US20120238206A1 - Communications device providing near field communication (nfc) secure element disabling features related methods - Google Patents

Communications device providing near field communication (nfc) secure element disabling features related methods Download PDF

Info

Publication number
US20120238206A1
US20120238206A1 US13/157,685 US201113157685A US2012238206A1 US 20120238206 A1 US20120238206 A1 US 20120238206A1 US 201113157685 A US201113157685 A US 201113157685A US 2012238206 A1 US2012238206 A1 US 2012238206A1
Authority
US
United States
Prior art keywords
security
nfc
communications
processor
application data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/157,685
Inventor
Ravi Singh
Neil Patrick Adams
Kristof Takacs
Shivangi Anantrupa Gandhi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Malikie Innovations Ltd
Original Assignee
Research in Motion Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Research in Motion Ltd filed Critical Research in Motion Ltd
Priority to US13/157,685 priority Critical patent/US20120238206A1/en
Assigned to RESEARCH IN MOTION LIMITED reassignment RESEARCH IN MOTION LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ADAMS, NEIL PATRICK, GANDHI, SHIVANGI ANANTRUPA, SINGH, RAVI, Takacs, Kristof
Priority to EP12757420.0A priority patent/EP2687037A4/en
Priority to CA2829620A priority patent/CA2829620A1/en
Priority to PCT/CA2012/050152 priority patent/WO2012122648A1/en
Priority to TW101108718A priority patent/TW201246822A/en
Publication of US20120238206A1 publication Critical patent/US20120238206A1/en
Assigned to BLACKBERRY LIMITED reassignment BLACKBERRY LIMITED CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: RESEARCH IN MOTION LIMITED
Assigned to MALIKIE INNOVATIONS LIMITED reassignment MALIKIE INNOVATIONS LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BLACKBERRY LIMITED
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2250/00Details of telephonic subscriber devices
    • H04M2250/04Details of telephonic subscriber devices including near field communication means, e.g. RFID
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • This application relates to the field of communications, and more particularly, to wireless communications systems and related methods.
  • PDA Personal Digital Assistant
  • NFC near field communication
  • RFID radio frequency identification
  • FIG. 1 is a schematic block diagram of a communications system in accordance with an example embodiment.
  • FIG. 2 is a schematic diagram of the communications system of FIG. 1 showing the display of the mobile device.
  • FIG. 3 is a more detailed schematic diagram of the communications system of FIG. 1 .
  • FIG. 4 is a flow diagram illustrating example method aspects associated with the systems of FIGS. 1-3 .
  • FIG. 5 is a schematic block diagram of a communications system in accordance with another example embodiment.
  • FIG. 6 is a flow diagram illustrating example method aspects associated with the system of FIG. 5 .
  • FIG. 7 is a schematic block diagram illustrating example mobile wireless communications device components that may be used with the devices of FIGS. 1-3 and 5 .
  • a communications device may include a near field communication (NFC) device, at least one memory configured to store secure application data to be communicated via the NFC device and a secure element (SE) application programming interface (API) associated with the secure application data, and a processor coupled with the NFC device and with the at least one memory.
  • the processor may be configured to disable the SE API to prevent access to the secure application data based upon a security condition, and enable the SE API to allow access to the secure application data based upon a security restore event. Accordingly, the processor may advantageously prevent access to the secure application data without having to wait for a trusted service manager (TSM) to authorize deletion of the secure application data, for example.
  • TSM trusted service manager
  • the communications device may further include a wireless transceiver coupled with the processor, and the security condition may comprise initiation of a wipe while the wireless transceiver is not in communication with a wireless communications network.
  • the communications device may further include an input device coupled with the processor, and the security condition may comprise a threshold number of unsuccessful device authentication attempts via the input device, or a security command entered via the input device.
  • the security restore event may comprise receiving a secure application data delete command via the wireless transceiver, or receiving a security restore command via the input device.
  • the NFC device may also have an NFC API associated therewith.
  • the processor may be further configured to enable the NFC API for NFC communication while the SE API is disabled. Additionally, the processor may be further configured to prevent write access to the memory based upon the occurrence of the security condition.
  • a related communications system may include a NFC terminal and a communications device, such as the one described briefly above.
  • a related method for operating a communications device may include disabling the SE API to prevent access to the secure application data based upon a security condition, and enabling the SE API to allow access to the secure application data based upon a security restore event.
  • a related non-transitory computer-readable medium is for a communications device such as the one described briefly above.
  • the non-transitory computer-readable medium may have computer-executable instructions for causing the communications device to perform steps comprising disabling the SE API to prevent access to the secure application data based upon a security condition, and enabling the SE API to allow access to the secure application data based upon a security restore event.
  • a communications system 30 illustratively includes a near field communication (NEC) terminal 31 associated with an object, and a mobile wireless communications device 32 (also referred to as a “mobile device” herein).
  • NEC near field communication
  • Example mobile wireless communications devices may include portable or personal media players (e.g., music or MP 3 players, video players, electronic book readers, etc.), portable gaming devices, portable or mobile telephones, smartphones, tablet computers, digital cameras, etc.
  • the mobile device 32 illustratively includes a portable housing 33 and a wireless transceiver 34 carried by the portable housing 33 .
  • the wireless transceiver 34 may comprise a cellular transceiver or other type of wireless communications transceiver, and may communicate any combination of voice and data, such as, for example, email.
  • the wireless transceiver 34 may communicate with a security server 36 that may provide one or more of remote instructions and provisioning operations to the mobile device 32 .
  • the mobile device 32 includes a display 46 carried by the portable housing 33 .
  • the display 46 may comprise a liquid crystal display (LCD), for example, and may be configured to display information relating to data or voice communications.
  • the display 46 may be in the form of an active display that includes a backlight, for example.
  • the display 46 may display email information, contact information, or call information.
  • the display 46 may be another type of display, for example, a passive display, and may display other information.
  • the mobile device 32 also includes an input device 45 .
  • the input device 45 may be a keypad, touch-screen display, or other input device, for example.
  • the mobile device 32 also includes a processor 35 that is carried by the portable housing 33 and coupled with the wireless transceiver circuitry 34 , the input device 45 , and the display 46 .
  • the processor 35 may be implemented using hardware (e.g., memory, etc.) and software components, i.e., computer-readable instructions for causing the mobile device 32 to perform the various functions or operations described herein.
  • the mobile device 32 also includes an NFC device 40 carried by the portable housing and coupled with the processor 35 .
  • the NFC device 40 includes a NFC controller 41 and a NFC transceiver 42 coupled with the NFC controller 41 .
  • the NFC controller 41 and the NFC transceiver 42 advantageously cooperate to perform at least one NFC communication function.
  • the NFC device 40 may communicate with the NFC terminal 31 based upon proximity thereto using NFC communication.
  • the NFC terminal 31 may be a NFC tag, a NFC-enabled mobile device, a smart poster, etc.
  • NFC is a short-range wireless communications technology in which NFC-enabled devices are “swiped,” “bumped” or otherwise moved in close proximity to communicate.
  • NFC may operate at 13.56 MHz and with an effective range of several centimeters, typically 4 cm or less, but other suitable versions of near-field communication which may have different operating frequencies, effective ranges, etc., for example, may also be used.
  • the NFC device 40 also includes a first memory 43 coupled to the NFC controller 41 . More particularly, the first memory 43 may be embedded within the NFC device hardware or within the NFC integrated circuit (IC). The first memory 43 may be tamper resistant, for example. In other words, the first memory 43 may comprise a secure element. The first memory 43 or secure element, may store applications relating to NFC communications, or contactless applications for communicating with the NFC terminal 31 . For example, the applications may include financial payment applications, secure access system applications, loyalty card applications, and other applications, and may be encrypted. In some example embodiments, the first memory 43 may store only one application.
  • the applications may include financial payment applications, secure access system applications, loyalty card applications, and other applications, and may be encrypted.
  • the first memory 43 may store only one application.
  • the mobile device 32 also includes a second memory 44 .
  • the second memory 44 may comprise the device memory, for example.
  • the second memory 44 may include operating system files, applications, and other device data.
  • the second memory 44 may be part of the universal integrated circuit card (UICC), for example.
  • the second memory 44 may also be removable, and may be a secure-digital (SD) card or a subscriber identity module (SIM) card, for example.
  • the second memory 44 may comprise another type of memory, for example a flash memory. While first and second memories 43 , 44 are described herein, more than two memories may be used. In other words, applications, or secure elements, may be stored in or spread over various memory devices. It should also be noted that a secure element may be implemented in a dedicated or secure area of a common memory, for example. In addition, multiple secure elements may be used.
  • the processor 35 may be configured to disable the NFC transceiver 42 based upon a security condition.
  • a security condition may occur when a user of the device 32 cannot be authenticated, for example, as a result of the device 32 receiving too many incorrect password entries via the input device 45 .
  • the security condition may occur when the device 32 receives, via the input device 45 , a command to perform operations associated with a security condition. This may occur, for example, in the context of a user who will no longer be using the device 32 and is preparing to give away the device 32 to another user or trade in the device 32 for a new device, for example. These operations may be collectively referred to as a “wipe”.
  • a security condition may occur when the device 32 receives a remote command, e.g., a remote wipe command, indicating a security condition, for example, from a system administrator. This may occur, for example, in the context of a lost or stolen or otherwise compromised device.
  • a user-initiated wipe may also occur when the mobile device 32 is not in communication with a network, i.e., it is out of coverage (e.g., wireless coverage, data coverage, radio coverage, etc., for example.
  • the processor 35 may be configured to disable access to the applications on the first memory 43 , e.g., secure payment applications. Disabling is performed since the mobile device 32 typically does not have unlimited read/write access to the first memory 43 since the first memory does not inherently “trust” the mobile device 32 . That is, secure data or applications stored on the first memory 43 typically may not be modified except by a trusted third party source, as will be discussed further below.
  • the security server 36 is able to initiate a wipe of the first memory 43 based upon communication therewith, as will be described in further detail below. That is, the ability for a mobile device application to interact with an application on a secure element may be disabled via the baseband interface. Another example approach is to use a mobile device application to disable the ability of an application on the secure element to communicate via the NFC transceiver 42 .
  • the processor 35 After disabling access to the applications on the first memory 43 , the processor 35 is configured to erase the contents, or second application from the second memory 44 , or device memory. In other words, the mobile device 32 is wiped.
  • the processor 35 performs a reset operation after successfully erasing the applications from the second memory 44 .
  • the reset operation may be based upon a successful wipe.
  • the reset operation may be performed by selectively disabling a power source 37 carried by the housing 33 and coupled to the processor 35 .
  • the reset operation may comprise a power down/power up cycle of the mobile device 32 .
  • the power source 37 may comprise a battery cell, for example. In some example embodiments, a reset operation may not be performed.
  • the processor 35 is also configured to erase the applications from the first memory 43 after the reset operation.
  • the processor 35 may erase the applications based upon a command received from the security server 36 via the wireless transceiver 34 after the reset operation.
  • the processor 35 after the applications are deleted or wiped from the first memory 44 , is configured to enable access to the NFC transceiver.
  • the contents, or second application from the second memory 44 may not be erased based upon a security condition. Based upon a security condition, the application on the first memory 43 may be erased while selectively maintaining the second application on the second memory 44 . In other words, the processor 35 may be configured to erase the application from the first memory 43 without performing the steps of erasing the second application and resetting.
  • the first memory 43 may comprise an embedded secure element (eSE).
  • eSE comprises an integrated circuit (IC) that manages and includes credentials (e.g., credentials associated with various credit cards, bank cards, gift cards, access cards, transit passes, etc.) that have been provisioned to the mobile device 32 .
  • the eSE 43 may run based upon a GlobalPlatform card specification and be compatible with a Java Card Platform Specification, for example. The eSE 43 may run or be compatible with other or additional platforms.
  • GlobalPlatform is responsible for managing the lifecycle of other applets, and for providing them with security services (e.g., allowing application security domains to be created).
  • Security domains maintain a lifecycle state for each applet (e.g., active, locked, etc.), manage the keys for authenticated access to an applet, and serve as an endpoint when a secure channel is established between a security server 36 , i.e., trusted service manager (TSM) and an applet.
  • TSM trusted service manager
  • the security server 36 or TSM is typically responsible for provisioning and managing the applets within its security domain on the first memory 43 .
  • the NFC terminal 31 may communicate with the applets that are installed on the eSE 43 via the NFC controller 41 and NFC transceiver 43 .
  • a reader, or NFC terminal 31 first selects an applet by its applet identifier (AID), GlobalPlatform checks for the existence of the applet in question (and verifies that the applet is in the correct lifecycle state), and then further application protocol data units (APDUs) sent by the reader are routed to the applet by GlobalPlatform.
  • AID applet identifier
  • APDUs application protocol data units
  • the RF readers for example, the NFC terminal 31 , do not open secure channels to the security domains, and any authentication that occurs with the NFC terminal is the responsibility of the specific applet that gets selected.
  • the TSM 36 may open a secure channel to the issuer security domain (ISD) via the mobile device 32 , by authenticating itself using the appropriate ISD keys.
  • ISD issuer security domain
  • An ISD is considered the security endpoint that communicates with the root TSM and allow for installation of applets and management of application security domains (ASDs).
  • ASDs application security domains
  • the TSM 36 may then manage applets (e.g., install and delete them, change their lifecycle states) and manage the application security domains on the eSE 43 .
  • the TSM 36 can then send APDUs to the applets that belong to that security domain.
  • the applet can determine that it is communicating with its TSM 36 over a secure channel, and can thus allow access to privileged or “administrative” commands.
  • the eSE 43 typically does not “trust” the mobile device 32 to the same degree as the TSM 36 , since GlobalPlatform may not intend for a mobile device to have access to the keys that are needed to open a secure channel. However, an applet can determine that it is communicating over the baseband interface and thus allow access to commands that would not otherwise be available.
  • the baseband interface generally refers to an interface for communications between the processor 35 and the eSE 43 , or first memory, (via the NFC controller 41 ). This may include commands that are sent from the wireless transceiver 34 , for example, that are then sent to the eSE 43 across the baseband interface.
  • a credit card applet may allow the baseband interface to place it in a “visible” or “hidden” state, while allowing access to the necessary commands for a typical financial transaction over the NFC transceiver 42 or RF interface. It should be noted that due to this restriction, the mobile device 32 may not “wipe” the eSE 43 in a conventional sense. Based on the interfaces and application programming interfaces (APIs) provided by GlobalPlatform, there is typically no way for the mobile device 32 to delete an applet or, for that matter, even to enumerate the applets that are installed/instantiated on the eSE 43 .
  • APIs application programming interfaces
  • the mobile device 32 may be increasingly difficult for the mobile device 32 to directly delete applets from the eSE 43 . However, it may be unacceptable for a mobile device to delay a wipe until such time that the TSM 36 could be contacted to wipe the eSE 43 , especially given that an attacker might remove the mobile device SIM, or any other persistent memory device, i.e., the second memory 44 , to ensure it does not have coverage.
  • the processor 35 takes steps to ensure data and access to the eSE 43 is prevented when the mobile device wipe is triggered (effectively resembling a wipe of the eSE 43 to the end user) and will result in the eSE being wiped at the next possible opportunity, i.e., whenever the mobile device 32 has coverage and is able to contact the TSM 36 .
  • the eSE 43 may include applets or other code to perform the wipe process. More particularly, the eSE 43 may include one or more emulation layers, for example, the MIFARE and iClass emulation layers. The emulation layers may not be directly linked to applets or other code on the eSE 43 , for example.
  • the applet generally includes security keys for writing to its corresponding emulation layer, for example, for the MIFARE emulation class, this would be K_MIFARE, which is derived from K_A and K_B for a specific block of MIFARE memory.
  • Each of the wipe applets may be installed and instantiated by the TSM 36 . The applets may be visible over the baseband interface, and it may respond to a specific APDU that may trigger it to wipe its corresponding emulation layer using the security keys, for example.
  • the ISD lifecycle state can be moved to card lock, effectively disabling access to all applets on the eSE 43 by an applet provided that it is granted the card lock privilege.
  • a wipe applet can be installed and instantiated by the TSM 36 to the ISD and given card lock privileges.
  • the applet may be only visible over the baseband interface, and may respond to a specific APDU that triggers it to move the ISD lifecycle state to card lock. Additional code may be used so that certain portions, for example, internal code, can communicate with this applet.
  • the user uses the mobile device 32 normally for voice and/or data communications. For example, if the user uses a wallet application and the TSM 36 has installed anything to their mobile device's eSE 43 , the TSM installs and instantiates the “wipe applet” to the ISD, and asserts a persistent flag indicating the eSE 43 is in use. If, at some point, the eSE 43 is provisioned with an emulation layer credential, for example, the corresponding emulation layer wipe applet would be installed and instantiated at this time. For example, if the eSE 43 is provisioned with a MIFARE credential, then the MIFARE wipe applet would be installed and instantiated at this time.
  • the wipe is triggered.
  • the mobile device wipe may be triggered in multiple ways, for example, receipt of too many incorrect password entries via the input device 45 in an attempt to gain access to the mobile device 32 , receipt of a local wipe command, e.g., comprising a “wipe” option on the mobile device, or a remote wipe command may be sent.
  • a local wipe command e.g., comprising a “wipe” option on the mobile device
  • a remote wipe command may be sent.
  • an acknowledgement may be sent, for example. It is worthwhile noting that the wipe may not be delayed if this acknowledgement is not sent.
  • a persistent flag indicating the eSE 43 has been personalized
  • the mobile device wipe code may assert a persistent flag indicating the eSE 43 has been locked.
  • Each of the above-noted persistent flags may be set or cleared.
  • the eSE primary interface APIs and the NFC transceiver APIs check the value of a persistent flag indicating that the eSE 43 has been locked when they are called. If it is asserted, the eSE primary interface APIs typically should ignore any call not coming from an internal or trusted module, and the NFC transceiver APIs should disable all access to the card emulation mode.
  • each emulation layer is wiped.
  • the wipe APDU is sent to the corresponding wipe applet over the baseband interface.
  • the applet wipes personalization data in the emulation layer. More particularly, for example, the wipe APDU may wipe the personalization data in the iClass and MIFARE emulation layers.
  • a fourth step the eSE 43 /ISD is moved to a card locked state.
  • the wipe APDU is sent to the wipe applet over the baseband interface.
  • the applet moves the ISD state to card locked, effectively denying access to applets and security domains on the eSE 43 .
  • this step should take place after the third step, since otherwise communication may not be possible with the applets that wipe the emulation layers in those steps.
  • the eSE 43 still includes personalized applets, these applets are no longer accessible to anyone but the TSM 36 . From the end user's perspective, the eSE 43 is “wiped”.
  • the mobile device 32 is wiped.
  • the mobile device 32 is wiped by operating system (OS) code, for example.
  • OS operating system
  • the mobile device 32 restarts.
  • the mobile device 32 restarts after the wipe is successful.
  • an eSE proxy (not shown) signals the TSM 36 .
  • the eSE proxy starts up and detects that the ISD is in a card locked state (by attempting to select the ISD over the baseband interface, or by checking the persistent flag indicating the eSE 43 has been locked. It then waits for a data connection and signals the TSM 36 that the eSE 43 needs to be wiped.
  • the eSE 43 is wiped.
  • the TSM 36 deletes all applets from the eSE 43 .
  • selective access to the eSE 43 may be provided over the baseband interface. For example, an application from a mobile device manufacturer may be allowed to access the eSE 43 for the purposes of wiping the eSE, while access from third party applications may be restricted.
  • a ninth step access to eSE primary interface APIs and the NFC transceiver 42 are restored.
  • the TSM 36 Once the TSM 36 is satisfied that all applets have been deleted from the eSE 43 , it signals the eSE proxy that a persistent flag indicating the eSE 43 has been locked.
  • eSE primary interface APIs are unlocked to third parties, and the NFC transceiver 42 is permitted to enter card emulation mode again.
  • the eSE 43 at this point, has been reset to a factory state. It should be noted that in different embodiments steps other steps may be performed, or some steps may be performed in different orders.
  • the processor 35 determines whether a security condition has been initiated (Block 64 ).
  • the securing condition may comprise a wipe, or entering a wrong password a given number of times (which may also trigger a wipe in some embodiments). If a security condition is determined, the processor 35 disables the NFC transceiver 42 (Block 66 ). The processor 35 then disables access to the first plurality of applications on the first memory 43 (Block 68 ). At Block 70 , the processor 35 erases the second application from the second memory 44 . A reset operation is performed by the processor 35 (Block 72 ).
  • the security server 36 sends a signal to the processor 35 via the wireless transceiver 34 once a connection is established therewith.
  • the processor 35 erases the first plurality of applications from the first memory 43 if the signal from the security server 36 is received.
  • the NFC transceiver 42 at Block 78 is re-enabled after the first plurality of applications is erased. The method ends at Block 80 .
  • a related communications system 130 illustratively includes an NFC terminal 131 , a communications device 132 (e.g., a mobile wireless communication device), and a security server 136 , which are similar to those described above.
  • the communications device 132 illustratively includes a housing 133 carrying a wireless transceiver 134 , a NFC device 140 , an input device(s) 145 , a display 146 , one or more memories 147 , and a processor 135 .
  • the wireless transceiver 134 , NFC device 140 , input device 145 , display 146 , and memory 147 are illustratively coupled with the processor 135 , and these components are similar to the counterpart components described above except as otherwise described below.
  • the NFC device 140 has one or more NFC APIs 150 associated therewith.
  • the memory 147 may be part of the NFC device 140 in some embodiments, it may be a separate memory (e.g., SD card, SIM card, etc.), or both types of memories may be used, as noted above.
  • the memory 147 illustratively includes secure element (SE) application data 148 to be communicated via the NFC device 140 (e.g., a secure applet, account information, etc.), and an SE API 149 associated with the secure application data.
  • SE secure element
  • the API controls access to the SE application data 148 stored in the memory 147 .
  • SEs are where NFC applets such as payment (e.g., credit or debit card, etc.), transit, physical access control, and other secure applications are stored.
  • the SE will allow the mobile device 132 to act as a payment or access card, for example.
  • installation and removal or deletion of applications from an SE may only be performed by a third party entity that holds the master keys (i.e., issuer security domain keys) to authenticate with the SE.
  • the third party entity e.g., TSM
  • TSM may open a cryptographically secure channel to the secure element (e.g., using a proxy application running on the mobile device 132 to access the SE).
  • the TSM when a credit card applet is to be installed on the SE of the mobile device 132 , the TSM, after receiving the appropriate instructions from the given bank, will open a secure channel to a secure element and install the appropriate credit card applet. Subsequently, if the credit card applet is to be removed or deleted, the TSM will remove it.
  • Such TSM operations require a communications link between the proxy and the TSM (typically an over-the-air connection in the case of a mobile wireless communications device, as described above). Again, this may create a problem in that if the user wants to wipe the mobile device 132 before giving it away or disposing of it, etc., the user may not have coverage, either because of being out of wireless communications range, account cancellation, SIM card removal, etc. Without coverage, the TSM will not be able to issue the appropriate delete commands, so even after a security wiping of the mobile device 132 , the memory 147 will still retain all of the SE application data 148 . Thus, for example, a credit card may still be used after the mobile device 132 is wiped and handed off to another user.
  • a communications link between the proxy and the TSM typically an over-the-air connection in the case of a mobile wireless communications device, as described above.
  • the processor 135 is configured to disable the SE API 149 to prevent access to the SE application data 148 based upon a security condition such as a device wipe, at Blocks 164 , 166 .
  • a security condition such as a device wipe
  • the disabling may occur despite the wireless transceiver 134 not being in communication with the security server 136 (e.g., TSM) via a wireless communications network.
  • Another security condition that may trigger disabling of the SE API 149 may include a threshold number of unsuccessful access attempts to access the mobile device 132 via the input device 145 (e.g., incorrectly entered passwords, etc.), as noted above.
  • Still another security condition that may trigger disabling of the SE API 149 is a security command entered via the input device 145 .
  • a security command e.g., selection of a security option from an on-screen menu, etc.
  • a security command may be used to temporarily cause the processor 135 to disable the SE API 149 so that the SE application data 148 may not be accessed.
  • write access to the memory 147 may optionally be selectively disabled while the SE API is disabled, at Block 168 . That is, the processor 135 may prevent any further SE data from being written to or installed on the memory 147 by TSMs until the security condition has been resolved, as will be discussed further below. However, in the interim, the processor 135 may optionally enable (or continue to allow) the NFC API 150 to perform NFC communication while the SE API 149 remains disabled for other NFC applications that do not require access to the SE data 148 , at Block 147 .
  • the processor 135 may enable the SE API 149 to again allow access to the SE data 148 based upon a security restore event, at Blocks 172 , 174 , which concludes the illustrated method (Block 176 ). Accordingly, the processor 135 may advantageously prevent access to the SE data 148 without having to wait for a TSM to authorize deletion of the secure application data, for example.
  • the security restore event may include receiving a secure application data delete command via the wireless transceiver 134 , such as a delete command from the TSM that issued the SE data 148 .
  • the security restore event may comprise providing a secure password, biometric, etc., to restore NFC communication for the SE API.
  • the processor 135 is advantageously able to disable or suspend the SE API 149 and the ability for the NFC device 140 to route NFC traffic to the SE API if a security condition occurs.
  • the processor 135 prevents NFC device 140 traffic from being routed to or from the SE API 149 .
  • the SE data 148 may not be accessed by the NFC terminal 131 (e.g., an external point-of-sale terminal) for the purposes of performing a payment or other secure transaction.
  • the processor 135 may, for example, only allow NFC device 140 traffic to resume routing to the SE API 149 after a delete command has been successfully received from the TSM and injected to delete the SE application data 148 , etc. This way, it may be assured that the SE data 148 has been deleted before allowing a next user, for example, to activate NFC device 140 communication routing to the memory 147 .
  • the processor 135 may also lock baseband access to the SE data 148 (e.g. through JSR-177) unless the baseband access is being used to issue a delete command. Once the delete command has been issued, baseband access may be reinstated.
  • the mobile device 132 may be wiped at any time, regardless of whether it has coverage or whether there is a SIM inserted, without having to wait for a TSM to issue delete commands to the secure element to ensure SE data 148 protection. Then, before the SE API 149 or SE data 148 may effectively be used again, the processor 135 will enforce receipt of a cryptographically protected delete command from the TSM (in the case of a device wipe security condition) or appropriate security credentials before allowing the SE API 149 to be used again, such as through the NFC device 140 or the wireless transceiver 134 .
  • a related non-transitory computer-readable medium example embodiment may have computer-executable instructions for causing the communications device 132 to perform steps including disabling the SE. API 149 to prevent access to the SE data 148 based upon a security condition, and enabling the SE API to again allow access to the SE data based upon a security restore event, as described further above.
  • the non-transitory computer-readable medium may perform additional steps described above as well.
  • the device 1000 illustratively includes a housing 1200 , a keyboard or keypad 1400 and an output device 1600 .
  • the output device shown is a display 1600 , which may comprise a full graphic LCD. Other types of output devices may alternatively be utilized.
  • a processing device 1800 is contained within the housing 1200 and is coupled between the keypad 1400 and the display 1600 . The processing device 1800 controls the operation of the display 1600 , as well as the overall operation of the mobile device 1000 , in response to actuation of keys on the keypad 1400 .
  • the housing 1200 may be elongated vertically, or may take on other sizes and shapes (including clamshell housing structures).
  • the keypad may include a mode selection key, or other hardware or software for switching between text entry and telephony entry.
  • FIG. 7 In addition to the processing device 1800 , other parts of the mobile device 1000 are shown schematically in FIG. 7 . These include a communications subsystem 1001 ; a short-range communications subsystem 1020 ; the keypad 1400 and the display 1600 , along with other input/output devices 1060 , 1080 , 1100 and 1120 ; as well as memory devices 1160 , 1180 and various other device subsystems 1201 .
  • the mobile device 1000 may comprise a two-way RF communications device having data and, optionally, voice communications capabilities. In addition, the mobile device 1000 may have the capability to communicate with other computer systems via the Internet.
  • Operating system software executed by the processing device 1800 is stored in a persistent store, such as the flash memory 1160 , but may be stored in other types of memory devices, such as a read only memory (ROM) or similar storage element.
  • system software, specific device applications, or parts thereof may be temporarily loaded into a volatile store, such as the random access memory (RAM) 1180 .
  • Communications signals received by the mobile device may also be stored in the RAM 1180 .
  • the processing device 1800 in addition to its operating system functions, enables execution of software applications 1300 A- 1300 N on the device 1000 .
  • a predetermined set of applications that control basic device operations, such as data and voice communications 1300 A and 1300 B, may be installed on the device 1000 during manufacture.
  • a personal information manager (PIM) application may be installed during manufacture.
  • the PIM may be capable of organizing and managing data items, such as e-mail, calendar events, voice mails, appointments, and task items.
  • the PIM application may also be capable of sending and receiving data items via a wireless network 1401 .
  • the PIM data items may be seamlessly integrated, synchronized and updated via the wireless network 1401 with corresponding data items stored or associated with a host computer system.
  • the communications subsystem 1001 includes a receiver 1500 , a transmitter 1520 , and one or more antennas 1540 and 1560 .
  • the communications subsystem 1001 also includes a processing module, such as a digital signal processor (DSP) 1580 , and local oscillators (LOs) 1601 .
  • DSP digital signal processor
  • LOs local oscillators
  • a mobile device 1000 may include a communications subsystem 1001 designed to operate with the MobitexTM, Data TACTM or General Packet Radio Service (GPRS) mobile data communications networks, and also designed to operate with any of a variety of voice communications networks, such as AMPS, TDMA, CDMA, WCDMA, PCS, GSM, EDGE, etc. Other types of data and voice networks, both separate and integrated, may also be utilized with the mobile device 1000 .
  • the mobile device 1000 may also be compliant with other communications standards such as 3GSM, 3GPP, UMTS, 4G, etc.
  • Network access requirements vary depending upon the type of communication system. For example, in the Mobitex and DataTAC networks, mobile devices are registered on the network using a unique personal identification number or PIN associated with each device. In GPRS networks, however, network access is associated with a subscriber or user of a device. A GPRS device therefore typically involves use of a subscriber identity module, commonly referred to as a SIM card, in order to operate on a GPRS network.
  • SIM card subscriber identity module
  • the mobile device 1000 may send and receive communications signals over the communication network 1401 .
  • Signals received from the communications network 1401 by the antenna 1540 are routed to the receiver 1500 , which provides for signal amplification, frequency down conversion, filtering, channel selection, etc., and may also provide analog to digital conversion. Analog-to-digital conversion of the received signal allows the DSP 1580 to perform more complex communications functions, such as demodulation and decoding.
  • signals to be transmitted to the network 1401 are processed (e.g. modulated and encoded) by the DSP 1580 and are then provided to the transmitter 1520 for digital to analog conversion, frequency up conversion, filtering, amplification and transmission to the communication network 1401 (or networks) via the antenna 1560 .
  • the DSP 1580 provides for control of the receiver 1500 and the transmitter 1520 .
  • gains applied to communications signals in the receiver 1500 and transmitter 1520 may be adaptively controlled through automatic gain control algorithms implemented in the DSP 1580 .
  • a received signal such as a text message or web page download
  • the communications subsystem 1001 is input to the processing device 1800 .
  • the received signal is then further processed by the processing device 1800 for an output to the display 1600 , or alternatively to some other auxiliary I/O device 1060 .
  • a device may also be used to compose data items, such as e-mail messages, using the keypad 1400 and/or some other auxiliary I/O device 1060 , such as a touchpad, a rocker switch, a thumb-wheel, or some other type of input device.
  • the composed data items may then be transmitted over the communications network 1401 via the communications subsystem 1001 .
  • a voice communications mode In a voice communications mode, overall operation of the device is substantially similar to the data communications mode, except that received signals are output to a speaker 1100 , and signals for transmission are generated by a microphone 1120 .
  • Alternative voice or audio I/O subsystems such as a voice message recording subsystem, may also be implemented on the device 1000 .
  • the display 1600 may also be utilized in voice communications mode, for example to display the identity of a calling party, the duration of a voice call, or other voice call related information.
  • the short-range communications subsystem enables communication between the mobile device 1000 and other proximate systems or devices, which need not necessarily be similar devices.
  • the short-range communications subsystem may include an infrared device and associated circuits and components, a BluetoothTM communications module to provide for communication with similarly-enabled systems and devices, or a near field communications (NFC) sensor for communicating with a NFC device or NFC tag via NFC communications.
  • NFC near field communications

Abstract

A communications device may include a near field communication (NFC) device, at least one memory configured to store secure application data to be communicated via the NFC device and a secure element (SE) application programming interface (API) associated with the secure application data, and a processor coupled with the NFC device and the at least one memory. The processor may be configured to disable the SE API to prevent access to the secure application data based upon a security condition, and enable the SE API to allow access to the secure application data based upon a security restore event.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims the benefit of provisional application no. 61/452,511, filed Mar. 14, 2011, which is hereby incorporated herein in its entirety by reference.
    • TECHNICAL FIELD
  • This application relates to the field of communications, and more particularly, to wireless communications systems and related methods.
    • BACKGROUND
  • Mobile communication systems continue to grow in popularity and have become an integral part of both personal and business communications. Various mobile devices now incorporate Personal Digital Assistant (PDA) features such as calendars, address books, task lists, calculators, memo and writing programs, media players, games, etc. These multi-function devices usually allow electronic mail (email) messages to be sent and received wirelessly, as well as access the internet via a cellular network and/or a wireless local area network (WLAN), for example.
  • Some mobile devices incorporate contactless card technology and/or near field communication (NFC) chips. NFC technology is commonly used for contactless short-range communications based on radio frequency identification (RFID) standards, using magnetic field induction to enable communication between electronic devices, including mobile wireless communications devices. This short-range high frequency wireless communications technology exchanges data between devices over a short distance, such as only a few centimeters.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a schematic block diagram of a communications system in accordance with an example embodiment.
  • FIG. 2 is a schematic diagram of the communications system of FIG. 1 showing the display of the mobile device.
  • FIG. 3 is a more detailed schematic diagram of the communications system of FIG. 1.
  • FIG. 4 is a flow diagram illustrating example method aspects associated with the systems of FIGS. 1-3.
  • FIG. 5 is a schematic block diagram of a communications system in accordance with another example embodiment.
  • FIG. 6 is a flow diagram illustrating example method aspects associated with the system of FIG. 5.
  • FIG. 7 is a schematic block diagram illustrating example mobile wireless communications device components that may be used with the devices of FIGS. 1-3 and 5.
    •  DETAILED DESCRIPTION
  • The present description is made with reference to the accompanying drawings, in which embodiments are shown. However, many different embodiments may be used, and thus the description should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete. Like numbers refer to like elements throughout.
  • Generally speaking, a communications device is provided herein which may include a near field communication (NFC) device, at least one memory configured to store secure application data to be communicated via the NFC device and a secure element (SE) application programming interface (API) associated with the secure application data, and a processor coupled with the NFC device and with the at least one memory. The processor may be configured to disable the SE API to prevent access to the secure application data based upon a security condition, and enable the SE API to allow access to the secure application data based upon a security restore event. Accordingly, the processor may advantageously prevent access to the secure application data without having to wait for a trusted service manager (TSM) to authorize deletion of the secure application data, for example.
  • More particularly, the communications device may further include a wireless transceiver coupled with the processor, and the security condition may comprise initiation of a wipe while the wireless transceiver is not in communication with a wireless communications network. In accordance with other examples, the communications device may further include an input device coupled with the processor, and the security condition may comprise a threshold number of unsuccessful device authentication attempts via the input device, or a security command entered via the input device. Also by way of example, the security restore event may comprise receiving a secure application data delete command via the wireless transceiver, or receiving a security restore command via the input device.
  • The NFC device may also have an NFC API associated therewith. As such, the processor may be further configured to enable the NFC API for NFC communication while the SE API is disabled. Additionally, the processor may be further configured to prevent write access to the memory based upon the occurrence of the security condition.
  • A related communications system may include a NFC terminal and a communications device, such as the one described briefly above. A related method for operating a communications device, such as the one described briefly above, may include disabling the SE API to prevent access to the secure application data based upon a security condition, and enabling the SE API to allow access to the secure application data based upon a security restore event.
  • A related non-transitory computer-readable medium is for a communications device such as the one described briefly above. The non-transitory computer-readable medium may have computer-executable instructions for causing the communications device to perform steps comprising disabling the SE API to prevent access to the secure application data based upon a security condition, and enabling the SE API to allow access to the secure application data based upon a security restore event.
  • Referring initially to FIGS. 1-2, a communications system 30 illustratively includes a near field communication (NEC) terminal 31 associated with an object, and a mobile wireless communications device 32 (also referred to as a “mobile device” herein). Example mobile wireless communications devices may include portable or personal media players (e.g., music or MP3 players, video players, electronic book readers, etc.), portable gaming devices, portable or mobile telephones, smartphones, tablet computers, digital cameras, etc.
  • The mobile device 32 illustratively includes a portable housing 33 and a wireless transceiver 34 carried by the portable housing 33. The wireless transceiver 34 may comprise a cellular transceiver or other type of wireless communications transceiver, and may communicate any combination of voice and data, such as, for example, email. The wireless transceiver 34 may communicate with a security server 36 that may provide one or more of remote instructions and provisioning operations to the mobile device 32.
  • The mobile device 32 includes a display 46 carried by the portable housing 33. The display 46 may comprise a liquid crystal display (LCD), for example, and may be configured to display information relating to data or voice communications. The display 46 may be in the form of an active display that includes a backlight, for example. The display 46 may display email information, contact information, or call information. The display 46 may be another type of display, for example, a passive display, and may display other information.
  • The mobile device 32 also includes an input device 45. The input device 45 may be a keypad, touch-screen display, or other input device, for example.
  • The mobile device 32 also includes a processor 35 that is carried by the portable housing 33 and coupled with the wireless transceiver circuitry 34, the input device 45, and the display 46. The processor 35 may be implemented using hardware (e.g., memory, etc.) and software components, i.e., computer-readable instructions for causing the mobile device 32 to perform the various functions or operations described herein.
  • The mobile device 32 also includes an NFC device 40 carried by the portable housing and coupled with the processor 35. The NFC device 40 includes a NFC controller 41 and a NFC transceiver 42 coupled with the NFC controller 41. The NFC controller 41 and the NFC transceiver 42 advantageously cooperate to perform at least one NFC communication function. For example, the NFC device 40 may communicate with the NFC terminal 31 based upon proximity thereto using NFC communication. The NFC terminal 31 may be a NFC tag, a NFC-enabled mobile device, a smart poster, etc.
  • By way of background, NFC is a short-range wireless communications technology in which NFC-enabled devices are “swiped,” “bumped” or otherwise moved in close proximity to communicate. In one non-limiting example implementation, NFC may operate at 13.56 MHz and with an effective range of several centimeters, typically 4 cm or less, but other suitable versions of near-field communication which may have different operating frequencies, effective ranges, etc., for example, may also be used.
  • The NFC device 40 also includes a first memory 43 coupled to the NFC controller 41. More particularly, the first memory 43 may be embedded within the NFC device hardware or within the NFC integrated circuit (IC). The first memory 43 may be tamper resistant, for example. In other words, the first memory 43 may comprise a secure element. The first memory 43 or secure element, may store applications relating to NFC communications, or contactless applications for communicating with the NFC terminal 31. For example, the applications may include financial payment applications, secure access system applications, loyalty card applications, and other applications, and may be encrypted. In some example embodiments, the first memory 43 may store only one application.
  • The mobile device 32 also includes a second memory 44. The second memory 44 may comprise the device memory, for example. In other words, the second memory 44 may include operating system files, applications, and other device data. In some example embodiments, the second memory 44 may be part of the universal integrated circuit card (UICC), for example. The second memory 44 may also be removable, and may be a secure-digital (SD) card or a subscriber identity module (SIM) card, for example. The second memory 44 may comprise another type of memory, for example a flash memory. While first and second memories 43, 44 are described herein, more than two memories may be used. In other words, applications, or secure elements, may be stored in or spread over various memory devices. It should also be noted that a secure element may be implemented in a dedicated or secure area of a common memory, for example. In addition, multiple secure elements may be used.
  • The processor 35 may be configured to disable the NFC transceiver 42 based upon a security condition. A security condition may occur when a user of the device 32 cannot be authenticated, for example, as a result of the device 32 receiving too many incorrect password entries via the input device 45. Alternatively, the security condition may occur when the device 32 receives, via the input device 45, a command to perform operations associated with a security condition. This may occur, for example, in the context of a user who will no longer be using the device 32 and is preparing to give away the device 32 to another user or trade in the device 32 for a new device, for example. These operations may be collectively referred to as a “wipe”. Still further, a security condition may occur when the device 32 receives a remote command, e.g., a remote wipe command, indicating a security condition, for example, from a system administrator. This may occur, for example, in the context of a lost or stolen or otherwise compromised device. However, a user-initiated wipe may also occur when the mobile device 32 is not in communication with a network, i.e., it is out of coverage (e.g., wireless coverage, data coverage, radio coverage, etc., for example.
  • If a security condition is detected, the processor 35 may be configured to disable access to the applications on the first memory 43, e.g., secure payment applications. Disabling is performed since the mobile device 32 typically does not have unlimited read/write access to the first memory 43 since the first memory does not inherently “trust” the mobile device 32. That is, secure data or applications stored on the first memory 43 typically may not be modified except by a trusted third party source, as will be discussed further below. Thus, the security server 36 is able to initiate a wipe of the first memory 43 based upon communication therewith, as will be described in further detail below. That is, the ability for a mobile device application to interact with an application on a secure element may be disabled via the baseband interface. Another example approach is to use a mobile device application to disable the ability of an application on the secure element to communicate via the NFC transceiver 42.
  • After disabling access to the applications on the first memory 43, the processor 35 is configured to erase the contents, or second application from the second memory 44, or device memory. In other words, the mobile device 32 is wiped.
  • The processor 35 performs a reset operation after successfully erasing the applications from the second memory 44. In other words, the reset operation may be based upon a successful wipe. The reset operation may be performed by selectively disabling a power source 37 carried by the housing 33 and coupled to the processor 35. In other words, the reset operation may comprise a power down/power up cycle of the mobile device 32. The power source 37 may comprise a battery cell, for example. In some example embodiments, a reset operation may not be performed.
  • The processor 35 is also configured to erase the applications from the first memory 43 after the reset operation. The processor 35 may erase the applications based upon a command received from the security server 36 via the wireless transceiver 34 after the reset operation. The processor 35, after the applications are deleted or wiped from the first memory 44, is configured to enable access to the NFC transceiver.
  • In some example embodiments, the contents, or second application from the second memory 44, may not be erased based upon a security condition. Based upon a security condition, the application on the first memory 43 may be erased while selectively maintaining the second application on the second memory 44. In other words, the processor 35 may be configured to erase the application from the first memory 43 without performing the steps of erasing the second application and resetting.
  • Referring now to FIG. 3, in one advantageous example embodiment, the first memory 43 may comprise an embedded secure element (eSE). An eSE comprises an integrated circuit (IC) that manages and includes credentials (e.g., credentials associated with various credit cards, bank cards, gift cards, access cards, transit passes, etc.) that have been provisioned to the mobile device 32. In an example embodiment, the eSE 43 may run based upon a GlobalPlatform card specification and be compatible with a Java Card Platform Specification, for example. The eSE 43 may run or be compatible with other or additional platforms.
  • Within the eSE 43, GlobalPlatform is responsible for managing the lifecycle of other applets, and for providing them with security services (e.g., allowing application security domains to be created). Security domains maintain a lifecycle state for each applet (e.g., active, locked, etc.), manage the keys for authenticated access to an applet, and serve as an endpoint when a secure channel is established between a security server 36, i.e., trusted service manager (TSM) and an applet. The security server 36 or TSM is typically responsible for provisioning and managing the applets within its security domain on the first memory 43.
  • RF readers, and more particularly, NFC readers, for example, the NFC terminal 31 may communicate with the applets that are installed on the eSE 43 via the NFC controller 41 and NFC transceiver 43. A reader, or NFC terminal 31 first selects an applet by its applet identifier (AID), GlobalPlatform checks for the existence of the applet in question (and verifies that the applet is in the correct lifecycle state), and then further application protocol data units (APDUs) sent by the reader are routed to the applet by GlobalPlatform. Generally, the RF readers, for example, the NFC terminal 31, do not open secure channels to the security domains, and any authentication that occurs with the NFC terminal is the responsibility of the specific applet that gets selected.
  • The TSM 36 may open a secure channel to the issuer security domain (ISD) via the mobile device 32, by authenticating itself using the appropriate ISD keys. An ISD is considered the security endpoint that communicates with the root TSM and allow for installation of applets and management of application security domains (ASDs). To the mobile device 32, this secure channel is entirely opaque. The TSM 36 may then manage applets (e.g., install and delete them, change their lifecycle states) and manage the application security domains on the eSE 43. After establishing a secure channel with a security domain, the TSM 36 can then send APDUs to the applets that belong to that security domain. The applet can determine that it is communicating with its TSM 36 over a secure channel, and can thus allow access to privileged or “administrative” commands.
  • The eSE 43 typically does not “trust” the mobile device 32 to the same degree as the TSM 36, since GlobalPlatform may not intend for a mobile device to have access to the keys that are needed to open a secure channel. However, an applet can determine that it is communicating over the baseband interface and thus allow access to commands that would not otherwise be available. The baseband interface generally refers to an interface for communications between the processor 35 and the eSE 43, or first memory, (via the NFC controller 41). This may include commands that are sent from the wireless transceiver 34, for example, that are then sent to the eSE 43 across the baseband interface.
  • For example, a credit card applet may allow the baseband interface to place it in a “visible” or “hidden” state, while allowing access to the necessary commands for a typical financial transaction over the NFC transceiver 42 or RF interface. It should be noted that due to this restriction, the mobile device 32 may not “wipe” the eSE 43 in a conventional sense. Based on the interfaces and application programming interfaces (APIs) provided by GlobalPlatform, there is typically no way for the mobile device 32 to delete an applet or, for that matter, even to enumerate the applets that are installed/instantiated on the eSE 43.
  • Based on the restrictions described earlier, it may be increasingly difficult for the mobile device 32 to directly delete applets from the eSE 43. However, it may be unacceptable for a mobile device to delay a wipe until such time that the TSM 36 could be contacted to wipe the eSE 43, especially given that an attacker might remove the mobile device SIM, or any other persistent memory device, i.e., the second memory 44, to ensure it does not have coverage.
  • In the present embodiments, the processor 35 takes steps to ensure data and access to the eSE 43 is prevented when the mobile device wipe is triggered (effectively resembling a wipe of the eSE 43 to the end user) and will result in the eSE being wiped at the next possible opportunity, i.e., whenever the mobile device 32 has coverage and is able to contact the TSM 36.
  • The eSE 43 may include applets or other code to perform the wipe process. More particularly, the eSE 43 may include one or more emulation layers, for example, the MIFARE and iClass emulation layers. The emulation layers may not be directly linked to applets or other code on the eSE 43, for example. The applet generally includes security keys for writing to its corresponding emulation layer, for example, for the MIFARE emulation class, this would be K_MIFARE, which is derived from K_A and K_B for a specific block of MIFARE memory. Each of the wipe applets may be installed and instantiated by the TSM 36. The applets may be visible over the baseband interface, and it may respond to a specific APDU that may trigger it to wipe its corresponding emulation layer using the security keys, for example.
  • The ISD lifecycle state can be moved to card lock, effectively disabling access to all applets on the eSE 43 by an applet provided that it is granted the card lock privilege. Thus, a wipe applet can be installed and instantiated by the TSM 36 to the ISD and given card lock privileges. The applet may be only visible over the baseband interface, and may respond to a specific APDU that triggers it to move the ISD lifecycle state to card lock. Additional code may be used so that certain portions, for example, internal code, can communicate with this applet.
  • In a normal operating state, the user uses the mobile device 32 normally for voice and/or data communications. For example, if the user uses a wallet application and the TSM 36 has installed anything to their mobile device's eSE 43, the TSM installs and instantiates the “wipe applet” to the ISD, and asserts a persistent flag indicating the eSE 43 is in use. If, at some point, the eSE 43 is provisioned with an emulation layer credential, for example, the corresponding emulation layer wipe applet would be installed and instantiated at this time. For example, if the eSE 43 is provisioned with a MIFARE credential, then the MIFARE wipe applet would be installed and instantiated at this time.
  • In a first step, the wipe is triggered. As noted above, the mobile device wipe may be triggered in multiple ways, for example, receipt of too many incorrect password entries via the input device 45 in an attempt to gain access to the mobile device 32, receipt of a local wipe command, e.g., comprising a “wipe” option on the mobile device, or a remote wipe command may be sent. In the remote wipe case, an acknowledgement may be sent, for example. It is worthwhile noting that the wipe may not be delayed if this acknowledgement is not sent.
  • In a second step, access to the processing interface for communicating with the eSE 43 and the transceiver 42 is prevented or restricted. If a persistent flag indicating the eSE 43 has been personalized, the mobile device wipe code may assert a persistent flag indicating the eSE 43 has been locked. Each of the above-noted persistent flags may be set or cleared. The eSE primary interface APIs and the NFC transceiver APIs check the value of a persistent flag indicating that the eSE 43 has been locked when they are called. If it is asserted, the eSE primary interface APIs typically should ignore any call not coming from an internal or trusted module, and the NFC transceiver APIs should disable all access to the card emulation mode.
  • In a third step, each emulation layer is wiped. The wipe APDU is sent to the corresponding wipe applet over the baseband interface. The applet wipes personalization data in the emulation layer. More particularly, for example, the wipe APDU may wipe the personalization data in the iClass and MIFARE emulation layers.
  • In a fourth step, the eSE 43/ISD is moved to a card locked state. The wipe APDU is sent to the wipe applet over the baseband interface. The applet moves the ISD state to card locked, effectively denying access to applets and security domains on the eSE 43. It should be noted that this step should take place after the third step, since otherwise communication may not be possible with the applets that wipe the emulation layers in those steps. After this step, although the eSE 43 still includes personalized applets, these applets are no longer accessible to anyone but the TSM 36. From the end user's perspective, the eSE 43 is “wiped”.
  • In a fifth step, the mobile device 32 is wiped. The mobile device 32 is wiped by operating system (OS) code, for example.
  • In a sixth step, the mobile device 32 restarts. The mobile device 32 restarts after the wipe is successful.
  • In a seventh step, an eSE proxy (not shown) signals the TSM 36. The eSE proxy starts up and detects that the ISD is in a card locked state (by attempting to select the ISD over the baseband interface, or by checking the persistent flag indicating the eSE 43 has been locked. It then waits for a data connection and signals the TSM 36 that the eSE 43 needs to be wiped.
  • In an eighth step, the eSE 43 is wiped. The TSM 36 deletes all applets from the eSE 43. It should be noted that in some embodiments, selective access to the eSE 43 may be provided over the baseband interface. For example, an application from a mobile device manufacturer may be allowed to access the eSE 43 for the purposes of wiping the eSE, while access from third party applications may be restricted.
  • In a ninth step, access to eSE primary interface APIs and the NFC transceiver 42 are restored. Once the TSM 36 is satisfied that all applets have been deleted from the eSE 43, it signals the eSE proxy that a persistent flag indicating the eSE 43 has been locked. At this stage, eSE primary interface APIs are unlocked to third parties, and the NFC transceiver 42 is permitted to enter card emulation mode again. The eSE 43, at this point, has been reset to a factory state. It should be noted that in different embodiments steps other steps may be performed, or some steps may be performed in different orders.
  • Referring now to the flowchart 60 of FIG. 4, related method aspects are now described. Beginning at Block 62, the processor 35 determines whether a security condition has been initiated (Block 64). For example, the securing condition may comprise a wipe, or entering a wrong password a given number of times (which may also trigger a wipe in some embodiments). If a security condition is determined, the processor 35 disables the NFC transceiver 42 (Block 66). The processor 35 then disables access to the first plurality of applications on the first memory 43 (Block 68). At Block 70, the processor 35 erases the second application from the second memory 44. A reset operation is performed by the processor 35 (Block 72). At Block 74, the security server 36 sends a signal to the processor 35 via the wireless transceiver 34 once a connection is established therewith. At Block 76 the processor 35 erases the first plurality of applications from the first memory 43 if the signal from the security server 36 is received. The NFC transceiver 42 at Block 78 is re-enabled after the first plurality of applications is erased. The method ends at Block 80.
  • Turning now to FIG. 5, a related communications system 130 illustratively includes an NFC terminal 131, a communications device 132 (e.g., a mobile wireless communication device), and a security server 136, which are similar to those described above. In particular, in the present example the communications device 132 illustratively includes a housing 133 carrying a wireless transceiver 134, a NFC device 140, an input device(s) 145, a display 146, one or more memories 147, and a processor 135. The wireless transceiver 134, NFC device 140, input device 145, display 146, and memory 147 are illustratively coupled with the processor 135, and these components are similar to the counterpart components described above except as otherwise described below.
  • The NFC device 140 has one or more NFC APIs 150 associated therewith. Moreover, the memory 147 may be part of the NFC device 140 in some embodiments, it may be a separate memory (e.g., SD card, SIM card, etc.), or both types of memories may be used, as noted above. In the present example, the memory 147 illustratively includes secure element (SE) application data 148 to be communicated via the NFC device 140 (e.g., a secure applet, account information, etc.), and an SE API 149 associated with the secure application data. As noted above, the API controls access to the SE application data 148 stored in the memory 147.
  • As also noted above, SEs are where NFC applets such as payment (e.g., credit or debit card, etc.), transit, physical access control, and other secure applications are stored. In conjunction with the NFC device 140, the SE will allow the mobile device 132 to act as a payment or access card, for example. Typically, installation and removal or deletion of applications from an SE may only be performed by a third party entity that holds the master keys (i.e., issuer security domain keys) to authenticate with the SE. The third party entity (e.g., TSM) may open a cryptographically secure channel to the secure element (e.g., using a proxy application running on the mobile device 132 to access the SE). For example, when a credit card applet is to be installed on the SE of the mobile device 132, the TSM, after receiving the appropriate instructions from the given bank, will open a secure channel to a secure element and install the appropriate credit card applet. Subsequently, if the credit card applet is to be removed or deleted, the TSM will remove it.
  • Such TSM operations require a communications link between the proxy and the TSM (typically an over-the-air connection in the case of a mobile wireless communications device, as described above). Again, this may create a problem in that if the user wants to wipe the mobile device 132 before giving it away or disposing of it, etc., the user may not have coverage, either because of being out of wireless communications range, account cancellation, SIM card removal, etc. Without coverage, the TSM will not be able to issue the appropriate delete commands, so even after a security wiping of the mobile device 132, the memory 147 will still retain all of the SE application data 148. Thus, for example, a credit card may still be used after the mobile device 132 is wiped and handed off to another user.
  • With further reference to the flow diagram 160 of FIG. 6, beginning at Block 162, the processor 135 is configured to disable the SE API 149 to prevent access to the SE application data 148 based upon a security condition such as a device wipe, at Blocks 164, 166. In particular, the disabling may occur despite the wireless transceiver 134 not being in communication with the security server 136 (e.g., TSM) via a wireless communications network. Another security condition that may trigger disabling of the SE API 149 may include a threshold number of unsuccessful access attempts to access the mobile device 132 via the input device 145 (e.g., incorrectly entered passwords, etc.), as noted above.
  • Still another security condition that may trigger disabling of the SE API 149 is a security command entered via the input device 145. For example, in some instances a user may desire to temporarily disable the SE application data 148 so that the mobile device 132 may be loaned to another user without allowing the other user to access the SE data, but not completely wipe the mobile device. In such cases, a security command (e.g., selection of a security option from an on-screen menu, etc.) may be used to temporarily cause the processor 135 to disable the SE API 149 so that the SE application data 148 may not be accessed.
  • In some embodiments, write access to the memory 147 may optionally be selectively disabled while the SE API is disabled, at Block 168. That is, the processor 135 may prevent any further SE data from being written to or installed on the memory 147 by TSMs until the security condition has been resolved, as will be discussed further below. However, in the interim, the processor 135 may optionally enable (or continue to allow) the NFC API 150 to perform NFC communication while the SE API 149 remains disabled for other NFC applications that do not require access to the SE data 148, at Block 147.
  • The processor 135 may enable the SE API 149 to again allow access to the SE data 148 based upon a security restore event, at Blocks 172, 174, which concludes the illustrated method (Block 176). Accordingly, the processor 135 may advantageously prevent access to the SE data 148 without having to wait for a TSM to authorize deletion of the secure application data, for example. By way of example, the security restore event may include receiving a secure application data delete command via the wireless transceiver 134, such as a delete command from the TSM that issued the SE data 148. In the case of a user that temporarily disables the SE API 149 as described above, the security restore event may comprise providing a secure password, biometric, etc., to restore NFC communication for the SE API.
  • Accordingly, the processor 135 is advantageously able to disable or suspend the SE API 149 and the ability for the NFC device 140 to route NFC traffic to the SE API if a security condition occurs. Thus, after the mobile device 132 is wiped, etc., even though SE data 148 remains in the memory 147, the processor 135 prevents NFC device 140 traffic from being routed to or from the SE API 149. As such, the SE data 148 may not be accessed by the NFC terminal 131 (e.g., an external point-of-sale terminal) for the purposes of performing a payment or other secure transaction.
  • Moreover, the processor 135 may, for example, only allow NFC device 140 traffic to resume routing to the SE API 149 after a delete command has been successfully received from the TSM and injected to delete the SE application data 148, etc. This way, it may be assured that the SE data 148 has been deleted before allowing a next user, for example, to activate NFC device 140 communication routing to the memory 147. In some example embodiments, the processor 135 may also lock baseband access to the SE data 148 (e.g. through JSR-177) unless the baseband access is being used to issue a delete command. Once the delete command has been issued, baseband access may be reinstated.
  • This example approach provides several advantages. For example, the mobile device 132 may be wiped at any time, regardless of whether it has coverage or whether there is a SIM inserted, without having to wait for a TSM to issue delete commands to the secure element to ensure SE data 148 protection. Then, before the SE API 149 or SE data 148 may effectively be used again, the processor 135 will enforce receipt of a cryptographically protected delete command from the TSM (in the case of a device wipe security condition) or appropriate security credentials before allowing the SE API 149 to be used again, such as through the NFC device 140 or the wireless transceiver 134.
  • A related non-transitory computer-readable medium example embodiment may have computer-executable instructions for causing the communications device 132 to perform steps including disabling the SE. API 149 to prevent access to the SE data 148 based upon a security condition, and enabling the SE API to again allow access to the SE data based upon a security restore event, as described further above. The non-transitory computer-readable medium may perform additional steps described above as well.
  • Example components of a mobile wireless communications device 1000 that may be used in accordance with the above-described embodiments are further described below with reference to FIG. 7. The device 1000 illustratively includes a housing 1200, a keyboard or keypad 1400 and an output device 1600. The output device shown is a display 1600, which may comprise a full graphic LCD. Other types of output devices may alternatively be utilized. A processing device 1800 is contained within the housing 1200 and is coupled between the keypad 1400 and the display 1600. The processing device 1800 controls the operation of the display 1600, as well as the overall operation of the mobile device 1000, in response to actuation of keys on the keypad 1400.
  • The housing 1200 may be elongated vertically, or may take on other sizes and shapes (including clamshell housing structures). The keypad may include a mode selection key, or other hardware or software for switching between text entry and telephony entry.
  • In addition to the processing device 1800, other parts of the mobile device 1000 are shown schematically in FIG. 7. These include a communications subsystem 1001; a short-range communications subsystem 1020; the keypad 1400 and the display 1600, along with other input/ output devices 1060, 1080, 1100 and 1120; as well as memory devices 1160, 1180 and various other device subsystems 1201. The mobile device 1000 may comprise a two-way RF communications device having data and, optionally, voice communications capabilities. In addition, the mobile device 1000 may have the capability to communicate with other computer systems via the Internet.
  • Operating system software executed by the processing device 1800 is stored in a persistent store, such as the flash memory 1160, but may be stored in other types of memory devices, such as a read only memory (ROM) or similar storage element. In addition, system software, specific device applications, or parts thereof, may be temporarily loaded into a volatile store, such as the random access memory (RAM) 1180. Communications signals received by the mobile device may also be stored in the RAM 1180.
  • The processing device 1800, in addition to its operating system functions, enables execution of software applications 1300A-1300N on the device 1000. A predetermined set of applications that control basic device operations, such as data and voice communications 1300A and 1300B, may be installed on the device 1000 during manufacture. In addition, a personal information manager (PIM) application may be installed during manufacture. The PIM may be capable of organizing and managing data items, such as e-mail, calendar events, voice mails, appointments, and task items. The PIM application may also be capable of sending and receiving data items via a wireless network 1401. The PIM data items may be seamlessly integrated, synchronized and updated via the wireless network 1401 with corresponding data items stored or associated with a host computer system.
  • Communication functions, including data and voice communications, are performed through the communications subsystem 1001, and possibly through the short-range communications subsystem. The communications subsystem 1001 includes a receiver 1500, a transmitter 1520, and one or more antennas 1540 and 1560. In addition, the communications subsystem 1001 also includes a processing module, such as a digital signal processor (DSP) 1580, and local oscillators (LOs) 1601. The specific design and implementation of the communications subsystem 1001 is dependent upon the communications network in which the mobile device 1000 is intended to operate. For example, a mobile device 1000 may include a communications subsystem 1001 designed to operate with the Mobitex™, Data TAC™ or General Packet Radio Service (GPRS) mobile data communications networks, and also designed to operate with any of a variety of voice communications networks, such as AMPS, TDMA, CDMA, WCDMA, PCS, GSM, EDGE, etc. Other types of data and voice networks, both separate and integrated, may also be utilized with the mobile device 1000. The mobile device 1000 may also be compliant with other communications standards such as 3GSM, 3GPP, UMTS, 4G, etc.
  • Network access requirements vary depending upon the type of communication system. For example, in the Mobitex and DataTAC networks, mobile devices are registered on the network using a unique personal identification number or PIN associated with each device. In GPRS networks, however, network access is associated with a subscriber or user of a device. A GPRS device therefore typically involves use of a subscriber identity module, commonly referred to as a SIM card, in order to operate on a GPRS network.
  • When required network registration or activation procedures have been completed, the mobile device 1000 may send and receive communications signals over the communication network 1401. Signals received from the communications network 1401 by the antenna 1540 are routed to the receiver 1500, which provides for signal amplification, frequency down conversion, filtering, channel selection, etc., and may also provide analog to digital conversion. Analog-to-digital conversion of the received signal allows the DSP 1580 to perform more complex communications functions, such as demodulation and decoding. In a similar manner, signals to be transmitted to the network 1401 are processed (e.g. modulated and encoded) by the DSP 1580 and are then provided to the transmitter 1520 for digital to analog conversion, frequency up conversion, filtering, amplification and transmission to the communication network 1401 (or networks) via the antenna 1560.
  • In addition to processing communications signals, the DSP 1580 provides for control of the receiver 1500 and the transmitter 1520. For example, gains applied to communications signals in the receiver 1500 and transmitter 1520 may be adaptively controlled through automatic gain control algorithms implemented in the DSP 1580.
  • In a data communications mode, a received signal, such as a text message or web page download, is processed by the communications subsystem 1001 and is input to the processing device 1800. The received signal is then further processed by the processing device 1800 for an output to the display 1600, or alternatively to some other auxiliary I/O device 1060. A device may also be used to compose data items, such as e-mail messages, using the keypad 1400 and/or some other auxiliary I/O device 1060, such as a touchpad, a rocker switch, a thumb-wheel, or some other type of input device. The composed data items may then be transmitted over the communications network 1401 via the communications subsystem 1001.
  • In a voice communications mode, overall operation of the device is substantially similar to the data communications mode, except that received signals are output to a speaker 1100, and signals for transmission are generated by a microphone 1120. Alternative voice or audio I/O subsystems, such as a voice message recording subsystem, may also be implemented on the device 1000. In addition, the display 1600 may also be utilized in voice communications mode, for example to display the identity of a calling party, the duration of a voice call, or other voice call related information.
  • The short-range communications subsystem enables communication between the mobile device 1000 and other proximate systems or devices, which need not necessarily be similar devices. For example, the short-range communications subsystem may include an infrared device and associated circuits and components, a Bluetooth™ communications module to provide for communication with similarly-enabled systems and devices, or a near field communications (NFC) sensor for communicating with a NFC device or NFC tag via NFC communications.
  • Many modifications and other embodiments will come to the mind of one skilled in the art having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is understood that various modifications and embodiments are intended to be included within the scope of the appended claims.

Claims (24)

1. A communications device comprising:
a near field communication (NFC) device;
at least one memory configured to store secure application data to be communicated via said NFC device and a secure element (SE) application programming interface (API) associated with the secure application data; and
a processor coupled with said NFC device and with said at least one memory, the processor being configured to
disable the SE API to prevent access to the secure application data based upon a security condition, and
enable the SE API to allow access to the secure application data based upon a security restore event.
2. The communications device of claim 1 further comprising a wireless transceiver coupled with said processor; and wherein the security condition comprises initiation of a wipe while said wireless transceiver is not in communication with a wireless communications network.
3. The communications device of claim 1 further comprising an input device coupled with said processor; and
wherein the security condition comprises a threshold number of unsuccessful device authentication attempts via said input device.
4. The communications device of claim 1 further comprising an input device coupled to said processor; and wherein the security condition comprises a security command entered via said input device.
5. The communications device of claim 1 further comprising a wireless transceiver coupled with said processor; and wherein the security restore event comprises receiving a secure application data delete command via said wireless transceiver.
6. The communications device of claim 1 further comprising an input device coupled with said processor; and wherein the security restore event comprises receiving a security restore command via said input device.
7. The communications device of claim 1 wherein said NFC device has an NFC API associated therewith; and wherein said processor is further configured to enable said NFC API for NFC communication while the SE API is disabled.
8. The communications device of claim 1 wherein said processor is further configured to disable write access to said memory based upon the occurrence of the security condition.
9. A communications system comprising:
a near field communication (NFC) terminal; and
a communications device configured to communicate with said NFC terminal, the communications device comprising
a NFC device,
at least one memory configured to store secure application data to be communicated via said NFC device to said NFC terminal and a secure element (SE) application programming interface (API) associated with the secure application data, and
a processor coupled with said NFC device and with said at least one memory, the processor being configured to
disable the SE API to prevent access to the secure application data based upon a security condition, and
enable the SE API to allow access to the secure application data based upon a security restore event.
10. The communications system of claim 9 wherein said communications device further comprises a wireless transceiver coupled with said processor; and wherein the security condition comprises initiation of a wipe while said wireless transceiver is not in communication with a wireless communications network.
11. The communications system of claim 9 wherein said communications device further comprises an input device coupled with said processor; and wherein the security condition comprises a threshold number of unsuccessful device authentication attempts via said input device.
12. The communications system of claim 9 wherein said communications device further comprises an input device coupled to said processor; and wherein the security condition comprises a security command entered via said input device.
13. The communications system of claim 9 wherein said communications device further comprises a wireless transceiver coupled with said processor; and wherein the security restore event comprises receiving a secure application data delete command via said wireless transceiver.
14. The communications system of claim 9 wherein said communications device further comprises an input device coupled with said processor; and wherein the security restore event comprises receiving a security restore command via said input device.
15. A method for operating a communications device comprising a near field communication (NFC) device and at least one memory configured to store secure application data to be communicated via the NFC device and a secure element (SE) application programming interface (API) associated with the secure application data, the method comprising:
disabling the SE API to prevent access to the secure application data based upon a security condition; and
enabling the SE API to allow access to the secure application data based upon a security restore event.
16. The method of claim 15 wherein the communications device further comprises a wireless transceiver coupled with the processor; and wherein the security condition comprises initiation of a wipe while the wireless transceiver is not in communication with a wireless communications network.
17. The method of claim 15 wherein the communications device further comprises an input device; and wherein the security condition comprises a threshold number of unsuccessful device authentication attempts via the input device.
18. The method of claim 15 wherein the communications device further comprises an input device; and wherein the security condition comprises a security command entered via the input device.
19. The method of claim 15 wherein the communications device further comprises a wireless transceiver coupled with the processor; and wherein the security restore event comprises receiving a secure application data delete command via the wireless transceiver.
20. A non-transitory computer-readable medium for a communications device comprising a near field communication (NFC) device and at least one memory configured to store secure application data to be communicated via the NFC device and a secure element (SE) application programming interface (API) associated with the secure application data, the non-transitory computer-readable medium having computer-executable instructions for causing the communications device to perform steps comprising:
disabling the SE API to prevent access to the secure application data based upon a security condition; and
enabling the SE API to allow access to the secure application data based upon a security restore event.
21. The non-transitory computer-readable medium of claim 20 wherein the communications device further comprises a wireless transceiver; and wherein the security condition comprises initiation of a wipe while the wireless transceiver is not in communication with a wireless communications network.
22. The non-transitory computer-readable medium of claim 20 wherein the communications device further comprises an input device; and wherein the security condition comprises a threshold number of unsuccessful device authentication attempts via the input device.
23. The non-transitory computer-readable medium of claim 20 wherein the communications device further comprises an input device; and wherein the security condition comprises a security command entered via the input device.
24. The non-transitory computer-readable medium of claim 20 wherein the communications device further comprises a wireless transceiver; and wherein the security restore event comprises receiving a secure application data delete command via the wireless transceiver.
US13/157,685 2011-03-14 2011-06-10 Communications device providing near field communication (nfc) secure element disabling features related methods Abandoned US20120238206A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US13/157,685 US20120238206A1 (en) 2011-03-14 2011-06-10 Communications device providing near field communication (nfc) secure element disabling features related methods
EP12757420.0A EP2687037A4 (en) 2011-03-14 2012-03-14 Communications device providing near field communication (nfc) secure element disabling features related methods
CA2829620A CA2829620A1 (en) 2011-03-14 2012-03-14 Communications device providing near field communication (nfc) secure element disabling features related methods
PCT/CA2012/050152 WO2012122648A1 (en) 2011-03-14 2012-03-14 Communications device providing near field communication (nfc) secure element disabling features related methods
TW101108718A TW201246822A (en) 2011-03-14 2012-03-14 Communications device providing near field communication (NFC) secure element disabling features related methods

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161452511P 2011-03-14 2011-03-14
US13/157,685 US20120238206A1 (en) 2011-03-14 2011-06-10 Communications device providing near field communication (nfc) secure element disabling features related methods

Publications (1)

Publication Number Publication Date
US20120238206A1 true US20120238206A1 (en) 2012-09-20

Family

ID=46828835

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/157,685 Abandoned US20120238206A1 (en) 2011-03-14 2011-06-10 Communications device providing near field communication (nfc) secure element disabling features related methods
US13/418,760 Active 2032-09-08 US8670714B2 (en) 2011-03-14 2012-03-13 Mobile wireless communications device having a near field communication (NFC) device and providing memory erasure and related methods

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/418,760 Active 2032-09-08 US8670714B2 (en) 2011-03-14 2012-03-13 Mobile wireless communications device having a near field communication (NFC) device and providing memory erasure and related methods

Country Status (6)

Country Link
US (2) US20120238206A1 (en)
EP (2) EP2687037A4 (en)
CN (1) CN103370954B (en)
CA (2) CA2824069C (en)
TW (2) TW201244401A (en)
WO (2) WO2012122647A1 (en)

Cited By (212)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070218837A1 (en) * 2006-03-14 2007-09-20 Sony Ericsson Mobile Communications Ab Data communication in an electronic device
US20120244805A1 (en) * 2011-03-21 2012-09-27 Nokia Corporation Method and apparatus for battery with secure element
US20130152185A1 (en) * 2011-12-09 2013-06-13 Research In Motion Limited Transaction provisioning for mobile wireless communications devices and related methods
US20130171967A1 (en) * 2012-01-04 2013-07-04 Ayman S. Ashour Providing Secure Execution of Mobile Device Workflows
US20130246260A1 (en) * 2011-12-01 2013-09-19 Barclays Bank Plc Mobile Payment Transaction System
US20130254844A1 (en) * 2012-03-21 2013-09-26 Infineon Technologies Ag Targeted Muting for Communication Between Electronic Appliances
US20140007183A1 (en) * 2011-10-11 2014-01-02 Zenprise, Inc. Controlling mobile device access to enterprise resources
US8649770B1 (en) 2012-07-02 2014-02-11 Sprint Communications Company, L.P. Extended trusted security zone radio modem
US8667607B2 (en) 2012-07-24 2014-03-04 Sprint Communications Company L.P. Trusted security zone access to peripheral devices
US8712407B1 (en) * 2012-04-05 2014-04-29 Sprint Communications Company L.P. Multiple secure elements in mobile electronic device with near field communication capability
US8752140B1 (en) 2012-09-11 2014-06-10 Sprint Communications Company L.P. System and methods for trusted internet domain networking
EP2741466A1 (en) * 2012-12-10 2014-06-11 Oberthur Technologies Method and system for managing a built-in secured element eSE
US20140270174A1 (en) * 2013-03-15 2014-09-18 Tyfone, Inc. Personal digital identity device responsive to user interaction with user authentication factor captured in mobile device
US20140298484A1 (en) * 2013-03-26 2014-10-02 Jvl Ventures Llc Systems, methods, and computer program products for managing access control
US8862181B1 (en) 2012-05-29 2014-10-14 Sprint Communications Company L.P. Electronic purchase transaction trust infrastructure
US8863252B1 (en) * 2012-07-25 2014-10-14 Sprint Communications Company L.P. Trusted access to third party applications systems and methods
EP2793498A1 (en) * 2013-04-17 2014-10-22 Oberthur Technologies Secure element for telecommunication terminal
WO2014170775A1 (en) * 2013-04-17 2014-10-23 Telefonaktiebolaget L M Ericsson (Publ) System, method, and device for exposing wireless module data storage
US20140315485A1 (en) * 2013-04-19 2014-10-23 Nxp B.V. Secure near field communication solutions and circuits
US8881977B1 (en) 2013-03-13 2014-11-11 Sprint Communications Company L.P. Point-of-sale and automated teller machine transactions using trusted mobile access device
US20140337956A1 (en) * 2013-05-07 2014-11-13 Prathamesh Anand Korgaonkar System and method for multifactor authentication and login through smart wrist watch using near field communication
US8954588B1 (en) 2012-08-25 2015-02-10 Sprint Communications Company L.P. Reservations in real-time brokering of digital content delivery
US8984592B1 (en) 2013-03-15 2015-03-17 Sprint Communications Company L.P. Enablement of a trusted security zone authentication for remote mobile device management systems and methods
US8989705B1 (en) 2009-06-18 2015-03-24 Sprint Communications Company L.P. Secure placement of centralized media controller application in mobile access terminal
US9015068B1 (en) 2012-08-25 2015-04-21 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
US9021585B1 (en) 2013-03-15 2015-04-28 Sprint Communications Company L.P. JTAG fuse vulnerability determination and protection using a trusted execution environment
US9027102B2 (en) 2012-05-11 2015-05-05 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US9049186B1 (en) 2013-03-14 2015-06-02 Sprint Communications Company L.P. Trusted security zone re-provisioning and re-use capability for refurbished mobile devices
US9049013B2 (en) 2013-03-14 2015-06-02 Sprint Communications Company L.P. Trusted security zone containers for the protection and confidentiality of trusted service manager data
US9066230B1 (en) 2012-06-27 2015-06-23 Sprint Communications Company L.P. Trusted policy and charging enforcement function
US9069952B1 (en) 2013-05-20 2015-06-30 Sprint Communications Company L.P. Method for enabling hardware assisted operating system region for safe execution of untrusted code using trusted transitional memory
US20150200930A1 (en) * 2012-03-09 2015-07-16 Appsense Limited Method and apparatus for securing mobile applications
US9086689B2 (en) 2013-03-15 2015-07-21 Tyfone, Inc. Configurable personal digital identity device with imager responsive to user interaction
US9104840B1 (en) 2013-03-05 2015-08-11 Sprint Communications Company L.P. Trusted security zone watermark
US9118655B1 (en) 2014-01-24 2015-08-25 Sprint Communications Company L.P. Trusted display and transmission of digital ticket documentation
US9143938B2 (en) 2013-03-15 2015-09-22 Tyfone, Inc. Personal digital identity device responsive to user interaction
US9154500B2 (en) 2013-03-15 2015-10-06 Tyfone, Inc. Personal digital identity device with microphone responsive to user interaction
US9161227B1 (en) 2013-02-07 2015-10-13 Sprint Communications Company L.P. Trusted signaling in long term evolution (LTE) 4G wireless communication
US9161325B1 (en) 2013-11-20 2015-10-13 Sprint Communications Company L.P. Subscriber identity module virtualization
US9171243B1 (en) * 2013-04-04 2015-10-27 Sprint Communications Company L.P. System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device
US9183412B2 (en) 2012-08-10 2015-11-10 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9183606B1 (en) 2013-07-10 2015-11-10 Sprint Communications Company L.P. Trusted processing location within a graphics processing unit
US9183371B2 (en) 2013-03-15 2015-11-10 Tyfone, Inc. Personal digital identity device with microphone
US9185626B1 (en) 2013-10-29 2015-11-10 Sprint Communications Company L.P. Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning
US9191388B1 (en) 2013-03-15 2015-11-17 Sprint Communications Company L.P. Trusted security zone communication addressing on an electronic device
US9191522B1 (en) 2013-11-08 2015-11-17 Sprint Communications Company L.P. Billing varied service based on tier
US20150334515A1 (en) * 2012-12-20 2015-11-19 Alain HILTGEN Security enhancement for short-range wireless tokens
US9208339B1 (en) 2013-08-12 2015-12-08 Sprint Communications Company L.P. Verifying Applications in Virtual Environments Using a Trusted Security Zone
US9207650B2 (en) 2013-03-15 2015-12-08 Tyfone, Inc. Configurable personal digital identity device responsive to user interaction with user authentication factor captured in mobile device
US9215180B1 (en) 2012-08-25 2015-12-15 Sprint Communications Company L.P. File retrieval in real-time brokering of digital content
US9215592B2 (en) 2013-03-15 2015-12-15 Tyfone, Inc. Configurable personal digital identity device responsive to user interaction
US9226145B1 (en) 2014-03-28 2015-12-29 Sprint Communications Company L.P. Verification of mobile device integrity during activation
US9231945B2 (en) 2013-03-15 2016-01-05 Tyfone, Inc. Personal digital identity device with motion sensor
US9230085B1 (en) 2014-07-29 2016-01-05 Sprint Communications Company L.P. Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
US9282898B2 (en) 2012-06-25 2016-03-15 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9286594B1 (en) 2013-11-08 2016-03-15 Sprint Communications Company L.P. Visually readable electronic label
EP2985717A4 (en) * 2013-04-12 2016-03-30 Fujitsu Ltd Data erasing device, data erasing method, program, and storage medium
US9319881B2 (en) 2013-03-15 2016-04-19 Tyfone, Inc. Personal digital identity device with fingerprint sensor
US9324016B1 (en) 2013-04-04 2016-04-26 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9344455B2 (en) * 2014-07-30 2016-05-17 Motorola Solutions, Inc. Apparatus and method for sharing a hardware security module interface in a collaborative network
US9374363B1 (en) 2013-03-15 2016-06-21 Sprint Communications Company L.P. Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device
US20160192180A1 (en) * 2014-12-24 2016-06-30 Fujitsu Limited Communication method, communication system, and communication management apparatus
US9392077B2 (en) 2012-10-12 2016-07-12 Citrix Systems, Inc. Coordinating a computing activity across applications and devices having multiple operation modes in an orchestration framework for connected devices
US9396424B1 (en) 2014-11-04 2016-07-19 Sprint Communications Company L.P. Radio frequency induced power reception management for a radio frequency identity (RFID) chip embedded in a mobile communication device
US9413736B2 (en) 2013-03-29 2016-08-09 Citrix Systems, Inc. Providing an enterprise application store
US9426604B1 (en) 2013-04-30 2016-08-23 Sprint Communications Company L.P. Prevention of inductive coupling between components of a mobile communication device
US9436165B2 (en) 2013-03-15 2016-09-06 Tyfone, Inc. Personal digital identity device with motion sensor responsive to user interaction
US9443088B1 (en) 2013-04-15 2016-09-13 Sprint Communications Company L.P. Protection for multimedia files pre-downloaded to a mobile device
US9448543B2 (en) 2013-03-15 2016-09-20 Tyfone, Inc. Configurable personal digital identity device with motion sensor responsive to user interaction
US9455886B2 (en) 2013-03-29 2016-09-27 Citrix Systems, Inc. Providing mobile device management functionalities
US9454723B1 (en) 2013-04-04 2016-09-27 Sprint Communications Company L.P. Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device
US9460573B1 (en) 2014-02-27 2016-10-04 Sprint Communications Company, L.P. Autonomous authentication of a reader by a radio frequency identity (RFID) device
US9473945B1 (en) 2015-04-07 2016-10-18 Sprint Communications Company L.P. Infrastructure for secure short message transmission
EP3086257A1 (en) * 2015-04-24 2016-10-26 Gemalto Sa Method of managing a secure element embedded in a host device
US9521147B2 (en) 2011-10-11 2016-12-13 Citrix Systems, Inc. Policy based application management
US9521117B2 (en) 2012-10-15 2016-12-13 Citrix Systems, Inc. Providing virtualized private network tunnels
US9560519B1 (en) 2013-06-06 2017-01-31 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
EP3020013A4 (en) * 2013-07-12 2017-02-15 Google, Inc. Systems, methods, and computer program products for enabling instrument credentials
US9578664B1 (en) 2013-02-07 2017-02-21 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9591434B1 (en) * 2015-04-27 2017-03-07 Sprint Communications Company L.P. Virtual private network (VPN) tunneling in a user equipment (UE) brokered by a radio frequency identity (RFID) chip communicatively coupled to the user equipment
US20170078299A1 (en) * 2015-09-11 2017-03-16 Bank Of America Corporation Controlling access to data
US9602474B2 (en) 2012-10-16 2017-03-21 Citrix Systems, Inc. Controlling mobile device access to secure data
US9603090B2 (en) 2013-08-08 2017-03-21 Apple Inc. Management of near field communications using low power modes of an electronic device
US9606774B2 (en) 2012-10-16 2017-03-28 Citrix Systems, Inc. Wrapping an application with field-programmable business logic
US9609541B2 (en) 2014-12-31 2017-03-28 Motorola Solutions, Inc. Method and apparatus for device collaboration via a hybrid network
US9613208B1 (en) 2013-03-13 2017-04-04 Sprint Communications Company L.P. Trusted security zone enhanced with trusted hardware drivers
US9654508B2 (en) 2012-10-15 2017-05-16 Citrix Systems, Inc. Configuring and providing profiles that manage execution of mobile applications
US9681293B2 (en) 2011-12-12 2017-06-13 Sony Corporation System for transmitting a data signal in a network, method, mobile transmitting device and network device
EP3220332A1 (en) * 2016-03-14 2017-09-20 Samsung Electronics Co., Ltd Method of processing card operating information and electronic device supporting the same
US9774658B2 (en) 2012-10-12 2017-09-26 Citrix Systems, Inc. Orchestration framework for connected devices
US9779232B1 (en) 2015-01-14 2017-10-03 Sprint Communications Company L.P. Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
US9781598B2 (en) 2013-03-15 2017-10-03 Tyfone, Inc. Personal digital identity device with fingerprint sensor responsive to user interaction
US9817992B1 (en) 2015-11-20 2017-11-14 Sprint Communications Company Lp. System and method for secure USIM wireless network access
US9819679B1 (en) 2015-09-14 2017-11-14 Sprint Communications Company L.P. Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
US9838869B1 (en) 2013-04-10 2017-12-05 Sprint Communications Company L.P. Delivering digital content to a mobile device via a digital rights clearing house
US9838868B1 (en) 2015-01-26 2017-12-05 Sprint Communications Company L.P. Mated universal serial bus (USB) wireless dongles configured with destination addresses
US9960812B2 (en) 2014-11-14 2018-05-01 Qualcomm Incorporated Advanced routing mechanisms for secure elements
US9971585B2 (en) 2012-10-16 2018-05-15 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US9985850B2 (en) 2013-03-29 2018-05-29 Citrix Systems, Inc. Providing mobile device management functionalities
KR20180096257A (en) * 2017-02-21 2018-08-29 삼성전자주식회사 Method for managing identification information and electronic device supporting the same
US10097584B2 (en) 2013-03-29 2018-10-09 Citrix Systems, Inc. Providing a managed browser
US10162959B2 (en) * 2012-10-15 2018-12-25 At&T Intellectual Property I, L.P. Method and apparatus for providing subscriber identity module-based data encryption and remote management of portable storage devices
US10198726B2 (en) 2013-08-08 2019-02-05 Apple Inc. Low power mode for payment transactions
US10282719B1 (en) 2015-11-12 2019-05-07 Sprint Communications Company L.P. Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
US10284627B2 (en) 2013-03-29 2019-05-07 Citrix Systems, Inc. Data management for an application with multiple operation modes
US10306052B1 (en) 2014-05-20 2019-05-28 Invincea, Inc. Methods and devices for secure authentication to a compute device
US10425129B1 (en) 2019-02-27 2019-09-24 Capital One Services, Llc Techniques to reduce power consumption in near field communication systems
US10438437B1 (en) 2019-03-20 2019-10-08 Capital One Services, Llc Tap to copy data to clipboard via NFC
US10467445B1 (en) 2019-03-28 2019-11-05 Capital One Services, Llc Devices and methods for contactless card alignment with a foldable mobile device
US10467622B1 (en) 2019-02-01 2019-11-05 Capital One Services, Llc Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms
US10476885B2 (en) 2013-03-29 2019-11-12 Citrix Systems, Inc. Application with multiple operation modes
US10489781B1 (en) 2018-10-02 2019-11-26 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10499249B1 (en) 2017-07-11 2019-12-03 Sprint Communications Company L.P. Data link layer trust signaling in communication network
US10498401B1 (en) 2019-07-15 2019-12-03 Capital One Services, Llc System and method for guiding card positioning using phone sensors
US10506426B1 (en) 2019-07-19 2019-12-10 Capital One Services, Llc Techniques for call authentication
US10505738B1 (en) 2018-10-02 2019-12-10 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10510074B1 (en) 2019-02-01 2019-12-17 Capital One Services, Llc One-tap payment using a contactless card
US10511443B1 (en) 2018-10-02 2019-12-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10516447B1 (en) 2019-06-17 2019-12-24 Capital One Services, Llc Dynamic power levels in NFC card communications
US10523708B1 (en) 2019-03-18 2019-12-31 Capital One Services, Llc System and method for second factor authentication of customer support calls
US10535062B1 (en) 2019-03-20 2020-01-14 Capital One Services, Llc Using a contactless card to securely share personal data stored in a blockchain
US10541995B1 (en) 2019-07-23 2020-01-21 Capital One Services, Llc First factor contactless card authentication system and method
US10542036B1 (en) 2018-10-02 2020-01-21 Capital One Services, Llc Systems and methods for signaling an attack on contactless cards
US10546444B2 (en) 2018-06-21 2020-01-28 Capital One Services, Llc Systems and methods for secure read-only authentication
US10554411B1 (en) 2018-10-02 2020-02-04 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10565587B1 (en) 2018-10-02 2020-02-18 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10582386B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10581611B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10579998B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10592710B1 (en) 2018-10-02 2020-03-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10607214B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10607216B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10615981B1 (en) 2018-10-02 2020-04-07 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10623393B1 (en) 2018-10-02 2020-04-14 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10630653B1 (en) 2018-10-02 2020-04-21 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10643420B1 (en) 2019-03-20 2020-05-05 Capital One Services, Llc Contextual tapping engine
US10657754B1 (en) 2019-12-23 2020-05-19 Capital One Services, Llc Contactless card and personal identification system
CN111191213A (en) * 2018-11-14 2020-05-22 华为终端有限公司 Method for deleting security service and electronic equipment
US10664941B1 (en) 2019-12-24 2020-05-26 Capital One Services, Llc Steganographic image encoding of biometric template information on a card
US10680824B2 (en) 2018-10-02 2020-06-09 Capital One Services, Llc Systems and methods for inventory management using cryptographic authentication of contactless cards
US10685350B2 (en) 2018-10-02 2020-06-16 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10686603B2 (en) 2018-10-02 2020-06-16 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10701560B1 (en) 2019-10-02 2020-06-30 Capital One Services, Llc Client device authentication using contactless legacy magnetic stripe data
US10713649B1 (en) 2019-07-09 2020-07-14 Capital One Services, Llc System and method enabling mobile near-field communication to update display on a payment card
US10733601B1 (en) 2019-07-17 2020-08-04 Capital One Services, Llc Body area network facilitated authentication or payment authorization
US10733283B1 (en) 2019-12-23 2020-08-04 Capital One Services, Llc Secure password generation and management using NFC and contactless smart cards
US10733645B2 (en) 2018-10-02 2020-08-04 Capital One Services, Llc Systems and methods for establishing identity for order pick up
US10748138B2 (en) 2018-10-02 2020-08-18 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10757574B1 (en) 2019-12-26 2020-08-25 Capital One Services, Llc Multi-factor authentication providing a credential via a contactless card for secure messaging
US10771253B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10771254B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for email-based card activation
US10783519B2 (en) 2018-10-02 2020-09-22 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10797882B2 (en) 2018-10-02 2020-10-06 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10832271B1 (en) 2019-07-17 2020-11-10 Capital One Services, Llc Verified reviews using a contactless card
US10841091B2 (en) 2018-10-02 2020-11-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10853795B1 (en) 2019-12-24 2020-12-01 Capital One Services, Llc Secure authentication based on identity data stored in a contactless card
US10860914B1 (en) 2019-12-31 2020-12-08 Capital One Services, Llc Contactless card and method of assembly
US10862540B1 (en) 2019-12-23 2020-12-08 Capital One Services, Llc Method for mapping NFC field strength and location on mobile devices
US10861006B1 (en) 2020-04-30 2020-12-08 Capital One Services, Llc Systems and methods for data access control using a short-range transceiver
US10860814B2 (en) 2018-10-02 2020-12-08 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10871958B1 (en) 2019-07-03 2020-12-22 Capital One Services, Llc Techniques to perform applet programming
US10885410B1 (en) 2019-12-23 2021-01-05 Capital One Services, Llc Generating barcodes utilizing cryptographic techniques
US10885514B1 (en) 2019-07-15 2021-01-05 Capital One Services, Llc System and method for using image data to trigger contactless card transactions
US10908896B2 (en) 2012-10-16 2021-02-02 Citrix Systems, Inc. Application wrapping for application management framework
US10909527B2 (en) 2018-10-02 2021-02-02 Capital One Services, Llc Systems and methods for performing a reissue of a contactless card
US10909544B1 (en) 2019-12-26 2021-02-02 Capital One Services, Llc Accessing and utilizing multiple loyalty point accounts
US10915888B1 (en) 2020-04-30 2021-02-09 Capital One Services, Llc Contactless card with multiple rotating security keys
US10949520B2 (en) 2018-10-02 2021-03-16 Capital One Services, Llc Systems and methods for cross coupling risk analytics and one-time-passcodes
US10963865B1 (en) 2020-05-12 2021-03-30 Capital One Services, Llc Augmented reality card activation experience
US10970712B2 (en) 2019-03-21 2021-04-06 Capital One Services, Llc Delegated administration of permissions using a contactless card
US10984416B2 (en) 2019-03-20 2021-04-20 Capital One Services, Llc NFC mobile currency transfer
US10992477B2 (en) 2018-10-02 2021-04-27 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11030339B1 (en) 2020-04-30 2021-06-08 Capital One Services, Llc Systems and methods for data access control of personal user data using a short-range transceiver
US11037136B2 (en) 2019-01-24 2021-06-15 Capital One Services, Llc Tap to autofill card data
US11038688B1 (en) 2019-12-30 2021-06-15 Capital One Services, Llc Techniques to control applets for contactless cards
US11062098B1 (en) 2020-08-11 2021-07-13 Capital One Services, Llc Augmented reality information display and interaction via NFC based authentication
US11063979B1 (en) 2020-05-18 2021-07-13 Capital One Services, Llc Enabling communications between applications in a mobile operating system
US11100511B1 (en) 2020-05-18 2021-08-24 Capital One Services, Llc Application-based point of sale system in mobile operating systems
US11113685B2 (en) 2019-12-23 2021-09-07 Capital One Services, Llc Card issuing with restricted virtual numbers
US11120453B2 (en) 2019-02-01 2021-09-14 Capital One Services, Llc Tap card to securely generate card data to copy to clipboard
US11165586B1 (en) 2020-10-30 2021-11-02 Capital One Services, Llc Call center web-based authentication using a contactless card
US11182771B2 (en) 2019-07-17 2021-11-23 Capital One Services, Llc System for value loading onto in-vehicle device
US11200563B2 (en) 2019-12-24 2021-12-14 Capital One Services, Llc Account registration using a contactless card
US11210664B2 (en) 2018-10-02 2021-12-28 Capital One Services, Llc Systems and methods for amplifying the strength of cryptographic algorithms
US11210656B2 (en) 2020-04-13 2021-12-28 Capital One Services, Llc Determining specific terms for contactless card activation
US11216799B1 (en) 2021-01-04 2022-01-04 Capital One Services, Llc Secure generation of one-time passcodes using a contactless card
US11222342B2 (en) 2020-04-30 2022-01-11 Capital One Services, Llc Accurate images in graphical user interfaces to enable data transfer
US11227280B2 (en) 2019-03-25 2022-01-18 Capital One Services, Llc Systems and methods for increased efficiency and reliability of contactless card transactions
US11245438B1 (en) 2021-03-26 2022-02-08 Capital One Services, Llc Network-enabled smart apparatus and systems and methods for activating and provisioning same
US11354555B1 (en) 2021-05-04 2022-06-07 Capital One Services, Llc Methods, mediums, and systems for applying a display to a transaction card
US11361302B2 (en) 2019-01-11 2022-06-14 Capital One Services, Llc Systems and methods for touch screen interface interaction using a card overlay
US11373169B2 (en) 2020-11-03 2022-06-28 Capital One Services, Llc Web-based activation of contactless cards
US11392933B2 (en) 2019-07-03 2022-07-19 Capital One Services, Llc Systems and methods for providing online and hybridcard interactions
US11438329B2 (en) 2021-01-29 2022-09-06 Capital One Services, Llc Systems and methods for authenticated peer-to-peer data transfer using resource locators
US11455620B2 (en) 2019-12-31 2022-09-27 Capital One Services, Llc Tapping a contactless card to a computing device to provision a virtual number
US11482312B2 (en) 2020-10-30 2022-10-25 Capital One Services, Llc Secure verification of medical status using a contactless card
US11521262B2 (en) 2019-05-28 2022-12-06 Capital One Services, Llc NFC enhanced augmented reality information overlays
US11521213B2 (en) 2019-07-18 2022-12-06 Capital One Services, Llc Continuous authentication for digital services based on contactless card positioning
US11556915B2 (en) 2013-08-08 2023-01-17 Apple Inc. Low power mode for payment transactions
US11562358B2 (en) 2021-01-28 2023-01-24 Capital One Services, Llc Systems and methods for near field contactless card communication and cryptographic authentication
US11615395B2 (en) 2019-12-23 2023-03-28 Capital One Services, Llc Authentication for third party digital wallet provisioning
US11637826B2 (en) 2021-02-24 2023-04-25 Capital One Services, Llc Establishing authentication persistence
US11651361B2 (en) 2019-12-23 2023-05-16 Capital One Services, Llc Secure authentication based on passport data stored in a contactless card
US11682012B2 (en) 2021-01-27 2023-06-20 Capital One Services, Llc Contactless delivery systems and methods
US11687930B2 (en) 2021-01-28 2023-06-27 Capital One Services, Llc Systems and methods for authentication of access tokens
US11694187B2 (en) 2019-07-03 2023-07-04 Capital One Services, Llc Constraining transactional capabilities for contactless cards
US11777933B2 (en) 2021-02-03 2023-10-03 Capital One Services, Llc URL-based authentication for payment cards
US11792001B2 (en) 2021-01-28 2023-10-17 Capital One Services, Llc Systems and methods for secure reprovisioning
US11823175B2 (en) 2020-04-30 2023-11-21 Capital One Services, Llc Intelligent card unlock
US11902442B2 (en) 2021-04-22 2024-02-13 Capital One Services, Llc Secure management of accounts on display devices using a contactless card
US11935035B2 (en) 2021-04-20 2024-03-19 Capital One Services, Llc Techniques to utilize resource locators by a contactless card to perform a sequence of operations
US11961089B2 (en) 2021-04-20 2024-04-16 Capital One Services, Llc On-demand applications to extend web services

Families Citing this family (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9047601B2 (en) * 2006-09-24 2015-06-02 RFCyber Corpration Method and apparatus for settling payments using mobile devices
US8874038B2 (en) * 2011-06-29 2014-10-28 Broadcom Corporation Secure communications via NFC device
US20140323045A1 (en) * 2011-11-15 2014-10-30 Famoco Nfc device and connection system of nfc devices
US10020847B2 (en) * 2011-11-15 2018-07-10 Famoco NFC device and connection system of NFC devices
CN112801656A (en) 2012-02-29 2021-05-14 苹果公司 Method, device and secure element for performing secure financial transactions on a device
US9038894B2 (en) * 2012-11-20 2015-05-26 Cellco Partnership Payment or other transaction through mobile device using NFC to access a contactless transaction card
CZ201387A3 (en) * 2013-02-08 2014-08-20 Telmax S.R.O. Terminal for handling passengers in public traffic
US9198119B2 (en) * 2013-03-05 2015-11-24 Qualcomm Incorporated Method and apparatus for peer-2-peer Wi-Fi ranging using near field communication
US10592890B2 (en) 2014-09-03 2020-03-17 Intel Corporation Methods and arrangements to complete online transactions
US9319088B2 (en) * 2013-05-09 2016-04-19 Intel Corporation Radio communication devices and methods for controlling a radio communication device
US20140372298A1 (en) 2013-06-13 2014-12-18 Research In Motion Limited Communication system with digital wallet having blank user card and related methods
US9287935B2 (en) * 2013-08-01 2016-03-15 Blackberry Limited Method and apparatus for anti-eavesdropping in vunerable NFC applications
US10181117B2 (en) 2013-09-12 2019-01-15 Intel Corporation Methods and arrangements for a personal point of sale device
US9077390B1 (en) 2013-12-18 2015-07-07 Nxp B.V. Wireless charging and communication
US10552830B2 (en) * 2013-12-23 2020-02-04 Apple Inc. Deletion of credentials from an electronic device
CN106462788B (en) 2014-03-18 2020-07-07 惠普发展公司,有限责任合伙企业 Security element
CN103873256B (en) * 2014-03-18 2017-02-22 飞天诚信科技股份有限公司 Working method of NFC token
JP6383187B2 (en) 2014-06-12 2018-08-29 キヤノン株式会社 COMMUNICATION DEVICE, COMMUNICATION DEVICE CONTROL METHOD, AND PROGRAM
TWI551173B (en) * 2014-09-12 2016-09-21 Space Micro - Position Mobile Device Management System and Its Management Method
TWI551074B (en) * 2014-10-01 2016-09-21 動信科技股份有限公司 Communication system and method for near field communication
US20170357798A1 (en) * 2016-06-12 2017-12-14 Apple Inc. Removal of credentials from an electronic device
EP3270620A1 (en) * 2016-07-13 2018-01-17 Gemalto Sa Method and devices for managing a secure element
US10931331B2 (en) * 2017-04-28 2021-02-23 Sony Corporation Communication device and method
EP3499938A1 (en) * 2017-12-13 2019-06-19 Gemalto Sa Method of managing a tamper-proof device comprising a plurality of software containers
US10972498B2 (en) * 2018-10-08 2021-04-06 International Business Machines Corporation Dynamic protection from detected to brute force attack
IT201800009917A1 (en) * 2018-10-30 2020-04-30 St Microelectronics Srl Tamper resistant device implementing an embedded Universal Integrated Circuit Card and corresponding electronic device, process and IT product
CN111414605B (en) * 2020-03-17 2023-07-18 Oppo(重庆)智能科技有限公司 Unlocking method and device of embedded security unit, electronic equipment and storage medium
CN112560082B (en) * 2020-12-01 2023-09-08 Oppo(重庆)智能科技有限公司 Method for locking terminal equipment and terminal equipment

Citations (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6480096B1 (en) * 1998-07-08 2002-11-12 Motorola, Inc. Method and apparatus for theft deterrence and secure data retrieval in a communication device
US20030028481A1 (en) * 1998-03-25 2003-02-06 Orbis Patents, Ltd. Credit card system and method
US20030065805A1 (en) * 2000-06-29 2003-04-03 Barnes Melvin L. System, method, and computer program product for providing location based services and mobile e-commerce
EP1501330A2 (en) * 2003-07-22 2005-01-26 Research In Motion Limited Security for mobile communications device
US20050234778A1 (en) * 2004-04-15 2005-10-20 David Sperduti Proximity transaction apparatus and methods of use thereof
US20060085847A1 (en) * 2004-10-15 2006-04-20 Citizen Watch Co., Ltd. Locking system and locking method
US20080045172A1 (en) * 2006-08-21 2008-02-21 Ibm Corporation Context-aware code provisioning for mobile devices
US20080051142A1 (en) * 2004-03-31 2008-02-28 Telenor Asa Subscriber Identity Module
US20080178300A1 (en) * 2007-01-19 2008-07-24 Research In Motion Limited Selectively wiping a remote device
US20090078761A1 (en) * 2004-08-12 2009-03-26 Codecard, Inc., A Nevada Corporation Financial and similar identification cards read by magnetic swipe card readers and methods relating thereto
US20090098825A1 (en) * 2005-03-07 2009-04-16 Heikki Huomo Method and mobile terminal device including smartcard module and near field communications
US20090247078A1 (en) * 2008-03-27 2009-10-01 Vladimir Sklovsky Method and Apparatus for Automatic Application Selection in an Electronic Device Using Multiple Discovery Managers
US20090265552A1 (en) * 2008-03-28 2009-10-22 Celltrust Corporation Systems and methods for secure short messaging service and multimedia messaging service
US20090313689A1 (en) * 2005-12-15 2009-12-17 Nystroem Sebastian Method, Device, And System For Network-Based Remote Control Over Contactless Secure Storages
EP2139196A1 (en) * 2008-06-26 2009-12-30 France Telecom Method and system for remotely blocking/unblocking NFC applications on a terminal
US20100190437A1 (en) * 2009-01-26 2010-07-29 Motorola, Inc. Wireless Communication Device for Providing at Least One Near Field Communication Service
US20100217709A1 (en) * 2008-09-22 2010-08-26 Christian Aabye Apparatus and method for preventing unauthorized access to payment application installed in contactless payment device
US20100330958A1 (en) * 2007-08-01 2010-12-30 Nxp B.V. Mobile communication device and method for disabling applications
US20110130118A1 (en) * 2009-12-01 2011-06-02 James Fan Service Models for Roaming Mobile Device
US8290433B2 (en) * 2007-11-14 2012-10-16 Blaze Mobile, Inc. Method and system for securing transactions made through a mobile communication device
US8479978B1 (en) * 1998-04-17 2013-07-09 Diebold Self-Service Systems Division Of Diebold, Incorporated Banking system controlled responsive to data bearing records
US8649335B2 (en) * 2009-12-01 2014-02-11 At&T Intellectual Property I, L.P. Service models for roaming mobile device
US8719102B1 (en) * 2007-09-27 2014-05-06 Sprint Communications Company L.P. Method and system for blocking confidential information at a point-of-sale reader from eavesdropping
US8869248B2 (en) * 2010-08-16 2014-10-21 Blackberry Limited Communication system providing wireless authentication for private data access and related methods

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1051855A (en) * 1996-07-31 1998-02-20 Sony Corp Method and equipment for communication
US6510501B1 (en) * 1999-05-11 2003-01-21 National Semiconductor Corporation Non-volatile memory read/write security protection feature selection through non-volatile memory bits
TW588243B (en) * 2002-07-31 2004-05-21 Trek 2000 Int Ltd System and method for authentication
US7205882B2 (en) * 2004-11-10 2007-04-17 Corestreet, Ltd. Actuating a security system using a wireless device
US7699233B2 (en) 2005-11-02 2010-04-20 Nokia Corporation Method for issuer and chip specific diversification
US9489109B2 (en) 2006-03-30 2016-11-08 Sony Ericsson Mobile Communication Ab Data communication in an electronic device
US8356361B2 (en) * 2006-11-07 2013-01-15 Spansion Llc Secure co-processing memory controller integrated into an embedded memory subsystem
EP2102775B1 (en) 2006-12-06 2019-07-03 Medtronic, Inc. Intelligent discovery of medical devices by a programming system
EP2171635B1 (en) 2007-05-29 2020-11-18 Absolute Software Corporation Offline data delete with false trigger protection
US20090037326A1 (en) 2007-07-30 2009-02-05 Sriram Chitti Virtual Card Selector for a Portable Electronic Device
ITMI20071623A1 (en) 2007-08-03 2009-02-04 Vetagro S R L SYNERGIC COMPOSITION INCLUDING FLAVORING SUBSTANCES AND ORGANIC ACIDS, AND ITS USE
WO2009105115A2 (en) 2008-02-22 2009-08-27 T-Mobile Usa, Inc. Data exchange initiated by tapping devices
US7979658B2 (en) * 2008-03-25 2011-07-12 Spansion Llc Secure management of memory regions in a memory
US20100082490A1 (en) 2008-09-30 2010-04-01 Apple Inc. Systems and methods for secure wireless transactions
US20100082445A1 (en) 2008-09-30 2010-04-01 Apple Inc. Smart menu options
US20100145854A1 (en) * 2008-12-08 2010-06-10 Motorola, Inc. System and method to enable a secure environment for trusted and untrusted processes to share the same hardware
US8725122B2 (en) 2009-05-13 2014-05-13 First Data Corporation Systems and methods for providing trusted service management services
US8650614B2 (en) 2009-05-29 2014-02-11 Ebay Inc. Interactive phishing detection (IPD)
US20100306531A1 (en) 2009-05-29 2010-12-02 Ebay Inc. Hardware-Based Zero-Knowledge Strong Authentication (H0KSA)
US8549586B2 (en) * 2011-12-06 2013-10-01 Broadcom Corporation System utilizing a secure element

Patent Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030028481A1 (en) * 1998-03-25 2003-02-06 Orbis Patents, Ltd. Credit card system and method
US8479978B1 (en) * 1998-04-17 2013-07-09 Diebold Self-Service Systems Division Of Diebold, Incorporated Banking system controlled responsive to data bearing records
US6480096B1 (en) * 1998-07-08 2002-11-12 Motorola, Inc. Method and apparatus for theft deterrence and secure data retrieval in a communication device
US20030065805A1 (en) * 2000-06-29 2003-04-03 Barnes Melvin L. System, method, and computer program product for providing location based services and mobile e-commerce
EP1501330A2 (en) * 2003-07-22 2005-01-26 Research In Motion Limited Security for mobile communications device
US20080051142A1 (en) * 2004-03-31 2008-02-28 Telenor Asa Subscriber Identity Module
US20050234778A1 (en) * 2004-04-15 2005-10-20 David Sperduti Proximity transaction apparatus and methods of use thereof
US20090078761A1 (en) * 2004-08-12 2009-03-26 Codecard, Inc., A Nevada Corporation Financial and similar identification cards read by magnetic swipe card readers and methods relating thereto
US20060085847A1 (en) * 2004-10-15 2006-04-20 Citizen Watch Co., Ltd. Locking system and locking method
US20090098825A1 (en) * 2005-03-07 2009-04-16 Heikki Huomo Method and mobile terminal device including smartcard module and near field communications
US20090313689A1 (en) * 2005-12-15 2009-12-17 Nystroem Sebastian Method, Device, And System For Network-Based Remote Control Over Contactless Secure Storages
US20080045172A1 (en) * 2006-08-21 2008-02-21 Ibm Corporation Context-aware code provisioning for mobile devices
US20080178300A1 (en) * 2007-01-19 2008-07-24 Research In Motion Limited Selectively wiping a remote device
US20100330958A1 (en) * 2007-08-01 2010-12-30 Nxp B.V. Mobile communication device and method for disabling applications
US8719102B1 (en) * 2007-09-27 2014-05-06 Sprint Communications Company L.P. Method and system for blocking confidential information at a point-of-sale reader from eavesdropping
US8290433B2 (en) * 2007-11-14 2012-10-16 Blaze Mobile, Inc. Method and system for securing transactions made through a mobile communication device
US20090247078A1 (en) * 2008-03-27 2009-10-01 Vladimir Sklovsky Method and Apparatus for Automatic Application Selection in an Electronic Device Using Multiple Discovery Managers
US8229354B2 (en) * 2008-03-27 2012-07-24 Motorola Mobility, Inc. Method and apparatus for automatic application selection in an electronic device using multiple discovery managers
US20090265552A1 (en) * 2008-03-28 2009-10-22 Celltrust Corporation Systems and methods for secure short messaging service and multimedia messaging service
EP2139196A1 (en) * 2008-06-26 2009-12-30 France Telecom Method and system for remotely blocking/unblocking NFC applications on a terminal
US20100217709A1 (en) * 2008-09-22 2010-08-26 Christian Aabye Apparatus and method for preventing unauthorized access to payment application installed in contactless payment device
US20100190437A1 (en) * 2009-01-26 2010-07-29 Motorola, Inc. Wireless Communication Device for Providing at Least One Near Field Communication Service
US20110130118A1 (en) * 2009-12-01 2011-06-02 James Fan Service Models for Roaming Mobile Device
US8649335B2 (en) * 2009-12-01 2014-02-11 At&T Intellectual Property I, L.P. Service models for roaming mobile device
US8737318B2 (en) * 2009-12-01 2014-05-27 At&T Intellectual Property I, L.P. Service models for roaming mobile device
US20140155038A1 (en) * 2009-12-01 2014-06-05 At & T Intellectual Property I, L.P. Service Models for Roaming Mobile Device
US8869248B2 (en) * 2010-08-16 2014-10-21 Blackberry Limited Communication system providing wireless authentication for private data access and related methods

Cited By (328)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070218837A1 (en) * 2006-03-14 2007-09-20 Sony Ericsson Mobile Communications Ab Data communication in an electronic device
US8989705B1 (en) 2009-06-18 2015-03-24 Sprint Communications Company L.P. Secure placement of centralized media controller application in mobile access terminal
US9204398B2 (en) * 2011-03-21 2015-12-01 Nokia Technologies Oy Method and apparatus for battery with secure element
US20120244805A1 (en) * 2011-03-21 2012-09-27 Nokia Corporation Method and apparatus for battery with secure element
US9521147B2 (en) 2011-10-11 2016-12-13 Citrix Systems, Inc. Policy based application management
US9378359B2 (en) 2011-10-11 2016-06-28 Citrix Systems, Inc. Gateway for controlling mobile device access to enterprise resources
US10044757B2 (en) 2011-10-11 2018-08-07 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US10402546B1 (en) 2011-10-11 2019-09-03 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US20140007183A1 (en) * 2011-10-11 2014-01-02 Zenprise, Inc. Controlling mobile device access to enterprise resources
US9529996B2 (en) * 2011-10-11 2016-12-27 Citrix Systems, Inc. Controlling mobile device access to enterprise resources
US10469534B2 (en) 2011-10-11 2019-11-05 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US10063595B1 (en) 2011-10-11 2018-08-28 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US11134104B2 (en) 2011-10-11 2021-09-28 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US20130246260A1 (en) * 2011-12-01 2013-09-19 Barclays Bank Plc Mobile Payment Transaction System
US8918855B2 (en) * 2011-12-09 2014-12-23 Blackberry Limited Transaction provisioning for mobile wireless communications devices and related methods
US20130152185A1 (en) * 2011-12-09 2013-06-13 Research In Motion Limited Transaction provisioning for mobile wireless communications devices and related methods
US9681293B2 (en) 2011-12-12 2017-06-13 Sony Corporation System for transmitting a data signal in a network, method, mobile transmitting device and network device
TWI634770B (en) * 2011-12-12 2018-09-01 新力股份有限公司 System for transmitting a data signal in a network, method, mobile transmitting device and network device
US20130171967A1 (en) * 2012-01-04 2013-07-04 Ayman S. Ashour Providing Secure Execution of Mobile Device Workflows
US20150200930A1 (en) * 2012-03-09 2015-07-16 Appsense Limited Method and apparatus for securing mobile applications
US9253170B2 (en) 2012-03-09 2016-02-02 Appsense Limited Method and apparatus for securing mobile applications
US9055432B2 (en) * 2012-03-21 2015-06-09 Infineon Technologies Ag Targeted muting for communication between electronic appliances
US20130254844A1 (en) * 2012-03-21 2013-09-26 Infineon Technologies Ag Targeted Muting for Communication Between Electronic Appliances
US8712407B1 (en) * 2012-04-05 2014-04-29 Sprint Communications Company L.P. Multiple secure elements in mobile electronic device with near field communication capability
US9813116B2 (en) 2012-05-08 2017-11-07 Nxp B.V. Secure near field communication solutions and circuits
US9906958B2 (en) 2012-05-11 2018-02-27 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US9027102B2 (en) 2012-05-11 2015-05-05 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US8862181B1 (en) 2012-05-29 2014-10-14 Sprint Communications Company L.P. Electronic purchase transaction trust infrastructure
US10154019B2 (en) 2012-06-25 2018-12-11 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9282898B2 (en) 2012-06-25 2016-03-15 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9066230B1 (en) 2012-06-27 2015-06-23 Sprint Communications Company L.P. Trusted policy and charging enforcement function
US8649770B1 (en) 2012-07-02 2014-02-11 Sprint Communications Company, L.P. Extended trusted security zone radio modem
US9210576B1 (en) 2012-07-02 2015-12-08 Sprint Communications Company L.P. Extended trusted security zone radio modem
US9268959B2 (en) 2012-07-24 2016-02-23 Sprint Communications Company L.P. Trusted security zone access to peripheral devices
US8667607B2 (en) 2012-07-24 2014-03-04 Sprint Communications Company L.P. Trusted security zone access to peripheral devices
US8863252B1 (en) * 2012-07-25 2014-10-14 Sprint Communications Company L.P. Trusted access to third party applications systems and methods
US9811672B2 (en) 2012-08-10 2017-11-07 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9183412B2 (en) 2012-08-10 2015-11-10 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9015068B1 (en) 2012-08-25 2015-04-21 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
US9384498B1 (en) 2012-08-25 2016-07-05 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
US8954588B1 (en) 2012-08-25 2015-02-10 Sprint Communications Company L.P. Reservations in real-time brokering of digital content delivery
US9215180B1 (en) 2012-08-25 2015-12-15 Sprint Communications Company L.P. File retrieval in real-time brokering of digital content
US8752140B1 (en) 2012-09-11 2014-06-10 Sprint Communications Company L.P. System and methods for trusted internet domain networking
US9774658B2 (en) 2012-10-12 2017-09-26 Citrix Systems, Inc. Orchestration framework for connected devices
US9392077B2 (en) 2012-10-12 2016-07-12 Citrix Systems, Inc. Coordinating a computing activity across applications and devices having multiple operation modes in an orchestration framework for connected devices
US9854063B2 (en) 2012-10-12 2017-12-26 Citrix Systems, Inc. Enterprise application store for an orchestration framework for connected devices
US9521117B2 (en) 2012-10-15 2016-12-13 Citrix Systems, Inc. Providing virtualized private network tunnels
US10162959B2 (en) * 2012-10-15 2018-12-25 At&T Intellectual Property I, L.P. Method and apparatus for providing subscriber identity module-based data encryption and remote management of portable storage devices
US9973489B2 (en) 2012-10-15 2018-05-15 Citrix Systems, Inc. Providing virtualized private network tunnels
US9654508B2 (en) 2012-10-15 2017-05-16 Citrix Systems, Inc. Configuring and providing profiles that manage execution of mobile applications
US10545748B2 (en) 2012-10-16 2020-01-28 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US9858428B2 (en) 2012-10-16 2018-01-02 Citrix Systems, Inc. Controlling mobile device access to secure data
US9602474B2 (en) 2012-10-16 2017-03-21 Citrix Systems, Inc. Controlling mobile device access to secure data
US9606774B2 (en) 2012-10-16 2017-03-28 Citrix Systems, Inc. Wrapping an application with field-programmable business logic
US9971585B2 (en) 2012-10-16 2018-05-15 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US10908896B2 (en) 2012-10-16 2021-02-02 Citrix Systems, Inc. Application wrapping for application management framework
US9578019B2 (en) 2012-12-10 2017-02-21 Oberthur Technologies Method and system for managing an embedded secure element eSE
EP2741466A1 (en) * 2012-12-10 2014-06-11 Oberthur Technologies Method and system for managing a built-in secured element eSE
FR2999319A1 (en) * 2012-12-10 2014-06-13 Oberthur Technologies METHOD AND SYSTEM FOR MANAGING AN INTEGRATED SECURE ELEMENT ESE
US9628942B2 (en) * 2012-12-20 2017-04-18 Ubs Ag Security enhancement for short-range wireless tokens
US20150334515A1 (en) * 2012-12-20 2015-11-19 Alain HILTGEN Security enhancement for short-range wireless tokens
US9578664B1 (en) 2013-02-07 2017-02-21 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9769854B1 (en) 2013-02-07 2017-09-19 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9161227B1 (en) 2013-02-07 2015-10-13 Sprint Communications Company L.P. Trusted signaling in long term evolution (LTE) 4G wireless communication
US9104840B1 (en) 2013-03-05 2015-08-11 Sprint Communications Company L.P. Trusted security zone watermark
US9613208B1 (en) 2013-03-13 2017-04-04 Sprint Communications Company L.P. Trusted security zone enhanced with trusted hardware drivers
US8881977B1 (en) 2013-03-13 2014-11-11 Sprint Communications Company L.P. Point-of-sale and automated teller machine transactions using trusted mobile access device
US9049186B1 (en) 2013-03-14 2015-06-02 Sprint Communications Company L.P. Trusted security zone re-provisioning and re-use capability for refurbished mobile devices
US9049013B2 (en) 2013-03-14 2015-06-02 Sprint Communications Company L.P. Trusted security zone containers for the protection and confidentiality of trusted service manager data
US9215592B2 (en) 2013-03-15 2015-12-15 Tyfone, Inc. Configurable personal digital identity device responsive to user interaction
US9231945B2 (en) 2013-03-15 2016-01-05 Tyfone, Inc. Personal digital identity device with motion sensor
US9143938B2 (en) 2013-03-15 2015-09-22 Tyfone, Inc. Personal digital identity device responsive to user interaction
US9659295B2 (en) 2013-03-15 2017-05-23 Tyfone, Inc. Personal digital identity device with near field and non near field radios for access control
US9207650B2 (en) 2013-03-15 2015-12-08 Tyfone, Inc. Configurable personal digital identity device responsive to user interaction with user authentication factor captured in mobile device
US11006271B2 (en) 2013-03-15 2021-05-11 Sideassure, Inc. Wearable identity device for fingerprint bound access to a cloud service
US9906365B2 (en) 2013-03-15 2018-02-27 Tyfone, Inc. Personal digital identity device with fingerprint sensor and challenge-response key
US11523273B2 (en) 2013-03-15 2022-12-06 Sideassure, Inc. Wearable identity device for fingerprint bound access to a cloud service
US9086689B2 (en) 2013-03-15 2015-07-21 Tyfone, Inc. Configurable personal digital identity device with imager responsive to user interaction
US9183371B2 (en) 2013-03-15 2015-11-10 Tyfone, Inc. Personal digital identity device with microphone
US10476675B2 (en) 2013-03-15 2019-11-12 Tyfone, Inc. Personal digital identity card device for fingerprint bound asymmetric crypto to access a kiosk
US9734319B2 (en) 2013-03-15 2017-08-15 Tyfone, Inc. Configurable personal digital identity device with authentication using image received over radio link
US9576281B2 (en) 2013-03-15 2017-02-21 Tyfone, Inc. Configurable personal digital identity card with motion sensor responsive to user interaction
US9154500B2 (en) 2013-03-15 2015-10-06 Tyfone, Inc. Personal digital identity device with microphone responsive to user interaction
US9563892B2 (en) 2013-03-15 2017-02-07 Tyfone, Inc. Personal digital identity card with motion sensor responsive to user interaction
US9781598B2 (en) 2013-03-15 2017-10-03 Tyfone, Inc. Personal digital identity device with fingerprint sensor responsive to user interaction
US9191388B1 (en) 2013-03-15 2015-11-17 Sprint Communications Company L.P. Trusted security zone communication addressing on an electronic device
US20140270174A1 (en) * 2013-03-15 2014-09-18 Tyfone, Inc. Personal digital identity device responsive to user interaction with user authentication factor captured in mobile device
US10721071B2 (en) 2013-03-15 2020-07-21 Tyfone, Inc. Wearable personal digital identity card for fingerprint bound access to a cloud service
US9436165B2 (en) 2013-03-15 2016-09-06 Tyfone, Inc. Personal digital identity device with motion sensor responsive to user interaction
US11832095B2 (en) 2013-03-15 2023-11-28 Kepler Computing Inc. Wearable identity device for fingerprint bound access to a cloud service
US9319881B2 (en) 2013-03-15 2016-04-19 Tyfone, Inc. Personal digital identity device with fingerprint sensor
US9374363B1 (en) 2013-03-15 2016-06-21 Sprint Communications Company L.P. Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device
US9021585B1 (en) 2013-03-15 2015-04-28 Sprint Communications Company L.P. JTAG fuse vulnerability determination and protection using a trusted execution environment
US10211988B2 (en) 2013-03-15 2019-02-19 Tyfone, Inc. Personal digital identity card device for fingerprint bound asymmetric crypto to access merchant cloud services
US8984592B1 (en) 2013-03-15 2015-03-17 Sprint Communications Company L.P. Enablement of a trusted security zone authentication for remote mobile device management systems and methods
US9448543B2 (en) 2013-03-15 2016-09-20 Tyfone, Inc. Configurable personal digital identity device with motion sensor responsive to user interaction
US9495558B2 (en) * 2013-03-26 2016-11-15 Google Inc. Systems, methods, and computer program products for managing access control
US20140298484A1 (en) * 2013-03-26 2014-10-02 Jvl Ventures Llc Systems, methods, and computer program products for managing access control
US10476885B2 (en) 2013-03-29 2019-11-12 Citrix Systems, Inc. Application with multiple operation modes
US10965734B2 (en) 2013-03-29 2021-03-30 Citrix Systems, Inc. Data management for an application with multiple operation modes
US10097584B2 (en) 2013-03-29 2018-10-09 Citrix Systems, Inc. Providing a managed browser
US9985850B2 (en) 2013-03-29 2018-05-29 Citrix Systems, Inc. Providing mobile device management functionalities
US10284627B2 (en) 2013-03-29 2019-05-07 Citrix Systems, Inc. Data management for an application with multiple operation modes
US9948657B2 (en) 2013-03-29 2018-04-17 Citrix Systems, Inc. Providing an enterprise application store
US9413736B2 (en) 2013-03-29 2016-08-09 Citrix Systems, Inc. Providing an enterprise application store
US10701082B2 (en) 2013-03-29 2020-06-30 Citrix Systems, Inc. Application with multiple operation modes
US9455886B2 (en) 2013-03-29 2016-09-27 Citrix Systems, Inc. Providing mobile device management functionalities
US9324016B1 (en) 2013-04-04 2016-04-26 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9454723B1 (en) 2013-04-04 2016-09-27 Sprint Communications Company L.P. Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device
US9171243B1 (en) * 2013-04-04 2015-10-27 Sprint Communications Company L.P. System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device
US9712999B1 (en) 2013-04-04 2017-07-18 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9838869B1 (en) 2013-04-10 2017-12-05 Sprint Communications Company L.P. Delivering digital content to a mobile device via a digital rights clearing house
EP2985717A4 (en) * 2013-04-12 2016-03-30 Fujitsu Ltd Data erasing device, data erasing method, program, and storage medium
US9443088B1 (en) 2013-04-15 2016-09-13 Sprint Communications Company L.P. Protection for multimedia files pre-downloaded to a mobile device
EP2793498A1 (en) * 2013-04-17 2014-10-22 Oberthur Technologies Secure element for telecommunication terminal
EP3651545A1 (en) * 2013-04-17 2020-05-13 Guangdong Oppo Mobile Telecommunications Corp., Ltd. System, method, and device for exposing wireless module data storage
US9996689B2 (en) 2013-04-17 2018-06-12 Idemia France Secure element for a telecommunications terminal
EP3618563A1 (en) * 2013-04-17 2020-03-04 Guangdong Oppo Mobile Telecommunications Corp., Ltd. System, method, and device for exposing wireless module data storage
TWI687836B (en) * 2013-04-17 2020-03-11 歐貝特科技 A secure element for a telecommunications terminal
FR3004884A1 (en) * 2013-04-17 2014-10-24 Oberthur Technologies SECURE ELEMENT FOR TELECOMMUNICATIONS TERMINAL
WO2014170775A1 (en) * 2013-04-17 2014-10-23 Telefonaktiebolaget L M Ericsson (Publ) System, method, and device for exposing wireless module data storage
US20140317168A1 (en) * 2013-04-17 2014-10-23 Telefonaktiebolaget L M Ericsson (Publ) System, method, and device for exposing wireless module data storage
US9407329B2 (en) * 2013-04-19 2016-08-02 Nxp B.V. Secure near field communication solutions and circuits
US20140315485A1 (en) * 2013-04-19 2014-10-23 Nxp B.V. Secure near field communication solutions and circuits
US9763033B1 (en) 2013-04-30 2017-09-12 Sprint Communications Company L.P. Prevention of inductive coupling between components of a mobile communication device
US9426604B1 (en) 2013-04-30 2016-08-23 Sprint Communications Company L.P. Prevention of inductive coupling between components of a mobile communication device
US9301139B2 (en) * 2013-05-07 2016-03-29 Prathamesh Anand Korgaonkar System and method for multifactor authentication and login through smart wrist watch using near field communication
US20140337956A1 (en) * 2013-05-07 2014-11-13 Prathamesh Anand Korgaonkar System and method for multifactor authentication and login through smart wrist watch using near field communication
US9069952B1 (en) 2013-05-20 2015-06-30 Sprint Communications Company L.P. Method for enabling hardware assisted operating system region for safe execution of untrusted code using trusted transitional memory
US9949304B1 (en) 2013-06-06 2018-04-17 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9560519B1 (en) 2013-06-06 2017-01-31 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9183606B1 (en) 2013-07-10 2015-11-10 Sprint Communications Company L.P. Trusted processing location within a graphics processing unit
EP3020013A4 (en) * 2013-07-12 2017-02-15 Google, Inc. Systems, methods, and computer program products for enabling instrument credentials
US10838481B2 (en) 2013-08-08 2020-11-17 Apple Inc. Management of near field communications using low power modes of an electronic device
US10257780B2 (en) 2013-08-08 2019-04-09 Apple Inc. Management of near field communications using low power modes of an electronic device
US11556165B2 (en) 2013-08-08 2023-01-17 Apple Inc. Management of near field communications using low power modes of an electronic device
US10198726B2 (en) 2013-08-08 2019-02-05 Apple Inc. Low power mode for payment transactions
US9603090B2 (en) 2013-08-08 2017-03-21 Apple Inc. Management of near field communications using low power modes of an electronic device
US11556915B2 (en) 2013-08-08 2023-01-17 Apple Inc. Low power mode for payment transactions
US9208339B1 (en) 2013-08-12 2015-12-08 Sprint Communications Company L.P. Verifying Applications in Virtual Environments Using a Trusted Security Zone
US9185626B1 (en) 2013-10-29 2015-11-10 Sprint Communications Company L.P. Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning
US9191522B1 (en) 2013-11-08 2015-11-17 Sprint Communications Company L.P. Billing varied service based on tier
US9286594B1 (en) 2013-11-08 2016-03-15 Sprint Communications Company L.P. Visually readable electronic label
US9161325B1 (en) 2013-11-20 2015-10-13 Sprint Communications Company L.P. Subscriber identity module virtualization
US9118655B1 (en) 2014-01-24 2015-08-25 Sprint Communications Company L.P. Trusted display and transmission of digital ticket documentation
US9460573B1 (en) 2014-02-27 2016-10-04 Sprint Communications Company, L.P. Autonomous authentication of a reader by a radio frequency identity (RFID) device
US9226145B1 (en) 2014-03-28 2015-12-29 Sprint Communications Company L.P. Verification of mobile device integrity during activation
US10715654B1 (en) 2014-05-20 2020-07-14 Invincea, Inc. Methods and devices for secure authentication to a compute device
US11128750B1 (en) 2014-05-20 2021-09-21 Invincea, Inc. Methods and devices for secure authentication to a compute device
US10306052B1 (en) 2014-05-20 2019-05-28 Invincea, Inc. Methods and devices for secure authentication to a compute device
US9230085B1 (en) 2014-07-29 2016-01-05 Sprint Communications Company L.P. Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
US9344455B2 (en) * 2014-07-30 2016-05-17 Motorola Solutions, Inc. Apparatus and method for sharing a hardware security module interface in a collaborative network
US9396424B1 (en) 2014-11-04 2016-07-19 Sprint Communications Company L.P. Radio frequency induced power reception management for a radio frequency identity (RFID) chip embedded in a mobile communication device
US9960812B2 (en) 2014-11-14 2018-05-01 Qualcomm Incorporated Advanced routing mechanisms for secure elements
US20160192180A1 (en) * 2014-12-24 2016-06-30 Fujitsu Limited Communication method, communication system, and communication management apparatus
US10178532B2 (en) * 2014-12-24 2019-01-08 Fujitsu Limited Communication method, communication system, and communication management apparatus
US9609541B2 (en) 2014-12-31 2017-03-28 Motorola Solutions, Inc. Method and apparatus for device collaboration via a hybrid network
US9779232B1 (en) 2015-01-14 2017-10-03 Sprint Communications Company L.P. Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
US9838868B1 (en) 2015-01-26 2017-12-05 Sprint Communications Company L.P. Mated universal serial bus (USB) wireless dongles configured with destination addresses
US9473945B1 (en) 2015-04-07 2016-10-18 Sprint Communications Company L.P. Infrastructure for secure short message transmission
WO2016169749A1 (en) * 2015-04-24 2016-10-27 Gemalto Sa Method for wiping a secure element embeded in a host device
EP3086257A1 (en) * 2015-04-24 2016-10-26 Gemalto Sa Method of managing a secure element embedded in a host device
US9591434B1 (en) * 2015-04-27 2017-03-07 Sprint Communications Company L.P. Virtual private network (VPN) tunneling in a user equipment (UE) brokered by a radio frequency identity (RFID) chip communicatively coupled to the user equipment
US9935961B2 (en) * 2015-09-11 2018-04-03 Bank Of America Corporation Controlling access to data
US20170078299A1 (en) * 2015-09-11 2017-03-16 Bank Of America Corporation Controlling access to data
US9819679B1 (en) 2015-09-14 2017-11-14 Sprint Communications Company L.P. Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
US10282719B1 (en) 2015-11-12 2019-05-07 Sprint Communications Company L.P. Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
US10311246B1 (en) 2015-11-20 2019-06-04 Sprint Communications Company L.P. System and method for secure USIM wireless network access
US9817992B1 (en) 2015-11-20 2017-11-14 Sprint Communications Company Lp. System and method for secure USIM wireless network access
EP3220332A1 (en) * 2016-03-14 2017-09-20 Samsung Electronics Co., Ltd Method of processing card operating information and electronic device supporting the same
CN107194684A (en) * 2016-03-14 2017-09-22 三星电子株式会社 Handle the method for card operation information and support the electronic equipment of methods described
KR20180096257A (en) * 2017-02-21 2018-08-29 삼성전자주식회사 Method for managing identification information and electronic device supporting the same
US11436306B2 (en) * 2017-02-21 2022-09-06 Samsung Electronics Co., Ltd. Identification information management method and electronic device supporting same
KR102563897B1 (en) * 2017-02-21 2023-08-07 삼성전자주식회사 Method for managing identification information and electronic device supporting the same
US10499249B1 (en) 2017-07-11 2019-12-03 Sprint Communications Company L.P. Data link layer trust signaling in communication network
US10546444B2 (en) 2018-06-21 2020-01-28 Capital One Services, Llc Systems and methods for secure read-only authentication
US10878651B2 (en) 2018-06-21 2020-12-29 Capital One Services, Llc Systems and methods for secure read-only authentication
US10511443B1 (en) 2018-10-02 2019-12-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11610195B2 (en) 2018-10-02 2023-03-21 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10581611B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10592710B1 (en) 2018-10-02 2020-03-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10607214B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10607216B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10615981B1 (en) 2018-10-02 2020-04-07 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10623393B1 (en) 2018-10-02 2020-04-14 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10630653B1 (en) 2018-10-02 2020-04-21 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11349667B2 (en) 2018-10-02 2022-05-31 Capital One Services, Llc Systems and methods for inventory management using cryptographic authentication of contactless cards
US10582386B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11924188B2 (en) 2018-10-02 2024-03-05 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11341480B2 (en) 2018-10-02 2022-05-24 Capital One Services, Llc Systems and methods for phone-based card activation
US11843700B2 (en) 2018-10-02 2023-12-12 Capital One Services, Llc Systems and methods for email-based card activation
US10680824B2 (en) 2018-10-02 2020-06-09 Capital One Services, Llc Systems and methods for inventory management using cryptographic authentication of contactless cards
US10685350B2 (en) 2018-10-02 2020-06-16 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10686603B2 (en) 2018-10-02 2020-06-16 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11843698B2 (en) 2018-10-02 2023-12-12 Capital One Services, Llc Systems and methods of key selection for cryptographic authentication of contactless cards
US10565587B1 (en) 2018-10-02 2020-02-18 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10554411B1 (en) 2018-10-02 2020-02-04 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11336454B2 (en) 2018-10-02 2022-05-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10542036B1 (en) 2018-10-02 2020-01-21 Capital One Services, Llc Systems and methods for signaling an attack on contactless cards
US11321546B2 (en) 2018-10-02 2022-05-03 Capital One Services, Llc Systems and methods data transmission using contactless cards
US11804964B2 (en) 2018-10-02 2023-10-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10733645B2 (en) 2018-10-02 2020-08-04 Capital One Services, Llc Systems and methods for establishing identity for order pick up
US10748138B2 (en) 2018-10-02 2020-08-18 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11790187B2 (en) 2018-10-02 2023-10-17 Capital One Services, Llc Systems and methods for data transmission using contactless cards
US10771253B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10771254B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for email-based card activation
US10778437B2 (en) 2018-10-02 2020-09-15 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10783519B2 (en) 2018-10-02 2020-09-22 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11301848B2 (en) 2018-10-02 2022-04-12 Capital One Services, Llc Systems and methods for secure transaction approval
US10797882B2 (en) 2018-10-02 2020-10-06 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11784820B2 (en) 2018-10-02 2023-10-10 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11770254B2 (en) 2018-10-02 2023-09-26 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10841091B2 (en) 2018-10-02 2020-11-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11728994B2 (en) 2018-10-02 2023-08-15 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11297046B2 (en) 2018-10-02 2022-04-05 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11699047B2 (en) 2018-10-02 2023-07-11 Capital One Services, Llc Systems and methods for contactless card applet communication
US11423452B2 (en) 2018-10-02 2022-08-23 Capital One Services, Llc Systems and methods for establishing identity for order pick up
US10860814B2 (en) 2018-10-02 2020-12-08 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11233645B2 (en) 2018-10-02 2022-01-25 Capital One Services, Llc Systems and methods of key selection for cryptographic authentication of contactless cards
US10880327B2 (en) 2018-10-02 2020-12-29 Capital One Services, Llc Systems and methods for signaling an attack on contactless cards
US11232272B2 (en) 2018-10-02 2022-01-25 Capital One Services, Llc Systems and methods for contactless card applet communication
US11658997B2 (en) 2018-10-02 2023-05-23 Capital One Services, Llc Systems and methods for signaling an attack on contactless cards
US10887106B2 (en) 2018-10-02 2021-01-05 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11438164B2 (en) 2018-10-02 2022-09-06 Capital One Services, Llc Systems and methods for email-based card activation
US11438311B2 (en) 2018-10-02 2022-09-06 Capital One Services, Llc Systems and methods for card information management
US10909527B2 (en) 2018-10-02 2021-02-02 Capital One Services, Llc Systems and methods for performing a reissue of a contactless card
US11210664B2 (en) 2018-10-02 2021-12-28 Capital One Services, Llc Systems and methods for amplifying the strength of cryptographic algorithms
US11444775B2 (en) 2018-10-02 2022-09-13 Capital One Services, Llc Systems and methods for content management using contactless cards
US10949520B2 (en) 2018-10-02 2021-03-16 Capital One Services, Llc Systems and methods for cross coupling risk analytics and one-time-passcodes
US11195174B2 (en) 2018-10-02 2021-12-07 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11563583B2 (en) 2018-10-02 2023-01-24 Capital One Services, Llc Systems and methods for content management using contactless cards
US10965465B2 (en) 2018-10-02 2021-03-30 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11182785B2 (en) 2018-10-02 2021-11-23 Capital One Services, Llc Systems and methods for authorization and access to services using contactless cards
US11182784B2 (en) 2018-10-02 2021-11-23 Capital One Services, Llc Systems and methods for performing transactions with contactless cards
US10579998B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10992477B2 (en) 2018-10-02 2021-04-27 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11456873B2 (en) 2018-10-02 2022-09-27 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11144915B2 (en) 2018-10-02 2021-10-12 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards using risk factors
US11469898B2 (en) 2018-10-02 2022-10-11 Capital One Services, Llc Systems and methods for message presentation using contactless cards
US11129019B2 (en) 2018-10-02 2021-09-21 Capital One Services, Llc Systems and methods for performing transactions with contactless cards
US11544707B2 (en) 2018-10-02 2023-01-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10505738B1 (en) 2018-10-02 2019-12-10 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11502844B2 (en) 2018-10-02 2022-11-15 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10489781B1 (en) 2018-10-02 2019-11-26 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11102007B2 (en) 2018-10-02 2021-08-24 Capital One Services, Llc Contactless card emulation system and method
EP3822835A4 (en) * 2018-11-14 2021-11-10 Huawei Technologies Co., Ltd. Method for deleting secure service, and electronic apparatus
CN111191213A (en) * 2018-11-14 2020-05-22 华为终端有限公司 Method for deleting security service and electronic equipment
CN113168461A (en) * 2018-11-14 2021-07-23 华为技术有限公司 Method for deleting security service and electronic equipment
US20210397518A1 (en) * 2018-11-14 2021-12-23 Huawei Technologies Co., Ltd. Method for Deleting Safety Service and Electronic Device
KR102503341B1 (en) * 2018-11-14 2023-02-23 후아웨이 테크놀러지 컴퍼니 리미티드 Security service deletion method and electronic device
KR20210042953A (en) * 2018-11-14 2021-04-20 후아웨이 테크놀러지 컴퍼니 리미티드 Security service deletion method and electronic device
US11361302B2 (en) 2019-01-11 2022-06-14 Capital One Services, Llc Systems and methods for touch screen interface interaction using a card overlay
US11037136B2 (en) 2019-01-24 2021-06-15 Capital One Services, Llc Tap to autofill card data
US10467622B1 (en) 2019-02-01 2019-11-05 Capital One Services, Llc Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms
US10510074B1 (en) 2019-02-01 2019-12-17 Capital One Services, Llc One-tap payment using a contactless card
US11120453B2 (en) 2019-02-01 2021-09-14 Capital One Services, Llc Tap card to securely generate card data to copy to clipboard
US10425129B1 (en) 2019-02-27 2019-09-24 Capital One Services, Llc Techniques to reduce power consumption in near field communication systems
US10523708B1 (en) 2019-03-18 2019-12-31 Capital One Services, Llc System and method for second factor authentication of customer support calls
US10535062B1 (en) 2019-03-20 2020-01-14 Capital One Services, Llc Using a contactless card to securely share personal data stored in a blockchain
US10643420B1 (en) 2019-03-20 2020-05-05 Capital One Services, Llc Contextual tapping engine
US10438437B1 (en) 2019-03-20 2019-10-08 Capital One Services, Llc Tap to copy data to clipboard via NFC
US10783736B1 (en) 2019-03-20 2020-09-22 Capital One Services, Llc Tap to copy data to clipboard via NFC
US10984416B2 (en) 2019-03-20 2021-04-20 Capital One Services, Llc NFC mobile currency transfer
US10970712B2 (en) 2019-03-21 2021-04-06 Capital One Services, Llc Delegated administration of permissions using a contactless card
US11227280B2 (en) 2019-03-25 2022-01-18 Capital One Services, Llc Systems and methods for increased efficiency and reliability of contactless card transactions
US10467445B1 (en) 2019-03-28 2019-11-05 Capital One Services, Llc Devices and methods for contactless card alignment with a foldable mobile device
US11521262B2 (en) 2019-05-28 2022-12-06 Capital One Services, Llc NFC enhanced augmented reality information overlays
US10516447B1 (en) 2019-06-17 2019-12-24 Capital One Services, Llc Dynamic power levels in NFC card communications
US11392933B2 (en) 2019-07-03 2022-07-19 Capital One Services, Llc Systems and methods for providing online and hybridcard interactions
US11694187B2 (en) 2019-07-03 2023-07-04 Capital One Services, Llc Constraining transactional capabilities for contactless cards
US10871958B1 (en) 2019-07-03 2020-12-22 Capital One Services, Llc Techniques to perform applet programming
US10713649B1 (en) 2019-07-09 2020-07-14 Capital One Services, Llc System and method enabling mobile near-field communication to update display on a payment card
US10885514B1 (en) 2019-07-15 2021-01-05 Capital One Services, Llc System and method for using image data to trigger contactless card transactions
US10498401B1 (en) 2019-07-15 2019-12-03 Capital One Services, Llc System and method for guiding card positioning using phone sensors
US11182771B2 (en) 2019-07-17 2021-11-23 Capital One Services, Llc System for value loading onto in-vehicle device
US10733601B1 (en) 2019-07-17 2020-08-04 Capital One Services, Llc Body area network facilitated authentication or payment authorization
US10832271B1 (en) 2019-07-17 2020-11-10 Capital One Services, Llc Verified reviews using a contactless card
US11521213B2 (en) 2019-07-18 2022-12-06 Capital One Services, Llc Continuous authentication for digital services based on contactless card positioning
US10506426B1 (en) 2019-07-19 2019-12-10 Capital One Services, Llc Techniques for call authentication
US10541995B1 (en) 2019-07-23 2020-01-21 Capital One Services, Llc First factor contactless card authentication system and method
US11638148B2 (en) 2019-10-02 2023-04-25 Capital One Services, Llc Client device authentication using contactless legacy magnetic stripe data
US10701560B1 (en) 2019-10-02 2020-06-30 Capital One Services, Llc Client device authentication using contactless legacy magnetic stripe data
US10862540B1 (en) 2019-12-23 2020-12-08 Capital One Services, Llc Method for mapping NFC field strength and location on mobile devices
US10885410B1 (en) 2019-12-23 2021-01-05 Capital One Services, Llc Generating barcodes utilizing cryptographic techniques
US10657754B1 (en) 2019-12-23 2020-05-19 Capital One Services, Llc Contactless card and personal identification system
US11651361B2 (en) 2019-12-23 2023-05-16 Capital One Services, Llc Secure authentication based on passport data stored in a contactless card
US11113685B2 (en) 2019-12-23 2021-09-07 Capital One Services, Llc Card issuing with restricted virtual numbers
US10733283B1 (en) 2019-12-23 2020-08-04 Capital One Services, Llc Secure password generation and management using NFC and contactless smart cards
US11615395B2 (en) 2019-12-23 2023-03-28 Capital One Services, Llc Authentication for third party digital wallet provisioning
US11200563B2 (en) 2019-12-24 2021-12-14 Capital One Services, Llc Account registration using a contactless card
US10853795B1 (en) 2019-12-24 2020-12-01 Capital One Services, Llc Secure authentication based on identity data stored in a contactless card
US10664941B1 (en) 2019-12-24 2020-05-26 Capital One Services, Llc Steganographic image encoding of biometric template information on a card
US10909544B1 (en) 2019-12-26 2021-02-02 Capital One Services, Llc Accessing and utilizing multiple loyalty point accounts
US10757574B1 (en) 2019-12-26 2020-08-25 Capital One Services, Llc Multi-factor authentication providing a credential via a contactless card for secure messaging
US11038688B1 (en) 2019-12-30 2021-06-15 Capital One Services, Llc Techniques to control applets for contactless cards
US10860914B1 (en) 2019-12-31 2020-12-08 Capital One Services, Llc Contactless card and method of assembly
US11455620B2 (en) 2019-12-31 2022-09-27 Capital One Services, Llc Tapping a contactless card to a computing device to provision a virtual number
US11210656B2 (en) 2020-04-13 2021-12-28 Capital One Services, Llc Determining specific terms for contactless card activation
US11270291B2 (en) 2020-04-30 2022-03-08 Capital One Services, Llc Systems and methods for data access control using a short-range transceiver
US10915888B1 (en) 2020-04-30 2021-02-09 Capital One Services, Llc Contactless card with multiple rotating security keys
US11222342B2 (en) 2020-04-30 2022-01-11 Capital One Services, Llc Accurate images in graphical user interfaces to enable data transfer
US11823175B2 (en) 2020-04-30 2023-11-21 Capital One Services, Llc Intelligent card unlock
US11562346B2 (en) 2020-04-30 2023-01-24 Capital One Services, Llc Contactless card with multiple rotating security keys
US11030339B1 (en) 2020-04-30 2021-06-08 Capital One Services, Llc Systems and methods for data access control of personal user data using a short-range transceiver
US10861006B1 (en) 2020-04-30 2020-12-08 Capital One Services, Llc Systems and methods for data access control using a short-range transceiver
US10963865B1 (en) 2020-05-12 2021-03-30 Capital One Services, Llc Augmented reality card activation experience
US11063979B1 (en) 2020-05-18 2021-07-13 Capital One Services, Llc Enabling communications between applications in a mobile operating system
US11100511B1 (en) 2020-05-18 2021-08-24 Capital One Services, Llc Application-based point of sale system in mobile operating systems
US11062098B1 (en) 2020-08-11 2021-07-13 Capital One Services, Llc Augmented reality information display and interaction via NFC based authentication
US11165586B1 (en) 2020-10-30 2021-11-02 Capital One Services, Llc Call center web-based authentication using a contactless card
US11482312B2 (en) 2020-10-30 2022-10-25 Capital One Services, Llc Secure verification of medical status using a contactless card
US11373169B2 (en) 2020-11-03 2022-06-28 Capital One Services, Llc Web-based activation of contactless cards
US11216799B1 (en) 2021-01-04 2022-01-04 Capital One Services, Llc Secure generation of one-time passcodes using a contactless card
US11682012B2 (en) 2021-01-27 2023-06-20 Capital One Services, Llc Contactless delivery systems and methods
US11562358B2 (en) 2021-01-28 2023-01-24 Capital One Services, Llc Systems and methods for near field contactless card communication and cryptographic authentication
US11792001B2 (en) 2021-01-28 2023-10-17 Capital One Services, Llc Systems and methods for secure reprovisioning
US11687930B2 (en) 2021-01-28 2023-06-27 Capital One Services, Llc Systems and methods for authentication of access tokens
US11922417B2 (en) 2021-01-28 2024-03-05 Capital One Services, Llc Systems and methods for near field contactless card communication and cryptographic authentication
US11438329B2 (en) 2021-01-29 2022-09-06 Capital One Services, Llc Systems and methods for authenticated peer-to-peer data transfer using resource locators
US11777933B2 (en) 2021-02-03 2023-10-03 Capital One Services, Llc URL-based authentication for payment cards
US11637826B2 (en) 2021-02-24 2023-04-25 Capital One Services, Llc Establishing authentication persistence
US11245438B1 (en) 2021-03-26 2022-02-08 Capital One Services, Llc Network-enabled smart apparatus and systems and methods for activating and provisioning same
US11848724B2 (en) 2021-03-26 2023-12-19 Capital One Services, Llc Network-enabled smart apparatus and systems and methods for activating and provisioning same
US20220311475A1 (en) 2021-03-26 2022-09-29 Capital One Services, Llc Network-enabled smart apparatus and systems and methods for activating and provisioning same
US11935035B2 (en) 2021-04-20 2024-03-19 Capital One Services, Llc Techniques to utilize resource locators by a contactless card to perform a sequence of operations
US11961089B2 (en) 2021-04-20 2024-04-16 Capital One Services, Llc On-demand applications to extend web services
US11902442B2 (en) 2021-04-22 2024-02-13 Capital One Services, Llc Secure management of accounts on display devices using a contactless card
US11354555B1 (en) 2021-05-04 2022-06-07 Capital One Services, Llc Methods, mediums, and systems for applying a display to a transaction card

Also Published As

Publication number Publication date
EP2687032B1 (en) 2018-06-27
CA2824069A1 (en) 2012-09-20
WO2012122647A1 (en) 2012-09-20
TW201244401A (en) 2012-11-01
CA2829620A1 (en) 2012-09-20
CN103370954B (en) 2017-04-26
US20120238207A1 (en) 2012-09-20
US8670714B2 (en) 2014-03-11
WO2012122648A1 (en) 2012-09-20
CN103370954A (en) 2013-10-23
EP2687037A1 (en) 2014-01-22
EP2687037A4 (en) 2014-10-22
EP2687032A1 (en) 2014-01-22
TW201246822A (en) 2012-11-16
CA2824069C (en) 2015-12-29
EP2687032A4 (en) 2014-08-20

Similar Documents

Publication Publication Date Title
US8670714B2 (en) Mobile wireless communications device having a near field communication (NFC) device and providing memory erasure and related methods
US9197293B2 (en) Mobile communications device providing secure element data management features and related methods
US9077769B2 (en) Communications system providing enhanced trusted service manager (TSM) verification features and related methods
US8600355B1 (en) Systems and methods for authenticating applications for access to secure data using identity modules
US9154903B2 (en) Mobile communications device providing near field communication (NFC) card issuance features and related methods
KR101516391B1 (en) Method of securing access to a proximity communication module in a mobile terminal and apparatus and program media therefor
US8126506B2 (en) System and method for securely managing data stored on mobile devices, such as enterprise mobility data
US20160165452A1 (en) Mobile wireless communications device performing device unlock based upon near field communication (nfc) and related methods
US20120266220A1 (en) System and Method for Controlling Access to a Third-Party Application with Passwords Stored in a Secure Element
US20120291095A1 (en) Independent secure element management
US8875283B2 (en) Restricted access memory device providing short range communication-based security features and related methods
CA2805960C (en) Method and apparatus for management of multiple grouped resources on device
CA2796615C (en) Mobile communications device providing secure element data wiping features and related methods
WO2013097038A1 (en) Mobile communications device providing near field communication (nfc) card issuance features and related methods
US20210256499A1 (en) Non-contact communication method and communication device
JP6911303B2 (en) Authentication system and authentication method
CA2799913C (en) Communications system providing enhanced trusted service manager (tsm) verification features and related methods

Legal Events

Date Code Title Description
AS Assignment

Owner name: RESEARCH IN MOTION LIMITED, CANADA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SINGH, RAVI;ADAMS, NEIL PATRICK;TAKACS, KRISTOF;AND OTHERS;SIGNING DATES FROM 20110712 TO 20110713;REEL/FRAME:026613/0623

AS Assignment

Owner name: BLACKBERRY LIMITED, ONTARIO

Free format text: CHANGE OF NAME;ASSIGNOR:RESEARCH IN MOTION LIMITED;REEL/FRAME:034030/0941

Effective date: 20130709

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: MALIKIE INNOVATIONS LIMITED, IRELAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BLACKBERRY LIMITED;REEL/FRAME:064104/0103

Effective date: 20230511