US20120171992A1 - System and method for secure containment of sensitive financial information stored in a mobile communication terminal - Google Patents

System and method for secure containment of sensitive financial information stored in a mobile communication terminal Download PDF

Info

Publication number
US20120171992A1
US20120171992A1 US13/310,063 US201113310063A US2012171992A1 US 20120171992 A1 US20120171992 A1 US 20120171992A1 US 201113310063 A US201113310063 A US 201113310063A US 2012171992 A1 US2012171992 A1 US 2012171992A1
Authority
US
United States
Prior art keywords
information
mobile terminal
mobile
type
tsm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/310,063
Inventor
Kido CHEONG
Hyungjoon HONG
Hyunjin Kim
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mozido Corfire Korea Ltd
Original Assignee
SK C&C Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=46381172&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=US20120171992(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by SK C&C Co Ltd filed Critical SK C&C Co Ltd
Priority to US13/310,063 priority Critical patent/US20120171992A1/en
Priority to SG2013042973A priority patent/SG190986A1/en
Priority to CN201180061627.2A priority patent/CN103270782B/en
Priority to KR1020137019430A priority patent/KR101514753B1/en
Priority to EP11852733.2A priority patent/EP2659694A4/en
Priority to PCT/KR2011/009867 priority patent/WO2012091350A2/en
Priority to AU2011350196A priority patent/AU2011350196A1/en
Assigned to SK C&C reassignment SK C&C ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHEONG, KIDO, HONG, HYUNGJOON, KIM, HYUNJIN
Publication of US20120171992A1 publication Critical patent/US20120171992A1/en
Assigned to MOZIDO CORFIRE - KOREA, LTD. reassignment MOZIDO CORFIRE - KOREA, LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SK C&C CO., LTD.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • G06Q20/3263Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/354Card activation or deactivation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the following description relates to securing of sensitive data in a mobile terminal.
  • mobile terminals e.g. mobile telephones and other mobile devices
  • mobile terminals have steadily evolved from a mere mobile terminal with communicative functions to a terminal that incorporates various advanced functions, such as electronic mail, computer office application functions, video telephony, and more recently, mobile payment functionalities.
  • advanced functions such as electronic mail, computer office application functions, video telephony, and more recently, mobile payment functionalities.
  • consumer friendly utilities While integrating various consumer friendly utilities into the mobile terminal may provide convenience to its user, it also raises security concerns with regard to these mobile terminals.
  • Security concerns associated with the greater usability of mobile terminals may be elevated by improper usage associated with misplacing, loss, theft of these mobile terminals, as well as other mishaps that may be incurred.
  • various techniques have been proposed for remotely locking mobile terminals to disable their functions, when mobile terminals are misplaced or stolen. With these techniques, if a mobile terminal is to be locked during a normal operating state, its functions can be disabled, thus making it possible to reduce improper usage or the theft of private information stored in the mobile terminal.
  • SE removable secure element
  • a method of data deletion may be used to provide reliable security.
  • the remote data deletion in the SE is limited to SEs conforming to industry standard Short Messaging Service-Point to Point (SMS-PP) protocol or Bearer Independent Protocol (BIP) (i.e. Universal Integrated Circuit Card (UICC) type SEs).
  • SMS-PP Short Messaging Service-Point to Point
  • BIP Bearer Independent Protocol
  • UICC Universal Integrated Circuit Card
  • remote data deletion in the SE may not feasible.
  • Exemplary embodiments of the present invention provide a method for securing information stored in a non-Universal Integrated Circuit Card (UICC) type secure element (SE) over-the-air (OTA).
  • exemplary embodiments of the present invention also provide a method for authenticating a mobile terminal with a Trusted Service Manager (TSM) and reconstructing a mobile wallet application.
  • UICC Universal Integrated Circuit Card
  • TSM Trusted Service Manager
  • Exemplary embodiments of the present invention provide a method for securing information OTA in a non-UICC type SE of a mobile terminal including receiving a request to initialize an OTA proxy of a mobile terminal, initializing the OTA proxy, receiving a request to secure information stored in the SE, and securing, using the OTA proxy, the information stored in the non-UICC type SE.
  • Exemplary embodiments of the present invention provide a method for authenticating a mobile terminal including receiving mobile terminal information and SE information from the mobile terminal; comparing the received information with stored mobile terminal information and SE information; and transmitting a command based on the comparison result.
  • Exemplary embodiments of the present invention provide a method for reconstructing a mobile wallet application of a mobile terminal including receiving a request to reconstruct the mobile wallet application of a user; transmitting stored mobile wallet application information associated with the user to the mobile terminal; receiving mobile terminal information and SE information; and transmitting a stored application associated with the mobile wallet application information to the mobile terminal.
  • Exemplary embodiments of the present invention provide a mobile terminal to secure information over-the-air (OTA) in a non-UICC type SE including an OTA proxy configured to connect to a TSM, and to receive a securing command from the TSM; and a non-UICC type SE.
  • OTA over-the-air
  • FIG. 1 is a system diagram of a trusted service manager (TSM) ecosystem according to an exemplary embodiment of the present invention.
  • TSM trusted service manager
  • FIG. 2 is a system diagram illustrating a method for deleting sensitive credit card credentials and related mobile wallet information from the secure element (SE) and the mobile wallet application according to an exemplary embodiment of the present invention.
  • FIG. 3 is a system diagram illustrating a method for synchronizing mobile wallet application to authenticate the mobile terminal and SE accessing the wallet management system according to an exemplary embodiment of the present invention.
  • FIG. 4 is a system diagram illustrating a method for reconstructing the financial information credentials and related mobile wallet application through a push method according to an exemplary embodiment of the present invention.
  • FIG. 5 is a system diagram illustrating a method for reconstructing financial information credentials and related mobile wallet application through a pull method according to an exemplary embodiment of the present invention.
  • X, Y, and Z will be construed to mean X only, Y only, Z only, or any combination of two or more items X, Y, and Z (e.g. XYZ, XZ, and YZ).
  • XYZ, XZ, and YZ any combination of two or more items X, Y, and Z (e.g. XYZ, XZ, and YZ).
  • FIG. 1 is a system diagram of a trusted service manager (TSM) ecosystem according to an exemplary embodiment of the present invention.
  • TSM trusted service manager
  • an example system employing TSM technology with over-the-air (OTA) proxy provisioning includes a TSM 10 ; mobile terminal 11 ; network 15 ; third party messaging platform 16 ; financial institution 18 ; mobile network operator (MNO) 19 ; handset manufacturer 20 ; and a card manufacturer 21 .
  • service providers such as identified in 18 - 21 may go through a pre-registration process.
  • the network 15 may refer to a cellular network, which may include one or more base stations to enable mobile terminal 11 to communicate with other mobile terminals or third party entities.
  • network 15 may also include any other type of suitable communication network, such as the Internet, traditional wired telephone lines, and other suitable network technologies.
  • the handset manufacturers 20 may include embedded secure element (SE) producers, and card manufacturers 21 may include producers of micro secure digital (SD) SE (i.e. non-Universal Integrated Circuit Card (UICC) SEs).
  • SE embedded secure element
  • SD micro secure digital
  • UICC Universal Integrated Circuit Card
  • handset manufacturers 20 and card manufacturers 21 may provide their OTA keys to TSM 10 in the pre-registration process mentioned above for future processing.
  • the handset manufacturers 20 and card manufacturers 21 may provide their respective OTA keys upon request without going through the pre-registration process.
  • a more detailed explanation of the pre-registration process is provided in the co-pending application 61/428,853.
  • OTA proxy may be initialized or configured to be connected with TSM 10 during usage of a mobile wallet application to conserve technical resources. As such, OTA proxy will be in a sleep mode as a default until it is awaken for its utility.
  • a third party messaging platform 16 e.g. Cloud to Device Messaging (C2DM)
  • C2DM Cloud to Device Messaging
  • the third party messaging platform 16 may be utilized to wake the OTA proxy, which in turn will connect with the TSM 10 for usage. If the TSM 10 sends a message to a third party messaging platform 16 with the wake-up command and identifying information, the third party messaging platform 16 in turn sends a is message to the identified mobile terminal 11 to wake up OTA proxy residing within the mobile terminal 11 .
  • OTA proxy Once awake, OTA proxy will connect to the TSM 10 for provisioning or other utility.
  • OTA proxy may be connected at higher frequencies or continuously to avoid the wake-up process described above.
  • NFC Near Field Communication
  • POS Point-of-Sale
  • the acquirer network 23 and payment processor 22 may work together to ensure the payment gets updated at the financial institution 18 .
  • This end user application does not involve the described TSM ecosystem and is illustrated to provide a description of a complete ecosystem.
  • a method for deleting of sensitive information, such as credit card credentials, from the SE of the mobile terminal is described below in reference to FIG. 2 . While only the method for deletion is described in this exemplary figure, it will be understood other methods for securing sensitive information may be used, such as locking access to information stored in the SE.
  • FIG. 2 is a system diagram illustrating a method for deleting sensitive credit card credentials from the SE.
  • FIGS. 2-5 it will be understood that any communication that is conducted between the external parties or service providers ( 18 - 21 ), TSM 10 , and the mobile terminal 11 is provided through Network 15 as shown in FIG. 1 or other suitable methods.
  • the sensitive information is not limited to credit card information, and the reference to credit card information is used merely as an example for the purposes of this disclosure.
  • Service Provider such as Financial Institution 18 , makes a request with the identifying information, such as a Mobile Subscriber Integrated Services Digital Network (MSISDN) to delete its credentials (e.g. credit card number, expiration date, security code, personal identification number (PIN)) from the stolen/lost mobile terminal 11 .
  • MSISDN Mobile Subscriber Integrated Services Digital Network
  • Such a request may be initiated by the owner of the mobile terminal 11 or the individual SP.
  • the request may be specific to the credit card information belonging to a specific SP or it may be to delete the all of credit card information residing in the SE, if not all of the sensitive information stored within the SE. While the request may typically be limited to only the credit card information belonging to the requesting SP, if an agreement is met by various financial institutions, credit card information of other agreeing SPs may be also deleted.
  • the request sent by the SP may be to lock the entire SE containing credit card credentials, or to lock just the respective secure domain within the SE, which stores the respective credit card information.
  • the request for locking or deleting specific security domain or SE may be specified by the SPs or may be catered to meet other business rules/requirements.
  • the request to secure the information stored in the SE may be initiated by the mobile terminal 11 owner contacting the TSM 10 directly.
  • the request in step 201 may be initiated by SP by its own volition or in response to a request by the owner of the mobile terminal 11 .
  • the TSM 10 receives the request from SP and updates the respective mobile terminal account to “delete” status within its database.
  • TSM 10 conducts an internal query to verify whether the mobile terminal 11 in question has a mobile wallet application 31 installed, such as a SK C&C mobile wallet application 31 .
  • a mobile wallet application 31 installed, such as a SK C&C mobile wallet application 31 .
  • TSM 10 modifies the request to delete related contactless applets, Wallet Management Application (WMA) 21 credit card credentials residing within the SE (wallet management applets), and the widgets residing within the SK C&C mobile wallet application 31 .
  • WMA Wallet Management Application
  • TSM 10 makes a determination on the type of SE equipped on the lost/stolen mobile terminal 11 .
  • Micro SD's and Embedded SEs i.e. non-UICC type SEs
  • SAT Subscriber Identity Module Application Toolkit
  • USAT Universal Subscriber Identity Module Application Toolkit
  • CAT Card Application Toolkit
  • the deletion command composed by TSM 10 may go through OTA proxy in order to make any deletion of the information stored in the non-UICC type SEs, such as microSDs or embedded SEs.
  • OTA proxy may also support SEs supported by traditional SAT/USAT/CAT framework as well, such as UICC, Services Identity Module (SIM), or Universal Subscriber Identity Module (USIM) (herein referred collectively as UICC).
  • SEs supported by traditional SAT/USAT/CAT framework such as UICC, Services Identity Module (SIM), or Universal Subscriber Identity Module (USIM) (herein referred collectively as UICC).
  • SIM Services Identity Module
  • USIM Universal Subscriber Identity Module
  • a push request is made to mobile push server, such as a Cloud to Device Messaging (C2DM) platform, in step 203 .
  • mobile push server such as a Cloud to Device Messaging (C2DM) platform
  • step 204 the mobile push server pushes the message to wake up the OTA proxy residing in the lost/stolen mobile terminal 11 .
  • the OTA proxy retrieves mobile terminal 11 and associated SE specific information such as MSISDN and Card Image Number (CIN) and sends them to TSM 10 .
  • SE information may also include Card Reference Number (CRN), Card is Production Life Cycle (CPLC), and Card Serial Number (CSN).
  • TSM 10 checks the status of SE. As processing of stored SE may be based on its status, analysis of SE status and corresponding processes may be conducted prior to accessing the information stored in the SE. More specifically, based on the SE status, some preparation steps may be executed to secure the SE for processing commands received through the OTA proxy.
  • SE equipped in the mobile terminal 11 may have any of the 3 statuses: operating system (OS) native, initialized, and secured. If the status of the SE is determined to be “secured” no further preparation steps may be executed.
  • the “secured” state for the SE may refer to an intended operating card life cycle state in post issuance.
  • TSM 10 may provide a final issuer master key to secure the SE.
  • the “initialized” state for the SE may refer to an administrative card production state.
  • pre-personalization process may be conducted, which may include providing an initial issuer master key and a final issuer master key to the SE.
  • the “OS native” state for the SE may refer to a status that SE is not initialized by manufacturer's initialization method.
  • an analysis of SE type may be performed to determine the type of protocol that should run within OTA proxy in order to provision into the identified SE. If the SE is a UICC type or an embedded type, SE may be accessed to modify the information stored in the SE. Alternatively, if the SE is a Micro SD type, additional process specific protocol may be executed to access or to modify the information stored in the SE. Since a person ordinarily skilled in the art understands what type of protocols may be used to access the Micro SD type, discussion thereof is omitted herein.
  • TSM 10 processes the provided information along with the “delete” command and converts them into Application Protocol Data Unit (APDU) commands and sends the converted APDU commands to the OTA proxy.
  • APDU Application Protocol Data Unit
  • OTA proxy relays the received APDU commands to the SE where credit card credentials may reside.
  • Credit card credentials may reside as contactless card applets as well as within a wallet management applet (WMA) 21 . Please refer to the co-related application No. 61/428,846 for further details on how a corresponding WMA 21 is created.
  • results are sent to the OTA proxy in step 208 .
  • OTA proxy relays the result back to the TSM 10 .
  • TSM 10 in turn sends a notification to the SP of the outcome of its request in step 210 .
  • the “delete” functionality disclosed in FIG. 2 may be provided if the mobile terminal 11 is powered on and has reception to a network.
  • FIG. 3 a system diagram is provided for synchronizing the mobile wallet application 31 residing within the mobile terminal 11 .
  • multiple external parties or SPs may request changes to be made to user's mobile wallet application 31 configuration using the TSM/Wallet Management System (WMS), which may store the master configuration of the user's mobile wallet application 31 .
  • the external parties or SPs may include, without limitation, Financial Institutions 18 , Mobile Network Operator (MNO) 19 , Handset Manufacturer 20 , and Card manufacturer 21 (collectively referred to as “service providers” or “SPs”).
  • MNO Mobile Network Operator
  • SPs Card manufacturer 21
  • the TSM/WMS may serve as a central repository to allow various external parties to make change requests without regard to user's login status to the mobile wallet application 31 .
  • the respective external parties or SPs may request additional contactless cards to be provisioned to the user's mobile wallet application 31 on their own time without regard to the user's status.
  • TSM 10 itself may automatically recognize that the expiration date of a contactless card applet stored in the SE is approaching based on its own internal records and prompt the user to renew the contactless card applet information.
  • the user of the mobile terminal 11 may be prompted by the mobile wallet application 31 or other suitable methods, such as emails, texts, and voicemails.
  • User may be prompted by the TSM 10 by other methods as well, such as texts, emails, voicemails or other suitable methods of providing notification.
  • the user of the mobile terminal 11 may re-provision the respective contactless card applet through the TSM 10 system or by contacting the SP responsible for the soon to be expired contactless card applet.
  • step 302 when the user logs into the mobile wallet application 31 on the mobile terminal 11 , the OTA proxy residing within the mobile wallet application 31 will retrieve specific mobile terminal 11 information and SE specific information (e.g. MSISDN, International Mobile Equipment Identity (IMEI)/Mobile Equipment Identifier (MEID), CIN/Integrated Circuit Card Identification (ICCID)) and send them to TSM 10 for analysis.
  • SE specific information e.g. MSISDN, International Mobile Equipment Identity (IMEI)/Mobile Equipment Identifier (MEID), CIN/Integrated Circuit Card Identification (ICCID)
  • step 303 TSM 10 upon receipt of the provided information, conducts an internal verification of the provided information by OTA proxy with the stored information.
  • Sensitive information may include account specific information related to financial institution 18 that may be stored in the SE, such as credit card numbers, expiration date, personal identification number, and other related information. Further, sensitive information may also include user security information or other private information stored in the SE.
  • a thief may steal a removable SE, such as a micro SD, from a mobile terminal 11 and use it on a different mobile terminal before the user even realizes the SE is missing from his or her mobile terminal 11 .
  • TSM 10 will recognize whether the registered SE is being equipped on different non-registered mobile terminal 11 .
  • TSM 10 may handle recognition of inconsistent devices in a different manner than described in step 304 .
  • TSM 10 may handle such an event according to the business rules provided by the parties involved, such as opting to prompt the user for a password, security key, or other verification methods.
  • Additional or different directions may be provided by the consumers or SPs in handling such event according to their business rules.
  • This synchronization check may also be conducted when a request is made to provision another contactless card applet 23 or whenever OTA proxy is requested to connect with the TSM 10 or equivalent system.
  • FIG. 4 illustrates an exemplary system diagram of a push system for reconstructing mobile wallet application 31 .
  • the user of the device may contact one of the SPs or TSM 10 to reconstruct its mobile wallet application 31 and all of the previously stored contents therein.
  • mobile wallet application 31 may include the widgets residing within the mobile wallet application 31 , contactless card Applet 23 and associated WMA 21 stored in the SE, and an optional OTA proxy.
  • a mobile wallet application 31 may include less than all of the elements described herein or more than the elements described herein.
  • step 401 the user of the mobile terminal 11 contacts SP notifying procurement of a new mobile terminal 11 .
  • SP may conduct its own authentication to verify the correct user of the mobile terminal 11 .
  • the user may also notify MNO 19 or TSM 10 directly as well.
  • SP Once SP has authenticated the user, SP sends a request to TSM 10 to re-provision the user's new mobile terminal 11 with the SP's contactless application and related credentials in step 402 .
  • TSM 10 performs an internal check to verify whether the user has any other SP accounts that it had provisioned prior to losing his or her phone. If there are other SP accounts held by the user, a request is made to the respective SPs for its provisioning information.
  • step 405 another internal check is conducted to verify what mobile wallet application 31 the user previously had in his or her mobile terminal 11 .
  • the mobile wallet application 31 may include various types, such as a SK C&C mobile wallet application 31 or other mobile wallet applications offered by different manufacturers.
  • the system will retrieve the same version and user preference settings associated with the mobile wallet application 31 to transmit to the user in step 406 .
  • the respective mobile wallet application 31 along with its configured user preferences may be sent to the user mobile terminal 11 through a mobile push server prior to moving to step 407 .
  • the mobile wallet application 31 includes a corresponding OTA proxy, which may be installed by the mobile terminal 11 upon receipt of the application or by a separate process.
  • TSM 10 sends a push message to wake up OTA proxy to a mobile push server, such as a C2DM system.
  • a mobile push server such as a C2DM system.
  • the mobile wallet application 31 may be sent prior to OTA proxy, at the same time as the mobile wallet application 31 , or before the mobile wallet application 31 .
  • the mobile push server relays the received wake up command to OTA Proxy in step 408 .
  • the OTA proxy retrieves mobile terminal 11 and SE specific information such as MSISDN and CIN and sends it to TSM 10 .
  • TSM 10 processes the information along with the provisioning commands and converts them into APDU commands to send over to OTA proxy in step 410 .
  • the provisioning commands may include specific instructions, such as install or delete specific information or application, and account specific information for a contactless card applet, which may be provided by the Financial Institution 18 .
  • account specific information is received for the contactless card applet or other sensitive information, such information may be duplicated to be provisioned into the WMA 21 .
  • a version of the associated widget for the mobile wallet application 31 of the mobile terminal 11 is also obtained by the TSM 10 to be provisioned directly into the wallet application 31 .
  • OTA proxy relays the received APDU commands to the SE where credit card credentials, contactless applets, may be provisioned. If the user was a previous user of a mobile wallet application 31 , APDU commands will be relayed to provision account information corresponding to the contactless applets to be installed within the WMA 21 , which is also located within the SE. In addition, corresponding widget application will be installed in the mobile wallet application 31 to provide a graphic display of the installed account.
  • results are sent back to the OTA proxy in step 412 .
  • OTA Proxy relays the results back to the TSM 10 in step 413 and the TSM 10 updates its system with the results of the request.
  • Notification of the outcome of the SP provisioning request is sent to the respective SP(s) in step 414 .
  • the user's mobile wallet application 31 may be reconstructed through a pull mechanism, which may be initiated by the mobile terminal 11 owner as illustrated in FIG. 5 .
  • step 501 the owner of the mobile terminal 11 attempts to reinstall the mobile wallet application 31 from the mobile terminal 11 and a request is made from the new or replaced mobile terminal 11 .
  • a command request is sent along with mobile identification information to TSM 10 .
  • TSM 10 receives the request with its related identification information, and in step 502 , an authentication process takes place to verify the user.
  • the requesting user may be verified through a password, security question, social security number, or through other suitable verification methods.
  • a check is conducted for an existing account. If it is found that a mobile wallet application 31 was previously installed, then the system will retrieve the same version and user preference settings related to the mobile wallet application 31 and send to the user in step 503 for downloading.
  • the respective mobile wallet application 31 along with its configured user preferences may be sent to the user mobile terminal 11 through a mobile push server.
  • a new account is created in the TSM 10 and a mobile wallet application 31 may be sent to the mobile terminal 11 through a mobile push server.
  • the mobile wallet application 31 includes a corresponding OTA proxy, which may be installed by the mobile terminal 11 upon receipt of the application or by a separate process.
  • TSM 10 checks the requesting user account for related SP account information. If one or more SP accounts are associated with the requesting user's account, notification may be sent to each SP, requesting provisioning information to be sent to the requesting user. While steps 503 and 504 were configured as separate steps, steps 503 and 504 may be conducted in conjunction or in a reverse order as well.
  • the present disclosure provides for a mobile wallet application 31 and widgets related to the SP separately. However, it may also possible to gather all of the necessary widgets and the mobile wallet application 31 from the SP, so that the TSM 10 can relay both the widgets and the mobile wallet application 31 simultaneously to the user. Alternatively, if TSM 10 is allowed to store account specific information, the mobile wallet application 31 and the widgets may be provided by the TSM 10 without making additional requests to the SPs.
  • TSM 10 sends a push message to wake up OTA proxy to the mobile push server, such as a C2DM system. While it is illustrated that mobile wallet application 31 is sent prior to OTA proxy, it should be noted that OTA proxy may be sent at the same time as the mobile wallet application 31 , or before the mobile wallet application 31 as well.
  • the mobile push server relays the received wake up command to OTA Proxy in step 507 .
  • the OTA proxy gathers mobile terminal 11 specific information such as MSISDN and CIN along with the provisioning commands and sends it to TSM 10 .
  • the provisioning commands may include specific instructions, such as install or delete specific information or application, and account specific information for a contactless card applet, which may be provided by the Financial Institution 18 .
  • Other sensitive information such as a key to the SE may be provided either by the other SPs or the TSM 10 . Sensitive information may be provided by the SPs in real-time using the TSM 10 as an intermediary or in advance for storage in the TSM 10 .
  • TSM 10 processes the information along with the provisioning commands and converts them into APDU commands and sends them to OTA proxy in step 509 . Also, if provisioning commands including account specific information of the contactless card applet is received, such information may be duplicated to be provisioned into the WMA 21 . In addition, a version of the associated widget for the wallet application 31 is also obtained by the TSM 10 to be provisioned directly into the mobile wallet application 31 .
  • OTA proxy relays the received APDU commands to the SE where credit card credentials, contactless applets, may be provisioned. If the user was a previous mobile wallet application 31 user, APDU commands may be relayed to provision account information corresponding to the contactless applets to be installed within the WMA 21 , which is also located within the SE. In addition, corresponding widget application may be installed in the mobile wallet application 31 to provide a graphic display of the installed account.
  • results are sent back to the OTA proxy in step 511 .
  • OTA Proxy relays the result back to the TSM 10 in step 512 and the TSM 10 will update its system with the result of the request.
  • Notification of the outcome of the SP provisioning request will be sent to the respective SP(s) in step 513 .

Abstract

A method for securing information over-the-air (OTA) in a non-Universal Integrated Circuit Card (UICC) type secure element (SE) of a mobile terminal including receiving a request to initialize an OTA proxy of a mobile terminal, initializing the OTA proxy, receiving a request to secure information, and securing, using the OTA proxy, the requested information in the non-UICC type SE. A method for reconstructing a mobile wallet application including receiving a request to reconstruct the mobile wallet application for a user; transmitting stored mobile wallet application information associated with the user to the mobile terminal; receiving mobile terminal information and SE information; and transmitting a stored application associated with the mobile wallet application information to the mobile terminal. A mobile terminal to secure information OTA in a non-UICC type SE including an OTA proxy to receive a securing command from a TSM, and a non-UICC SE.

Description

    CROSS REFERENCE TO RELATED APPLICATION
  • This application claims priority from and the benefit under 35 U.S.C. §119(a) of U.S. Provisional Patent Application No. 61/428,852, filed on Dec. 30, 2010, which is incorporated by reference for all purposes as if fully set forth herein. Also, the present application is related to co-pending U.S. Provisional Patent Application Nos. 61/428,846, 61/428,851 and 61/428,853, all of which have been filed on Dec. 30, 2010. Applicants hereby incorporate by reference the above-mentioned co-pending provisional applications, which are not admitted to be prior art with respect to the present invention by their mention here or in the background section that follows.
    • BACKGROUND OF THE INVENTION
  • 1. Field
  • The following description relates to securing of sensitive data in a mobile terminal.
  • 2. Discussion of the Background
  • With the recent advancement in the mobile technology field, the size and weight of mobile terminals became dramatically reduced, thus increasing their portability and accelerating the tendency for a user to carry the mobile terminal at all times. As mobile terminals (e.g. mobile telephones and other mobile devices) are becoming more widely used, mobile terminals have steadily evolved from a mere mobile terminal with communicative functions to a terminal that incorporates various advanced functions, such as electronic mail, computer office application functions, video telephony, and more recently, mobile payment functionalities. While integrating various consumer friendly utilities into the mobile terminal may provide convenience to its user, it also raises security concerns with regard to these mobile terminals.
  • Security concerns associated with the greater usability of mobile terminals may be elevated by improper usage associated with misplacing, loss, theft of these mobile terminals, as well as other mishaps that may be incurred. In order to alleviate these security concerns, various techniques have been proposed for remotely locking mobile terminals to disable their functions, when mobile terminals are misplaced or stolen. With these techniques, if a mobile terminal is to be locked during a normal operating state, its functions can be disabled, thus making it possible to reduce improper usage or the theft of private information stored in the mobile terminal.
  • However, with the advancement of technology, the thieving population has evolved in their intelligence as well. The more educated thieves may easily break into the remotely locked mobile terminals by “jail-breaking” to retrieve sensitive information. Thus, it is no longer enough to merely lock an apparatus or application from usage, more must be done to prevent misappropriation of sensitive data stored within the mobile terminals.
  • Further, with the introduction of a removable secure element (SE), further complication in the security realm has been provided. As many of these SEs, which store sensitive information, may be removed before they can be locked, a simple locking security feature on these devices may not be sufficient.
  • A method of data deletion may be used to provide reliable security. However, currently, the remote data deletion in the SE is limited to SEs conforming to industry standard Short Messaging Service-Point to Point (SMS-PP) protocol or Bearer Independent Protocol (BIP) (i.e. Universal Integrated Circuit Card (UICC) type SEs). In the event the device owner has a SE that does not allow access via the industry standard protocols, such as micro (secure digital) SD cards or embedded SEs (i.e. non-UICC type SEs), remote data deletion in the SE may not feasible.
  • Lastly, even if sensitive stored data has been able to be deleted, there is no easy way to replace the lost data upon recovering/replacing the lost mobile terminal. Thus, even if the mobile terminal storing sensitive information is lost and then replaced, the mobile terminal must be reinstalled with all of the applications and stored data from scratch.
    • SUMMARY
  • Exemplary embodiments of the present invention provide a method for securing information stored in a non-Universal Integrated Circuit Card (UICC) type secure element (SE) over-the-air (OTA). Exemplary embodiments of the present invention also provide a method for authenticating a mobile terminal with a Trusted Service Manager (TSM) and reconstructing a mobile wallet application.
  • Additional features of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention.
  • Exemplary embodiments of the present invention provide a method for securing information OTA in a non-UICC type SE of a mobile terminal including receiving a request to initialize an OTA proxy of a mobile terminal, initializing the OTA proxy, receiving a request to secure information stored in the SE, and securing, using the OTA proxy, the information stored in the non-UICC type SE.
  • Exemplary embodiments of the present invention provide a method for authenticating a mobile terminal including receiving mobile terminal information and SE information from the mobile terminal; comparing the received information with stored mobile terminal information and SE information; and transmitting a command based on the comparison result.
  • Exemplary embodiments of the present invention provide a method for reconstructing a mobile wallet application of a mobile terminal including receiving a request to reconstruct the mobile wallet application of a user; transmitting stored mobile wallet application information associated with the user to the mobile terminal; receiving mobile terminal information and SE information; and transmitting a stored application associated with the mobile wallet application information to the mobile terminal.
  • Exemplary embodiments of the present invention provide a mobile terminal to secure information over-the-air (OTA) in a non-UICC type SE including an OTA proxy configured to connect to a TSM, and to receive a securing command from the TSM; and a non-UICC type SE.
  • It is to be understood that both foregoing general descriptions and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. Other features and aspects will be apparent from the following detailed description, the drawings, and the claims.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention, and together with the description serve to explain the principles of the invention.
  • FIG. 1 is a system diagram of a trusted service manager (TSM) ecosystem according to an exemplary embodiment of the present invention.
  • FIG. 2 is a system diagram illustrating a method for deleting sensitive credit card credentials and related mobile wallet information from the secure element (SE) and the mobile wallet application according to an exemplary embodiment of the present invention.
  • FIG. 3 is a system diagram illustrating a method for synchronizing mobile wallet application to authenticate the mobile terminal and SE accessing the wallet management system according to an exemplary embodiment of the present invention.
  • FIG. 4 is a system diagram illustrating a method for reconstructing the financial information credentials and related mobile wallet application through a push method according to an exemplary embodiment of the present invention.
  • FIG. 5 is a system diagram illustrating a method for reconstructing financial information credentials and related mobile wallet application through a pull method according to an exemplary embodiment of the present invention.
    •  DETAILED DESCRIPTION OF THE ILLUSTRATED EMBODIMENTS
  • The invention is described more fully hereinafter with references to the accompanying drawings, in which exemplary embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure is thorough, and will fully convey the scope of the invention to those skilled in the art. It will be understood that for the purposes of this disclosure, “at least one of each” will be interpreted to mean any combination the enumerated elements following the respective language, including combination of multiples of the enumerated elements. For example, “at least one of X, Y, and Z” will be construed to mean X only, Y only, Z only, or any combination of two or more items X, Y, and Z (e.g. XYZ, XZ, and YZ). Throughout the drawings and the detailed description, unless otherwise described, the same drawing reference numerals are understood to refer to the same elements, features, and structures. The relative size and depiction of these elements may be exaggerated for clarity, illustration, and convenience.
  • FIG. 1 is a system diagram of a trusted service manager (TSM) ecosystem according to an exemplary embodiment of the present invention.
  • As shown in FIG. 1, an example system employing TSM technology with over-the-air (OTA) proxy provisioning includes a TSM 10; mobile terminal 11; network 15; third party messaging platform 16; financial institution 18; mobile network operator (MNO) 19; handset manufacturer 20; and a card manufacturer 21. Before TSM 10 may be fully utilized by the user and its participants, service providers (SP) such as identified in 18-21 may go through a pre-registration process. In an example, the network 15 may refer to a cellular network, which may include one or more base stations to enable mobile terminal 11 to communicate with other mobile terminals or third party entities. In addition, network 15 may also include any other type of suitable communication network, such as the Internet, traditional wired telephone lines, and other suitable network technologies.
  • The handset manufacturers 20 may include embedded secure element (SE) producers, and card manufacturers 21 may include producers of micro secure digital (SD) SE (i.e. non-Universal Integrated Circuit Card (UICC) SEs). As different SE manufacturer may provide for OTA keys that are different from the OTA keys provided for traditional UICC SE devices, handset manufacturers 20 and card manufacturers 21 may provide their OTA keys to TSM 10 in the pre-registration process mentioned above for future processing. Alternatively, the handset manufacturers 20 and card manufacturers 21 may provide their respective OTA keys upon request without going through the pre-registration process. A more detailed explanation of the pre-registration process is provided in the co-pending application 61/428,853.
  • In an example, OTA proxy may be initialized or configured to be connected with TSM 10 during usage of a mobile wallet application to conserve technical resources. As such, OTA proxy will be in a sleep mode as a default until it is awaken for its utility. To provide for an awakening mechanism, a third party messaging platform 16 (e.g. Cloud to Device Messaging (C2DM)) may be utilized to wake the OTA proxy, which in turn will connect with the TSM 10 for usage. If the TSM 10 sends a message to a third party messaging platform 16 with the wake-up command and identifying information, the third party messaging platform 16 in turn sends a is message to the identified mobile terminal 11 to wake up OTA proxy residing within the mobile terminal 11. Once awake, OTA proxy will connect to the TSM 10 for provisioning or other utility. Alternatively, if desired, OTA proxy may be connected at higher frequencies or continuously to avoid the wake-up process described above.
  • If mobile terminal 11 is equipped with a Near Field Communication (NFC)-enabled chip and provisioned with contactless card applets that may use NFC technology, the owner of the mobile terminal 11 may make a purchase at the NFC enabled Point-of-Sale (POS) merchant by waving the mobile terminal 11 at the corresponding POS device. Subsequently, once a purchase is made with the mobile terminal 11, the acquirer network 23 and payment processor 22 may work together to ensure the payment gets updated at the financial institution 18. This end user application, however, does not involve the described TSM ecosystem and is illustrated to provide a description of a complete ecosystem.
  • A method for deleting of sensitive information, such as credit card credentials, from the SE of the mobile terminal is described below in reference to FIG. 2. While only the method for deletion is described in this exemplary figure, it will be understood other methods for securing sensitive information may be used, such as locking access to information stored in the SE.
  • FIG. 2 is a system diagram illustrating a method for deleting sensitive credit card credentials from the SE. For purposes of the present disclosure, although not illustrated in FIGS. 2-5, it will be understood that any communication that is conducted between the external parties or service providers (18-21), TSM 10, and the mobile terminal 11 is provided through Network 15 as shown in FIG. 1 or other suitable methods. Further, it will be understood that the sensitive information is not limited to credit card information, and the reference to credit card information is used merely as an example for the purposes of this disclosure.
  • As shown in FIG. 2, in step 201, Service Provider (SP), such as Financial Institution 18, makes a request with the identifying information, such as a Mobile Subscriber Integrated Services Digital Network (MSISDN) to delete its credentials (e.g. credit card number, expiration date, security code, personal identification number (PIN)) from the stolen/lost mobile terminal 11. In an example, such a request may be initiated by the owner of the mobile terminal 11 or the individual SP. The request may be specific to the credit card information belonging to a specific SP or it may be to delete the all of credit card information residing in the SE, if not all of the sensitive information stored within the SE. While the request may typically be limited to only the credit card information belonging to the requesting SP, if an agreement is met by various financial institutions, credit card information of other agreeing SPs may be also deleted.
  • Likewise in step 201, the request sent by the SP may be to lock the entire SE containing credit card credentials, or to lock just the respective secure domain within the SE, which stores the respective credit card information. The request for locking or deleting specific security domain or SE may be specified by the SPs or may be catered to meet other business rules/requirements. In addition, while not illustrated in the provided figure, the request to secure the information stored in the SE may be initiated by the mobile terminal 11 owner contacting the TSM 10 directly. Also, the request in step 201 may be initiated by SP by its own volition or in response to a request by the owner of the mobile terminal 11.
  • In step 202, the TSM 10 receives the request from SP and updates the respective mobile terminal account to “delete” status within its database. In addition, TSM 10 conducts an internal query to verify whether the mobile terminal 11 in question has a mobile wallet application 31 installed, such as a SK C&C mobile wallet application 31. In an example, if the TSM 10 determines that a SK C&C mobile wallet application 31 is installed in the respective lost/stolen mobile terminal 11, TSM 10 modifies the request to delete related contactless applets, Wallet Management Application (WMA) 21 credit card credentials residing within the SE (wallet management applets), and the widgets residing within the SK C&C mobile wallet application 31.
  • In addition, TSM 10 makes a determination on the type of SE equipped on the lost/stolen mobile terminal 11. As Micro SD's and Embedded SEs (i.e. non-UICC type SEs) cannot support conventional Subscriber Identity Module Application Toolkit (SAT)/Universal Subscriber Identity Module Application Toolkit (USAT)/Card Application Toolkit (CAT) framework, the deletion command composed by TSM 10 may go through OTA proxy in order to make any deletion of the information stored in the non-UICC type SEs, such as microSDs or embedded SEs. However, OTA proxy may also support SEs supported by traditional SAT/USAT/CAT framework as well, such as UICC, Services Identity Module (SIM), or Universal Subscriber Identity Module (USIM) (herein referred collectively as UICC). A more detailed explanation on the OTA proxy may be found in the co-pending application 61/428,851.
  • Once TSM 10 completes modifying the user account status, a push request is made to mobile push server, such as a Cloud to Device Messaging (C2DM) platform, in step 203.
  • In step 204, the mobile push server pushes the message to wake up the OTA proxy residing in the lost/stolen mobile terminal 11.
  • In step 205, the OTA proxy retrieves mobile terminal 11 and associated SE specific information such as MSISDN and Card Image Number (CIN) and sends them to TSM 10. In an example, SE information may also include Card Reference Number (CRN), Card is Production Life Cycle (CPLC), and Card Serial Number (CSN).
  • Further, although not illustrated, once TSM 10 receives mobile equipment and SE information, TSM 10 checks the status of SE. As processing of stored SE may be based on its status, analysis of SE status and corresponding processes may be conducted prior to accessing the information stored in the SE. More specifically, based on the SE status, some preparation steps may be executed to secure the SE for processing commands received through the OTA proxy. In an example, SE equipped in the mobile terminal 11 may have any of the 3 statuses: operating system (OS) native, initialized, and secured. If the status of the SE is determined to be “secured” no further preparation steps may be executed. The “secured” state for the SE may refer to an intended operating card life cycle state in post issuance. On the other hand, if the status of the SE is determined to be “initialized” then TSM 10 may provide a final issuer master key to secure the SE. The “initialized” state for the SE may refer to an administrative card production state. Lastly, if the status of the SE is determined to be “OS native”, then pre-personalization process may be conducted, which may include providing an initial issuer master key and a final issuer master key to the SE. The “OS native” state for the SE may refer to a status that SE is not initialized by manufacturer's initialization method.
  • After status of the SE has been determined, an analysis of SE type may be performed to determine the type of protocol that should run within OTA proxy in order to provision into the identified SE. If the SE is a UICC type or an embedded type, SE may be accessed to modify the information stored in the SE. Alternatively, if the SE is a Micro SD type, additional process specific protocol may be executed to access or to modify the information stored in the SE. Since a person ordinarily skilled in the art understands what type of protocols may be used to access the Micro SD type, discussion thereof is omitted herein.
  • In step 206, TSM 10 processes the provided information along with the “delete” command and converts them into Application Protocol Data Unit (APDU) commands and sends the converted APDU commands to the OTA proxy.
  • In step 207, OTA proxy relays the received APDU commands to the SE where credit card credentials may reside. Credit card credentials may reside as contactless card applets as well as within a wallet management applet (WMA) 21. Please refer to the co-related application No. 61/428,846 for further details on how a corresponding WMA 21 is created.
  • Once the “delete” command has been processed successfully, results are sent to the OTA proxy in step 208.
  • In step 209, OTA proxy relays the result back to the TSM 10. TSM 10 in turn sends a notification to the SP of the outcome of its request in step 210.
  • The “delete” functionality disclosed in FIG. 2 may be provided if the mobile terminal 11 is powered on and has reception to a network.
  • In FIG. 3, a system diagram is provided for synchronizing the mobile wallet application 31 residing within the mobile terminal 11.
  • In step 301, multiple external parties or SPs may request changes to be made to user's mobile wallet application 31 configuration using the TSM/Wallet Management System (WMS), which may store the master configuration of the user's mobile wallet application 31. For the purposes of this disclosure, the external parties or SPs may include, without limitation, Financial Institutions 18, Mobile Network Operator (MNO) 19, Handset Manufacturer 20, and Card manufacturer 21 (collectively referred to as “service providers” or “SPs”). As the mobile wallet application 31 may not always be on, the TSM/WMS may serve as a central repository to allow various external parties to make change requests without regard to user's login status to the mobile wallet application 31. For example, the respective external parties or SPs may request additional contactless cards to be provisioned to the user's mobile wallet application 31 on their own time without regard to the user's status.
  • Similarly, TSM 10 itself may automatically recognize that the expiration date of a contactless card applet stored in the SE is approaching based on its own internal records and prompt the user to renew the contactless card applet information. In an example, the user of the mobile terminal 11 may be prompted by the mobile wallet application 31 or other suitable methods, such as emails, texts, and voicemails. User may be prompted by the TSM 10 by other methods as well, such as texts, emails, voicemails or other suitable methods of providing notification. In response to the prompt, the user of the mobile terminal 11 may re-provision the respective contactless card applet through the TSM 10 system or by contacting the SP responsible for the soon to be expired contactless card applet.
  • Subsequently, in step 302, when the user logs into the mobile wallet application 31 on the mobile terminal 11, the OTA proxy residing within the mobile wallet application 31 will retrieve specific mobile terminal 11 information and SE specific information (e.g. MSISDN, International Mobile Equipment Identity (IMEI)/Mobile Equipment Identifier (MEID), CIN/Integrated Circuit Card Identification (ICCID)) and send them to TSM 10 for analysis.
  • In step 303, TSM 10 upon receipt of the provided information, conducts an internal verification of the provided information by OTA proxy with the stored information.
  • If it is found that the provided handset information or the SE information conflicts with the registered information, the TSM 10 logs the event and may order the mobile wallet application 31 to lock or delete sensitive information until further verification or clarification can be provided in step 304. Sensitive information may include account specific information related to financial institution 18 that may be stored in the SE, such as credit card numbers, expiration date, personal identification number, and other related information. Further, sensitive information may also include user security information or other private information stored in the SE.
  • In an example, a thief may steal a removable SE, such as a micro SD, from a mobile terminal 11 and use it on a different mobile terminal before the user even realizes the SE is missing from his or her mobile terminal 11. By cross referencing the registered SE with the registered mobile terminal identification, TSM 10 will recognize whether the registered SE is being equipped on different non-registered mobile terminal 11. Further, it should be noted that TSM 10 may handle recognition of inconsistent devices in a different manner than described in step 304. TSM 10 may handle such an event according to the business rules provided by the parties involved, such as opting to prompt the user for a password, security key, or other verification methods.
  • Additional or different directions may be provided by the consumers or SPs in handling such event according to their business rules.
  • This synchronization check may also be conducted when a request is made to provision another contactless card applet 23 or whenever OTA proxy is requested to connect with the TSM 10 or equivalent system.
  • FIG. 4 illustrates an exemplary system diagram of a push system for reconstructing mobile wallet application 31. Once the user has found or replaced the mobile terminal, which may no longer contain all of the previous the user's financial credentials, the user of the device may contact one of the SPs or TSM 10 to reconstruct its mobile wallet application 31 and all of the previously stored contents therein. For the purposes of the present disclosure, mobile wallet application 31 may include the widgets residing within the mobile wallet application 31, contactless card Applet 23 and associated WMA 21 stored in the SE, and an optional OTA proxy. However, a mobile wallet application 31 may include less than all of the elements described herein or more than the elements described herein.
  • In step 401, the user of the mobile terminal 11 contacts SP notifying procurement of a new mobile terminal 11. SP may conduct its own authentication to verify the correct user of the mobile terminal 11. Similarly, the user may also notify MNO 19 or TSM 10 directly as well.
  • Once SP has authenticated the user, SP sends a request to TSM 10 to re-provision the user's new mobile terminal 11 with the SP's contactless application and related credentials in step 402.
  • In step 403, TSM 10 performs an internal check to verify whether the user has any other SP accounts that it had provisioned prior to losing his or her phone. If there are other SP accounts held by the user, a request is made to the respective SPs for its provisioning information.
  • Once SPs receive requests for provisioning information, internal authentication and validation check may be conducted and the necessary information sent to TSM 10 for processing in step 404.
  • In step 405, another internal check is conducted to verify what mobile wallet application 31 the user previously had in his or her mobile terminal 11. The mobile wallet application 31 may include various types, such as a SK C&C mobile wallet application 31 or other mobile wallet applications offered by different manufacturers.
  • In an example, if it is found that the mobile wallet application 31 was previously installed, then the system will retrieve the same version and user preference settings associated with the mobile wallet application 31 to transmit to the user in step 406. The respective mobile wallet application 31 along with its configured user preferences may be sent to the user mobile terminal 11 through a mobile push server prior to moving to step 407. For the purposes of this disclosure, it is assumed the mobile wallet application 31 includes a corresponding OTA proxy, which may be installed by the mobile terminal 11 upon receipt of the application or by a separate process.
  • In step 407, TSM 10 sends a push message to wake up OTA proxy to a mobile push server, such as a C2DM system. In an example, the mobile wallet application 31 may be sent prior to OTA proxy, at the same time as the mobile wallet application 31, or before the mobile wallet application 31.
  • Subsequently, the mobile push server relays the received wake up command to OTA Proxy in step 408.
  • In step 409, the OTA proxy retrieves mobile terminal 11 and SE specific information such as MSISDN and CIN and sends it to TSM 10.
  • Once TSM 10 receives the information sent by OTA Proxy, TSM 10 processes the information along with the provisioning commands and converts them into APDU commands to send over to OTA proxy in step 410. In an example, the provisioning commands may include specific instructions, such as install or delete specific information or application, and account specific information for a contactless card applet, which may be provided by the Financial Institution 18. Also, when account specific information is received for the contactless card applet or other sensitive information, such information may be duplicated to be provisioned into the WMA 21. In addition, a version of the associated widget for the mobile wallet application 31 of the mobile terminal 11 is also obtained by the TSM 10 to be provisioned directly into the wallet application 31.
  • Next, in step 411, OTA proxy relays the received APDU commands to the SE where credit card credentials, contactless applets, may be provisioned. If the user was a previous user of a mobile wallet application 31, APDU commands will be relayed to provision account information corresponding to the contactless applets to be installed within the WMA 21, which is also located within the SE. In addition, corresponding widget application will be installed in the mobile wallet application 31 to provide a graphic display of the installed account.
  • Once the provisioning command has been successfully processed, results are sent back to the OTA proxy in step 412.
  • Subsequently, OTA Proxy relays the results back to the TSM 10 in step 413 and the TSM 10 updates its system with the results of the request.
  • Notification of the outcome of the SP provisioning request is sent to the respective SP(s) in step 414.
  • Similarly to FIG. 4, the user's mobile wallet application 31 may be reconstructed through a pull mechanism, which may be initiated by the mobile terminal 11 owner as illustrated in FIG. 5.
  • In step 501, the owner of the mobile terminal 11 attempts to reinstall the mobile wallet application 31 from the mobile terminal 11 and a request is made from the new or replaced mobile terminal 11. A command request is sent along with mobile identification information to TSM 10.
  • TSM 10 receives the request with its related identification information, and in step 502, an authentication process takes place to verify the user. The requesting user may be verified through a password, security question, social security number, or through other suitable verification methods. Once the user has been correctly identified, a check is conducted for an existing account. If it is found that a mobile wallet application 31 was previously installed, then the system will retrieve the same version and user preference settings related to the mobile wallet application 31 and send to the user in step 503 for downloading. The respective mobile wallet application 31 along with its configured user preferences may be sent to the user mobile terminal 11 through a mobile push server.
  • In an example, if it is determined that the requesting user did not have a mobile wallet application 31 previously, a new account is created in the TSM 10 and a mobile wallet application 31 may be sent to the mobile terminal 11 through a mobile push server. For the purposes of this disclosure, it is assumed the mobile wallet application 31 includes a corresponding OTA proxy, which may be installed by the mobile terminal 11 upon receipt of the application or by a separate process.
  • Next, in step 504, TSM 10 checks the requesting user account for related SP account information. If one or more SP accounts are associated with the requesting user's account, notification may be sent to each SP, requesting provisioning information to be sent to the requesting user. While steps 503 and 504 were configured as separate steps, steps 503 and 504 may be conducted in conjunction or in a reverse order as well. For example, the present disclosure provides for a mobile wallet application 31 and widgets related to the SP separately. However, it may also possible to gather all of the necessary widgets and the mobile wallet application 31 from the SP, so that the TSM 10 can relay both the widgets and the mobile wallet application 31 simultaneously to the user. Alternatively, if TSM 10 is allowed to store account specific information, the mobile wallet application 31 and the widgets may be provided by the TSM 10 without making additional requests to the SPs.
  • Once SPs receive requests for provisioning information, internal authentication and validation check may be conducted and the necessary information sent to TSM 10 for processing in step 505.
  • In step 506, TSM 10 sends a push message to wake up OTA proxy to the mobile push server, such as a C2DM system. While it is illustrated that mobile wallet application 31 is sent prior to OTA proxy, it should be noted that OTA proxy may be sent at the same time as the mobile wallet application 31, or before the mobile wallet application 31 as well.
  • Subsequently, the mobile push server relays the received wake up command to OTA Proxy in step 507.
  • In step 508, the OTA proxy gathers mobile terminal 11 specific information such as MSISDN and CIN along with the provisioning commands and sends it to TSM 10. In an example, the provisioning commands may include specific instructions, such as install or delete specific information or application, and account specific information for a contactless card applet, which may be provided by the Financial Institution 18. Other sensitive information such as a key to the SE may be provided either by the other SPs or the TSM 10. Sensitive information may be provided by the SPs in real-time using the TSM 10 as an intermediary or in advance for storage in the TSM 10.
  • Once TSM 10 receives the information sent by OTA Proxy, TSM 10 processes the information along with the provisioning commands and converts them into APDU commands and sends them to OTA proxy in step 509. Also, if provisioning commands including account specific information of the contactless card applet is received, such information may be duplicated to be provisioned into the WMA 21. In addition, a version of the associated widget for the wallet application 31 is also obtained by the TSM 10 to be provisioned directly into the mobile wallet application 31.
  • Next, in step 510, OTA proxy relays the received APDU commands to the SE where credit card credentials, contactless applets, may be provisioned. If the user was a previous mobile wallet application 31 user, APDU commands may be relayed to provision account information corresponding to the contactless applets to be installed within the WMA 21, which is also located within the SE. In addition, corresponding widget application may be installed in the mobile wallet application 31 to provide a graphic display of the installed account.
  • Once the provisioning command has been successfully processed, results are sent back to the OTA proxy in step 511.
  • Subsequently, OTA Proxy relays the result back to the TSM 10 in step 512 and the TSM 10 will update its system with the result of the request.
  • Notification of the outcome of the SP provisioning request will be sent to the respective SP(s) in step 513.
  • It will be apparent to those skilled in the art that various modifications and variation can be made in the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.

Claims (33)

1. A method for securing information in a non-Universal Integrated Circuit Card (UICC) type secure element (SE) of a mobile terminal, comprising:
receiving a request to initialize an over-the-air (OTA) proxy of a mobile terminal;
initializing the OTA proxy;
receiving a request to secure information stored in the SE; and
securing, using the OTA proxy, the information stored in the SE, wherein the SE is a non-UICC type SE.
2. The method of claim 1, further comprising:
requesting installation of the OTA proxy;
receiving OTA proxy installation information; and
installing the OTA proxy in the mobile terminal.
3. The method of claim 2, wherein OTA proxy installation information is received from a Trusted Service Manager (TSM).
4. The method of claim 3, wherein initializing the OTA proxy comprises:
waking the OTA proxy; and
transmitting mobile terminal information and SE information to the TSM,
wherein the SE information comprises an SE status and an SE type.
5. The method of claim 1, wherein the request to secure information comprises an Application Protocol Data Unit (APDU) command.
6. The method of claim 5, wherein securing the requested information in the non-UICC type SE comprises executing the APDU command for securing the requested information, wherein the non-UICC type SE comprises a Micro Secure Digital (SD), an Embedded SE, or a SE that does not support either a Short Message Service Point to Point (SMS-PP) protocol or a Bearer Independent Protocol (BIP).
7. The method of claim 1, wherein securing the requested information in the SE comprises deleting information stored in the non-UICC type SE.
8. The method of claim 1, wherein securing the requested information in the SE comprises locking access to information stored in the non-UICC type SE.
9. The method of claim 1, wherein the request to initialize the OTA proxy is received from a push server.
10. The method of claim 1, further comprising preparing the SE for securing information before securing the requested information, wherein preparing the SE comprises:
retrieving mobile terminal information and SE information, wherein the SE information comprises an SE status and an SE type;
receiving a key based on the SE status; and
using the key to access the SE.
11. The method of claim 10, wherein the mobile terminal information comprises at least one of International Mobile Equipment Identity (IMEI), Mobile Equipment Identifier (MEID), and Mobile Subscriber Integrated Services Digital Network Number (MSISDN).
12. The method of claim 10, wherein the key comprises at least one of an initial issuer master key and a final issuer master key.
13. The method of claim 12, wherein securing the information stored in the SE comprises providing at least one of the initial issuer master key and the final issuer master key to the SE in response to a determination that the SE status is Operating System (OS) native.
14. The method of claim 12, wherein securing the information stored in the SE comprises providing the final issuer master key to the SE in response to a determination that SE status is initialized.
15. The method of claim 10, wherein using the key to access the SE further comprises processing a protocol for enabling provisioning of the SE, the SE type being a Micro Secure Digital (SD) type.
16. A method for authenticating a mobile terminal, comprising:
receiving mobile terminal information and secure element (SE) information from the mobile terminal;
comparing the received information with stored mobile terminal information and SE information; and
transmitting a command based on the comparison result.
17. The method of claim 16, wherein the mobile terminal information comprises at least one of International Mobile Equipment Identity (IMEI), Mobile Equipment Identifier (MEID), and Mobile Subscriber Integrated Services Digital Network Number (MSISDN).
18. The method of claim 16, wherein the SE information comprises at least one of Card Image Number (CIN), Card Reference Number (CRN), Card Production Life Cycle (CPLC), and Card Serial Number (CSN).
19. The method of claim 16, wherein transmitting a command based on the comparison result comprises transmitting a command to delete information stored in the SE of the mobile terminal, in response to the received information being different from the stored information.
20. The method of claim 19, wherein the SE is a non-Universal Integrated Circuit Card (UICC) type SE.
21. The method of claim 16, wherein transmitting a command based on the comparison result comprises transmitting a command to lock access to the information stored in the SE of the mobile terminal, in response to the received information being different from the stored information.
22. The method of claim 21, wherein the SE is non-UICC type SE.
23. A method for reconstructing a mobile wallet application of a mobile terminal, comprising:
receiving a request to reconstruct the mobile wallet application of a user;
transmitting stored mobile wallet application information associated with the user to the mobile terminal;
receiving mobile terminal information and secure element (SE) information; and
transmitting a stored application associated with the mobile wallet application information to the mobile terminal.
24. The method of claim 23, wherein transmitting stored mobile wallet application information associated with the user to the mobile terminal comprises transmitting an over-the-air (OTA) proxy application associated with the user.
25. The method of claim 23, wherein transmitting stored mobile wallet application information associated with the user to the mobile terminal comprises transmitting an OTA proxy application associated with the mobile wallet application information.
26. The method of claim 23, wherein receiving a request to reconstruct the mobile wallet application comprises receiving identifying information associated with the user.
27. The method of claim 23, wherein the stored application information associated with the mobile wallet application comprises at least one of a contactless card applet, a wallet management applet, and a widget application for interfacing the user.
28. A mobile terminal to secure information over-the-air (OTA) in a non-Universal Integrated Circuit Card (UICC) type secure element (SE), comprising:
an OTA proxy configured to connect to a Trusted Service Manager (TSM), and to receive a securing command from the TSM; and
a non-UICC type SE.
29. The mobile terminal of claim 28, wherein the securing command is a command to delete information stored in the non-UICC type SE or to lock access to information stored in the non-UICC type SE.
30. The mobile terminal of claim 28, wherein the OTA proxy is configured to transmit mobile terminal information and SE information to the TSM, wherein the SE information comprises an SE status and an SE type.
31. The mobile terminal of claim 30, wherein the OTA proxy is further configured to receive a key from the TSM to access the SE based on the SE information sent to the TSM, wherein the key comprises at least one of an initial issuer master key and a final issuer master key.
32. The mobile terminal of claim 30, wherein the OTA proxy is further configured to receive a protocol to prepare the SE to be provisioned, the SE type being a Micro Secure Digital (SD) type.
33. The mobile terminal of claim 28, wherein the non-UICC type SE comprises:
a contactless card applet; and
a wallet management applet corresponding to the contactless card applet, wherein the wallet management applet comprises at least one of an account number associated with the contactless card applet, an expiration date, and a security code.
US13/310,063 2010-12-30 2011-12-02 System and method for secure containment of sensitive financial information stored in a mobile communication terminal Abandoned US20120171992A1 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
US13/310,063 US20120171992A1 (en) 2010-12-30 2011-12-02 System and method for secure containment of sensitive financial information stored in a mobile communication terminal
AU2011350196A AU2011350196A1 (en) 2010-12-30 2011-12-20 System and method for secure containment of sensitive financial information stored in a mobile communication terminal
EP11852733.2A EP2659694A4 (en) 2010-12-30 2011-12-20 System and method for secure containment of sensitive financial information stored in a mobile communication terminal
CN201180061627.2A CN103270782B (en) 2010-12-30 2011-12-20 System and method for the safety container of storage sensitive financial information in mobile communication terminals
KR1020137019430A KR101514753B1 (en) 2010-12-30 2011-12-20 System and method for secure containment of sensitive financial information stored in a mobile communication terminal
SG2013042973A SG190986A1 (en) 2010-12-30 2011-12-20 System and method for secure containment of sensitive financial information stored in a mobile communication terminal
PCT/KR2011/009867 WO2012091350A2 (en) 2010-12-30 2011-12-20 System and method for secure containment of sensitive financial information stored in a mobile communication terminal

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201061428852P 2010-12-30 2010-12-30
US201061428846P 2010-12-30 2010-12-30
US201061428853P 2010-12-30 2010-12-30
US201061428851P 2010-12-30 2010-12-30
US13/310,063 US20120171992A1 (en) 2010-12-30 2011-12-02 System and method for secure containment of sensitive financial information stored in a mobile communication terminal

Publications (1)

Publication Number Publication Date
US20120171992A1 true US20120171992A1 (en) 2012-07-05

Family

ID=46381172

Family Applications (4)

Application Number Title Priority Date Filing Date
US13/310,344 Active 2032-05-17 US9161218B2 (en) 2010-12-30 2011-12-02 System and method for provisioning over the air of confidential information on mobile communicative devices with non-UICC secure elements
US13/310,308 Active 2033-04-06 US9191813B2 (en) 2010-12-30 2011-12-02 System and method for managing OTA provisioning applications through use of profiles and data preparation
US13/310,091 Active 2033-02-20 US8843125B2 (en) 2010-12-30 2011-12-02 System and method for managing mobile wallet and its related credentials
US13/310,063 Abandoned US20120171992A1 (en) 2010-12-30 2011-12-02 System and method for secure containment of sensitive financial information stored in a mobile communication terminal

Family Applications Before (3)

Application Number Title Priority Date Filing Date
US13/310,344 Active 2032-05-17 US9161218B2 (en) 2010-12-30 2011-12-02 System and method for provisioning over the air of confidential information on mobile communicative devices with non-UICC secure elements
US13/310,308 Active 2033-04-06 US9191813B2 (en) 2010-12-30 2011-12-02 System and method for managing OTA provisioning applications through use of profiles and data preparation
US13/310,091 Active 2033-02-20 US8843125B2 (en) 2010-12-30 2011-12-02 System and method for managing mobile wallet and its related credentials

Country Status (1)

Country Link
US (4) US9161218B2 (en)

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102917061A (en) * 2012-10-19 2013-02-06 北京奇虎科技有限公司 Resource synchronization method and system
US20130173736A1 (en) * 2011-12-29 2013-07-04 the Province of Ontario, Canada) Communications system providing enhanced trusted service manager (tsm)verification features and related methods
WO2013097038A1 (en) * 2011-12-28 2013-07-04 Research In Motion Limited Mobile communications device providing near field communication (nfc) card issuance features and related methods
US20130171929A1 (en) * 2011-12-28 2013-07-04 Research In Motion Limited Mobile communications device providing near field communication (nfc) card issuance features and related methods
US8538845B2 (en) 2011-06-03 2013-09-17 Mozido, Llc Monetary transaction system
US20140089261A1 (en) * 2012-09-25 2014-03-27 Selim Aissi System and Method for Maintaining Device State Coherency
JP2014123224A (en) * 2012-12-20 2014-07-03 Toppan Printing Co Ltd Terminal device and expiry date update method
CN103944907A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data updating method and system
CN104038523A (en) * 2013-03-07 2014-09-10 联想(北京)有限公司 Method and device for storing information
US20140279566A1 (en) * 2013-03-15 2014-09-18 Samsung Electronics Co., Ltd. Secure mobile payment using media binding
WO2014189569A1 (en) * 2013-05-21 2014-11-27 Jvl Ventures, Llc Systems, methods, and computer program products for managing states
WO2014190445A3 (en) * 2013-05-29 2015-01-22 Kaba Ag Method for managing media for wireless communication
US20150223061A1 (en) * 2011-12-29 2015-08-06 Gemalto Sa Method for initiating an ota session
US20150319152A1 (en) * 2014-05-01 2015-11-05 At&T Intellectual Property I, Lp Apparatus and method for managing security domains for a universal integrated circuit card
US9208488B2 (en) 2011-11-21 2015-12-08 Mozido, Inc. Using a mobile wallet infrastructure to support multiple mobile wallet providers
US20150373535A1 (en) * 2014-06-24 2015-12-24 Huawei Technologies Co., Ltd. Method, Apparatus, and System for Managing Device
CN105227681A (en) * 2015-10-28 2016-01-06 北京知易普道技术有限责任公司 A kind of push server and display terminal
KR20160026582A (en) * 2014-09-01 2016-03-09 삼성전자주식회사 Electronic device and method for managing reenrollment
US20160253666A1 (en) * 2015-02-27 2016-09-01 Samsung Electronics Co., Ltd. Method and device for controlling payment function
US9479571B2 (en) 2012-09-18 2016-10-25 Google Inc. Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements
US20160337290A1 (en) * 2014-01-10 2016-11-17 Huawei Technologies Co., Ltd. Message Push Method and Apparatus
EP3104635A1 (en) * 2015-06-09 2016-12-14 Deutsche Telekom AG Method for an improved installation of a secure-element-related service application in a secure element being located in a communication device, system and telecommunications network for an improved installation of a secure-element-related service application in a secure element being located in a communication device, program comprising a computer readable program code, and computer program product
US9544759B2 (en) 2011-11-01 2017-01-10 Google Inc. Systems, methods, and computer program products for managing states
EP3053081A4 (en) * 2013-09-30 2017-03-01 Google, Inc. Systems, methods, and computer program products for securely managing data on a secure element
CN106658350A (en) * 2015-10-30 2017-05-10 中国移动通信集团公司 Method for collaborative management and device thereof
US9652628B2 (en) 2011-11-01 2017-05-16 Google Inc. Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements
WO2017160814A1 (en) * 2016-03-14 2017-09-21 Jpmorgan Chase Bank, N.A. Systems and methods for device authentication
CN107801165A (en) * 2017-10-31 2018-03-13 平安科技(深圳)有限公司 Service note method for pushing, device, computer equipment and storage medium
US9942227B2 (en) 2013-11-01 2018-04-10 At&T Intellectual Property I, L.P. Apparatus and method for secure over the air programming of a communication device
US10091655B2 (en) 2013-09-11 2018-10-02 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US10122534B2 (en) 2013-10-04 2018-11-06 At&T Intellectual Property I, L.P. Apparatus and method for managing use of secure tokens
US10127533B2 (en) 2012-07-31 2018-11-13 Google Llc Managing devices associated with a digital wallet account
US10193700B2 (en) 2015-02-27 2019-01-29 Samsung Electronics Co., Ltd. Trust-zone-based end-to-end security
US10200367B2 (en) 2013-11-01 2019-02-05 At&T Intellectual Property I, L.P. Apparatus and method for secure provisioning of a communication device
US10218719B2 (en) * 2016-09-21 2019-02-26 Apple Inc. Credential modification notifications
US10223688B2 (en) 2012-09-24 2019-03-05 Samsung Electronics Co., Ltd. Competing mobile payment offers
US10375085B2 (en) 2013-10-28 2019-08-06 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US10438196B2 (en) 2011-11-21 2019-10-08 Mozido, Inc. Using a mobile wallet infrastructure to support multiple mobile wallet providers
US10681534B2 (en) 2012-11-16 2020-06-09 At&T Intellectual Property I, L.P. Methods for provisioning universal integrated circuit cards
US10778670B2 (en) 2013-10-23 2020-09-15 At&T Intellectual Property I, L.P. Apparatus and method for secure authentication of a communication device
US10930139B1 (en) * 2019-10-10 2021-02-23 Bank Of America Corporation Information card silent coercion alarm
US11042861B2 (en) * 2012-04-18 2021-06-22 Google Llc Processing payment transactions without a secure element
US20210241262A1 (en) * 2013-06-13 2021-08-05 Blackberry Limited Mobile wireless communications device having digital wallet with multi-mode user card and related methods
US11087304B2 (en) 2016-03-14 2021-08-10 Jpmorgan Chase Bank, N.A. Systems and methods for device authentication
US20210264405A1 (en) * 2006-09-24 2021-08-26 Rfcyber Corp Method and apparatus for payments between two mobile devices
US11107047B2 (en) 2015-02-27 2021-08-31 Samsung Electronics Co., Ltd. Electronic device providing electronic payment function and operating method thereof
US11129018B2 (en) 2015-02-27 2021-09-21 Samsung Electronics Co., Ltd. Payment means operation supporting method and electronic device for supporting the same
US11182769B2 (en) 2015-02-12 2021-11-23 Samsung Electronics Co., Ltd. Payment processing method and electronic device supporting the same
US11568507B2 (en) 2019-10-10 2023-01-31 Bank Of America Corporation Native-feature silent coercion alarm

Families Citing this family (100)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2624981C (en) 2005-10-06 2017-06-13 C-Sam, Inc. Three-dimensional transaction authentication
US10032160B2 (en) 2005-10-06 2018-07-24 Mastercard Mobile Transactions Solutions, Inc. Isolating distinct service provider widgets within a wallet container
US20130339232A1 (en) * 2005-10-06 2013-12-19 C-Sam, Inc. Widget framework for securing account information for a plurality of accounts in a wallet
US10037524B2 (en) * 2009-01-22 2018-07-31 First Data Corporation Dynamic primary account number (PAN) and unique key per card
US10628881B2 (en) * 2009-01-22 2020-04-21 First Data Corporation Processing transactions with an extended application ID and dynamic cryptograms
US10354321B2 (en) * 2009-01-22 2019-07-16 First Data Corporation Processing transactions with an extended application ID and dynamic cryptograms
EP2336986A1 (en) * 2009-12-17 2011-06-22 Gemalto SA Method of personalizing an application embedded in a secured electronic token
US8775305B2 (en) 2011-05-26 2014-07-08 First Data Corporation Card-present on-line transactions
US20130019195A1 (en) * 2011-07-12 2013-01-17 Oracle International Corporation Aggregating multiple information sources (dashboard4life)
US10083247B2 (en) 2011-10-01 2018-09-25 Oracle International Corporation Generating state-driven role-based landing pages
US20140279479A1 (en) * 2011-10-12 2014-09-18 C-Sam, Inc. Nfc paired bluetooth e-commerce
CN104106276B (en) 2011-10-12 2019-03-19 万事达移动交易方案公司 Multi-level safety move transaction enables platform
US8918855B2 (en) * 2011-12-09 2014-12-23 Blackberry Limited Transaction provisioning for mobile wireless communications devices and related methods
US10949815B2 (en) 2011-12-13 2021-03-16 Visa International Service Association Integrated mobile trusted service manager
US10373152B2 (en) 2011-12-13 2019-08-06 Visa International Service Association Integrated mobile trusted service manager
EP2800311A4 (en) 2011-12-30 2016-01-06 Mozido Corfire Korea Ltd Master tsm
EP2800022A4 (en) * 2011-12-30 2015-09-09 Mozido Corfire Korea Ltd System and method for controlling applet access
US20130254028A1 (en) * 2012-03-22 2013-09-26 Corbuss Kurumsal Telekom Hizmetleri A.S. System and method for conducting mobile commerce
US8838174B2 (en) 2012-05-04 2014-09-16 Apple Inc. Device initiated card provisioning via bearer independent protocol
CA2810360C (en) * 2012-06-27 2016-05-10 Rogers Communications Inc. System and method for remote provisioning of embedded universal integrated circuit cards
US9842333B2 (en) 2012-07-23 2017-12-12 Wal-Mart Stores, Inc. Transferring digital receipt data to mobile devices
US8738454B2 (en) * 2012-07-23 2014-05-27 Wal-Mart Stores, Inc. Transferring digital receipt data to mobile devices
US8843398B2 (en) * 2012-07-23 2014-09-23 Wal-Mart Stores, Inc. Transferring digital receipt data to mobile devices
AP2015008275A0 (en) * 2012-08-02 2015-02-28 Visa Int Service Ass Issuing and storing of payment credentials
DE102012016164A1 (en) * 2012-08-14 2014-02-20 Giesecke & Devrient Gmbh Security element and method for installing data in the security element
JP2014072760A (en) * 2012-09-28 2014-04-21 Fujitsu Mobile Communications Ltd Control program, wireless terminal device, and control method
KR102025521B1 (en) * 2012-10-29 2019-09-26 주식회사 케이티 Method of changing entity for managing subscriber certification module and apparatus using the same
WO2014069871A1 (en) * 2012-10-29 2014-05-08 주식회사 케이티 Method of changing entity managing subscriber authentication module and device using same
US8959331B2 (en) 2012-11-19 2015-02-17 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
KR101460179B1 (en) 2012-11-28 2014-11-10 에스케이씨앤씨 주식회사 Method for Temporary Payment Card Set-up and Mobile Device using the same
KR101436872B1 (en) * 2012-11-29 2014-09-02 에스케이씨앤씨 주식회사 Method and System for Information Management in Secure Element
US9594896B2 (en) * 2012-12-21 2017-03-14 Blackberry Limited Two factor authentication using near field communications
US9947001B2 (en) 2013-03-15 2018-04-17 Mastercard International Incorporated System and method for using multiple payment accounts using a single payment device
CN105103174A (en) 2013-04-05 2015-11-25 维萨国际服务协会 Systems, methods and devices for transacting
US9052891B2 (en) 2013-05-14 2015-06-09 International Business Machines Corporation Declarative configuration and execution of card content management operations for trusted service manager
KR102116860B1 (en) * 2013-06-20 2020-06-05 삼성전자 주식회사 Method and apparatus for combining different kind of wallets on a mobile device
KR102168922B1 (en) 2013-06-26 2020-10-22 삼성전자 주식회사 Method and apparatus for transmitting wallets between mobile devices
CN105359192B (en) * 2013-07-02 2019-02-05 诺基亚技术有限公司 Method and apparatus for mobile ticket service
WO2015025282A2 (en) * 2013-08-21 2015-02-26 Visa International Service Association Methods and systems for transferring electronic money
CN105765951B (en) * 2013-10-10 2019-09-13 谷歌有限责任公司 For managing system, the method and computer program product of communication
US9516487B2 (en) 2013-11-19 2016-12-06 Visa International Service Association Automated account provisioning
US9525997B2 (en) 2013-11-25 2016-12-20 At&T Intellectual Property I, L.P. Method and apparatus for managing international mobile subscriber identity
US9384485B1 (en) * 2013-11-26 2016-07-05 American Express Travel Related Services Company, Inc. Systems and methods for rapidly provisioning functionality to one or more mobile communication devices
US9413759B2 (en) 2013-11-27 2016-08-09 At&T Intellectual Property I, Lp Apparatus and method for secure delivery of data from a communication device
US9990786B1 (en) * 2014-01-17 2018-06-05 Microstrategy Incorporated Visitor credentials
US9825944B2 (en) 2014-01-24 2017-11-21 Microsoft Technology Licensing, Llc Secure cryptoprocessor for authorizing connected device requests
US10488909B2 (en) * 2014-02-14 2019-11-26 Hewlett-Packard Development Company, L.P. Communicating commands to an embedded controller of a system
US11250493B2 (en) 2014-03-31 2022-02-15 Monticello Enterprises LLC System and method for performing social media cryptocurrency transactions
US11282131B2 (en) 2014-03-31 2022-03-22 Monticello Enterprises LLC User device enabling access to payment information in response to user input
US10511580B2 (en) 2014-03-31 2019-12-17 Monticello Enterprises LLC System and method for providing a social media shopping experience
US10832310B2 (en) 2014-03-31 2020-11-10 Monticello Enterprises LLC System and method for providing a search entity-based payment process
US11080777B2 (en) 2014-03-31 2021-08-03 Monticello Enterprises LLC System and method for providing a social media shopping experience
US20150310421A1 (en) * 2014-04-23 2015-10-29 Rfcyber Corporation Electronic payment transactions without POS terminals
US9652770B1 (en) 2014-04-30 2017-05-16 Wells Fargo Bank, N.A. Mobile wallet using tokenized card systems and methods
US10997592B1 (en) 2014-04-30 2021-05-04 Wells Fargo Bank, N.A. Mobile wallet account balance systems and methods
US11288660B1 (en) 2014-04-30 2022-03-29 Wells Fargo Bank, N.A. Mobile wallet account balance systems and methods
US11748736B1 (en) 2014-04-30 2023-09-05 Wells Fargo Bank, N.A. Mobile wallet integration within mobile banking
US11610197B1 (en) 2014-04-30 2023-03-21 Wells Fargo Bank, N.A. Mobile wallet rewards redemption systems and methods
US11574300B1 (en) 2014-04-30 2023-02-07 Wells Fargo Bank, N.A. Mobile wallet systems and methods using trace identifier using card networks
US11663599B1 (en) 2014-04-30 2023-05-30 Wells Fargo Bank, N.A. Mobile wallet authentication systems and methods
US11461766B1 (en) 2014-04-30 2022-10-04 Wells Fargo Bank, N.A. Mobile wallet using tokenized card systems and methods
EP3140795B1 (en) 2014-05-07 2019-08-14 Visa International Service Association Enhanced data interface for contactless communications
KR20160002321A (en) 2014-06-30 2016-01-07 삼성전자주식회사 Method and apparatus for receiving/transmitting a profile for communication service in a mobile communication system
US10445739B1 (en) 2014-08-14 2019-10-15 Wells Fargo Bank, N.A. Use limitations for secondary users of financial accounts
US10990941B1 (en) 2014-08-15 2021-04-27 Jpmorgan Chase Bank, N.A. Systems and methods for facilitating payments
US11234105B2 (en) * 2014-09-29 2022-01-25 Visa International Service Association Methods and systems for asset obfuscation
WO2016049806A1 (en) * 2014-09-29 2016-04-07 华为技术有限公司 Distribution method and apparatus
US20160124924A1 (en) * 2014-10-09 2016-05-05 Wrap Media, LLC Displaying a wrap package of cards within an overlay window embedded in an application or web page
US20160162893A1 (en) * 2014-12-05 2016-06-09 Mastercard International Incorporated Open, on-device cardholder verification method for mobile devices
US9509825B2 (en) * 2014-12-07 2016-11-29 Chon Hock LEOW System and method of secure personal identification
JP6622309B2 (en) * 2014-12-12 2019-12-18 ビザ インターナショナル サービス アソシエーション Provisioning platform for machine-to-machine equipment
US10334431B2 (en) * 2014-12-23 2019-06-25 Intel Corporation Near field communications (NFC)-based offload of NFC operation
US11853919B1 (en) 2015-03-04 2023-12-26 Wells Fargo Bank, N.A. Systems and methods for peer-to-peer funds requests
GB2538774A (en) * 2015-05-28 2016-11-30 Vodafone Ip Licensing Ltd Setting a password on a device
US10171537B2 (en) 2015-08-07 2019-01-01 At&T Intellectual Property I, L.P. Segregation of electronic personal health information
US9942747B2 (en) 2015-08-07 2018-04-10 At&T Mobility Ii Llc Dynamic utilization of services by a temporary device
US10631192B2 (en) 2015-08-14 2020-04-21 At&T Intellectual Property I, L.P. Policy enforced intelligent persona manager
US10044780B2 (en) 2015-08-26 2018-08-07 At&T Intellectual Property I, L.P. Dynamic segregated secure data connection
EP3247136A1 (en) * 2016-05-16 2017-11-22 Gemalto Sa Method for provisioning an applet with credentials of a terminal application provided by an application server and corresponding ota platform
CN106875175B (en) * 2016-06-28 2020-07-24 阿里巴巴集团控股有限公司 Method and device convenient for payment subject expansion
US11232433B1 (en) 2016-08-23 2022-01-25 Wells Fargo Bank, N.A. Mobile wallet registration via on-line banking
US11468414B1 (en) 2016-10-03 2022-10-11 Wells Fargo Bank, N.A. Systems and methods for establishing a pull payment relationship
US10243930B2 (en) 2017-01-11 2019-03-26 Mastercard International Incorporated Systems and methods for secure communication bootstrapping of a device
FR3062539B1 (en) * 2017-01-31 2019-03-29 Stmicroelectronics (Tours) Sas PORTABLE PHONE CASE
US11030609B2 (en) * 2017-02-17 2021-06-08 Apple Inc. Preventing duplicate wireless transactions
RU2651251C1 (en) * 2017-04-28 2018-04-18 АО "Лаборатория Касперского" Method of downloading filtering rules to mobile device
CN107274283B (en) * 2017-05-31 2020-09-08 中国银联股份有限公司 Over-the-air card issuing method and device
KR102495672B1 (en) * 2017-09-20 2023-02-03 삼성전자주식회사 Electronic device for supporting backup and reinstallation of mobile card
US11416852B1 (en) * 2017-12-15 2022-08-16 Worldpay, Llc Systems and methods for generating and transmitting electronic transaction account information messages
CN110062016B (en) * 2018-01-18 2023-05-09 阿里巴巴集团控股有限公司 Method and device for trusted service management
US11295297B1 (en) 2018-02-26 2022-04-05 Wells Fargo Bank, N.A. Systems and methods for pushing usable objects and third-party provisioning to a mobile wallet
US11775955B1 (en) 2018-05-10 2023-10-03 Wells Fargo Bank, N.A. Systems and methods for making person-to-person payments via mobile client application
US11074577B1 (en) 2018-05-10 2021-07-27 Wells Fargo Bank, N.A. Systems and methods for making person-to-person payments via mobile client application
US10771254B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for email-based card activation
US10607214B1 (en) * 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
FR3099258B1 (en) * 2019-07-26 2022-06-24 Idemia Identity & Security France Dynamic adaptation of a secure element execution environment to profiles
CN114762290A (en) * 2019-12-06 2022-07-15 三星电子株式会社 Method and electronic device for managing digital key
CN112288425B (en) * 2020-12-23 2021-04-13 中国银联股份有限公司 Payment function opening method, terminal equipment, server, system and storage medium
US11729163B2 (en) 2021-03-19 2023-08-15 The Toronto-Dominion Bank System and method for establishing secure communication between applications
US11935035B2 (en) * 2021-04-20 2024-03-19 Capital One Services, Llc Techniques to utilize resource locators by a contactless card to perform a sequence of operations

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126145A1 (en) * 2006-07-06 2008-05-29 Firethorn Holdings, Llc Methods and Systems For Distribution of a Mobile Wallet for a Mobile Device
US20090124234A1 (en) * 2007-11-14 2009-05-14 Mobile Candy Dish, Inc. Method and system for securing transactions made through a mobile communication device
US20100275269A1 (en) * 2007-10-20 2010-10-28 Andras Vilmos Procedure for the preparation and performing of a post issuance process on a secure element
US20100291904A1 (en) * 2009-05-13 2010-11-18 First Data Corporation Systems and methods for providing trusted service management services
US20100323681A1 (en) * 2007-11-06 2010-12-23 Gemalto S/A Sharing or reselling nfc applications among mobile communication devices
US20120095852A1 (en) * 2010-10-15 2012-04-19 John Bauer Method and system for electronic wallet access
US20120108204A1 (en) * 2010-10-28 2012-05-03 Schell Stephan V Management systems for multiple access control entities
US8666366B2 (en) * 2007-06-22 2014-03-04 Apple Inc. Device activation and access
US8768845B1 (en) * 2009-02-16 2014-07-01 Sprint Communications Company L.P. Electronic wallet removal from mobile electronic devices

Family Cites Families (64)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5221838A (en) 1990-12-24 1993-06-22 Motorola, Inc. Electronic wallet
US6157859A (en) * 1996-05-16 2000-12-05 Sulzer Intermedics, Inc. Upgradable implantable medical device with post-shock pacing and redraw functions
US6148405A (en) 1997-11-10 2000-11-14 Phone.Com, Inc. Method and system for secure lightweight transactions in wireless data networks
JP4176181B2 (en) 1998-03-13 2008-11-05 富士通株式会社 Electronic wallet management system, terminal device and computer-readable recording medium recording electronic wallet management program
US6199762B1 (en) 1998-05-06 2001-03-13 American Express Travel Related Services Co., Inc. Methods and apparatus for dynamic smartcard synchronization and personalization
US6487403B2 (en) 1999-08-19 2002-11-26 Verizon Laboratories Inc. Wireless universal provisioning device
SE515327C2 (en) * 1999-08-27 2001-07-16 Ericsson Telefon Ab L M Device for carrying out secure transactions in a communication device
US7233926B2 (en) 2000-03-07 2007-06-19 Thomson Licensing Electronic wallet system with secure inter-purses operations
US6961858B2 (en) 2000-06-16 2005-11-01 Entriq, Inc. Method and system to secure content for distribution via a network
US7155411B1 (en) 2000-09-28 2006-12-26 Microsoft Corporation Integrating payment accounts and an electronic wallet
WO2002041601A2 (en) 2000-11-16 2002-05-23 Telefonaktiebolaget Lm Ericsson (Publ) User authentication apparatus, controlling method thereof, and network system
US6950939B2 (en) 2000-12-08 2005-09-27 Sony Corporation Personal transaction device with secure storage on a removable memory device
US7236742B2 (en) 2001-06-18 2007-06-26 Brigham Young University System and method for wireless data transfer for a mobile unit
US6976241B2 (en) * 2001-11-14 2005-12-13 Intel Corporation Cross platform administrative framework
US7149545B2 (en) 2002-05-30 2006-12-12 Nokia Corporation Method and apparatus for facilitating over-the-air activation of pre-programmed memory devices
CN1675879A (en) * 2002-06-07 2005-09-28 索尼株式会社 Data processing system, data processing device, data processing method, and computer program
US7822688B2 (en) 2002-08-08 2010-10-26 Fujitsu Limited Wireless wallet
JP2004252665A (en) * 2003-02-19 2004-09-09 Canon Inc Document processing method
GB2398707B (en) 2003-02-21 2005-03-30 Schlumberger Holdings Authentication method for enabling a user of a mobile station to access to private data or services
US7389123B2 (en) 2003-04-29 2008-06-17 Sony Ericsson Mobile Communications Ab Mobile apparatus with remote lock and control function
WO2004105359A2 (en) 2003-05-19 2004-12-02 Einar Rosenberg An apparatus and method for increased security of wireless transactions
TWI350686B (en) * 2003-07-14 2011-10-11 Nagravision Sa Method for securing an electronic certificate
US20050071419A1 (en) * 2003-09-26 2005-03-31 Lewontin Stephen Paul System, apparatus, and method for providing Web services using wireless push
EP1687725B1 (en) * 2003-11-26 2020-09-30 VeroGuard Systems Pty Limited Secure payment system
US7146159B1 (en) 2003-12-23 2006-12-05 Sprint Communications Company L.P. Over-the-air card provisioning system and method
CA2495949A1 (en) 2004-02-05 2005-08-05 Simon Law Secure wireless authorization system
EP1792508A2 (en) 2004-09-23 2007-06-06 Axalto SA System and method for communication with universal integrated circuit cards in mobile devices using internet protocols.
US7490775B2 (en) 2004-12-30 2009-02-17 Aol Llc, A Deleware Limited Liability Company Intelligent identification of multimedia content for synchronization
US7628322B2 (en) 2005-03-07 2009-12-08 Nokia Corporation Methods, system and mobile device capable of enabling credit card personalization using a wireless network
JP2006261990A (en) 2005-03-16 2006-09-28 Fujitsu Ltd Mobile terminal and remote lock program
US10032160B2 (en) * 2005-10-06 2018-07-24 Mastercard Mobile Transactions Solutions, Inc. Isolating distinct service provider widgets within a wallet container
EP1950681A4 (en) * 2005-10-13 2012-04-04 Ntt Docomo Inc Mobile terminal, access control management device, and access control management method
US7819307B2 (en) 2005-10-27 2010-10-26 Hewlett-Packard Development Company, L.P. Method and system for managing monetary value on a mobile device
US7689205B2 (en) 2005-12-23 2010-03-30 Morgan Stanley Systems and methods for configuration of mobile computing devices
US20070150246A1 (en) * 2005-12-28 2007-06-28 Microsoft Corporation Context-Supported Structures in a Modeling Language
US9911114B2 (en) 2006-07-06 2018-03-06 Qualcomm Incorporated Methods and systems for making a payment via a stored value card in a mobile environment
US8467766B2 (en) 2006-07-06 2013-06-18 Qualcomm Incorporated Methods and systems for managing payment sources in a mobile environment
US7711392B2 (en) 2006-07-14 2010-05-04 Research In Motion Limited System and method to provision a mobile device
US7822439B2 (en) 2006-08-14 2010-10-26 Sandisk Il Ltd. System for sharing credentials
US7708194B2 (en) 2006-08-23 2010-05-04 Verizon Patent And Licensing Inc. Virtual wallet
US7469151B2 (en) 2006-09-01 2008-12-23 Vivotech, Inc. Methods, systems and computer program products for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities
US7527208B2 (en) 2006-12-04 2009-05-05 Visa U.S.A. Inc. Bank issued contactless payment card used in transit fare collection
AU2007312944A1 (en) * 2006-10-17 2008-04-24 Altec Lansing Australia Pty Ltd Configuring and connecting to a media wireless network
US10104432B2 (en) * 2006-12-01 2018-10-16 Time Warner Cable Enterprises Llc Methods and apparatus for software provisioning of a network device
US20080208742A1 (en) 2007-02-22 2008-08-28 First Data Corporation Provisioning of a device for mobile commerce
US7840687B2 (en) * 2007-07-11 2010-11-23 Intel Corporation Generic bootstrapping protocol (GBP)
WO2009016540A2 (en) 2007-08-01 2009-02-05 Nxp B.V. Mobile communication device and method for disabling applications
EP2043016A1 (en) 2007-09-27 2009-04-01 Nxp B.V. Method, system, trusted service manager, service provider and memory element for managing access rights for trusted applications
US7707113B1 (en) 2007-09-28 2010-04-27 Sprint Communications Company L.P. Method and system for setting levels of electronic wallet security
US7822840B2 (en) * 2007-10-23 2010-10-26 International Business Machines Corporation Method and apparatus for dynamic web service client application update
US7689508B2 (en) 2007-11-20 2010-03-30 Wells Fargo Bank N.A. Mobile device credit account
EP2232815B1 (en) 2007-12-07 2020-02-26 Orange Method of controlling applications installed on a security module associated with a mobile terminal, associated security module, mobile terminal and server
US8312270B1 (en) * 2007-12-17 2012-11-13 Trend Micro, Inc. DHCP-based security policy enforcement system
US20090307140A1 (en) 2008-06-06 2009-12-10 Upendra Mardikar Mobile device over-the-air (ota) registration and point-of-sale (pos) payment
US8504032B2 (en) * 2008-06-12 2013-08-06 At&T Intellectual Property I, L.P. Femtocell service registration, activation, and provisioning
US10706402B2 (en) 2008-09-22 2020-07-07 Visa International Service Association Over the air update of payment transaction data stored in secure memory
US20100125495A1 (en) 2008-11-17 2010-05-20 Smith Steven M System and method of providing a mobile wallet at a mobile telephone
US8725574B2 (en) 2008-11-17 2014-05-13 Mastercard International Incorporated Methods and systems for payment account issuance over a mobile network
US8615466B2 (en) 2008-11-24 2013-12-24 Mfoundry Method and system for downloading information into a secure element of an electronic device
US20100211499A1 (en) * 2009-02-13 2010-08-19 Bank Of America Corporation Systems, methods and computer program products for optimizing routing of financial payments
US20100306076A1 (en) 2009-05-29 2010-12-02 Ebay Inc. Trusted Integrity Manager (TIM)
US9734496B2 (en) 2009-05-29 2017-08-15 Paypal, Inc. Trusted remote attestation agent (TRAA)
US10454693B2 (en) 2009-09-30 2019-10-22 Visa International Service Association Mobile payment application architecture
US9419956B2 (en) * 2010-03-22 2016-08-16 Bank Of America Corporation Systems and methods for authenticating a user for accessing account information using a web-enabled device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126145A1 (en) * 2006-07-06 2008-05-29 Firethorn Holdings, Llc Methods and Systems For Distribution of a Mobile Wallet for a Mobile Device
US8666366B2 (en) * 2007-06-22 2014-03-04 Apple Inc. Device activation and access
US20100275269A1 (en) * 2007-10-20 2010-10-28 Andras Vilmos Procedure for the preparation and performing of a post issuance process on a secure element
US20100323681A1 (en) * 2007-11-06 2010-12-23 Gemalto S/A Sharing or reselling nfc applications among mobile communication devices
US20090124234A1 (en) * 2007-11-14 2009-05-14 Mobile Candy Dish, Inc. Method and system for securing transactions made through a mobile communication device
US8768845B1 (en) * 2009-02-16 2014-07-01 Sprint Communications Company L.P. Electronic wallet removal from mobile electronic devices
US20100291904A1 (en) * 2009-05-13 2010-11-18 First Data Corporation Systems and methods for providing trusted service management services
US20120095852A1 (en) * 2010-10-15 2012-04-19 John Bauer Method and system for electronic wallet access
US20120108204A1 (en) * 2010-10-28 2012-05-03 Schell Stephan V Management systems for multiple access control entities

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Calypso Networks Association WG1, Calypso Specification, 01/28/2009 *

Cited By (80)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210264405A1 (en) * 2006-09-24 2021-08-26 Rfcyber Corp Method and apparatus for payments between two mobile devices
US9892386B2 (en) 2011-06-03 2018-02-13 Mozido, Inc. Monetary transaction system
US8538845B2 (en) 2011-06-03 2013-09-17 Mozido, Llc Monetary transaction system
US11295281B2 (en) 2011-06-03 2022-04-05 Fintiv, Inc. Monetary transaction system
US11120413B2 (en) 2011-06-03 2021-09-14 Fintiv, Inc. Monetary transaction system
US9652628B2 (en) 2011-11-01 2017-05-16 Google Inc. Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements
US9928382B2 (en) 2011-11-01 2018-03-27 Google Llc Systems, methods, and computer program products for managing secure elements
US9544759B2 (en) 2011-11-01 2017-01-10 Google Inc. Systems, methods, and computer program products for managing states
US10114976B2 (en) 2011-11-01 2018-10-30 Google Llc Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements
US10438196B2 (en) 2011-11-21 2019-10-08 Mozido, Inc. Using a mobile wallet infrastructure to support multiple mobile wallet providers
US11468434B2 (en) 2011-11-21 2022-10-11 Fintiv, Inc. Using a mobile wallet infrastructure to support multiple mobile wallet providers
US9208488B2 (en) 2011-11-21 2015-12-08 Mozido, Inc. Using a mobile wallet infrastructure to support multiple mobile wallet providers
US9154903B2 (en) * 2011-12-28 2015-10-06 Blackberry Limited Mobile communications device providing near field communication (NFC) card issuance features and related methods
WO2013097038A1 (en) * 2011-12-28 2013-07-04 Research In Motion Limited Mobile communications device providing near field communication (nfc) card issuance features and related methods
US20130171929A1 (en) * 2011-12-28 2013-07-04 Research In Motion Limited Mobile communications device providing near field communication (nfc) card issuance features and related methods
US9077769B2 (en) * 2011-12-29 2015-07-07 Blackberry Limited Communications system providing enhanced trusted service manager (TSM) verification features and related methods
US20150223061A1 (en) * 2011-12-29 2015-08-06 Gemalto Sa Method for initiating an ota session
US20130173736A1 (en) * 2011-12-29 2013-07-04 the Province of Ontario, Canada) Communications system providing enhanced trusted service manager (tsm)verification features and related methods
US9402180B2 (en) * 2011-12-29 2016-07-26 Gemalto Sa Method for initiating an OTA session
US11042861B2 (en) * 2012-04-18 2021-06-22 Google Llc Processing payment transactions without a secure element
US10127533B2 (en) 2012-07-31 2018-11-13 Google Llc Managing devices associated with a digital wallet account
US10949819B2 (en) 2012-07-31 2021-03-16 Google Llc Managing devices associated with a digital wallet account
US10924279B2 (en) 2012-09-18 2021-02-16 Google Llc Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements
US9479571B2 (en) 2012-09-18 2016-10-25 Google Inc. Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements
US10057773B2 (en) 2012-09-18 2018-08-21 Google Llc Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements
US11601273B2 (en) 2012-09-18 2023-03-07 Google Llc Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements
US10223688B2 (en) 2012-09-24 2019-03-05 Samsung Electronics Co., Ltd. Competing mobile payment offers
US20140089261A1 (en) * 2012-09-25 2014-03-27 Selim Aissi System and Method for Maintaining Device State Coherency
US9633098B2 (en) * 2012-09-25 2017-04-25 Visa International Service Association System and method for maintaining device state coherency
US10002174B2 (en) 2012-09-25 2018-06-19 Visa International Service Association System and method for maintaining device state coherency
CN102917061A (en) * 2012-10-19 2013-02-06 北京奇虎科技有限公司 Resource synchronization method and system
US10834576B2 (en) 2012-11-16 2020-11-10 At&T Intellectual Property I, L.P. Methods for provisioning universal integrated circuit cards
US10681534B2 (en) 2012-11-16 2020-06-09 At&T Intellectual Property I, L.P. Methods for provisioning universal integrated circuit cards
JP2014123224A (en) * 2012-12-20 2014-07-03 Toppan Printing Co Ltd Terminal device and expiry date update method
CN104038523A (en) * 2013-03-07 2014-09-10 联想(北京)有限公司 Method and device for storing information
US20140279566A1 (en) * 2013-03-15 2014-09-18 Samsung Electronics Co., Ltd. Secure mobile payment using media binding
WO2014189569A1 (en) * 2013-05-21 2014-11-27 Jvl Ventures, Llc Systems, methods, and computer program products for managing states
WO2014190445A3 (en) * 2013-05-29 2015-01-22 Kaba Ag Method for managing media for wireless communication
US20210241262A1 (en) * 2013-06-13 2021-08-05 Blackberry Limited Mobile wireless communications device having digital wallet with multi-mode user card and related methods
US10091655B2 (en) 2013-09-11 2018-10-02 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US10735958B2 (en) 2013-09-11 2020-08-04 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US11368844B2 (en) 2013-09-11 2022-06-21 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
EP3053081A4 (en) * 2013-09-30 2017-03-01 Google, Inc. Systems, methods, and computer program products for securely managing data on a secure element
US10122534B2 (en) 2013-10-04 2018-11-06 At&T Intellectual Property I, L.P. Apparatus and method for managing use of secure tokens
US10778670B2 (en) 2013-10-23 2020-09-15 At&T Intellectual Property I, L.P. Apparatus and method for secure authentication of a communication device
US11477211B2 (en) 2013-10-28 2022-10-18 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US11005855B2 (en) 2013-10-28 2021-05-11 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US10375085B2 (en) 2013-10-28 2019-08-06 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US10567553B2 (en) 2013-11-01 2020-02-18 At&T Intellectual Property I, L.P. Apparatus and method for secure over the air programming of a communication device
US10701072B2 (en) 2013-11-01 2020-06-30 At&T Intellectual Property I, L.P. Apparatus and method for secure provisioning of a communication device
US10200367B2 (en) 2013-11-01 2019-02-05 At&T Intellectual Property I, L.P. Apparatus and method for secure provisioning of a communication device
US9942227B2 (en) 2013-11-01 2018-04-10 At&T Intellectual Property I, L.P. Apparatus and method for secure over the air programming of a communication device
US20160337290A1 (en) * 2014-01-10 2016-11-17 Huawei Technologies Co., Ltd. Message Push Method and Apparatus
US10009303B2 (en) * 2014-01-10 2018-06-26 Huawei Technologies Co., Ltd. Message push method and apparatus
CN103944907A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data updating method and system
US10476859B2 (en) * 2014-05-01 2019-11-12 At&T Intellectual Property I, L.P. Apparatus and method for managing security domains for a universal integrated circuit card
US9967247B2 (en) * 2014-05-01 2018-05-08 At&T Intellectual Property I, L.P. Apparatus and method for managing security domains for a universal integrated circuit card
US20150319152A1 (en) * 2014-05-01 2015-11-05 At&T Intellectual Property I, Lp Apparatus and method for managing security domains for a universal integrated circuit card
US9713006B2 (en) * 2014-05-01 2017-07-18 At&T Intellectual Property I, Lp Apparatus and method for managing security domains for a universal integrated circuit card
US20150373535A1 (en) * 2014-06-24 2015-12-24 Huawei Technologies Co., Ltd. Method, Apparatus, and System for Managing Device
KR20160026582A (en) * 2014-09-01 2016-03-09 삼성전자주식회사 Electronic device and method for managing reenrollment
KR102226411B1 (en) 2014-09-01 2021-03-12 삼성전자주식회사 Electronic device and method for managing reenrollment
CN106664310A (en) * 2014-09-01 2017-05-10 三星电子株式会社 Electronic device and method for managing re-registration
US11182769B2 (en) 2015-02-12 2021-11-23 Samsung Electronics Co., Ltd. Payment processing method and electronic device supporting the same
US11129018B2 (en) 2015-02-27 2021-09-21 Samsung Electronics Co., Ltd. Payment means operation supporting method and electronic device for supporting the same
US20160253666A1 (en) * 2015-02-27 2016-09-01 Samsung Electronics Co., Ltd. Method and device for controlling payment function
US10193700B2 (en) 2015-02-27 2019-01-29 Samsung Electronics Co., Ltd. Trust-zone-based end-to-end security
EP3262583A4 (en) * 2015-02-27 2018-01-03 Samsung Electronics Co., Ltd. Method and device for controlling payment function
US11107047B2 (en) 2015-02-27 2021-08-31 Samsung Electronics Co., Ltd. Electronic device providing electronic payment function and operating method thereof
EP3104635A1 (en) * 2015-06-09 2016-12-14 Deutsche Telekom AG Method for an improved installation of a secure-element-related service application in a secure element being located in a communication device, system and telecommunications network for an improved installation of a secure-element-related service application in a secure element being located in a communication device, program comprising a computer readable program code, and computer program product
US10097553B2 (en) 2015-06-09 2018-10-09 Deutsche Telekom Ag Installation of a secure-element-related service application in a secure element in a communication device, system and telecommunications
CN105227681A (en) * 2015-10-28 2016-01-06 北京知易普道技术有限责任公司 A kind of push server and display terminal
CN106658350A (en) * 2015-10-30 2017-05-10 中国移动通信集团公司 Method for collaborative management and device thereof
US11087304B2 (en) 2016-03-14 2021-08-10 Jpmorgan Chase Bank, N.A. Systems and methods for device authentication
US10776785B2 (en) 2016-03-14 2020-09-15 Jpmorgan Chase Bank, N.A. Systems and methods for device authentication
WO2017160814A1 (en) * 2016-03-14 2017-09-21 Jpmorgan Chase Bank, N.A. Systems and methods for device authentication
US10218719B2 (en) * 2016-09-21 2019-02-26 Apple Inc. Credential modification notifications
CN107801165A (en) * 2017-10-31 2018-03-13 平安科技(深圳)有限公司 Service note method for pushing, device, computer equipment and storage medium
US10930139B1 (en) * 2019-10-10 2021-02-23 Bank Of America Corporation Information card silent coercion alarm
US11568507B2 (en) 2019-10-10 2023-01-31 Bank Of America Corporation Native-feature silent coercion alarm

Also Published As

Publication number Publication date
US9161218B2 (en) 2015-10-13
US8843125B2 (en) 2014-09-23
US20120172089A1 (en) 2012-07-05
US20120172026A1 (en) 2012-07-05
US20120174189A1 (en) 2012-07-05
US9191813B2 (en) 2015-11-17

Similar Documents

Publication Publication Date Title
US20120171992A1 (en) System and method for secure containment of sensitive financial information stored in a mobile communication terminal
KR101514754B1 (en) System and method for provisioning over the air of confidential information on mobile communicative devices with non-uicc secure elements
SG190986A1 (en) System and method for secure containment of sensitive financial information stored in a mobile communication terminal
RU2630419C2 (en) Integrated mobile trusted services manager
JP2015517151A (en) System, method, and computer program product for detecting and managing changes associated with a mobile wallet
KR20070021826A (en) System and Method for Payment, Devices for Payment, Terminals for Payment, Mobile Devices and Recording Medium
US11620650B2 (en) Mobile authentication method and system therefor
US10097553B2 (en) Installation of a secure-element-related service application in a secure element in a communication device, system and telecommunications
WO2012146588A1 (en) Method and system for communicating data to a contact-less communicating device
KR20100106256A (en) Method for processing financial transaction by using mobile terminal
US20220248233A1 (en) Subscriber Identification Module (SIM) Authentication Protections
KR20070016893A (en) System and Method for Processing Financial Transaction by Using Mobile Devices, Devices for Processing Financial Transaction, Mobile Devices and Recording Medium
KR101413110B1 (en) Method for Processing Financial Transaction by using Token Code
KR20130075752A (en) Method for near field transaction by using providing dynamic created code
KR101561534B1 (en) System and method for managing ota provisioning applications through use of profiles and data preparation
KR20120079044A (en) System for providing financial transaction by using mobile one time code
KR101326100B1 (en) Method for Providing Transaction by using Token Code
KR20120102565A (en) Method for certificating payment by using dynamic created code
KR20120005996A (en) Device for processing a payment
KR20120079043A (en) Method for processing financial transaction by using mobile one time code
KR101413120B1 (en) Method for Integrating Wire and Wireless Network by using One Time Code
KR20120059474A (en) Method for Certificating by using One Time Code
KR20120029454A (en) Method mapping payment means
KR20100103441A (en) Payment device
KR20100105515A (en) Smart phone

Legal Events

Date Code Title Description
AS Assignment

Owner name: SK C&C, KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHEONG, KIDO;HONG, HYUNGJOON;KIM, HYUNJIN;REEL/FRAME:027427/0644

Effective date: 20111201

AS Assignment

Owner name: MOZIDO CORFIRE - KOREA, LTD., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SK C&C CO., LTD.;REEL/FRAME:035404/0851

Effective date: 20141217

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION