84 results about "Trusted service manager" patented technology

A method for authenticating a financial transaction at a point of sale (POS) includes storing an application program in a first secure element of a mobile phone. The application is configured to generate instruction codes to effect the financial transaction upon verification of a user's identity. The user's credentials are stored in a second SE of the phone, which is operable to verify the user's identity from a biometric trait of the user input to the phone and to generate data authenticating the financial transaction in response to the verification of the user's identity. At the POS, the user invokes the application and then inputs a biometric trait to the phone. The second SE verifies the user's identity, and upon verification, generates data authenticating the transaction. The financial transaction data, including the instruction codes and the authenticating data, are then transmitted from the phone to the POS.

A system for use with a trusted service manager (TSM) and a mobile device having a subscriber unique identifying data, according to one embodiment, includes: a server in which the server validates an application against the unique and identifying data of the mobile device and provides the validated application for the mobile device; and a secure element (SE) acting as a client in which the SE is present in the mobile device as client; the validated application from the server is installed in the SE; and the SE is adapted to execute the validated application to perform a service process. The service process includes enablement of payment functions on the mobile device, in which enablement of payment functions includes: providing secure communication between the mobile device and the server; secure provisioning of a payment instrument on the mobile device, wherein authentication and verification for the payment instrument on the mobile device is provided by the server; and binding the payment instruments and the validated application to the mobile device to provide a strong ID management for enhanced user protection and system security and integrity.

System, methods, and computer program products are provided for interfacing between one of a plurality of service provider (SP) trusted service managers (TSM) and one of a plurality of secure elements (SE). A first request including a mobile subscription identifier (MSI) is received from an SP TSM over a communications network. At least one memory is queried for SE data including an SE identifier corresponding to the MSI. The SE data is transmitted to the SP TSM over the communications network. A second request based on the SE data is received from the SP TSM over the communications network. A third request, based on the second request, is transmitted, over a mobile network, to an SE corresponding to the SE data. The mobile network is selected from multiple mobile networks, and is determined based on the SE data queried from the memory.

A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.

A Trusted Service Manager (TSM) receives via a first communication channel from a Service Provider (SP) a request (REQ(MIA)) that contains an application (MIA) together with a unique identifier of a mobile phone (MOB), particularly its telephone number. The mobile phone (MOB) is equipped with a memory device (MIF) that comprises multiple memory sectors being protected by sector keys. Preferably the memory device (MIF) is a MIFARE device. The TSM extracts the application (MIA) and the unique identifier from the received request, assigns destination sector(s) and associated sector key(s) of the memory device (MIF), compiles the application (MIA), the sector key(s) and the sector number(s) of the destination sector(s) into a setup-message (SU(MIA)), encrypts the setup-message and transmits it to either the mobile phone via a second communication channel or the Service Provider via the first communication channel (CN). If the setup-message (SU(MIA)) is transmitted to the Service Provider, the Service Provider sends it over the second communication channel to the mobile phone.

A method for managing a secure element which is embedded into a host unit. The described method comprises (a) transmitting a request for a management script from the host unit to a program element of the secure element, (b) at the program element, generating a management script in accordance with the request and encrypting the generated management script, (c) transmitting the encrypted management script from the program element to the host unit, (d) transmitting the encrypted management script from the host unit to a secure domain of the secure element, and (e) at the secure domain, decrypting and executing the management script.

A method for over-the-air (OTA) provisioning a non-Universal Integrated Circuit Card (UICC) type secure element (SE) of a mobile device, including receiving a request to initialize an OTA proxy of a mobile device; initializing the OTA proxy; receiving provisioning data through the OTA proxy; and provisioning the received data into the SE, in which the SE is a non-UICC type SE. A mobile device to provision secure data OTA in a non-UICC type SE including an OTA proxy to connect to a Trusted Service Manager (TSM) system, and to receive provisioning data from the TSM system; a near-field-communication (NFC) enabled chip to conduct a contactless transaction; and a SE to store information provisioned through OTA proxy, in which the SE is a non-UICC type SE.

A method for granting trusted applications (SP1_WL) of a Service Provider (SP1, SP2) access to applications (appSP1.1, appSP1.2; appSP2.1) of that Service Provider (SP1, SP2) that have been stored in a secure element (SE) comprises: the Service Provider (SP1, SP2) transmits a request (REQ1) for granting access to its applications to a Trusted Service Manager (TSM); the Trusted Service Manager (TSM) generates an access right code (AC1) and transmits it to both the Service Provider (SP1, SP2) and a service manager (SM) in the secure element (SE); the Service Provider (SP1, SP2) generates the trusted application (SP1_WL), provides it with the access right code (AC1) and sends it to the secure element (SE); the trusted application (SP1_WL) connects to the service manager (SM) with the access right code (AC1) whereupon the service manager (SM) grants the wallet (SP1_WL) access to the applications (appSP1.1, appSP1.2; appSP2.1).

A method for provisioning a contactless card applet in a mobile device with a mobile wallet application, including activating the mobile wallet application, connecting to a Trusted Service Manager (TSM) system, synchronizing the mobile wallet application with the TSM system, displaying a contactless card applet based on attributes of the mobile device, receiving a selection of a contactless card applet, retrieving a widget and a wallet management applet (WMA) corresponding to the contactless card applet, and provisioning the selected contactless card applet, the widget, and the WMA. A wallet management system (WMS) in a non-transitory storage medium to store and manage mobile wallet account information including a wallet client management component, a widget management component, a device profile management component, and a rule engine.

Embodiments of the invention are directed to a centralized trusted service manager system in the form of a trusted service manager interconnectivity service hub, which facilitates and provides communications between entities involved in mobile contactless provisioning and payment systems. One embodiment of the present invention is directed to a method for processing a wallet request from a wallet provider associated with mobile communication device including a secure element through an interconnectivity hub. The method comprises receiving a wallet request in first protocol, determining an issuer associated with the account identifier, and obtaining application data. The method further comprises determining a trusted service manager associated with the secure element from among a plurality of trusted service manager computers using a routing table. Additionally, the method includes determining a second protocol and obtaining a secure element key for completing a request from a secure element trusted service manager using the second protocol.

Systems, methods, and computer program products are provided for performing content management operations. At least one memory stores data, and a central security domain manages instructions on behalf of one or more service provider security domains. The instructions are received, over a network, from a trusted service manager. The instructions are processed in at least one of the one or more determined service provider security domains, using the data stored in the at least one memory. The data includes one or more generic applications, each of which can be instantiated for one or more service providers.

Embodiments of the invention provide systems and methods for identifying devices by a trusted service manager. According to one example embodiment of the invention, a method for identifying communications is provided. The method can include receiving, by a service provider from a device, a message comprising card production life cycle (CPLC) information associated with a secure element incorporated into the device; and evaluating, by the service provider, the received CPLC information in order to identify the secure element.

Techniques for realizing or providing controllable trusted service management are disclosed. The techniques are related to empowering a service provider with application provisioning and applet and secure element (SE) management capabilities. A service management module, herein referred to as Controllable TSM or CTSM, is provided to a service provider to provision certain applications distributed through the service provider. A system or platform contemplated in this invention allows a service provider to operate under a supplementary security domain (SSD) installed by an SE issuer or an updated SSD key set exclusively known to the service provider. Such a platform is designed to support embedded SE (eSE) and can be extended to support UICC-based SE. With the CTSM, a service provider can use the SSD to personalize applets installed on each SE securely and independently.

A method using a non-transitory processor for providing an application product including receiving an application profile, a key profile, a secure element (SE) profile, and a mobile terminal profile; establishing a link between the received profiles, in which the link is established for assembling the application product; and applying a limitation to the application product, in which the applied limitation determines whether the application product is accessible to a user. A method using a non-transitory processor for data preparation in a Trusted Service Manager (TSM) including receiving data from a service provider, in which the received data is in a Data Grouping Identifier (DGI) format or a raw data format; and processing the data using at least one of a logical data preparation and a physical data preparation.

Systems, methods, and computer program products are provided for managing activation in a mobile wallet. A wallet activation request is received from a wallet client. The wallet activation request is transmitted to a central trusted service manager (TSM). One or more push messages including activation data are received from the TSM, and the push messages are transmitted to the wallet client, in response to a second request from the wallet client while the wallet client is in an active state.

Systems, methods, and computer-readable media for managing credentials are provided. In one example embodiment, an electronic device may include a secure element with a security domain element stored on the secure element. The electronic device may also include a processor component that may be configured to, inter alia, permanently terminate the functionality of the security domain element, after the functionality has been permanently terminated, communicatively couple the electronic device to a trusted service manager, and transmit data to the communicatively coupled trusted service manager that may be usable by the trusted service manager to determine that the functionality has been permanently terminated. Additional embodiments are also provided.

Techniques for realizing or providing controllable trusted service management are disclosed. The techniques are related to empowering a service provider with application provisioning and applet and secure element (SE) management capabilities. A service management module, herein referred to as Controllable TSM or CTSM, is provided to a service provider to provision certain applications distributed through the service provider. A system or platform contemplated in this invention allows a service provider to operate under a supplementary security domain (SSD) installed by an SE issuer or an updated SSD key set exclusively known to the service provider. Such a platform is designed to support embedded SE (eSE) and can be extended to support UICC-based SE. With the CTSM, a service provider can use the SSD to personalize applets installed on each SE securely and independently.

The invention relates to a method for carrying out security management on a security element and a communication system realized by employing the method. The method comprises the steps of loading a trusted application in a terminal device; establishing a security channel between the trusted application and a trusted service manager server; issuing a management key to the trusted application by the trusted service manager server through the security channel, and storing the management key by the trusted application; issuing a management instruction to the trusted application by the trusted service manager server through the security channel, and storing the management instruction by the trusted application; and carrying out content management on the security element by the trusted application based on the management key and the management instruction. According to the method and the system, on the basis of ensuring the data security, the networking times is reduced, and the performance efficiency of a take is improved.

A Trusted Service Manager (TSM) receives installation requests (INST) from Service Providers (SPx) comprising an application (APPx), a Service Provider identifier (SPx-ID) and an identifier (MOx-ID) of a target mobile communication device (MOx) that is equipped with a memory device (MIF) to store the application (APPx). The Trusted Service Manager (TSM) transmits the application (APPx) to the target mobile communication device (MOx) and keeps a repository (REP) of the received applications (APPx), their associated service provider identifiers (SPx-ID) and their associated target mobile communication device identifiers (MOx-ID). If the Trusted Service Manager (TSM) receives queries (QU) from a Mobile Network Operator (MNO) asking for the Service Providers associated with a specific mobile communication device identifier (MOx-ID) it retrieves from the repository (REP) those Service Providers (SPx) that are associated with the queried mobile communication device identifier (MOx-ID).