | Management of mobile networks |
US20130054470A1 (en) * | 2010-01-08 | 2013-02-28 | Blackhawk Network, Inc. | System for Payment via Electronic Wallet |
US20050279827A1 (en) | 2004-04-28 | 2005-12-22 | First Data Corporation | Methods and systems for providing guaranteed merchant transactions |
US20050250538A1 (en) * | 2004-05-07 | 2005-11-10 | July Systems, Inc. | Method and system for making card-based payments using mobile devices |
WO2005119607A2 (en) * | 2004-06-03 | 2005-12-15 | Tyfone, Inc. | System and method for securing financial transactions |
US8543500B2 (en) | 2004-06-25 | 2013-09-24 | Ian Charles Ogilvy | Transaction processing method, apparatus and system |
US9342664B2 (en) | 2004-07-30 | 2016-05-17 | Etrans L.C. | Method to make payment or charge safe transactions using programmable mobile telephones |
US7174174B2 (en) | 2004-08-20 | 2007-02-06 | Dbs Communications, Inc. | Service detail record application and system |
US7548152B2 (en) * | 2004-10-08 | 2009-06-16 | Entrust Limited | RFID transponder information security methods systems and devices |
US7610631B2 (en) * | 2004-11-15 | 2009-10-27 | Alexander Frank | Method and apparatus for provisioning software |
US10134202B2 (en) * | 2004-11-17 | 2018-11-20 | Paypal, Inc. | Automatic address validation |
AU2005318933B2 (en) * | 2004-12-21 | 2011-04-14 | Emue Holdings Pty Ltd | Authentication device and/or method |
US20060217111A1 (en) * | 2005-02-11 | 2006-09-28 | Sunil Marolia | Network for customer care and distribution of firmware and software updates |
FI20050384A0 (en) * | 2005-04-14 | 2005-04-14 | Nokia Corp | Use of generic authentication architecture for distribution of Internet protocol keys in mobile terminals |
US8078867B2 (en) | 2005-08-12 | 2011-12-13 | Research In Motion Limited | System and method for authenticating streamed data |
US20070063024A1 (en) | 2005-09-21 | 2007-03-22 | Plastyc Inc. | Dual macro- and micro-payment card system |
US20070101122A1 (en) * | 2005-09-23 | 2007-05-03 | Yile Guo | Method and apparatus for securely generating application session keys |
US8788802B2 (en) | 2005-09-29 | 2014-07-22 | Qualcomm Incorporated | Constrained cryptographic keys |
KR101137340B1 (en) | 2005-10-18 | 2012-04-19 | 엘지전자 주식회사 | Method of Providing Security for Relay Station |
US7626963B2 (en) * | 2005-10-25 | 2009-12-01 | Cisco Technology, Inc. | EAP/SIM authentication for mobile IP to leverage GSM/SIM authentication infrastructure |
WO2007087194A2 (en) * | 2006-01-20 | 2007-08-02 | Glenbrook Associates, Inc. | System and method for the automated processing of physical objects |
US8567669B2 (en) * | 2006-02-24 | 2013-10-29 | Fair Isaac Corporation | Method and apparatus for a merchant profile builder |
US20090235065A1 (en) * | 2006-03-21 | 2009-09-17 | Andreas Nilsson | Method for automatic encryption and decryption of electronic communication |
US7751810B1 (en) * | 2006-03-21 | 2010-07-06 | Nextel Communications Inc. | System and method for transmitting information to subscriber communication units at events |
US8627092B2 (en) * | 2006-03-22 | 2014-01-07 | Lg Electronics Inc. | Asymmetric cryptography for wireless systems |
US7936878B2 (en) * | 2006-04-10 | 2011-05-03 | Honeywell International Inc. | Secure wireless instrumentation network system |
US20070256124A1 (en) * | 2006-04-13 | 2007-11-01 | Go Play Network, Inc. | Collectible token data management |
US7562813B2 (en) | 2006-05-10 | 2009-07-21 | First Data Corporation | System and method for activating telephone-based payment instrument |
CA2550698A1 (en) * | 2006-06-19 | 2007-12-19 | Daniel Mccann | Method and apparatus for encryption and pass-through handling of confidential information in software applications |
EP1873960B1 (en) * | 2006-06-29 | 2013-06-05 | Incard SA | Method for session key derivation in a IC card |
US20080006685A1 (en) * | 2006-07-06 | 2008-01-10 | Firethorn Holdings, Llc | Methods and Systems For Real Time Account Balances in a Mobile Environment |
DE102006038037A1 (en) | 2006-08-14 | 2008-02-21 | Siemens Ag | Method and system for providing an access-specific key |
US9240009B2 (en) * | 2006-09-24 | 2016-01-19 | Rich House Global Technology Ltd. | Mobile devices for commerce over unsecured networks |
US7761380B2 (en) | 2006-09-28 | 2010-07-20 | Verifi, Inc. | System and method for authenticating a payment instrument transaction originating from a non-internet channel |
US20080136592A1 (en) | 2006-12-07 | 2008-06-12 | Symbol Technologies, Inc. | Rfid-based reminder service |
US8583923B2 (en) | 2006-12-08 | 2013-11-12 | Toshiba America Research, Inc. | EAP method for EAP extension (EAP-EXT) |
JP4081724B1 (en) | 2006-12-27 | 2008-04-30 | 日本電気株式会社 | Client terminal, relay server, communication system, and communication method |
US20090006262A1 (en) | 2006-12-30 | 2009-01-01 | Brown Kerry D | Financial transaction payment processor |
US20080235513A1 (en) * | 2007-03-19 | 2008-09-25 | Microsoft Corporation | Three Party Authentication |
US20080257952A1 (en) | 2007-04-18 | 2008-10-23 | Andre Luis Zandonadi | System and Method for Conducting Commercial Transactions |
EP3457451B1 (en) | 2007-04-30 | 2019-07-17 | Novaled GmbH | The use of oxocarbon, pseudooxocarbon and radialene compounds |
US8725638B2 (en) | 2007-05-18 | 2014-05-13 | Visa U.S.A. Inc. | Method and system for payment authorization and card presentation using pre-issued identities |
US8489740B2 (en) | 2007-05-18 | 2013-07-16 | Red Hat, Inc. | Method and an apparatus to generate message authentication codes at a proxy server for validating a web session |
US10482081B2 (en) | 2007-06-04 | 2019-11-19 | Bce Inc. | Methods and systems for validating online transactions using location information |
US8345604B2 (en) | 2007-06-07 | 2013-01-01 | Qualcomm Incorporated | Effectuating establishment of internet protocol security tunnels for utilization in a wireless communication environment |
US20080303665A1 (en) | 2007-06-08 | 2008-12-11 | Bilcare, Inc. | Package-companion-user interactive system and associated method |
US8099363B1 (en) | 2007-06-30 | 2012-01-17 | Michael W. Kilchenstein, Jr. | Methods and systems for processing card-not-present financial transactions as card-present financial transactions |
KR100958108B1 (en) | 2007-11-12 | 2010-05-17 | 한국전자통신연구원 | Method and apparatus for protecting illegal program copy of mobile communication terminals |
US8812401B2 (en) | 2007-11-20 | 2014-08-19 | Propay Usa Inc. | Secure payment capture processes |
US8495375B2 (en) | 2007-12-21 | 2013-07-23 | Research In Motion Limited | Methods and systems for secure channel initialization |
US20120296824A1 (en) * | 2007-12-28 | 2012-11-22 | Rosano Sharon A | Systems and methods for correction of information in card-not-present account-on-file transactions |
US7802720B2 (en) | 2008-01-04 | 2010-09-28 | Intuit Inc. | Method and system for performing a card-present transaction using image capture on a portable device |
US11159909B2 (en) | 2008-02-05 | 2021-10-26 | Victor Thomas Anderson | Wireless location establishing device |
US8219558B1 (en) * | 2008-04-25 | 2012-07-10 | David Scott Trandal | Methods and systems for inventory management |
CA2630388A1 (en) | 2008-05-05 | 2009-11-05 | Nima Sharifmehr | Apparatus and method to prevent man in the middle attack |
US8578153B2 (en) * | 2008-10-28 | 2013-11-05 | Telefonaktiebolaget L M Ericsson (Publ) | Method and arrangement for provisioning and managing a device |
US8644514B2 (en) | 2008-10-31 | 2014-02-04 | Nokia Siemens Networks Oy | Security model for a relay network system |
US8146798B2 (en) | 2008-11-07 | 2012-04-03 | Advanced Custom Engineered Systems & Equipment Co. | Method and apparatus for monitoring waste removal and administration |
US8135964B2 (en) * | 2008-12-09 | 2012-03-13 | Nvidia Corporation | Apparatus, system, method, and computer program product for executing a program utilizing a processor to generate keys for decrypting content |
US8874701B2 (en) | 2008-12-22 | 2014-10-28 | Sap Se | On-demand provisioning of services running on embedded devices |
GB0901407D0 (en) | 2009-01-28 | 2009-03-11 | Validsoft Uk Ltd | Card false-positive prevention |
US20100199341A1 (en) * | 2009-02-02 | 2010-08-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods, Subscriber Server, and User Equipment for Facilitating Service Provision |
US20100235286A1 (en) * | 2009-03-13 | 2010-09-16 | Gidah, Inc. | Method and system for generating tokens in a transaction handling system |
US8521821B2 (en) | 2009-03-17 | 2013-08-27 | Brigham Young University | Encrypted email based upon trusted overlays |
GB0904874D0 (en) | 2009-03-20 | 2009-05-06 | Validsoft Uk Ltd | Smartcard security system |
US20100274691A1 (en) | 2009-04-28 | 2010-10-28 | Ayman Hammad | Multi alerts based system |
CA2760769A1 (en) | 2009-05-04 | 2010-11-11 | Visa International Service Association | Determining targeted incentives based on consumer transaction history |
US8725122B2 (en) * | 2009-05-13 | 2014-05-13 | First Data Corporation | Systems and methods for providing trusted service management services |
US9471920B2 (en) | 2009-05-15 | 2016-10-18 | Idm Global, Inc. | Transaction assessment and/or authentication |
US8571995B2 (en) | 2009-06-02 | 2013-10-29 | Voltage Security, Inc. | Purchase transaction system with encrypted payment card data |
US20110004653A1 (en) * | 2009-07-06 | 2011-01-06 | Barry Richard Cavill | Method for activation of a media processing device to a web server |
CA2804455C (en) | 2009-07-07 | 2018-05-29 | Finsphere Corporation | Mobile directory number and email verification of financial transactions |
US20110047072A1 (en) | 2009-08-07 | 2011-02-24 | Visa U.S.A. Inc. | Systems and Methods for Propensity Analysis and Validation |
US20110047075A1 (en) | 2009-08-19 | 2011-02-24 | Mastercard International Incorporated | Location controls on payment card transactions |
US20110087547A1 (en) | 2009-10-09 | 2011-04-14 | Visa U.S.A. | Systems and Methods for Advertising Services Based on a Local Profile |
WO2011047028A2 (en) | 2009-10-13 | 2011-04-21 | Square, Inc. | Systems and methods for financial transaction through miniaturized card reader |
US8595058B2 (en) * | 2009-10-15 | 2013-11-26 | Visa U.S.A. | Systems and methods to match identifiers |
US8413894B2 (en) | 2009-11-05 | 2013-04-09 | X-Card Holdings, Llc | Card with illuminated codes for use in secure transactions |
US8386381B1 (en) | 2009-12-16 | 2013-02-26 | Jpmorgan Chase Bank, N.A. | Method and system for detecting, monitoring and addressing data compromises |
CA2694500C (en) | 2010-02-24 | 2015-07-07 | Diversinet Corp. | Method and system for secure communication |
US9280768B2 (en) | 2010-03-17 | 2016-03-08 | Verifone, Inc. | Payment systems and methodologies |
US8626663B2 (en) | 2010-03-23 | 2014-01-07 | Visa International Service Association | Merchant fraud risk score |
CA2697687C (en) | 2010-03-24 | 2014-02-18 | Diversinet Corp. | Method and system for secure communication using hash-based message authentication codes |
CA2791998A1 (en) | 2010-04-23 | 2011-10-27 | Visa U.S.A. Inc. | Systems and methods to provide data services |
FR2959896B1 (en) * | 2010-05-06 | 2014-03-21 | 4G Secure | METHOD FOR AUTHENTICATING A USER REQUIRING A TRANSACTION WITH A SERVICE PROVIDER |
US9294506B2 (en) | 2010-05-17 | 2016-03-22 | Certes Networks, Inc. | Method and apparatus for security encapsulating IP datagrams |
US20110288918A1 (en) | 2010-05-24 | 2011-11-24 | Karen Louise Cervenka | Systems and Methods for Redemption of Offers |
US8554653B2 (en) | 2010-07-22 | 2013-10-08 | Visa International Service Association | Systems and methods to identify payment accounts having business spending activities |
US20120028609A1 (en) * | 2010-07-27 | 2012-02-02 | John Hruska | Secure financial transaction system using a registered mobile device |
US9558481B2 (en) * | 2010-09-28 | 2017-01-31 | Barclays Bank Plc | Secure account provisioning |
US10193873B2 (en) * | 2010-09-30 | 2019-01-29 | Comcast Cable Communications, Llc | Key derivation for secure communications |
US9723481B2 (en) * | 2010-10-29 | 2017-08-01 | Apple Inc. | Access data provisioning apparatus and methods |
US8335921B2 (en) | 2010-12-17 | 2012-12-18 | Google, Inc. | Writing application data to a secure element |
US9191813B2 (en) | 2010-12-30 | 2015-11-17 | Mozido Corfire—Korea, Ltd. | System and method for managing OTA provisioning applications through use of profiles and data preparation |
US20120197802A1 (en) | 2011-01-28 | 2012-08-02 | Janet Smith | Method and system for determining fraud in a card-not-present transaction |
US20120203698A1 (en) * | 2011-02-07 | 2012-08-09 | Dustin Duncan | Method and System for Fraud Detection and Notification |
US20120215610A1 (en) | 2011-02-23 | 2012-08-23 | Visa International Service Association | Systems and Methods to Facilitate Offer Sharing |
US10438299B2 (en) * | 2011-03-15 | 2019-10-08 | Visa International Service Association | Systems and methods to combine transaction terminal location data and social networking check-in |
EP2686818A4 (en) * | 2011-03-18 | 2014-11-26 | Mastercard International Inc | Methods and systems for electronic commerce verification |
US20120296741A1 (en) | 2011-05-19 | 2012-11-22 | Verifone, Inc. | Cloud based electronic wallet |
US9106633B2 (en) | 2011-05-26 | 2015-08-11 | First Data Corporation | Systems and methods for authenticating mobile device communications |
US8918855B2 (en) * | 2011-12-09 | 2014-12-23 | Blackberry Limited | Transaction provisioning for mobile wireless communications devices and related methods |
US8612771B2 (en) | 2012-01-06 | 2013-12-17 | Netflix, Inc. | Verifying authenticity of playback device |
US10455071B2 (en) * | 2012-05-09 | 2019-10-22 | Sprint Communications Company L.P. | Self-identification of brand and branded firmware installation in a generic electronic device |
WO2014186635A1 (en) * | 2013-05-15 | 2014-11-20 | Visa International Service Association | Mobile tokenization hub |
-
2012
- 2012-05-25 US US13/481,364 patent/US9106633B2/en active Active
- 2012-05-25 US US13/481,377 patent/US8752127B2/en not_active Expired - Fee Related
- 2012-05-25 US US13/481,346 patent/US20120303310A1/en not_active Abandoned
- 2012-05-25 US US13/481,352 patent/US9106632B2/en active Active
- 2012-05-25 US US13/481,356 patent/US9059980B2/en active Active
- 2012-05-25 US US13/481,387 patent/US9154477B2/en active Active
- 2012-05-25 US US13/481,394 patent/US20120303503A1/en not_active Abandoned
- 2012-05-25 US US13/481,437 patent/US8775305B2/en not_active Expired - Fee Related
- 2012-05-25 US US13/481,433 patent/US8880886B2/en not_active Expired - Fee Related
-
2014
- 2014-05-02 US US14/268,703 patent/US9331996B2/en active Active
Patent Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6282294B1 (en) * | 1998-01-07 | 2001-08-28 | Microsoft Corporation | System for broadcasting to, and programming, a motor device in a protocol, device, and network independent fashion |
US6411941B1 (en) * | 1998-05-21 | 2002-06-25 | Beeble, Inc. | Method of restricting software operation within a license limitation |
US20030060189A1 (en) * | 2001-08-15 | 2003-03-27 | Brian Minear | Test enabled application execution |
US7418596B1 (en) * | 2002-03-26 | 2008-08-26 | Cellco Partnership | Secure, efficient, and mutually authenticated cryptographic key distribution |
US20040146163A1 (en) * | 2002-10-28 | 2004-07-29 | Nokia Corporation | Device keys |
US20090068988A1 (en) * | 2006-03-16 | 2009-03-12 | Cofta Piotr L | Sim based authentication |
US8761401B2 (en) * | 2006-08-28 | 2014-06-24 | Motorola Mobility Llc | System and method for secure key distribution to manufactured products |
US20080170693A1 (en) * | 2007-01-16 | 2008-07-17 | Terence Spies | Format-preserving cryptographic systems |
US8750796B2 (en) * | 2007-05-17 | 2014-06-10 | Abbott Medical Optics Inc. | Exclusive pairing technique for short-range communication devices |
US8908870B2 (en) * | 2007-11-01 | 2014-12-09 | Infineon Technologies Ag | Method and system for transferring information to a device |
US20090144205A1 (en) * | 2007-11-29 | 2009-06-04 | Visa Usa, Inc. | Serial number and payment data based payment card processing |
US20110185178A1 (en) * | 2008-03-31 | 2011-07-28 | Compugroup Holding Ag | Communication method of an electronic health insurance card with a reading device |
US20100192220A1 (en) * | 2008-09-08 | 2010-07-29 | Robin Heizmann | Apparatuses, methods and systems for providing a virtual development and deployment environment including real and synthetic data |
US8369521B2 (en) * | 2008-10-17 | 2013-02-05 | Oracle International Corporation | Smart card based encryption key and password generation and management |
US8689012B1 (en) * | 2008-10-17 | 2014-04-01 | Sprint Communications Company L.P. | Diagnostics for secure elements in a mobile device |
US20100153709A1 (en) * | 2008-12-10 | 2010-06-17 | Qualcomm Incorporated | Trust Establishment From Forward Link Only To Non-Forward Link Only Devices |
US8560851B1 (en) * | 2009-05-15 | 2013-10-15 | Sprint Communications Company L.P. | Managing digital certificates |
US9105027B2 (en) * | 2009-05-15 | 2015-08-11 | Visa International Service Association | Verification of portable consumer device for secure services |
US20130163764A1 (en) * | 2011-03-28 | 2013-06-27 | Nxp B.V. | Secure dynamic on chip key programming |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9059980B2 (en) | 2011-05-26 | 2015-06-16 | First Data Corporation | Systems and methods for authenticating mobile devices |
US9106633B2 (en) | 2011-05-26 | 2015-08-11 | First Data Corporation | Systems and methods for authenticating mobile device communications |
US9106632B2 (en) | 2011-05-26 | 2015-08-11 | First Data Corporation | Provisioning by delivered items |
US9154477B2 (en) | 2011-05-26 | 2015-10-06 | First Data Corporation | Systems and methods for encrypting mobile device communications |
US9331996B2 (en) | 2011-05-26 | 2016-05-03 | First Data Corporation | Systems and methods for identifying devices by a trusted service manager |
US20140281504A1 (en) * | 2013-03-18 | 2014-09-18 | International Business Machines Corporation | Authorizing Use Of A Test Key Signed Build |
US9160542B2 (en) * | 2013-03-18 | 2015-10-13 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Authorizing use of a test key signed build |
WO2016037701A1 (en) * | 2014-09-11 | 2016-03-17 | Giesecke & Devrient Gmbh | Method and devices for testing a mobile terminal having a security element |
US20160125203A1 (en) * | 2014-10-31 | 2016-05-05 | Xiaomi Inc. | Method and apparatus of verifying terminal and medium |
US10019604B2 (en) * | 2014-10-31 | 2018-07-10 | Xiaomi Inc. | Method and apparatus of verifying terminal and medium |
US10353806B1 (en) | 2015-12-07 | 2019-07-16 | Mx Technologies, Inc. | Multi-platform testing automation |
US10909027B1 (en) | 2015-12-07 | 2021-02-02 | Mx Technologies, Inc. | Multi-platform testing automation |
US11080170B1 (en) | 2015-12-07 | 2021-08-03 | Mx Technologies, Inc. | Multi-platform testing automation |
US11093373B1 (en) | 2015-12-07 | 2021-08-17 | Mx Technologies, Inc. | Multi-platform testing automation |
US11188452B1 (en) | 2015-12-07 | 2021-11-30 | Mx Technologies, Inc. | Multi-platform testing automation |
US11194698B1 (en) | 2015-12-07 | 2021-12-07 | Mx Technologies, Inc. | Multi-platform testing automation |
Also Published As
Publication number | Publication date |
---|---|
US9154477B2 (en) | 2015-10-06 |
US8775305B2 (en) | 2014-07-08 |
US8752127B2 (en) | 2014-06-10 |
US20120304255A1 (en) | 2012-11-29 |
US20140237551A1 (en) | 2014-08-21 |
US20120304254A1 (en) | 2012-11-29 |
US20120300932A1 (en) | 2012-11-29 |
US9059980B2 (en) | 2015-06-16 |
US20120303961A1 (en) | 2012-11-29 |
US20120303496A1 (en) | 2012-11-29 |
US9331996B2 (en) | 2016-05-03 |
US9106632B2 (en) | 2015-08-11 |
US20120300938A1 (en) | 2012-11-29 |
US20120303503A1 (en) | 2012-11-29 |
US20120317019A1 (en) | 2012-12-13 |
US8880886B2 (en) | 2014-11-04 |
US9106633B2 (en) | 2015-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20120303310A1 (en) | Systems and Methods for Providing Test Keys to Mobile Devices | |
US9647903B2 (en) | Systems and methods for providing trusted service management services | |
JP7043701B2 (en) | Systems and methods to first establish and regularly check the trust of software applications | |
KR101514754B1 (en) | System and method for provisioning over the air of confidential information on mobile communicative devices with non-uicc secure elements | |
US20120266220A1 (en) | System and Method for Controlling Access to a Third-Party Application with Passwords Stored in a Secure Element | |
EP2624612B1 (en) | A method for near field communication operation, a device and a system thereto | |
EP2308014A1 (en) | Trusted service manager (tsm) architectures and methods | |
US10567959B2 (en) | System and method for managing application data of contactless card applications | |
CN107332817B (en) | Mobile device supporting multiple access control clients and corresponding method | |
US9836618B2 (en) | System and method of authentication of a first party respective of a second party aided by a third party | |
CN110636491A (en) | Service-oriented trusted execution module and communication method | |
US10318951B2 (en) | Transaction management | |
US10939297B1 (en) | Secure unlock of mobile phone | |
AU2014200310B2 (en) | Systems and methods for providing trusted service management services | |
AU2016203394B2 (en) | Systems and methods for providing trusted service management services | |
US10798574B1 (en) | Mobile communication device certification framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: FIRST DATA CORPORATION, COLORADO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MUSFELDT, ROGER LYNN;REEL/FRAME:028337/0505 Effective date: 20120524 |
|
AS | Assignment |
Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, NEW YORK Free format text: SECURITY AGREEMENT;ASSIGNORS:FIRST DATA CORPORATION;CLOVER NETWORKS, INC.;MONEY NETWORK FINANCIAL, LLC;REEL/FRAME:030080/0531 Effective date: 20130320 |
|
AS | Assignment |
Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATERAL AGENT, UNITED STATES Free format text: SECURITY INTEREST;ASSIGNOR:FIRST DATA CORPORATION;REEL/FRAME:036656/0224 Effective date: 20150811 Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATE Free format text: SECURITY INTEREST;ASSIGNOR:FIRST DATA CORPORATION;REEL/FRAME:036656/0224 Effective date: 20150811 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: FIRST DATA CORPORATION, COLORADO Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:049899/0001 Effective date: 20190729 Owner name: CLOVER NETWORK, INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:049899/0001 Effective date: 20190729 Owner name: MONEY NETWORK FINANCIAL, LLC, COLORADO Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:049899/0001 Effective date: 20190729 |
|
AS | Assignment |
Owner name: FIRST DATA CORPORATION, NEW YORK Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION;REEL/FRAME:050094/0455 Effective date: 20190729 |