US007699233B2
`
`(12) United States Patent
`Pesonen
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7.699,233 B2
`Apr. 20, 2010
`
`(54) METHOD FOR ISSUER AND CHIPSPECIFIC
`DVERSIFICATION
`
`(75) Inventor: Lauri Pesonen, Espoo (FI)
`
`(73) Assignee: Nokia Corporation, Espoo (FI)
`
`(*) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 670 days.
`
`(21) Appl. No.: 11/264,139
`(22) Filed:
`Nov. 2, 2005
`(65)
`Prior Publication Data
`US 2007/0095927 A1
`May 3, 2007
`
`(51) Int. Cl.
`(2006.01)
`G06K 9/06
`(52) U.S. Cl. .................................. 235/492; 235/472.02
`(58) Field of Classification Search ................. 235,492,
`235/472.02, 487; 713/168, 169, 172, 173;
`455/410, 411, 418, 419
`See application file for complete search history.
`References Cited
`U.S. PATENT DOCUMENTS
`
`(56)
`
`7,246.242 B1* 7/2007 Niemi et al. ................ T13, 181
`2003/0236983 A1* 12/2003 Mihm, Jr. ......
`... T13, 172
`2005/0153741 A1* 7/2005 Chen et al. .................. 455,558
`FOREIGN PATENT DOCUMENTS
`
`2389.272 A * 3, 2003
`GB
`2389272
`12/2003
`GB
`WO 04.002054
`12/2003
`WO
`WO WO 2005036916
`4/2005
`OTHER PUBLICATIONS
`International Search Report, PCT/IB2006/003037, Mail date Feb.
`28, 2007.
`* cited by examiner
`Primary Examiner Kumiko C Koyama
`(74) Attorney, Agent, or Firm Banner & Witcoff, Ltd.
`(57)
`ABSTRACT
`A system and method for initializing secure elements for use
`in mobile devices. A mobile device manufacturer embeds
`uninitialized secure elements into mobile devices. An issuer
`specific seed value is securely passed into an initialization
`routine in the operating system of the secure element. The
`initialization routine diversifies the initial root keys on the
`secure element with the issuer seed and the unique chip serial
`number to create master and chip keys for use in Secure
`communications between the issuer and the mobile device
`USC.
`
`5,745,571 A
`6.212,634 B1
`
`4, 1998 Zuk ........................... 380.285
`4/2001 Geer et al. .................. T13,156
`
`45 Claims, 7 Drawing Sheets
`
`issuer
`204. Generate encrypted initialization
`data from transfer keys Mac seeds,
`based on personalized issuer Seed.
`205. Send initialization data to the device vendor
`209. Mobile devices sent to retailers | customers
`
`210
`
`R-
`
`
`
`
`
`Smart Card Wendor
`
`230
`
`
`
`
`
`
`
`
`
`201 Production of smart cards
`202. Send uninitialized smart cards sent to the
`device vendor
`203. Send transfer keys / MAC seeds to issuer
`
`
`
`
`
`
`
`
`
`Device Vendor (non-secure premises)
`
`206. Manufacture of mobile devices,
`including installation of uninitialized
`Smart cards
`2O7. Call initialization routine with issuer
`provided data
`208, Deliver mobile devices and Serial
`numbers to issuer.
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 1 of 17
`
`

`

`U.S. Patent
`
`Apr. 20, 2010
`
`Sheet 1 of 7
`
`US 7.699,233 B2
`
`Janss;
`
`
`
`
`
`Jopu3A pueO ?ubuuS
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 2 of 17
`
`

`

`U.S. Patent
`
`Apr. 20, 2010
`
`Sheet 2 of 7
`
`US 7,699,233 B2
`
`
`
`Bus?83%052Sanco=m~__m=_c_vcom.wdm
`
`
`
`EoEomso\92592E3323“.2522dam
`
`
`
`£3385.\96;.295:E9:5%
`
`.nwwm58$03:28.8cowoman
`
`
`
`
`
`
`
`cosmufiEE3850599050.am.
`
`Baum.
`
`
`
`
`
`AwoflEoi2:03.55.59553.25
`
`0mmJf
`
`orN
`
`.—_—BungEmutuEm
`
`
`
`5.8:55ho20:802.".flow
`
`.ou:o>83%
`
`
`
`052E3£28:95EEEECE:ncom.Mam
`
`82mg9£83052\mix5‘39“38dam
`
`N.GE
`
`CNN
`IH
`
`
`
`5.6m9.8303%250:.5260dam
`
`.633B23E?
`
`Saw.8255
`
`
`
`.5325?2:8.=o_§__m_._:_:8Now
`
`85:55::655.9%usages
`
`3.60thm
`
`
`
`
`
`.30332508.o2:833:326.0M
`
`GOOGLE LLC V. RFCYBER CORP. / Page 3 of 17
`
`GOOG-1009
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 3 of 17
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Apr. 20, 2010
`
`Sheet 3 of 7
`
`US 7.699,233 B2
`
`302 /
`
`308
`
`306
`
`304
`
`
`
`310
`
`312
`
`314
`
`316
`
`-Seed
`
`Transfer-Key
`
`Root-Keys
`
`Unique Serial No.
`
`FIG. 3
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 4 of 17
`
`

`

`U.S. Patent
`
`Apr. 20, 2010
`
`Sheet 4 of 7
`
`US 7.699,233 B2
`
`START: NTIALZATION
`ROUTINE CALLED
`
`DECRYPT ISSUER-SEED USING
`INTERNAL TRANSFER KEY
`
`403
`ENCRYPT INTERNAL MAC-SEED USING 1a/
`SSUER-SEED
`
`
`
`
`
`RESULT OF 403
`EOUAL TO SECOND
`PART OF
`INITIALIZATION
`DATA
`
`405
`
`YeS
`
`USE ISSUER-SEED TO GENERATE
`MASTER KEYS FROM INTERNAL ROOT
`KEYS
`
`
`
`o
`
`
`
`USE UNIQUE CHIP SERAL NUMBER
`TO GENERATE CHIPS-KEYS FROM
`MASTER-KEYS
`
`
`
`
`
`DELETE ROOT-KEYS, TRANSFER-SEED,
`MAC-SEED, ISSUER-SEED, AND
`MASTER-KEYS FROMMEMORY
`
`407
`
`END
`(SUCCESS)
`
`"
`
`
`
`
`
`
`
`408
`
`MAX NUMBER OF
`FAILED
`ENITIALIZATION
`A TEMPTS?
`
`NCREMENT FAILED
`NITIALIZATION
`A TEMPTS COUNT
`
`DELETE
`INTERNAL KEYS /
`DSABLE CHP
`
`412
`
`
`
`R
`
`END
`(FAILED)
`
`F.G. 4
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 5 of 17
`
`

`

`U.S. Patent
`
`Apr. 20, 2010
`
`Sheet 5 of 7
`
`US 7.699,233 B2
`
`
`
`518
`
`316
`
`- Chip-Keys
`
`Unique Serial No.
`
`302
`
`308
`
`306
`
`
`
`304
`
`FIG. 5
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 6 of 17
`
`

`

`U.S. Patent
`
`Apr. 20, 2010
`
`Sheet 6 of 7
`
`US 7.699,233 B2
`
`
`
`Mobile Dewice issuer
`
`
`
`"Master keys generated"
`
`FIG. 6A
`
`230
`
`Mobile Device issuer
`
`d in
`
`"Master keys generated"
`
`root-Keys
`
`
`
`
`
`F.G. 6B
`
`
`
`
`
`20
`
`Smart Card Wendof
`
`t
`
`Smart Card Wendor
`
`t
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 7 of 17
`
`

`

`U.S. Patent
`
`Apr. 20, 2010
`
`Sheet 7 of 7
`
`US 7.699,233 B2
`
`Mobile Device issueT
`
`230
`
`702
`
`
`
`
`
`
`
`Serial no.
`
`CPU
`
`FIG. 7
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 8 of 17
`
`

`

`1.
`METHOD FOR ISSUER AND CHIPSPECIFIC
`DIVERSIFICATION
`
`US 7,699,233 B2
`
`FIELD OF THE INVENTION
`
`The present invention generally relates to systems and
`methods for installing and initializing secure element chips
`for use in mobile devices. More specifically, the present
`invention relates to systems and methods for securely and
`efficiently tailoring secure element chips to different mobile
`device issuers.
`
`BACKGROUND OF THE INVENTION
`
`10
`
`15
`
`30
`
`35
`
`40
`
`45
`
`The evolution of e-commerce has seen the emergence of
`Smart card technology as an attractive solution for a range of
`commercial and security applications. Smart cards provide
`security for data storage and transactions by serving as secure
`portable tokens providing digital identity, hardware-based
`authentication, and cryptographic key storage. Many Smart
`cards bear a resemblance to regular magnetic stripe credit
`cards that allow consumers to make secure transactions in
`stores and over the Internet. However, Smart cards differ in
`25
`that they use an embedded computer chip rather than a mag
`netic stripe. This chip allows the card to function much in the
`same way as a personal computer. As Smart cards have
`become less expensive and more powerful over recent years,
`a broad range of industries, including telecommunications,
`and especially mobile devices, have rapidly adopted Smart
`card technology by including smaller Smart cards into mobile
`device handsets.
`Smart cards in wireless devices such as mobile phones can
`store Subscriber profile information, such as, for example,
`information relating to available network services and the
`Subscriber's encoded network identification data including,
`for example, the telephone number of the subscriber, the
`subscriber's PIN, and other user data such as contact infor
`mation. Smart cards contain all the key information required
`to activate the phone and authenticate subscriber to the net
`work. It is desirable that such cards be secure, so that an
`untrusted party in possession of the mobile device or the card
`cannot learn the information contained on the memory of the
`card. It is further desirable that communications to and from
`the mobile device that make use of the secure-sensitive infor
`mation may be encrypted to prevent malicious parties from
`acquiring the Secure information during its transmission.
`Smart cards with secure element chips that store data in the
`Smart card memory and allow for the encrypted communica
`tion of this data can provide mobile device users with secure
`network access, and protection from fraud and identity theft,
`and greater business flexibility. However, before secure com
`munications can take place, a Smartcard must be installed and
`initialized into a mobile device in Such a manner as to prevent
`untrusted parties from obtaining any of the encryption keys,
`seed values, or secure internal data.
`FIG. 1 is a diagram demonstrating a known method for
`installing and initializing secure element chips into mobile
`terminals. The large boxes of FIG. 1 represent the different
`entities which interact during the installation and initializa
`tion process. The Smart card vendor 110 produces cards with
`embedded secure element chips for use in mobile devices.
`The device vendor 120 manufactures mobile devices, such as
`mobile phones. The issuer 130 is the wireless service provider
`who will be responsible for managing the device and Support
`ing secure wireless transactions after the mobile device has
`
`50
`
`55
`
`60
`
`65
`
`2
`been distributed to a user. The retail outlet 140 assembles the
`secure element chips into mobile devices and distributes the
`devices to users.
`The process of installing and initializing secure element
`chips shown in FIG. 1 begins when the smart card vendor 110
`manufactures the Smart cards containing initial keys in step
`101. In step 102, the issuer 130 generates the master keys,
`stores a copy of them in a database, and then securely trans
`mits them to the smart card vendor 110. The smart card
`vendor 110 uses the master keys received from the issuer 130
`and the chip serial numbers to initialize the Smart card chips
`in step 103. The smart card vendor 110 then securely trans
`mits the chip serial numbers back to the issuer 130 in step 104.
`The issuer 130 stores these serial numbers in the database
`with the master keys in step 105, so that the issuer 130 now
`has both the master keys and the chip serial numbers neces
`sary to manage the chips and to support secure wireless com
`munications for the mobile device.
`After initializing the Smart card chips, the Smart card ven
`dor 110 sends the cards to a retail outlet 140 in step 106.
`Concurrently, in step 107, the device vendor 120 sends its
`mobile devices to the retail outlet 140. The retail outlet 140
`assembles the initialized smart cards into the mobile devices
`in step 108, and can now distribute the devices to consumers
`in step 109.
`The above-described method divides the manufacturing of
`mobile devices into two distinct steps: the manufacturing of
`the device itself, and the assembly of the initialized smart card
`into the mobile device. These steps are suitable in situations
`where the smart cards are detachable from the mobile device.
`However, the above method reduces the business flexibility of
`all entities involved, by shipping and installing only pre
`personalized secure element chips into mobile devices.
`Recently, there has arisen a need for equipping mobile
`devices with terminal-integrated Smart card chips, which
`makes the above process of using pre-personalized secure
`element chips unsuitable as the secure element chips need to
`be personalized to the issuer only after the chips have been
`integrated into the mobile devices. Accordingly, there
`remains a need for an improved method for installing and
`initializing terminal-integrated secure element chips into
`mobile devices.
`
`SUMMARY OF THE INVENTION
`
`In light of the foregoing background, embodiments of the
`present invention provide an improved method for installing
`and initializing secure element chips into mobile devices. In
`one aspect of the present invention, a Smart card manufacturer
`creates Smart cards with embedded but uninitialized secure
`element chips. The Smart cards are shipped to a mobile device
`manufacturer/vendor in an uninitialized State, rather than pre
`personalized to a specific issuer. The uninitialized Smart cards
`may contain pre-installed encryption keys and a unique chip
`serial number, and may support an initialization routine that
`can be invoked by the device vendor to personalize the secure
`element to a specific issuer.
`Another aspect of the present invention allows for an issuer
`of the mobile device, along with the Smart card vendor and the
`device vendor, to initialize the mobile device specifically to
`the issuer. The issuer may obtain the transfer key and MAC
`seed values corresponding to the secure element from the
`Smart card Vendor. The issuer may then encrypt its own issuer
`seed value with this transfer key, and transmit this data to the
`device vendor. The issuer may further encrypt the MAC seed
`value with its issuer seed and transmit this data to the device
`vendor. The device vendor may then invoke the smart card
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 9 of 17
`
`

`

`US 7,699,233 B2
`
`3
`initialization routine with the data received from the issuer.
`This routine will configure the Smart card for secure commu
`nications by creating issuer-specific and chip-specific keys
`based on its pre-installed root keys, unique chip serial num
`ber, and the issuer seed.
`In another aspect of the present invention, the issuer may
`securely obtain the master keys and unique chip serial num
`bers required to support encrypted communications with
`mobile device. In one embodiment, the unique chip serial
`numbers, which are known by the device vendor, may be
`transmitted to the issuer along with the mobile devices them
`selves. In contrast, the master keys may be unknown to the
`device vendor, and can be generated by the issuer using the
`pre-installed chip information obtained from the smart card
`Vendor and its own issuer seed value. Thus, the issuer can
`securely communicate with the mobile device by generating
`the master keys corresponding to the issuer-specific chip keys
`now contained in the secure element.
`
`10
`
`15
`
`4
`“Smart cards' as described herein, may comprise secure ele
`ments that are designed to be soldered into the printed circuit
`boards of the mobile devices. Such permanently installed, or
`terminal-integrated, Smart cards stand in contrast to standard
`detachable Smart cards, which have secure element chips
`embedded into a plastic card. While the advantages of termi
`nal-integrated Smart cards are discussed herein, the present
`invention can also be applied to detachable secure elements
`such as those in SIM cards and other smart cards. With respect
`to the secure element itself, preferred embodiments may use
`integrated circuit (IC) microprocessor cards, also referred to
`in the industry as “chip cards.” Chip cards are embedded with
`a microprocessor and memory to Support a variety of appli
`cations. Chip cards may have built-in cryptography Support,
`that is, built-in functions to perform storage and manipulation
`of large numbers.
`Alternate embodiments of the invention may use other
`varieties of Smart cards besides chip cards. Examples include
`integrated circuit (IC) memory cards or optical memory
`cards, which contain memory but no microprocessor. These
`embodiments using memory cards would rely on the proces
`sor of the mobile device for all data processing and would
`only use the Smart card for data storage.
`The device vendor 220 manufactures the mobile devices
`for use in the methods of the presently disclosed invention. In
`a preferred embodiment, the device vendor comprises a
`mobile phone manufacturer; however the present invention is
`not limited to any specific type mobile device. Thus, mobile
`phones, personal digital assistants (PDAs), laptop computers,
`and a variety of Internet appliances may also be used.
`The issuer 230 manages the chips to Support secure wire
`less transactions by the mobile device user. The issuer 230
`typically purchases devices from the device vendor 220 and
`distributes those devices, through a retailer, to consumers.
`Thus, the issuer 230 is typically the mobile operator or mobile
`service provider. As discussed in detail hereinafter, the issuer
`230 can be any party to whom the secure elements are per
`Sonalized, and is thus the party capable of secure communi
`cation with the initialized mobile device.
`The entities shown in FIG. 2 (the smart card vendor 210,
`the device vendor 220, and the issuer 230) are logically sepa
`rated into different boxes in FIG.2. Each box contains under
`lined numbers corresponding to the steps performed by that
`entity. However, it should be understood that certain process
`steps may be outsourced by an entity, or transferred from one
`entity to another. Two entities may also merge into a single
`unit. For example, if a Smart card Vendor and an issuer are
`commonly owned, the present invention retains the same
`advantages over other known methods for secure element
`chip installation and initialization.
`The underlined process steps within the boxes of FIG. 2
`illustrate the logical steps of an embodiment of the present
`invention. Note that not all steps need execute in the exact
`order described below. For example, the Smart card vendor
`210 may send the transfer keys/MAC seeds to the issuer 230
`in step 203 before sending the uninitialized smart cards to the
`device vendor 220 in step 202. However, of course, where the
`data or physical components generated in one step are used in
`another step, the first step must occur before the second.
`Referring now to the process steps shown in FIG. 2, the
`process begins when the Smart card Vendor 210 manufactures
`the Smart cards containing pre-installed keys in step 201. The
`pre-installed, or initial, keys comprise root keys, or large
`numbers used in encrypted data transfers, which are known
`to, and saved by, the smart card vendor 210. As is discussed in
`detail below, the root keys can later be used to personalize
`the card, or set cryptography keys only known to the issuer.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`Having thus described the invention in general terms, ref
`erence will now be made to the accompanying drawings,
`which are not necessarily drawn to scale, and wherein:
`FIG. 1 is a functional block diagram of the prior method of
`25
`secure element initialization;
`FIG. 2 is a functional block diagram of an improved
`method of secure element initialization, in accordance with
`preferred embodiments of the present invention;
`FIG.3 is a schematic block diagram of an integrated circuit
`microprocessor card in an initial state, in accordance with one
`embodiment of the present invention;
`FIG. 4 is a flowchart of a method of initializing a secure
`element in accordance with one embodiment of the present
`invention;
`FIG. 5 is a schematic block diagram of an integrated circuit
`microprocessor card in a “GP Ready,” or initialized state, in
`accordance with one embodiment of the present invention;
`FIGS. 6A-6C are functional block diagrams of alternative
`methods of generating the secure element master keys; and,
`FIG. 7 is a functional block diagram of a secure over-the
`air communication between the issuer and the mobile device
`user, in accordance with one embodiment of the present
`invention.
`
`30
`
`35
`
`40
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`45
`
`The present invention now will be described more fully
`hereinafter with reference to the accompanying drawings, in
`which preferred embodiments of the invention are shown.
`This invention may, however, be embodied in many different
`forms and should not be construed as limited to the embodi
`ments set forth herein; rather, these embodiments are pro
`vided so that this disclosure will be thorough and complete,
`and will fully convey the scope of the invention to those
`skilled in the art.
`Referring to the FIG. 2, a process diagram is shown for the
`installation and initialization of terminal-integrated secure
`element chips into mobile devices according to embodiments
`of the present invention. As in FIG. 1, the overall process of
`chip installing and initializing a chip into a mobile device
`requires several different tasks that may be performed by
`different entities.
`The Smart card Vendor 210 manufactures cards containing
`secure element chips. While entity 210 is described herein as
`a Smart card vendor, in certain embodiments, the secure ele
`ment chip need not be embedded into a card at all. Rather,
`
`50
`
`55
`
`60
`
`65
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 10 of 17
`
`

`

`US 7,699,233 B2
`
`5
`According to embodiments of the present invention, the pre
`installed root keys may be the same for each individual smart
`card manufactured, and will only later be diversified by the
`issuer-specific seed and unique chip serial numbers. This
`process is discussed in detail below. Also, note that the unini
`tialized Smart cards contain other data besides the pre-in
`stalled root keys, such as the MAC seed, transfer key, and
`unique chip serial number, which are discussed in detail
`below. The pre-installed internal MAC seed and transfer key
`may also be the same for each Smart card manufactured by the
`same Smart card vendor 210. In step 202, the physical unini
`tialized Smart cards are sent to the device vendor 220. As is
`discussed below, although the device vendor 220 physically
`possesses the secure element chip, the pre-installed keys and
`other data on the chip are not necessarily accessible to the
`device vendor 220. In fact, in certain embodiments the device
`vendor 220 can be considered an untrusted entity and may
`never have access to the pre-installed root keys, transfer key,
`and MAC seed, which are stored internally on the uninitial
`ized Smart card. Only the unique chip serial number, which is
`a permanent and unchangeable value, might be public infor
`mation accessible to the device vendor 220.
`In step 203, the Smart card vendor 210 sends the issuer 230
`the transfer keys and MAC seeds corresponding to the Secure
`element chips of the smart cards sent to the device vendor
`220. A transfer key is an encryption key stored securely in the
`chip. It is used to protect the confidentiality of the security
`sensitive data transferred to the chip from an external source.
`A MAC seed is a random seed value programmed into the
`secure element chip by the smart card vendor for the purpose
`of integrity checking during the initialization process. The
`use of transfer keys and MAC seeds is known as such in the
`field of encrypted communications, and will be discussed in
`detail below. The issuer 230 uses this data, along with an
`issuer-specific seed value (issuer seed), to generate personal
`ized encrypted initialization data in step 204. The issuer seed
`may be a random number generated by the issuer 230, used
`for the generation of issuer-specific chip keys and master keys
`based on the pre-installed rootkeys of the secure element. The
`issuer seed is a secure value that should not be disclosed to
`any untrusted party. In some embodiments, the issuer seed is
`a random 16-byte integer.
`In step 205, the initialization data is sent from the issuer
`230 to the device vendor 220. Since this initialization data is
`encrypted, it need not be communicated to the mobile device
`over a secure channel. Indeed, in certain embodiments, the
`communications network between the issuer 230 and device
`vendor 220 is not secure, and the device vendor 220 may not
`be a trusted entity. As is further discussed below, although the
`device vendor 220 now possesses both the uninitialized smart
`card, and the initialization data, none of the secure underlying
`information needs to be exposed to the device vendor 220.
`The techniques discussed herein allow the pre-installed root
`keys, transfer key, and MAC seed, as well as the issuer seed to
`remain hidden from the device vendor 220. In contrast, the
`unique chip serial number may be public information, readily
`available to the device vendor. Certain embodiments of the
`present invention involve occasions where the device vendor
`220 is unsecure or untrusted, and thus the pre-installed root
`keys, transfer key, and MAC seed, as well as the issuer seed,
`must remain completely inaccessible to a device vendor in
`possession of the uninitialized Smart cards, the unique chip
`serial numbers, and the encrypted initialization data.
`Returning to steps 203-204, in alternative embodiments,
`different methods for generating the encrypted initialization
`data are used. For example, the Smart card vendor 210 may
`deliver a security module to the issuer 230. The security
`
`40
`
`45
`
`6
`module comprises tamper-proof memory, which contains the
`transfer keys and MAC seeds, but denies the issuer 230 any
`direct access to this data. Instead, the issuer 230 passes its
`own issuer seed to the security module, which internally
`generates the encrypted initialization data and returns this
`encrypted data to the issuer 230.
`In preferred embodiments, the encrypted initialization data
`comprises two separate pieces of encrypted data: the issuer
`seed encrypted with the transfer key, and the MAC seed
`encrypted with the issuer seed. Other embodiments allow for
`other pieces of data, which make up the initialization data, as
`long as the data allows for securely verifying the secure
`element initialization attempt.
`In step 206, the device vendor 220 manufactures the mobile
`devices, which may include embedding the uninitialized
`Smart cards received from the card vendor 210, such that the
`Smart cards are terminal-integrated, or permanently installed
`into the mobile device. By including the step of Smart card/
`chip card embedding into the mobile device manufacturing
`process, the security of the mobile device and the efficiency of
`the manufacturing process can be improved. In step 207, the
`device vendor 220 initializes the Smart cards by invoking an
`initialization routine stored in the operating system of the
`smart card chip. The device vendor 220 calls this initialization
`routine, passing into the routine an input parameter compris
`ing the encrypted initialization data received from the issuer
`230. The initialization routine, discussed in further detail
`below, will initialize the smart card embedded in the mobile
`device, personalizing the smart card chip for the issuer 230.
`The issuer 230 can now securely manage the device and
`provide mobile customers with secure data transfer capabili
`ties. In step 208, the device vendor 220 delivers the initialized
`mobile devices to the issuer 230 for distribution to retailers or
`consumers, along with the corresponding chip serial numbers
`of the secure element in each device. The issuer 230 may store
`these unique chip serial numbers in a secure database, to
`facilitate future communications with the mobile device. In
`step 209, the issuer 230 distributes these personalized mobile
`devices to customers. As stated above, this mobile device
`distribution may be done directly from the issuer to custom
`ers, or may be done through a retailer or other third party.
`The system and method exemplified in FIG. 2 improves
`upon the prior art techniques for installing and initializing
`secure element chips into mobile devices in several respects.
`In preferred embodiments, uninitialized (or non-pre-person
`alized) chips may be permanently installed into a mobile
`device during manufacturing. At a later time coordinated by
`the parties involved, the terminal-integrated chip can be per
`Sonalized to a specific issuer through a simple series of data
`transactions between the card vendor 210, device vendor 220,
`and issuer 230. No hardware need be shipped between parties
`to initialize another device. Devices can be quickly and easily
`personalized, or tailored to a specific issuer, without exposing
`the secure cryptographic keys to the device vendor 220 or
`other untrusted parties.
`As discussed above, prior art systems have typically been
`directed to detachable smart cards in mobile devices, wherein
`the issuer-specific tailoring of the secure element chips is
`done before the chips are installed into the devices. In con
`trast, the present invention further supports terminal-inte
`grated chip installation, wherein the secure element chip is
`permanently installed before the issuer-specific tailoring, or
`personalization. An additional advantage of the terminal-in
`tegrated embodiments of the present invention relates to
`mobile devices with radio frequency identification (RFID)
`communication modules used to perform secure transactions.
`RFID uses radio-frequency signals transmitted and received
`
`10
`
`15
`
`25
`
`30
`
`35
`
`50
`
`55
`
`60
`
`65
`
`GOOG-1009
`GOOGLE LLC v. RFCYBER CORP. / Page 11 of 17
`
`

`

`US 7,699,233 B2
`
`10
`
`15
`
`30
`
`40
`
`7
`between RFID communication modules, such as RFID tags
`or transponders, to provide automatic identification methods.
`These communication modules are referred to as either active
`or passive, depending on whether an internal power source is
`associated with the module. Mobile terminals such as phones
`or PDAs may be equipped with RFID communication mod
`ules, such that the module includes an interface to a terminal
`integrated secure Smart card element. The memory of the
`terminal-integrated secure element may contain additional
`data Such as credit card or bank account information, along
`with secure passwords or PINs. The users of the mobile
`device are now able to conduct financial transactions through
`the RFID interface for securely accessing and sharing the data
`in the secure element memory.
`For example, a usercarries her mobile device into a store or
`restaurant. The mobile device has a terminal-integrated
`secure element, on which the user's credit card information is
`stored. The mobile device also comprises an RFID tag, or
`transponder, for communicating information to a correspond
`ing RFID transceiver installed in the store or restaurant to
`facilitate financial transactions. When the user wishes to pay
`for her purchase, she may simply confirm the amount of the
`purchase and hold her mobile device near the store's RFID
`transceiver to complete the transaction. The internal RFID
`25
`secure element interface may securely access the user's credit
`card information from the secure element memory, and make
`this information available through the RFID tag. This sort of
`card-less transaction is more convenient for both parties, and
`may be more secure than typical in-store credit card pur
`chases.
`Referring to FIG. 3, a block diagram of an initial operating
`system state of a secure element chip 302 is shown, in accor
`dance with one embodiment of the present invention. A
`secure element chip containing a microprocessor and
`35
`memory, and running an operating system, may be embedded
`into a Smart card, thus enabling the Smart card to perform
`functions related to the attached mobile device. FIG. 3 illus
`trates an uninitialized secure element chip 302. The chip 302
`contains a CPU 304, and read-only memory (ROM) 306
`which stores the operating system. The secure element chip
`302also contains electrical erasable programmable read-only
`memory (EEPROM) 308. EEPROM is a variation of the
`read-only memory (ROM) commonly used by computers to
`persist data even after the power source to the memory is
`turned-off. However, unlike conventional ROM or program
`mable read-only memory (PROM), EEPROM may be pro
`grammed then erased by exposing the memory to an electrical
`charge. Thus, EEPROM may be erased and rewritten multiple
`times, yet will retain its contents when the device is turned off.
`The EEPROM 308 in FIG. 3 illustrates the initial State of
`the operating system. That is, FIG. 3 shows the state of the
`secure element chip 302 when it is shipped from the smart
`card vendor 210 to the device vendor 220. The uninitialized
`chip 302 has initial key values built into the EEPROM 308:
`the MAC seed 310, the transfer key 312, the root keys 314,
`and the unique serial number 316.
`The MAC seed 310 is a random seed value stored in the
`EEPROM 308 for the purpose of integrity checking during
`the initialization process. Like the other data stored inside the
`EEPROM 308 of FIG.3, the MAC seed 310 is stored typically
`in the system area of the EEPROM 308, designated for inter
`nal use only. However, according to embodiments of the
`present invention, also other arrangements for storing the
`MAC seed 310 can be made. All system area storage can only
`be used by operating system functions; this storage is inac
`cessible from outside of the chip. Thus, the MAC seed 310,
`
`55
`
`45
`
`50
`
`60
`
`65
`
`8
`once programmed into the EEPROM 308 by the smart card
`vendor 210, cannot be discovered by the device vendor 220 in
`possession of the chip 302.
`The transfer key 312, also stored typi