PTO/SB/16 (12-08)
`Approved for use through 09/30/2010. OMB 0651-0032
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required to respondto a collection of information unlessit displays a valid OMB control number.
`PROVISIONAL APPLICATION FOR PATENT COVER SHEET — Page 1 of 2
`This is a requestforfiling a PROVISIONAL APPLICATION FOR PATENT under37 CFR 1.53(c).
`Express Mail Label No.
`
`Given Name(first and middle [if any])
`
`INVENTOR(S
`Family Name or Surname
`
`
`
`Jaemin
`
`Daeman
`
`Youngjin
`
`YOU
`
`
`
`ENCLOSED APPLICATION PARTS(checkall that apply)
`Application Data Sheet. See 37 CFR 1.76
`[] cps), Number of CDs
`10
`Drawing(s) Number of Sheets
`[| Other(specify)
`Specification (e.g. description of the invention) Number of Pages
`22
`Fees Due: Filing Fee of $220 ($110 for small entity).
`If the specification and drawings exceed 100 sheets of paper, an application size fee is
`also due, which is $270 ($135 for small entity) for each additional 50 sheets or fraction thereof. See 35 U.S.C. 41(a)(1)(G) and 37 CFR 1.16(s).
`METHOD OF PAYMENT OFTHE FILING FEE AND APPLICATION SIZE FEE FOR THIS PROVISIONAL APPLICATION FOR PATENT
`
`Seoul, KR
`Seongwoo
`
`Donghyun
`Yongin Si, KR
`
`
`
`Residence
`(City and either State or Foreign Country)
`
`Seoul, KR
`
`Seoul, KR
`
`Seoul, KR
`
`separately numbered sheets attached hereto.
`1
`Additional inventors are being named on the
`TITLE OF THE INVENTION(500 characters max):
`
`SYSTEM AND METHOD FOR PROVISIONING OVER THE AIR OF CONFIDENTIAL
`INFORMATION ON MOBILE COMMUNICATIVE DEVICES WITH NON-UICC SECURE
`ELEMENTS
`
`Direct all correspondenceto:
`
`CORRESPONDENCE ADDRESS
`
`
`The address corresponding to Customer Number:
`
`58027
`
`OR
`
`Firm or
`Individual Name
`Address
`
` City
`
`Applicant claims small entity status. See 37 CFR 1.27.
`A check or money order made payable to the Director of fhe United States Patent and Trademark Office
`is enclosed to coverthe filing fee and application size fee (if applicable).
`.
`.
`Paymentby credit card. Form PTO-2038is attached.
`
`220.00
`:
`
`TOTAL FEE AMOUNT($)
`
`The Director is hereby authorized to chargethe filing fee and application size fee (if applicable) or credit any overpaymentto Deposit
`Account Number:
`503
`USE ONLY FOR FILING A PROVISIONAL APPLICATION FOR PATENT
`This collection of information is required by 37 CFR 1.51. The information is required to obtain or retain a benefit by the public whichis to file (and by the USPTO to
`process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.11 and 1.14. This collection is estimated to take 10 hours to complete,
`including
`gathering, preparing, and submitting the completed application form to the USPTO.
`Time will vary depending upon the individual case. Any comments on the
`amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S. Patent and
`Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMSTO THIS
`ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.
`if you need assistance in completing the form, calf 1-800-PTO-9199 and selectoption 2.
`
`Apple Ex. 1013, p. 1
`Apple Ex. 1013, p. 1
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`PROVISIONAL APPLICATION COVER SHEET
`Page 2 of 2
`
`PTO/SB/16 (12-08)
`Approved for use through 09/30/2010. OMB 0651-0032
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required to respondto a collection of information unless it displays a valid OMB control number.
`
`The invention was made by an agencyof the United States Government or under a contract with an agency of the United States Government.
`No.
`
`[] Yes, the name of the U.S. Government agency and the Government contract numberare:
`
`WARNING:
`Petitioner/applicant is cautioned to avoid submitting personal information in documents filed in a patent application that may
`contribute to identity theft. Personal
`information such as social security numbers, bank account numbers, or credit card
`numbers (other than a check or credit card authorization form PTO-2038 submitted for payment purposes) is never required by
`the USPTOto support a petition or an application.
`If this type of personal information is included in documents submitted to the
`USPTO, petitioners/applicants should consider redacting such personal information from the documents before submitting them
`to the USPTO. Petitioner/applicant is advised that the record of a patent application is available to the public after publication of
`the application (unless a non-publication request in compliance with 37 CFR 1.213(a) is made in the application) or issuance of
`a patent. Furthermore, the record from an abandoned application may also be available to the public if the
`application is
`referenced in a published application or an issued patent (see 37 CFR 1.14). Checks and credit card authorization forms
`PTO-2038 submitted for payment purposesare notretained in the application file and therefore are not publicly available.
`
`signature /hae-chan park/
`
`Date December 30, 2010
`
`TYPED or PRINTED NAME Hae-Chan Park
`
`REGISTRATION No. 20114
`(if appropriate)
`TELEPHONE _£03-288-5105 Docket Number: P4303USPR
`
`Apple Ex. 1013, p. 2
`Apple Ex. 1013, p. 2
` Apple v. Fintiv
`Apple v. Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Privacy Act Statement
`
`The Privacy Act of 1974 (P.L. 93-579) requires that you be given certain information in connection
`with your submission of the attached form related to a patent application or patent. Accordingly,
`pursuant to the requirements of the Act, please be advised that:
`(1) the general authority for the
`collection of this information is 35 U.S.C. 2(b)(2); (2) furnishing of the information solicited is voluntary;
`and (3) the principal purpose for which the information is used by the U.S. Patent and Trademark
`Office is to process and/or examine your submission related to a patent application or patent. If you do
`not furnish the requested information, the U.S. Patent and Trademark Office may not be able to
`process and/or examine your submission, which may result in termination of proceedings or
`abandonmentof the application or expiration of the patent.
`
`The information provided by you in this form will be subject to the following routine uses:
`
`1. The information on this form will be treated confidentially to the extent allowed under the
`Freedom of Information Act (5 U.S.C. 552) and the Privacy Act (5 U.S.C 552a). Records from
`this system of records may be disclosed to the Department of Justice to determine whether
`disclosure of these recordsis required by the Freedom of Information Act.
`in the course of
`A record from this system of records may be disclosed, as a routine use,
`presenting evidence to a court, magistrate, or administrative tribunal, including disclosures to
`opposing counsel in the course of settlement negotiations.
`to a Member of
`A record in this system of records may be disclosed, as a routine use,
`Congress submitting a request involving an individual, to whom the record pertains, when the
`individual has requested assistance from the Member with respect to the subject matter of the
`record.
`A record in this system of records may bedisclosed, as a routine use, to a contractor of the
`Agency having need for the information in order to perform a contract. Recipients of
`information shall be required to comply with the requirements of the Privacy Act of 1974, as
`amended, pursuant to 5 U.S.C. 552a(m).
`A record related to an International Application filed under the Patent Cooperation Treaty in
`this system of records may bedisclosed, as a routine use, to the International Bureau of the
`World Intellectual Property Organization, pursuant to the Patent Cooperation Treaty.
`A record in this system of records may be disclosed, as a routine use, to another federal
`agencyfor purposes of National Security review (85 U.S.C. 181) and for review pursuant to
`the Atomic Energy Act (42 U.S.C. 218(c)).
`A record from this system of records may be disclosed, as a routine use, to the Administrator,
`General Services, or his/her designee, during an inspection of records conducted by GSA as
`part of that agency's responsibility to recommend improvements in records management
`practices and programs, under authority of 44 U.S.C. 2904 and 2906. Such disclosure shall
`be madein accordance with the GSA regulations governing inspection of records for this
`purpose, and any other relevant {/.e., GSA or Commerce) directive. Such disclosure shall not
`be used to make determinations about individuals.
`A record from this system of records may be disclosed, as a routine use, to the public after
`either publication of the application pursuant to 35 U.S.C. 122(b) or issuance of a patent
`pursuant to 35 U.S.C. 151. Further, a record may be disclosed, subject to the limitations of 37
`CFR 1.14, as a routine use, to the public if the record was filed in an application which
`became abandonedorin which the proceedings were terminated and which application is
`referenced by either a published application, an application open to public inspection or an
`issued patent.
`A record from this system of records may be disclosed, as a routine use, to a Federal, State,
`or local law enforcement agency, if the USPTO becomesawareofa violation or potential
`violation of law or regulation.
`
`Apple Ex. 1013, p. 3
`Apple Ex. 1013, p. 3
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Addtitional Page | of 1
`
`Given Name
`
`INVENTOR(S)
`Family Name
`JEONG
`
`Residence
`Yongin Si, KR
`
`Apple Ex. 1013, p. 4
`Apple Ex. 1013, p. 4
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`SYSTEM AND METHODFOR PROVISIONING OVER THE AIR OF CONFIDENTIAL
`
`INFORMATION ON MOBILE COMMUNICATIVE DEVICES WITH NON-UICC SECURE
`
`ELEMENTS
`
`5
`
`CROSS REFERENCE TO RELATED APPLICATION
`
`[0001] The present application is related to co-pending U.S. provisional patent
`
`applications entitled, “SYSTEM AND METHOD FOR MANAGING MOBILE WALLET AND
`
`ITS RELATED CREDENTIALS,” “SYSTEM AND METHOD FOR SECURE
`
`CONTAINMENTOF SENSITIVE FINANCIAL INFORMATION STORED IN A MOBILE
`
`10
`
`COMMUNICATION TERMINAL,” and “SYSTEM AND METHOD FOR MANAGING OTA
`
`PROVISIONING APPLICATIONS THROUGH USE OF PROFILES AND DATA
`
`PREPARATION”filed on DEC. 30, 2010, and assigned to the assignee of the present
`
`application. Applicant hereby incorporates by reference the above-mentioned co-pending
`
`provisional application, which is not admitted to be prior art with respect to the present invention
`
`1s
`
`by its mention here or in the backgroundsection that follows.
`
`BACKGROUNDOF THE INVENTION
`
`[0002] 1. FIELD
`
`[0003] The following description relates to over-the-air provisioning of virtual cards on
`
`20
`
`mobile communicative devices with a non-Universal Integrated Circuit Card (UICC) type secure
`
`element.
`
`[0004] 2. DISCUSSION OF THE BACKGROUND
`
`[0005] With the advent of advancing mobile technology, more features have been
`
`Apple Ex. 1013, p. 5
`Apple Ex. 1013, p. 5
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`integrated into the mobile devices. From GPSapplications to mobile office products, mobile
`
`communicative devices have become a necessity for everyday needs. In order to further utilize
`
`mobile technologyto better cater to consumer’s daily requirements, attempts have been made to
`
`provide for a mobile financial management system to replace conventional physical wallets.
`
`Specifically, this mobile wallet functionality was sought to be realized through provisioning of
`
`card issuer’s account information directly into a secure element of the mobile device equipped
`
`with Near Field Communication (NFC) chipset. The secure element may be a smart card chip
`
`capable of storing multiple applications, including of account specific information that may not
`
`be easily accessed by external parties. The model mobile wallet application may have the same
`
`composition as a conventional wallet, which may contain payment cards, membercards,
`
`transportation cards, and loyalty cards.
`
`[0006] Mobile wallet functionality may be further enhanced by provisioning the user
`
`financial credential onto mobile devices equipped with Near Field Communication chipset (NFC
`
`enabled). Once the user financial credentials have been provisioned onto the NFC enabled
`
`mobile device, the provisioned NFC enabled device maytransfer information or make payments
`
`to another NFC compatible device by coming near within a few centimeters of one another
`
`without physically contacting each other. This type of technology is conventionally referred to
`
`as “contactless” technology and a payment made with this technologyis referred to as
`
`“contactless” payment. Despite the numerousbenefits that are available utilizing the described
`
`technology, there has been no practical solution to provision sensitive user information to the
`
`NFC enabled mobile devices.
`
`[0007] One possible solution for provisioning mobile wallet cards is to perform the
`
`provisioning at a secure facility controlled by the mobile wallet card issuer. However,this
`
`10
`
`15
`
`20
`
`Apple Ex. 1013, p. 6
`Apple Ex. 1013, p. 6
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`solution may require users to bring their mobile equipmentto the physical mobile wallet card
`
`issuer for provisioning. This process has to be repeated for every mobile wallet card the user
`
`seeks to provision at different card issuer facility, making the conceptof utilizing mobile wallet
`
`application impractical.
`
`[0008] In light of this limitation, a new system and method has been developed providing
`
`for over-the-air (OTA) provisioning. Rather than relying on provisioning at physical locations, a
`
`method for provisioning financial account information via OTA has been sought. Through
`
`technological advancement, OTA provisioning has been provided for mobile equipment with the
`
`secure element (SE) types of UICC, Services Identity Module (SIM), Universal Subscriber
`
`Identity Module (USIM)(herein referred collectively as UICC) cards via industry standard SMS-
`
`PP and BIP protocols. However, while SMS-PP and BIP protocols allow OTAprovisioning for
`
`UICC cards and their equivalents, it does not allow for OTA provisioning of MicroSD’s and
`
`Embedded SEs which do not support conventional Subscriber Identity Module Application
`
`Toolkit (SAT) / Universal Subscriber Identity Module Application Toolkit (USAT) / Card
`
`Application Toolkit (CAT) framework. As such, any mobile equipment with SE types MicroSD,
`
`Embedded SE, or any SE that does not support SMS-PP or BIP protocol may not be provisioned
`
`OTAwith the conventional technology.
`
`[0009] Further, OTA provisioning has been suggested to work preferably with a neutral
`
`third party management system, such as a trusted service manager (TSM), in an ideal
`
`20
`
`environmentto facilitate provisioning of multiple service providers. As service providers (SP)
`
`associated with the provisioned applications are often competing entities, it is preferable for the
`
`individual service provider to be able to interact with their customers without regard to other
`
`service providers or mobile network operators (MNO). In addition, because competing service
`
`Apple Ex. 1013, p. 7
`Apple Ex. 1013, p. 7
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`providers may have security concerns as to sharing of their information to other SPs, such as
`
`credit card issuers, or MNOs, a neutral third party manageris preferred to fill this void.
`
`Attorney Docket No P4303USPR
`
`SUMMARY
`
`[0010] OTA Proxyis a mobile client which supports OTA post-issuance related services
`
`to the secure element in a mobile communicative device. While there are methods which allow
`
`for OTA provisioning without the use of OTA Proxy, these methods have beentraditionally
`
`limited to UICC cards. As SE types, Micro SD and Embedded SEs cannot support conventional
`
`SAT/SUSAT/CATframeworknecessary for conventional OTA provisioning, OTA Proxy over
`
`OTA may be used by any party to send data to mobile communicative devices with the non-
`
`UICC SE types, such as Micro SD and Embedded SE. However, if desired, OTA proxy can also
`
`provide an alternative method to provision OTA, over the conventional method, to SE devices
`
`which do support conventional SAT/SUSAT/CATframework.
`
`[0011] In addition, to facilitate reliable data transmission during the OTA provisioning
`
`process, OTA Proxy provides a retry mechanism for reliable data transmission. In the event of
`
`an error during the transmission to the server or in the case acknowledgement (ACK) from the
`
`TSM server is not received within the predefined time period, the OTA Proxyis set to retransmit
`
`the data to ensure processing of requested data. This data reliance mechanism provides another
`
`level of assurance from the service providers and requesting users that their requests will be
`
`20
`
`executed.
`
`[0012] Exemplary embodiments of the present invention provide a system to provision
`
`mobile wallet cards into various SE types utilized by the requesting mobile device.
`
`[0013] Exemplary embodiments of the present invention also provide a method for
`
`Apple Ex. 1013, p. 8
`Apple Ex. 1013, p. 8
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`provisioning mobile wallet cards into various SE types utilized by the requesting mobile device.
`
`[0014] Exemplary embodiments of the present invention provide a system to install OTA
`
`Proxy application onto the mobile device.
`
`[0015] Exemplary embodiments of the present invention also provide a method for
`
`installing an OTA Proxy application onto the mobile device.
`
`[0016] Exemplary embodiments of the present invention provide a system to ensure
`
`reliable data transmission through a retry mechanism.
`
`[0017] Exemplary embodiments of the present invention provide a method to ensure
`
`reliable data transmission through a retry mechanism.
`
`[0018] Additional features of the invention will be set forth in the description which
`
`follows, and in part will be apparent from the description, or may be learned by practice of the
`
`invention.
`
`[0019] It is to be understood that both foregoing general descriptions and the following
`
`detailed description are exemplary and explanatory and are intended to provide further
`
`explanation of the invention as claimed. Other features and aspects will be apparent from the
`
`following detailed description, the drawings, and the claims.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`20
`
`[0020] The accompanying drawings, which are included to provide a further
`
`understanding of the invention and are incorporated in and constitute a part of this specification,
`
`illustrate embodiments of the invention, and together with the description serve to explain the
`
`principles of the invention.
`
`Apple Ex. 1013, p. 9
`Apple Ex. 1013, p. 9
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`[0021] FIG. 1 is a system diagramof a prior art OTA provisioning process through SMS
`
`PP protocol.
`
`[0022] FIG. 2 is a flow diagram illustrating a method for prior art OTA provisioning
`
`process through SMSPPprotocol.
`
`[0023] FIG. 3 is a system diagram of a TSM ecosystem supporting the OTAprovisioning
`
`process through OTA proxy according to an exemplary embodimentof the present invention.
`
`[0024] FIG. 4 is a block diagram of an example TSM system,its components, andits
`
`relationship with external parties according to an exemplary embodimentof the present
`
`invention.
`
`[0025] FIG. 5 is a flow diagram illustrating steps a service provider must take in order to
`
`take advantage of the TSM architecture according to an exemplary embodiment of the present
`
`invention.
`
`[0026] FIG. 6 is a flow diagram illustrating a method of obtaining a mobile wallet
`
`application with accompanying OTA proxy application according to an exemplary embodiment
`
`of the present invention.
`
`[0027] FIG. 7 is a flow diagram illustrating a high level OTA provisioning process
`
`though OTA proxy according to an exemplary embodimentof the present invention.
`
`[0028] FIG. 8 is a flow diagram illustrating in detail a method of verifying SE types and
`
`status as required to provision into various types of SEs according to an exemplary embodiment
`
`20
`
`of the present invention.
`
`[0029] FIG. 9 is a system diagram depicting mobile equipmentthat has installed a mobile
`
`wallet application, accompanying OTA Proxy application and wallet management applet, and
`
`payment applets according to an exemplary embodimentof the present invention.
`
`Apple Ex. 1013, p. 10
`Apple Ex. 1013, p. 10
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`[0030] FIG. 10 is a flow diagramillustrating operation of a retry mechanism to ensure
`
`reliable data transmission according to an exemplary embodimentof the present invention.
`
`Attorney Docket No P4303USPR
`
`DETAILED DESCRIPTION OF THE ILLUSTRATED EMBODIMENTS
`
`[0031] The invention is described more fully hereinafter with references to the
`
`accompanying drawings, in which exemplary embodiments of the invention are shown. This
`
`invention may, however, be embodied in many different forms and should not be construed as
`
`limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided
`
`so that this disclosure is thorough, and will fully convey the scope of the invention to those
`
`skilled in the art. In the drawings, the size and relative sizes of layers and regions may be
`
`exaggerated for clarity. Like reference numerals in the drawings denote like elements.
`
`[0032] FIG. 1 and 2 are a system diagram and corresponding flow diagram illustrating a
`
`method for OTA provisioning to mobile equipment as disclosed by priorart. Specifically, the
`
`referenced figures will provide for OTA provisioning via SMS PP protocol.
`
`[0033] Typically, before the request is made to provision a mobile device, it is assumed
`
`that that the MNO hasalready registered all of its information including OTA key information in
`
`step 101 in an offline batch process. Once MNOregisters all of the necessary information,
`
`mobile device may be ready for provisioning.
`
`[0034] To begin the provisioning process, a user makes a request to provision a mobile
`
`20
`
`wallet card to a Financial Institution (FI) 18, in step 102. Then, the FI 18 will process the request
`
`and send the request along with necessary identifiers, such as MSISDN along with provisioning
`
`data, to the TSM 10 for provisioning in step 103. In step 104, TSM 10 will process the request
`
`from the requesting FI 18 with the attributes provided by MNO 19 in step 101 for the requesting
`
`Apple Ex. 1013, p. 11
`Apple Ex. 1013, p. 11
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`user, and sends the provisioning command to MNO OTAserver 16 in step 105. MNO OTA
`
`Server 16 will then relay the provisioning command directly to the Mobile Equipment (ME) 11
`
`directly via SMS-PP protocol in step 106. MNO OTAServer 16 and MNO 19 may be owned by
`
`the sameentity but illustrated as two different entities to show the different functions performed
`
`by the individual elements. More specifically, MNO 19 is shown only in step 101 to illustrate the
`
`pre-registration step that is performed by the MNO 19. Once registered, MNO OTAserver
`
`primarily interacts with the ME11 to provision the information provided by FI 18. Lastly, in
`
`step 107 ME 11 receives the message and performsthe provisioning process into its SE (e.g.
`
`USIM,SIM, UICC).
`
`[0035] FIG. 3 is a system diagram of a TSM ecosystem supporting the OTA provisioning
`
`process through OTA proxy according to an exemplary embodimentof the present invention.
`
`[0036] As shownin FIG. 3, an example system employing TSM technology with OTA
`
`proxy provisioning includes a TSM system 10; mobile equipment 11; network 14; financial
`
`institution 18; MNO 19; handset manufacturer 20; card manufacturer 21. Before TSM system
`
`may befully utilized by the user andits participants, service providers (SP) such as identified in
`
`18 — 21 typically go through a pre-registration process such as that outlined in FIG.5.
`
`[0037] The handset manufacturers 20 may include embedded SE producer, and card
`
`manufacturers 21 may include producers of micro SD SE. As different SE manufacturer may
`
`provide for a different OTA keys than UICC SEdevices, handset manufacturers 20 and card
`
`20
`
`manufacturers 21 may provide their OTA keys to their respective devices in the pre-registration
`
`process mentioned above.
`
`[0038] Exemplary embodiments of the invention provide for OTA proxy to be connected
`
`with TSM system only during usageasit will conserve technical resources. As such, OTA proxy
`
`Apple Ex. 1013, p. 12
`Apple Ex. 1013, p. 12
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`will be in a sleep mode as a default until it is awakenforits utility. To provide for an awakening
`
`mechanism,a third party messaging platform (e.g. C2DM) may be utilized to wake the OTA
`
`proxy, which in turn will connect with the TSM system for usage. When TSM system sends a
`
`message to a push message server with the wake up command and identifying information, the
`
`push message server in turn sends a messageto the identified mobile device to wake up OTA
`
`proxy residing within the mobile device. Once awake, OTA proxy will collect the mobile device
`
`and SE information and connect to the TSM system for provisioning orotherutility.
`
`[0039] Finally, once the mobile equipment 11 has been provisioned with contactless card
`
`applets and is NFC enabled, an owner of the mobile equipment may make a purchase at the NFC
`
`enabled Point-of-Sale (POS) merchant by waving the NFC enabled mobile device at the
`
`corresponding NFC enabled POS device. Subsequently, once a purchase is made with the NFC
`
`enabled mobile device, the acquirer network and payment processor work together to ensure the
`
`payment gets updated at the financial institution 18. This end user application, however, does
`
`not involve the described TSM ecosystem andis illustrated to provide a description of a
`
`complete ecosystem.
`
`[0040] Further, a TSM system may include multiple components for moreefficient
`
`processing. FIG. 4 is a system diagram illustrating a TSM system andits relationship to external
`
`parties according to an exemplary embodimentof the present invention.
`
`[0041] A TSM system 10 may be comprised of a Card & Application Management
`
`20
`
`System (CAMS) 21; Key Management System (KMS) 22; Post Issuance Processor (PIP) 23;
`
`Customer Care, Billing, Participant System (CBPS) 24; Wallet Management System (WMS) 25;
`
`OM&A 31; and External System Interface (EST) 32.
`
`[0042] Component CAMS 21 may be responsible for managinglife cycle of SE, SD, and
`
`Apple Ex. 1013, p. 13
`Apple Ex. 1013, p. 13
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`applets. Life cycle refers to the various status of the respective device or application. In an
`
`example, life cycle of a SE mayinclude OS Native,initialized, and secured. Life cycle of an
`
`applet may include lock and unlock. Someofthe functionalities offered by the CAMS 21 will be
`
`management of SE type, SE profile, SE ID, application profile, and card profile. Each SEis
`
`identified individually and controlled by CAMS 21 with its own SE ID (CRN, CIN, CPLC,
`
`CSN).
`
`[0043] Component KMS 22 mayberesponsible for all of key managementfor allowing
`
`secure transactions. This may include secure log in, access control, audit, key profile
`
`management, key management, key profile exchange and recovery, and delegated management.
`
`[0044] ComponentPIP 23 is primarily responsible for provisioning information into the
`
`mobile handset, which may include preparation of data to be provisioned andthe actual
`
`execution of sending and receiving provisioning messages provided in Application Protocol Data
`
`Units (APDU).
`
`[0045] Component CBPS 24 may be responsible for customer management. It may keep
`
`customer accountstatus as well as link data once SP requests service subscription. The CBPS 24
`
`may modify the status of the SPs related to the customeras specified events occur(e.g. stolen
`
`handset) or as requested by the SP.
`
`[0046] Component WMS25 may be responsible for managementof wallet application
`
`and its associated mobile card widgets stored therein. This component may provide a mobile ID
`
`20
`
`to associate the wallet application stored in the user’s mobile equipment as well as all of the
`
`individual widgets stored in the wallet application.
`
`In addition, this component will store any of
`
`the user preferences made by the wallet owner(e.g. language, font, default card, etc.). This
`
`system may hold the master configuration which may provide synchronization benefit for the
`
`10
`
`Apple Ex. 1013, p. 14
`Apple Ex. 1013, p. 14
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`wallet application. This particular component may reside within the TSM system or separately
`
`as deemed necessary.
`
`[0047] Component OM&A 31 maybe responsible for providing an interface for external
`
`managers to access TSM directly.
`
`In instances where an external party desires to enterin data or
`
`modify certain items directly, the designated personnel whohassecurity access to the system
`
`may access the TSM system via OM&A 31 to make the necessary modifications.
`
`[0048] Component ESI 32 may providefor an interface for all external parties to send
`
`and receive data. As external parties may have specific protocol they utilize, ESI 32 has the
`
`capability to translate commandsand requests arriving or leaving the TSM system as necessary.
`
`[0049] The described TSM system is a third party entity positioned to consolidateall of
`
`the information from various service providers (SP) including, Financial institutions, MNOs,
`
`Handset Manufacturers, and Card Manufacturers. As TSM holdsall of the information from
`
`various parties, the mobile equipment need only to interact with the TSM system rather than
`
`various discrete entities. In sum, the described TSM system acts as an integration point for all of
`
`the external parties the mobile equipment may haveto deal with, providing for a seamless and
`
`more efficient operation of mobile services.
`
`[0050] FIG. 5 illustrates a pre-registration process that may take place before
`
`provisioning services into the mobile equipment according to an exemplary embodimentof the
`
`invention. In an example, SPs mayfirst register their information into the TSM system for use
`
`20
`
`by the TSM system. A SP may be any entity that seeks to provision its services onto the end
`
`mobile equipment.
`
`[0051] In step 301, SPs’ information has beenregistered into the TSM system. This
`
`process may be achieved by various methods. For example, the SP may send an encrypted email
`
`11
`
`Apple Ex. 1013, p. 15
`Apple Ex. 1013, p. 15
` Apple v. Fintiv
`Apple v.Fintiv
`IPR2020-00019
`IPR2020-00019
`
`

`

`Attorney Docket No P4303USPR
`
`with basic registration information along with PGP public key. Registration may be achieved in
`
`person, by phone, through an automated system or any other method available to exchange
`
`information. TSM administrator may then enter SP’s basic information into the TSM system and
`
`provide a unique SP ID, transport key ID, and the participant type (MNO,service provider, SE
`
`manufacturer, application). TSM administrator may be a person, an automated system, or a
`
`separate entity. Afterwards, TSM system maycreates a participant account and generate secure
`
`token for the correlating SP ID. Oncethat is accomplished, TSM encrypts the SP account
`
`information in an encrypted email to send to the requesting SP.
`
`[0052] In step 302, a transport key is exchanged between the TSM system and the SP.
`
`Transport key serves to provide secure transmission of sensitive data between various parties.
`
`Such security may be provided through encryption, cryptographic transformation of data through
`
`Message Authentication Code (MAC), or other conventional security measures. The SP requests
`
`transport key sets to the TSM system. The TSM checks for duplicate keys assigned to the
`
`requesting SP, and if no such key has been assigned, then TSM generates transport key sets
`
`inside a Hardware Security Module (HSM).
`
`In an example, transport key sets may include three
`
`numbered keys including an encryption key (ENC), data encryption key (DEK), and me