Embedding cloud-based functionalities in a communication device
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
H04W-012/04
H04W-004/00
G06Q-020/32
G06Q-020/38
H04W-088/02
출원번호
US-0834028
(2015-08-24)
등록번호
US-9775029
(2017-09-26)
발명자
/ 주소
Lopez, Eduardo
출원인 / 주소
Visa International Service Association
대리인 / 주소
Kilpatrick Townsend & Stockton LLP
인용정보
피인용 횟수 :
0인용 특허 :
257
초록▼
Techniques for enhancing the security of a communication device may include providing an application agent that executes in a trusted execution environment of the communication device, and a transaction application that executes in a normal application execution environment of the communication devi
Techniques for enhancing the security of a communication device may include providing an application agent that executes in a trusted execution environment of the communication device, and a transaction application that executes in a normal application execution environment of the communication device. The application agent may receive, from the application, a limited-use key (LUK) generated by a remote computer, and store the LUK in a secure storage of the trusted execution environment. When the application agent receives a request to conduct a transaction from the application executing in the normal execution environment, the application agent may generate a transaction cryptogram using the LUK, and provides the transaction cryptogram to an access device.
대표청구항▼
1. A portable communication device comprising: a processor device;a contactless transceiver coupled to the processor device;a first memory region storing an application executing in a normal execution environment; anda second memory region storing an application agent executing in a trusted executio
1. A portable communication device comprising: a processor device;a contactless transceiver coupled to the processor device;a first memory region storing an application executing in a normal execution environment; anda second memory region storing an application agent executing in a trusted execution environment,wherein the application agent receives, from the application executing in the normal execution environment, a limited-use key (LUK) generated by a remote computer and associated with a set of one or more limited-use thresholds that limits usage of the LUK, stores the LUK in a secure storage of the trusted execution environment, receives a request to conduct a transaction from the application executing in the normal execution environment, generates a transaction cryptogram using the LUK, accesses the contactless transceiver, and transmits the transaction cryptogram to an access device via the contactless transceiver, andwherein the application agent sends a replenishment request for a second LUK to the application executing in the normal execution environment, the replenishment request including transaction log information derived from a transaction log stored in the trusted execution environment, receives the second LUK from the application executing in the normal execution environment when the transaction log information in the replenishment request matches transaction log information at the remote computer, and stores the second LUK in the secure storage of the trusted execution environment. 2. The portable communication device of claim 1, wherein the application agent further stores the transaction log in the secure storage of the trusted execution environment. 3. The portable communication device of claim 1, wherein the contactless transceiver of the portable communication device is not accessible by the application executing in the normal execution environment except via the application agent executing in the trusted execution environment. 4. The portable communication device of claim 1, wherein the application agent executing in the trusted execution environment does not communicate with the remote computer except via the normal execution environment. 5. The portable communication device of claim 1, wherein the trusted execution environment is implemented as a virtual machine or as a secure operating mode of the processor. 6. The portable communication device of claim 1, wherein the transaction log information includes an authentication code computed over at least a portion of the transaction log. 7. A method for enhancing security of a portable communication device, the method comprising: receiving, from a remote computer by an application executing in a normal execution environment of the portable communication device, a limited-use key (LUK) that is associated with a set of one or more limited-use thresholds that limits usage of the LUK;sending, by the application executing in the normal execution environment, the LUK to an application agent executing in a trusted execution environment of the portable communication device;receiving, by the application executing in the normal execution environment, a request to conduct a transaction;sending, by the application executing in the normal execution environment, the request to conduct the transaction to the application agent executing in the trusted execution environment, wherein the application agent generates a transaction cryptogram using the LUK, and accesses a contactless interface of the portable communication device to transmit the transaction cryptogram to an access device to conduct the transaction;receiving, from the application agent executing in the trusted execution environment, a replenishment request for a second LUK, the replenishment request including transaction log information derived from a transaction log stored in the trusted execution environment;sending, by the application executing in the normal execution environment, the replenish request to the remote computer;receiving, by the application executing in the normal execution environment, the second LUK from the remote computer when the transaction log information in the replenishment request matches transaction log information at the remote computer; andsending, by the application executing in a normal execution environment, the second LUK to the application agent executing in the trusted execution environment for storage. 8. The method of claim 7, wherein the application agent stores the transaction log in the trusted execution environment. 9. The method of claim 7, wherein the contactless interface of the portable communication device is not accessible by the application executing in the normal execution environment except via the application agent executing in the trusted execution environment. 10. The method of claim 7, wherein the application agent executing in the trusted execution environment does not communicate with the remote computer except via the normal execution environment. 11. The method of claim 7, wherein the trusted execution environment is implemented in a first virtual machine, and the normal execution environment is implemented in a second virtual machine. 12. The method of claim 7, wherein the trusted execution environment is implemented as a secure operating mode in the processor of the portable communication device. 13. The method of claim 7, wherein the transaction log information includes an authentication code computed over at least a portion of the transaction log. 14. A method for enhancing security of a portable communication device, the method comprising: receiving, by an application agent executing in a trusted execution environment of the portable communication device, a limited-use key (LUK) from an application executing in a normal execution environment of the portable communication device, the LUK associated with a set of one or more limited-use thresholds that limits usage of the LUK, and provided to the application executing in the normal execution environment from a remote computer;storing, by the application agent executing in the trusted execution environment, the LUK in a secure storage of the trusted execution environment;receiving, by the application agent executing in the trusted execution environment, a request to conduct a transaction from the application executing in the normal execution environment;generating, by the application agent executing in the trusted execution environment, a transaction cryptogram using the LUK;accessing a contactless interface of the portable communication device to transmit the transaction cryptogram to an access device to conduct the transaction;sending a replenishment request for a second LUK, the replenishment request including transaction log information derived from a transaction log stored in the trusted execution environment;receiving the second LUK when the transaction log information in the replenishment request matches transaction log information at the remote computer; andstoring the second LUK in a secure storage of the trusted execution environment. 15. The method of claim 14, further comprising: storing, by the application agent executing in the trusted execution environment, the transaction log in the secure storage of the trusted execution environment. 16. The method of claim 14, wherein the contactless interface of the portable communication device is not accessible to the application executing in the normal execution environment except via the application agent executing in the trusted execution environment. 17. The method of claim 14, wherein the application agent executing in the trusted execution environment does not communicate with the remote computer except via the normal execution environment. 18. The method of claim 14, wherein the trusted execution environment is implemented in a first virtual machine, and the normal execution environment is implemented in a second virtual machine. 19. The method of claim 14, wherein the trusted execution environment is implemented as a secure operating mode in the processor of the portable communication device. 20. The method of claim 14, wherein the transaction log information includes an authentication code computed over at least a portion of the transaction log.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (257)
Mullen, Jeffrey D.; Yen, Philip W., Advanced payment options for powered cards and devices.
Van de Velde, Eddy L. H.; Roberts, David A.; Smets, Patrik; Garrett, Duncan; Rans, Jean-Paul, Apparatus and method for integrated payment and electronic merchandise transfer.
Asghari Kamrani,Nader; Asghari Kamrani,Kamran, Direct authentication and authorization system and method for trusted network of financial institutions.
Mullen, Jeffrey David, Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card.
Mullen, Jeffrey David, Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card.
Mullen, Jeffrey David, Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card.
Franklin D. Chase ; Rosen Daniel ; Benaloh Josh ; Simon Daniel R., Electronic online commerce card with customer generated transaction proxy number for online transactions.
Bierbaum, Christopher J.; Cope, Warren B.; Katzer, Robin D.; Paczkowski, Lyle W., Electronic payment using a proxy account number stored in a secure element.
Stolfo,Salvotore J.; Yemini,Yechiam; Shaykin,Leonard P., Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party.
Zimmer, Vincent J.; Anvin, H. P.; Rothman, Michael A.; Estrada, David C.; Yoke, Nicholas J.; Selvaraje, Gopinatth, Flexible bootstrap code architecture.
Goldstein,Seth; Mahajan,Rajesh; Muppirala,Prakash; Quigley,Benjamin L.; Rawat,Jai; Subramanya,Venkatesh; Tran,Vincent, Intelligent method of order completion in an e-commerce environment based on availability of stored billing information.
Barr, John Mathias; Park, Geon Hyuk; Gupta, Somit, Method and apparatus for applying revision specific electronic signatures to an electronically stored document.
Hirai Chiaki (Tokyo JPX) Kondo Hidefumi (Yamato JPX), Method and apparatus for completing a partially completed document in accordance with a blank form from data automatical.
Lincoln, Adrian David; Debney, Charles William; Maxwell, Ian Ronald; Viney, Jonathan Lawrence, Method and apparatus in combination with a storage means for carrying out an authentication process for authenticating a subsequent transaction.
Bajikar,Sundeep M.; Girard,Luke E.; Silvester,Kelan C.; McKeen,Francis X., Method and system and authenticating a user of a computer system that has a trusted platform module (TPM).
Talbert, Vincent W.; Keithly, Thomas H.; Hirschfeld, Daniel A.; Lavelle, Mark L., Method and system for completing a transaction between a customer and a merchant.
Fisher, Douglas; Dominguez, Benedicto H.; Lee, Timothy Mu-Chu, Method and system for performing two factor authentication in mail order and telephone order transactions.
Mutschler ; III Eugene Otto ; Stefaniak Joseph Peter, Method for dynamically embedding objects stored in a web server within HTML for display by a web browser.
Jonathan Shem-Ur IL; Anat Wolfson IL; Shaul Bar-Lev IL; Roni Sivan IL; Ehud Kaahtan IL, Method for preventing unauthorized use of credit cards in remote payments and an optional supplemental-code card for use therein.
Fung, Daniel Y.; Evans, Stephen C., Method, system and computer readable medium for web site account and e-commerce management from a central location.
Veteläinen,Altti Pekka Henrik, Methods, system, and computer readable medium for user data entry, at a terminal, for communication to a remote destination.
Khan,Mohammad; Kumar,Pradeep; Vijayshankar,Roshan; Liu,Ming Li; Narayanan,Narendra, Methods, systems and computer program products for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities.
Khan, Mohammad; Kumar, Pradeep; Vijayshankar, Roshan; Liu, Ming-Li; Narayanan, Narendra, Methods, systems, and computer readable media for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities.
Park, Kyung Yang; Kim, Chul Ki; Hwang, Que Min; Jung, Bong Sung; Sung, Kwang Hyun; Kim, Do Ha; Jung, Hoon Joon; Kang, Bog Heui; Cho, Eun Sang; Kim, Won Dong; Kim, Dae Yeon; Chang, Kwang Su; Woo, Hee Gu, Optical payment transceiver and system using the same.
Bhambri, Vikram; Walsh, Deirdre L.; Sausville, Paul C.; Biyani, Raj; Button, Thomas L.; Nolan, Sean; Warren, Susan; Hempey, Matthew D., Payment information security for multi-merchant purchasing environment for downloadable products.
Baker, David Preston; Marshall, III, Stanley N.; Hussein, Mohamed Reza; Hiller, Matthew Eric; Tung, Chin Pang; Mitchell, Andrew Robert, Secure storage of payment information on client devices.
Berardi, Michael J.; Bliman, Michal; Bonalle, David S.; Saunders, Peter D., System and method for encoding information in magnetic stripe format for use in radio frequency identification transactions.
Snapper,Erik J.; Jiggins,Julian P.; Shyam,Bharat; Partovi,Hadi; Berman,Eric R.; Freedman,Steven J.; Allard,James E.; Chang,Frank Z.; Proteau,Stephen P.; Jorgenson,Clint C., System and method for populating forms with previously used data values.
Chien, Emily; Sanchez, Trish; Saunders, Daniela; Wiseman, Jill; Balagopal, C R; Kinderknecht, Al; Parson, Jon W.; Preston, Ray, System and method for using loyalty rewards as currency.
Chien, Emily; Sanchez, Trish; Saunders, Daniela; Wiseman, Jill; Balagopal, C. R.; Kinderknecht, Al; Parson, Jon W.; Preston, Ray, System and method for using loyalty rewards as currency.
Chien, Emily; Sanchez, Trish; Saunders, Daniela; Wiseman, Jill; Balagopal, C. R.; Kinderknecht, Al; Parson, Jon W.; Preston, Ray, System and method for using loyalty rewards as currency.
Hughes Thomas S. (31310 Eagle Haven Cir. ; Ste. 100 Rancho Palos Verdes CA 90274) Molina Gustavo (24292 Rhona Dr. Laguna Niguel CA 92656), System for remote purchase payment transactions and remote bill payments.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Saunders, Peter D.; Leggatt, Lesley; Chuang, I-Hsin; Oh, John J., Systems, methods and computer program products for performing mass transit merchant transactions.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M.; Weber, Robert P., Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management.
Abraham Dennis G. (Concord NC) Henningsmeyer Daniela (Stuttgart VA DEX) Hudson John M. (Manassas VA) Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Stevens Jam, User defined function facility.
von Behren, Rob; Wall, Jonathan; Muehlberg, Alexej; Meyn, Hauke, Wallet application for interacting with a secure element application without a trusted server for authentication.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.