`
`In the United States Patent and Trademark Office
`
`US Utility Patent Application for
`
`Mobile devices for commerce over unsecured networks
`
`lnventor(s): Liang Seng Koh
`41291 Carmen Street
`Fremont, CA 94539, USA
`Citizenship: USA.
`
`Hsin Pan
`2374 Olive Avenue
`Fremont, CA 94539, USA
`Citizenship: USA.
`
`Xiangzhen Xie
`C505, Long Tai Xuan, Nanguang Village
`Nanshang District
`Shenzhen, Guangdong Province, 518051, China
`Citizenship: P. R. China
`
`Assignees:
`
`RFCyber Corp.
`
`Date of Deposit: January 16, 2012
`# E-filing
`Express Mail Label
`I hereby certify that this paper or fee is being deposited with the United States Postal Service using
`"Express Mail Post Office To Addressee" service under 37 CFR 1.10 on the date indicated above and is
`addressed to "Mail Stop: New Application, Commissioner for Patents, P.O. Box 1450, Alexandria, VA
`22313"
`
`Signed:
`
`/ joe zheng /
`Joe Zheng
`
`IPR2022-00413
`Apple EX1042 Page 1
`
`
`
`Mobile devices for commerce over unsecured networks
`
`Cross-Reference to Related Applications
`
`[0001]
`
`This application is a continuation-in-part of co-pending US Pat. App.
`
`Serial No.: 11/534,653 filed on 9/24/2006, now US Pat. No.: X,XXX,XXX, and also a
`
`continuation-in-part of US Pat. App. Serial No.: 11/739,044 filed on 04/23/2007, which
`
`is a continuation-in-part of co-pending US Pat. App. Serial No.:11/534,653 filed on
`
`9/24/2006, now US Pat. No.: X,XXX,XXX.
`
`Technical Field
`
`BACKGROUND
`
`[0002]
`
`The present invention is generally related to commerce over networks.
`
`Particularly, the present invention is related to techniques for personalizing a secure
`
`element and provisioning an application such as an electronic purse that can be
`
`advantageously used in portable devices configured for both electronic commerce
`
`(a.k.a., e-commerce) and mobile commerce (a.k.a., m-commerce).
`
`Description of the Related Art
`
`[0003]
`
`Single functional cards have been successfully used in enclosed
`
`environments such as transportation systems. One example of such single functional
`
`cards is MIFARE that has been selected as the most successful contactless smart
`
`card technology. MIFARE is the perfect solution for applications like loyalty and
`
`vending cards, road tolling, city cards, access control and gaming.
`
`[0004]
`
`However, single functional card applications are deployed in enclosed
`
`systems, which are difficult to be expanded into other areas such as e-commerce and
`
`m-commerce because stored values and transaction information are stored in data
`
`storage of each tag that is protected by a set of keys. The nature of the tag is that the
`
`keys need to be delivered to the card for authentication before any data can be
`
`accessed during a transaction. This constraint makes systems using such technology
`
`2
`
`IPR2022-00413
`Apple EX1042 Page 2
`
`
`
`difficult to be expanded to an open environment such as the Internet for e-commerce
`
`and/or wireless networks form-commerce as the delivery of keys over a public domain
`
`network causes security concerns.
`
`[0005]
`
`In general, a smart card, chip card, or integrated circuit card (ICC), is any
`
`pocket-sized card with embedded integrated circuits. A smart card or microprocessor
`
`cards contain volatile memory and microprocessor components. Smart cards may also
`
`provide strong security authentication for single sign-on (SSO) within large
`
`organizations. The benefits of smart cards are directly related to the volume of
`
`information and applications that are programmed for use on a card. A single
`
`contact/contactless smart card can be programmed with multiple banking credentials,
`
`medical entitlement, driver's license/public transport entitlement, loyalty programs and
`
`club memberships to name just a few. Multi-factor and proximity authentication can
`
`and has been embedded into smart cards to increase the security of all services on
`
`the card.
`
`[0006]
`
`Contactless smart cards that do not require physical contact between
`
`card and reader are becoming increasingly popular for payment and ticketing
`
`applications such as mass transit and highway tolls. Such Near Field Communication
`
`(NFC) between a contactless smart card and a reader presents significant business
`
`opportunities when used in NFC-enabled mobile phones for applications such as
`
`payment, transport ticketing, loyalty, physical access control, and other exciting new
`
`services.
`
`[0007]
`
`To support this fast evolving business environment, several entities
`
`including financial institutions, manufactures of various NFC-enabled mobile phones
`
`and software developers, in addition to mobile network operators (MNO), become
`
`involved in the NFC mobile ecosystem. By nature of their individual roles, these
`
`players need to communicate with each other and exchange messages in a reliable
`
`and interoperable way.
`
`[0008]
`
`One of the concerns in the NFC mobile ecosystem is its security in an
`
`open network. Thus there is a need to provide techniques to personalize a secure
`
`element in a contactless smart card or an NFC-enabled mobile device so that such a
`
`3
`
`IPR2022-00413
`Apple EX1042 Page 3
`
`
`
`device is so secured and personalized when it comes to financial applications or
`
`secure transactions. With a personalized secure element in an NFC-enabled mobile
`
`device, various applications or services, such as electronic purse or payments, can be
`
`realized. Accordingly, there is another need for techniques to provision or manage an
`
`application or service in connection with a personalized secure element.
`
`SUMMARY
`
`[0009]
`
`This section is for the purpose of summarizing some aspects of
`
`embodiments of the present invention and to briefly introduce some preferred
`
`embodiments. Simplifications or omissions in this section as well as the title and the
`
`abstract of this disclosure may be made to avoid obscuring the purpose of the section,
`
`the title and the abstract. Such simplifications or omissions are not intended to limit
`
`the scope of the present invention.
`
`[0010]
`
`Broadly speaking, the invention is related to techniques for personalizing
`
`secure elements in NFC devices to enable various secure transactions over a network
`
`(wired and/or wireless network). With a personalized secure element (hence secured
`
`element), techniques for provisioning various applications or services are also
`
`provided. Interactions among different parties are managed to effectuate a
`
`personalization or provisioning process flawlessly to enable an NFC device for a user
`
`thereof to start enjoying the convenience of commerce over a data network with
`
`minimum effort.
`
`[0011]
`
`As an example of application to be provided over a secured element, a
`
`mechanism is provided to enable devices, especially portable devices, to function as
`
`an electronic purse (e-purse) to conduct transactions over an open network with a
`
`payment server without compromising security. According to one embodiment, a
`
`device is installed with an e-purse manager (i.e., an application). Thee-purse manager
`
`is configured to manage various transactions and functions as a mechanism to access
`
`an emulator therein. Secured financial transactions can then be conducted over a
`
`wired network, a wireless network or a combination of both wired and wireless
`
`network.
`
`4
`
`IPR2022-00413
`Apple EX1042 Page 4
`
`
`
`[0012]
`
`According to another aspect of the present invention, security keys
`
`(either symmetric or asymmetric) are personalized so as to personalize an e-purse
`
`and perform a secured transaction with a payment server. In one embodiment, the
`
`essential data to be personalized into an e-purse include one or more operation keys
`
`(e.g., a load key and a purchase key), default PINs, administration keys (e.g., an
`
`unblock PIN key and a reload PIN key), and passwords (e.g., from Mifare). During a
`
`transaction, the security keys are used to establish a secured channel between an
`
`embedded e-purse and an SAM (Security Authentication Module) or a backend server.
`
`[0013]
`
`The present invention may be implemented in various forms including a
`
`method, a system, an apparatus, a part of a system or a computer readable medium.
`
`According to one embodiment, the present invention is a method for personalizing a
`
`secure element associated with a computing device. The method comprises initiating
`
`data communication with a server, sending device information of the secure element in
`
`responding to a request from the server after the server determines that the secure
`
`element is registered therewith, wherein the device information is a sequence of
`
`characters uniquely identifying the secure element, and the request is a command
`
`causing the computing device to retrieve the device information from the secure
`
`element, receiving at least a set of keys from the server, wherein the keys are
`
`generated in the server in accordance with the device information of the secure
`
`element, and storing the set of keys in the secure element to facilitate a subsequent
`
`transaction by the computing device.
`
`[0014]
`
`According to another embodiment, the present invention is a method for
`
`personalizing a secure element associated with a computing device. The method
`
`comprises receiving an inquiry to establish data communication between a server and
`
`the computing device, sending a request from the server to the computing device to
`
`request device information of the secure element after the server determines that the
`
`computing device is registered therewith, wherein the device information is a sequence
`
`of characters uniquely identifying the secure element, and the request is a command
`
`that subsequently causes the computing device to retrieve the device information from
`
`the secure element therein, generating at least a set of keys in accordance with the
`
`device information received, delivering the set of keys through a secured channel over
`
`5
`
`IPR2022-00413
`Apple EX1042 Page 5
`
`
`
`a data network to the computing device, wherein the set of keys is caused to be stored
`
`in the secure element with the computing device, and notifying at least a related party
`
`that the secure element is now personalized for subsequent trusted transactions.
`
`[0015]
`
`According to still another embodiment, the present invention is a method
`
`for provisioning an application installed in a mobile device, the method comprises
`
`sending to a server an identifier identifying the application together with device
`
`information of a secure element associated with a mobile device on which the
`
`application has been installed, establishing a secured channel between the secure
`
`element and the server using a set of key set installed in the secure element, receiving
`
`data prepared by the server to enable the application to function as designed on the
`
`mobile device; and sending out an acknowledgement to a provider of the application
`
`about a status of the application now being active with the secure element on the
`
`mobile device. The data received in the mobile device includes a user interface of the
`
`application per the mobile device and a generated application key set.
`
`[0016]
`
`According to still another embodiment, the present invention is a method
`
`for provisioning an application, the method comprises receiving from a mobile device
`
`an identifier identifying the application together with device information of a secure
`
`element associated with the mobile device on which the application has been installed,
`
`establishing a secured channel between the secure element and the server using a set
`
`of key set installed on the secure element, preparing data necessary for the
`
`application to function as designed on the mobile device, transporting the data from
`
`the server to enable the application via the secured channel; and notifying a provider
`
`of the application about a status of the application now active with the secure element
`
`on the mobile device.
`
`[0017]
`
`According to yet another embodiment, the present invention is a mobile
`
`device for conducting a transaction over a network, the mobile device comprises a
`
`network interface, a secure element, a memory space for storing at least a module and
`
`an application downloaded from the network, a processor coupled to the memory
`
`space and configured to execute the module to cause operations including verifying
`
`whether the application has been provisioned. When it is verified that the application
`
`6
`
`IPR2022-00413
`Apple EX1042 Page 6
`
`
`
`has not been provisioned, the operations further comprise sending to a server via the
`
`network interface an identifier identifying the application together with device
`
`information of a secure element, establishing a secured channel between the secure
`
`element and the server using a key set installed on the secure element, wherein the
`
`server is configured to prepare data necessary for the application to function as
`
`designed on the mobile device, receiving the data from the server to associate the
`
`application with the secure element, and sending out an acknowledgement to a
`
`provider of the application about a status of the application that is now active with the
`
`secure element. The processor is further configured to determine if the secure element
`
`has been personalized before performing a provisioning process of the application. If
`
`the secure element has not been personalized, the mobile device is caused to
`
`personalize the secure element with a designed server.
`
`[0018]
`
`One of the objects, features, and advantages of the present invention is
`
`to enable a mobile device that can be used to perform a secured transaction with a
`
`party (e.g., at a point of sale, with a commercial server or accessing remotely) over an
`
`unsecured network (e.g., the Internet).
`
`[0019]
`
`Other objects, features, and advantages of the present invention, which
`
`will become apparent upon examining the following detailed description of an
`
`embodiment thereof, taken in conjunction with the attached drawings.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0020]
`
`The invention will be readily understood by the following detailed
`
`description in conjunction with the accompanying drawings, wherein like reference
`
`numerals designate like structural elements, and in which:
`
`[0021]
`
`FIG. 1A shows a simplified architecture of an NFC-enabled mobile
`
`device with a secure element (SE);
`
`[0022]
`
`FIG. 1 B shows a flowchart or process of personalizing an SE according
`
`to one embodiment of the present invention;
`
`7
`
`IPR2022-00413
`Apple EX1042 Page 7
`
`
`
`[0023]
`
`FIG. 1 C shows relationships among an SE manufacturer, a TSM admin
`
`and the TSM system for both offline and online modes;
`
`[0024]
`
`FIG. 1 D illustrates data flows among a user for an NFC device (e.g., an
`
`NFC mobile phone), the NFC device itself, a TSM server, a corresponding SE
`
`manufacturer and an SE issuer;
`
`[0025]
`
`FIG. 1 E shows a data flowchart or process of personalizing data flow
`
`among three entities: a land-based SAM or a network e-purse server, an e-purse
`
`acting as a gatekeeper, and a single function tag, according to one embodiment;
`
`[0026]
`
`FIG. 2A shows a mobile payment ecosystem in which related parties are
`
`shown in order for the mobile payment ecosystem successful;
`
`[0027]
`
`FIG. 2B shows a flowchart or process of provisioning one or more
`
`applications according to one embodiment;
`
`[0028]
`
`FIG. 2C shows a data flow illustrating various interactions among
`
`different parties when an application is being provisioned in one embodiment;
`
`[0029]
`
`FIG. 2D shows a data flow among different entities when preparing the
`
`application data in provisioning an application;
`
`[0030]
`
`FIG. 2E shows a flowchart or process for locking or disabling an installed
`
`application;
`
`[0031]
`
`FIG. 2F shows an exemplary architecture diagram of a portable device
`
`enabled as an e-purse conducting e-commerce and m-commerce, according to one
`
`embodiment of the present invention;
`
`[0032]
`
`FIG. 3A is a block diagram of related modules interacting with each other
`
`to achieve what is referred to herein as e-purse personalization by an authorized
`
`personnel (a.k.a., personalizing a mobile device or a secure element therein while
`
`provisioning an application);
`
`[0033]
`
`FIG. 3B shows a block diagram of related modules interacting with each
`
`other to achieve what is referred to herein as e-purse personalization by a user of the
`
`e-purse;
`
`8
`
`IPR2022-00413
`Apple EX1042 Page 8
`
`
`
`[0034]
`
`FIG. 3C shows a flowchart or process of personalizing an e-purse
`
`according to one embodiment of the present invention;
`
`[0035]
`
`FIG. 4A and FIG. 4B show together a flowchart or process of financing,
`
`funding, load or top-up an e-purse according to one embodiment of the present
`
`invention;
`
`[0036]
`
`FIG. 4C shows an exemplary block diagram of related blocks interacting
`
`with each other to achieve the process FIG. 4A and FIG. 4B;
`
`[0037]
`
`FIG. 5A is a diagram showing a first exemplary architecture of a portable
`
`device for enabling e-commerce and m-commerce functionalities over a cellular
`
`communications network (i.e., 3G, L TE or GPRS network), according an embodiment
`
`of the present invention;
`
`[0038]
`
`FIG. 5B is a diagram showing a second exemplary architecture of a
`
`portable device for enabling e-commerce and m-commerce functionalities over a wired
`
`and/or wireless data network (e.g., Internet), according another embodiment of the
`
`present invention;
`
`[0039]
`
`FIG. 5C is a flowchart illustrating an exemplary process of enabling the
`
`portable device of FIG. 5A for services/applications provided by one or more service
`
`providers in accordance with one embodiment of the present invention;
`
`[0040]
`
`FIG. 6A is a diagram showing an exemplary architecture, in which a
`
`portable device is enabled as a mobile POS conducting e-commerce and m(cid:173)
`
`commerce, according to one embodiment of the present invention;
`
`[0041]
`
`FIG. 6B is a diagram showing an exemplary architecture, in which a
`
`portable device is enabled as a mobile POS conducting a transaction upload operation
`
`over a network, according to an embodiment of the present invention;
`
`[0042]
`
`FIG. 6C is a flowchart illustrating an exemplary process of conducting m-
`
`commerce using the portable device enabled as a mobile POS with an e-token
`
`enabled device as a single functional card in accordance with one embodiment of the
`
`present invention;
`
`9
`
`IPR2022-00413
`Apple EX1042 Page 9
`
`
`
`[0043]
`
`FIG. 6D is a flowchart illustrating an exemplary process of conducting m-
`
`commerce using the portable device enabled as a mobile POS against a an e-token
`
`enabled device as a multi-functional card; and
`
`[0044]
`
`FIG. 7 is a diagram depicting an exemplary configuration in which a
`
`portable device used for an e-ticking application.
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`[0045]
`
`In the following description, numerous specific details are set forth to
`
`provide a thorough understanding of the present invention. The present invention may
`
`be practiced without these specific details. The description and representation herein
`
`are the means used by those experienced or skilled in the art to effectively convey the
`
`substance of their work to others skilled in the art. In other instances, well-known
`
`methods, procedures, components, and circuitry have not been described in detail
`
`since they are already well understood and to avoid unnecessarily obscuring aspects
`
`of the present invention.
`
`[0046]
`
`Reference herein to "one embodiment" or "an embodiment" means that
`
`a particular feature, structure, or characteristic described in connection with the
`
`embodiment can be included in at least one implementation of the invention. The
`
`appearances of the phrase "in one embodiment" in various places in the specification
`
`are not necessarily all referring to the same embodiment, nor are separate or
`
`alternative embodiments mutually exclusive of other embodiments. Further, the order
`
`of blocks in process, flowcharts or functional diagrams representing one or more
`
`embodiments do not inherently indicate any particular order nor imply limitations in the
`
`invention.
`
`[0047]
`
`Embodiments of the present invention are discussed herein with
`
`reference to FIGS. 1A - 7. However, those skilled in the art will readily appreciate that
`
`the detailed description given herein with respect to these figures is for explanatory
`
`purposes only as the invention extends beyond these limited embodiments.
`
`10
`
`IPR2022-00413
`Apple EX1042 Page 10
`
`
`
`[0048]
`
`Near Field Communication (NFC) presents significant business opportunities
`
`when used in mobile phones for applications such as payment, transport ticketing, loyalty,
`
`physical access control, and other exciting new services. To support this fast evolving
`
`business environment, several entities including financial institutions, manufactures of
`
`various NFC-enabled mobile phones and software developers, in addition to Mobile
`
`Network Operators (MNO), become involved in the NFC mobile ecosystem. By nature of
`
`their individual roles, these players need to communicate with each other and exchange
`
`messages in a reliable and interoperable way.
`
`[0049]
`
`Equally important to these entities or players, is the need for ongoing
`
`security and confidentiality of sensitive applications and data downloaded to and stored on
`
`an NFC enabled handset for performing contactless transactions. The component in a
`
`mobile phone providing the security and confidentiality required to support various
`
`business models in this environment, is referred to as a Secure Element (SE).
`
`[0050]
`
`FIG. 1A shows a simplified architecture of a computing device 100.
`
`Unless otherwise explicitly indicated, the term of "computing device", "mobile device"
`
`or "handset" will be interchangeably used herein, but those skilled in the art will
`
`understand the description herein shall be equally applicable to other devices such as
`
`a smart phone, a tablet, a laptop computer, a contactless smart card and other
`
`portable device.
`
`[0051]
`
`The mobile device 100 includes a near field communication (NFC)
`
`controller 101 that enables the device 100 to interact with another device wirelessly to
`
`exchange data with. For example, a user may use the mobile device 100 as an e(cid:173)
`
`purse or a wallet to pay for a purchase or an admission. In operation, thee-purse is
`
`controlled by a secure element (SE) 102. Essentially, the SE 102 enables such a
`
`mobile device 100 to perform financial transaction, transport ticketing, loyalty, physical
`
`access control, and other exciting new services in a secured manner. To offer such
`
`services, the SE 102 is configured to support various applets, applications or modules
`
`(only two samples 104 and 106 are shown in FIG. 1A). Depending on implementation,
`
`these modules may be hardware modules embedded or inserted thereon, or software
`
`modules downloadable from one or more servers via a data network.
`
`11
`
`IPR2022-00413
`Apple EX1042 Page 11
`
`
`
`[0052]
`
`When a mobile device is first purchased by or delivered to a customer,
`
`the SE 102 in the mobile device is installed with a set of default keys (e.g., an Issuer
`
`Security Domain (ISO) key set by the SE manufacturer). Depending on
`
`implementation, the SE 102 may be in form of a smart card, an integrated circuit (IC)
`
`or a software module upgradable by overwriting some of all of the components therein.
`
`In one embodiment, the SE 102 is a tamper proof Smart Card chip capable to embed
`
`smart card-grade applications (e.g., payment, transport ... ) with the required level of
`
`security and features. In FIG. 1 A, the SE 102 embeds or associates with contactless
`
`and NFC-related applications and is connected to the NFC controller 101 to act as the
`
`contactless front end.
`
`[0053]
`
`Typically, a standard-compliant secure element comes with one issuer
`
`security domain (ISO) and an option for one or more supplemental security domains
`
`(SSD). Each of these domains includes a set of keys. In one embodiment, the SE 102
`
`is a chip embedded in the mobile device 100 or in a miniature card inserted into the
`
`mobile device 100 via a card interface 109. In another embodiment, the SE 102 is or
`
`includes a software module loaded in a secured memory space 107 in the mobile
`
`device 100. The software module may be updated by downloading updating
`
`components from a designated server using a network interface 103 (e.g., a 3G
`
`network or an L TE network) in the mobile device 100.
`
`[0054]
`
`The SE 102 needs to go through a personalization process before it can
`
`be used. In one embodiment, the personalization process is to load the SE 102 with or
`
`update a key set with a derived personalized key set of a chosen card issuer (i.e., a
`
`so-called SE issuer). Such a personalization process may be also referred to as a
`
`provisioning process. According to one embodiment, the provisioning is performed
`
`over the air (OTA) to cause the SE to be personalized while installing an application or
`
`enabling a service (i.e., application installation and personalization). The
`
`personalization of an SE is only done once to associate the SE to an SE issuer. The
`
`application installation and provisioning shall be done for each application when a user
`
`subscribes or installs an application.
`
`12
`
`IPR2022-00413
`Apple EX1042 Page 12
`
`
`
`[0055]
`
`In one embodiment, when updating or upgrading the SE 102, only one or
`
`some components pertaining to the SE 102 are replaced by newer updates to avoid
`
`personalizing the SE 102 from beginning. Depending on implementation, such newer
`
`updates may be automatically or manually obtained to be loaded into the mobile
`
`device 100.
`
`[0056]
`
`In one embodiment, applications are available for an NFC-enabled
`
`mobile device to download from a server or a TSM portal depending on the
`
`corresponding SE issuer and the TSM thereof. TSM, standing for Trusted Service
`
`Management, is a collection of services. One main role envisaged for the TSM is to
`
`help service providers securely distribute and manage contactless services for their
`
`customers using the networks of mobile operators. The TSM or its server(s) does not
`
`necessarily participate in actual contactless transactions using NFC devices. These
`
`transactions are processed normally in whatever system the service provider and its
`
`merchant partners have already put in place. Another role of the TSM is to accelerate
`
`the successful deployment and ramp-up of mobile NFC applications by acting as a
`
`commercial intermediary that facilitates contractual arrangements and other aspects of
`
`ongoing business relationships among different parties that make the commerce via
`
`the mobile networks possible.
`
`[0057]
`
`The personalization process can be done either physically in a service
`
`center or remotely via a web portal by a TSM server. In the first scenario, the customer
`
`may physically go to a service center to let a service representative to personalize the SE
`
`in a mobile device. With a computer connected to a NFC reader at a designated place
`
`(e.g., a service center), a provisioning manager can be either an installed application or a
`
`web-based application connecting to a backend TSM. The provisioning manager is
`
`configured to communicate with the SE of the mobile device (e.g., via a reader). Such a
`
`personalization process is referred to as a process Over the Internet (OTI).
`
`[0058]
`
`In the second scenario, the customer registers his/her mobile phone via a
`
`server (often a TSM web portal). The TSM server is configured to push a universal
`
`resource identifier (URI) of a provisioning manager to the registered mobile phone.
`
`Depending on a type of the device, the push can be either an SMS (Short Message
`
`13
`
`IPR2022-00413
`Apple EX1042 Page 13
`
`
`
`Service) Push or a Google Android Push. The customer can download the provisioning
`
`manager into the mobile device and start the personalization process. Such a
`
`personalization process is referred to as a process Over the Air (OTA).
`
`[0059]
`
`In either one of the scenarios, the provisioning manager acts as a proxy
`
`between the SE in the mobile device and the TSM server. Referring now to FIG. 1 B, it
`
`shows a flowchart or process 110 of personalizing an SE according to one embodiment of
`
`the present invention. Depending on implementation, the process 110 may be
`
`implemented in software or a combination of software and hardware. When a user
`
`receives a new NFC device (e.g., a part of a mobile device), the SE therein needs to be
`
`personalized.
`
`[0060]
`
`At 112, the new NFC device is determined if it is a genuine NFC device. One
`
`example is to check a serial number associated with the NFC device. The serial number
`
`may be verified with a database associated with a TSM server. In the example of a NFC
`
`mobile device, the device serial number of the mobile device may be used for verification.
`
`It is now assumed that the NFC device is a genuine device (recognizable by a mobile
`
`operator). The process 110 goes to 114 to have the NFC device communicated with a
`
`dedicated server. In one embodiment, the server is a part of the Trusted Service
`
`Management (TSM) system and accessible by a wireless network, the Internet or a
`
`combination of wireless and wired networks (herein referred to as a data network or
`
`simply a network).
`
`[0061]
`
`At 116, the NFC device is registered with the server. Once the NFC device
`
`becomes part of the system, various services or data may be communicated to the device
`
`via the network. As part of the personalization process, the server requests device
`
`information of the SE at 118. In one embodiment, the server is configured to send a data
`
`request (e.g., a WAP PUSH) to the device. In responding to the request, the device sends
`
`back CPLC (card product life cycle) information retrieved from the SE. The CPLC includes
`
`the SE product information (e.g., the smart card ID, manufacturer information and a batch
`
`number and etc.). Based on the CPLC info, the server is able to retrieve corresponding
`
`default Issuer Security Domain (ISO) information of this SE from its manufacturer, an
`
`authorized distributor or a service provider (referred to as a manufacturer, a distributor or
`
`14
`
`IPR2022-00413
`Apple EX1042 Page 14
`
`
`
`a provider of the SE). Depending on implementation, there are two ways that the server
`
`may communicate with a SE manufacturer, which will be fully discussed herein late when
`
`deemed appropriate.
`
`[0062]
`
`At 120, it is up to the manufacturer whether to update the device
`
`information. In general, when an SE is shipped from the manufacturer, the SE is
`
`embedded with some default device information. If it is decided that the default
`
`information such as the CPLC data is to be updated with the manufacturer, the process
`
`110 goes to 122 where the manufacturer uploads corresponding updated device
`
`information to the server. The updated device information is transported to the device and
`
`stored in the SE at 124. If it is decided that the default information in the SE is not to be
`
`updated with the manufacturer, the process 110 goes to 124 to store the retrieved default
`
`device information in a database with the TSM server. In one embodiment, the server is
`
`configured to include an interface to retrieve a derived SE key set. In one embodiment,
`
`the derived key set is generated with the device information (e.g., ISO) of the SE. When
`
`the derived ISO key set is successfully installed on the SE, the corresponding SE issuer is
`
`notified of the use of the derived ISO key set.
`
`[0063]
`
`According to one embodiment, the device information (default or updated) is
`
`used to facilitate the generation of a set of keys at 126. In one embodiment, the server is
`
`configured to establish a secured channel using the default ISO between its hardware
`
`security module (HSM) and the SE. The server is also configured to compute a derived
`
`key set for the SE. Depending on a business agreement, a master ISO key of an issuer
`
`for the SE may be housed in a hardware security module (HSM) associated with the
`
`server or in a local HSM of the SE issuer. An HSM is a type of secure crypto-
`
`processor targeted at managing digital keys, accelerating crypto-processes in terms of
`
`digital signings/second and for providing strong authentication to access critical keys for
`
`server applications. If it is housed in the HSM of the server, the server is configured to
`
`instruct the HSM to compute the derived key set. Then, the server prepares a mechanism
`
`(e.g., PUT KEY A