Hybrid integration of software development kit with secure execution environment
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
H04L-009/08
출원번호
US-0985853
(2015-12-31)
등록번호
US-10187363
(2019-01-22)
발명자
/ 주소
Smirnoff, Sergey
Bhattacharya, Soumendra
출원인 / 주소
VISA INTERNATIONAL SERVICE ASSOCIATION
대리인 / 주소
Kilpatrick Townsend & Stockton
인용정보
피인용 횟수 :
0인용 특허 :
245
초록▼
A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The st
A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The storage request may include an encrypted data type identifier and an encrypted sensitive data. The secure application may decrypt the encrypted data type identifier and the encrypted sensitive data using a transport key, and re-encrypt the sensitive data using a storage key. The re-encrypted sensitive data can then be stored in a memory of the portable communication device which is outside the trusted execution environment.
대표청구항▼
1. A portable communication device comprising: one or more processor circuits; andone or more memory units coupled to the one or more processor circuits and storing computer readable code implementing a secure application in a trusted execution environment, which when executed by the one or more pro
1. A portable communication device comprising: one or more processor circuits; andone or more memory units coupled to the one or more processor circuits and storing computer readable code implementing a secure application in a trusted execution environment, which when executed by the one or more processor circuits, performs operations including: receiving, by the secure application from a mobile application executing in an application execution environment of the portable communication device, a first storage request, the first storage request including a first encrypted data type identifier and an encrypted cryptogram generation key;decrypting, by the secure application, the first encrypted data type identifier and the encrypted cryptogram generation key using a transport key;determining, by the secure application, that the first decrypted data type identifier indicates the first storage request is for a cryptogram generation key;re-encrypting, by the secure application, the decrypted cryptogram generation key using a key-storage key to generate a re-encrypted cryptogram generation key;storing the re-encrypted cryptogram generation key outside the trusted execution environment;receiving, by the secure application from the mobile application, a cryptogram generation request, the cryptogram generation request including the re-encrypted cryptogram generation key and transaction data for a transaction, wherein the transaction data is received by the mobile application from an access device;decrypting, by the secure application, the re-encrypted cryptogram generation key using the key-storage key;encrypting, by the secure application, the transaction data using the decrypted cryptogram generation key to generate the transaction cryptogram; andsending, by the secure application to the mobile application, the generated transaction cryptogram, wherein the mobile application transmits the generated transaction cryptogram to the access device to conduct the transaction. 2. The portable communication device of claim 1, wherein the operations further include: receiving, by the secure application from the mobile application, a second storage request, the second storage request including a second encrypted data type identifier and an encrypted token;decrypting, by the secure application, the second encrypted data type identifier and the encrypted token using the transport key;determining, by the secure application, that the second decrypted data type identifier indicates the second storage request is for a token;re-encrypting, by the secure application, the decrypted token using a token-storage key to generate a re-encrypted token; andstoring the re-encrypted token outside the trusted execution environment. 3. The portable communication device of claim 2, wherein the operations further include: decrypting, by the secure application, the re-encrypted token using the token-storage key; andsending, by the secure application to the mobile application, the decrypted token. 4. The portable communication device of claim 1, wherein the cryptogram generation key is a limited-use key. 5. The portable communication device of claim 4, wherein the operations further include: receiving, by the secure application from the mobile application, a key replenishment request, the key replenishment request including the re-encrypted cryptogram generation key and a transaction verification log;decrypting, by the secure application, the re-encrypted cryptogram generation key using the key-storage key;generating, by the secure application, a hash value computed over at least the transaction verification log using the decrypted cryptogram generation key; andsending, by the secure application to the mobile application, the hash value. 6. The portable communication device of claim 5, wherein the mobile application sends the hash value to a server to request a new limited-use key. 7. The portable communication device of claim 1, wherein the encrypted cryptogram generation key is received by the mobile application from a server, and the encrypted cryptogram generation key is signed by the server. 8. The portable communication device of claim 7, wherein the operations further include: verifying, by the secure application, that the encrypted cryptogram generation key was signed by the server using a certificate associated with the server. 9. The portable communication device of claim 1, wherein the operations further include: storing, by the secure application, a crypto library in the trusted execution environment, the crypto library including the transport key, the key-storage key, and the token-storage key. 10. The portable communication device of claim 1, wherein the operations further include: selecting, by the secure application, the key-storage key to use for the re-encrypting of the decrypted cryptogram generation key based on the first encrypted data type identifier indicating the first storage request is for the cryptogram generation key. 11. A method for managing sensitive data in a portable communication device having a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment, the method comprising: receiving, by the secure application from the mobile application, a first storage request, the first storage request including a first encrypted data type identifier and an encrypted cryptogram generation key;decrypting, by the secure application, the first encrypted data type identifier and the encrypted cryptogram generation key using a transport key;determining, by the secure application, that the first decrypted data type identifier indicates the first storage request is for a cryptogram generation key;re-encrypting, by the secure application, the decrypted cryptogram generation key using a key-storage key to generate a re-encrypted cryptogram generation key;storing the re-encrypted cryptogram generation key in a memory of the portable communication device which is outside the trusted execution environment;receiving, by the secure application from the mobile application, a cryptogram generation request, the cryptogram generation request including the re-encrypted cryptogram generation key and transaction data for a transaction, wherein the transaction data is received by the mobile application from an access device;decrypting, by the secure application, the re-encrypted cryptogram generation key using the key-storage key;encrypting, by the secure application, the transaction data using the decrypted cryptogram generation key to generate the transaction cryptogram; andsending, by the secure application to the mobile application, the generated transaction cryptogram, wherein the mobile application transmits the generated transaction cryptogram to the access device to conduct the transaction. 12. The method of claim 11, further comprising: receiving, by the secure application from the mobile application, a second storage request, the second storage request including a second encrypted data type identifier and an encrypted token;decrypting, by the secure application, the second encrypted data type identifier and the encrypted token using the transport key;determining, by the secure application, that the second decrypted data type identifier indicates the second storage request is for a token;re-encrypting, by the secure application, the decrypted token using a token-storage key to generate a re-encrypted token; andstoring the re-encrypted token in the memory of the portable communication device which is outside the trusted execution environment. 13. The method of claim 12, further comprising: decrypting, by the secure application, the re-encrypted token using the token-storage key; andsending, by the secure application to the mobile application, the decrypted token. 14. The method of claim 11, wherein the cryptogram generation key is a limited-use key. 15. The method of claim 14, further comprising: receiving, by the secure application from the mobile application, a key replenishment request, the key replenishment request including the re-encrypted cryptogram generation key and a transaction verification log;decrypting, by the secure application, the re-encrypted cryptogram generation key using the key-storage key;generating, by the secure application, a hash value computed over at least the transaction verification log using the decrypted cryptogram generation key; andsending, by the secure application to the mobile application, the hash value. 16. The method of claim 15, wherein the mobile application sends the hash value to a server to request a new limited-use key. 17. The method of claim 11, wherein the encrypted cryptogram generation key is received by the mobile application from a server, and the encrypted cryptogram generation key is signed by the server. 18. The method of claim 17, further comprising: verifying, by the secure application, that the encrypted cryptogram generation key was signed by the server using a certificate associated with the server. 19. The method of claim 11, further comprising: storing, by the secure application, a crypto library in the trusted execution environment, the crypto library including the transport key, the key-storage key, and the token-storage key. 20. The method of claim 11, further comprising: selecting, by the secure application, the key-storage key to use for the re-encrypting of the decrypted cryptogram generation key based on the first encrypted data type identifier indicating the first storage request is for the cryptogram generation key.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (245)
Wong, Jacob Y.; Anderson, Roy L., Anonymous electronic card for generating personal coupons useful in commercial and security transactions.
Van de Velde, Eddy L. H.; Roberts, David A.; Smets, Patrik; Garrett, Duncan; Rans, Jean-Paul, Apparatus and method for integrated payment and electronic merchandise transfer.
Asghari Kamrani,Nader; Asghari Kamrani,Kamran, Direct authentication and authorization system and method for trusted network of financial institutions.
Mullen, Jeffrey David, Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card.
Mullen, Jeffrey David, Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card.
Mullen, Jeffrey David, Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card.
Nakhjiri, Madjid; Chan, Tat Keung; Medvinsky, Alexander; Sprunk, Eric J., Efficient key generator for distribution of sensitive material from multiple application service providers to a secure element such as a universal integrated circuit card (UICC).
Franklin D. Chase ; Rosen Daniel ; Benaloh Josh ; Simon Daniel R., Electronic online commerce card with customer generated transaction proxy number for online transactions.
Bierbaum, Christopher J.; Cope, Warren B.; Katzer, Robin D.; Paczkowski, Lyle W., Electronic payment using a proxy account number stored in a secure element.
Stolfo,Salvotore J.; Yemini,Yechiam; Shaykin,Leonard P., Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party.
Goldstein,Seth; Mahajan,Rajesh; Muppirala,Prakash; Quigley,Benjamin L.; Rawat,Jai; Subramanya,Venkatesh; Tran,Vincent, Intelligent method of order completion in an e-commerce environment based on availability of stored billing information.
Hirai Chiaki (Tokyo JPX) Kondo Hidefumi (Yamato JPX), Method and apparatus for completing a partially completed document in accordance with a blank form from data automatical.
Lincoln, Adrian David; Debney, Charles William; Maxwell, Ian Ronald; Viney, Jonathan Lawrence, Method and apparatus in combination with a storage means for carrying out an authentication process for authenticating a subsequent transaction.
Bajikar,Sundeep M.; Girard,Luke E.; Silvester,Kelan C.; McKeen,Francis X., Method and system and authenticating a user of a computer system that has a trusted platform module (TPM).
Talbert, Vincent W.; Keithly, Thomas H.; Hirschfeld, Daniel A.; Lavelle, Mark L., Method and system for completing a transaction between a customer and a merchant.
Fisher, Douglas; Dominguez, Benedicto H.; Lee, Timothy Mu-Chu, Method and system for performing two factor authentication in mail order and telephone order transactions.
Mutschler ; III Eugene Otto ; Stefaniak Joseph Peter, Method for dynamically embedding objects stored in a web server within HTML for display by a web browser.
Jonathan Shem-Ur IL; Anat Wolfson IL; Shaul Bar-Lev IL; Roni Sivan IL; Ehud Kaahtan IL, Method for preventing unauthorized use of credit cards in remote payments and an optional supplemental-code card for use therein.
Fung, Daniel Y.; Evans, Stephen C., Method, system and computer readable medium for web site account and e-commerce management from a central location.
Veteläinen,Altti Pekka Henrik, Methods, system, and computer readable medium for user data entry, at a terminal, for communication to a remote destination.
Khan,Mohammad; Kumar,Pradeep; Vijayshankar,Roshan; Liu,Ming Li; Narayanan,Narendra, Methods, systems and computer program products for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities.
Khan, Mohammad; Kumar, Pradeep; Vijayshankar, Roshan; Liu, Ming-Li; Narayanan, Narendra, Methods, systems, and computer readable media for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities.
Park, Kyung Yang; Kim, Chul Ki; Hwang, Que Min; Jung, Bong Sung; Sung, Kwang Hyun; Kim, Do Ha; Jung, Hoon Joon; Kang, Bog Heui; Cho, Eun Sang; Kim, Won Dong; Kim, Dae Yeon; Chang, Kwang Su; Woo, Hee Gu, Optical payment transceiver and system using the same.
Bhambri, Vikram; Walsh, Deirdre L.; Sausville, Paul C.; Biyani, Raj; Button, Thomas L.; Nolan, Sean; Warren, Susan; Hempey, Matthew D., Payment information security for multi-merchant purchasing environment for downloadable products.
Baker, David Preston; Marshall, III, Stanley N.; Hussein, Mohamed Reza; Hiller, Matthew Eric; Tung, Chin Pang; Mitchell, Andrew Robert, Secure storage of payment information on client devices.
Berardi, Michael J.; Bliman, Michal; Bonalle, David S.; Saunders, Peter D., System and method for encoding information in magnetic stripe format for use in radio frequency identification transactions.
Snapper,Erik J.; Jiggins,Julian P.; Shyam,Bharat; Partovi,Hadi; Berman,Eric R.; Freedman,Steven J.; Allard,James E.; Chang,Frank Z.; Proteau,Stephen P.; Jorgenson,Clint C., System and method for populating forms with previously used data values.
Chien, Emily; Sanchez, Trish; Saunders, Daniela; Wiseman, Jill; Balagopal, C R; Kinderknecht, Al; Parson, Jon W.; Preston, Ray, System and method for using loyalty rewards as currency.
Chien, Emily; Sanchez, Trish; Saunders, Daniela; Wiseman, Jill; Balagopal, C. R.; Kinderknecht, Al; Parson, Jon W.; Preston, Ray, System and method for using loyalty rewards as currency.
Chien, Emily; Sanchez, Trish; Saunders, Daniela; Wiseman, Jill; Balagopal, C. R.; Kinderknecht, Al; Parson, Jon W.; Preston, Ray, System and method for using loyalty rewards as currency.
Hughes Thomas S. (31310 Eagle Haven Cir. ; Ste. 100 Rancho Palos Verdes CA 90274) Molina Gustavo (24292 Rhona Dr. Laguna Niguel CA 92656), System for remote purchase payment transactions and remote bill payments.
Sadhvani, Rita; Zhang, Ning; Kamal, Mohammad Ashfaq, Systems and methods for authenticating applications for access to secure data using identity modules.
Saunders, Peter D.; Leggatt, Lesley; Chuang, I-Hsin; Oh, John J., Systems, methods and computer program products for performing mass transit merchant transactions.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
von Behren, Rob; Wall, Jonathan; Muehlberg, Alexej; Meyn, Hauke, Wallet application for interacting with a secure element application without a trusted server for authentication.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.