`
`
`
`
`
`3083
`
`8Al
`
`US 201201
`
`(19) United States
`a2) Patent Application Publication co) Pub. No.: US 2012/0130838 Al
`(43) Pub. Date: May 24, 2012
`
`Kohetal.
`
`(54)
`
`METHOD AND APPARATUS FOR
`PERSONALIZING SECURE ELEMENTSIN
`MOBILEDEVICES
`
`(75)
`
`Inventors:
`
`Liang Seng Koh, Fremont, CA
`(US); Hsin Pan, Fremont, CA (US);
`Xiangzhen Xic, Shenzhen (CN)
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`G06O 20/32
`HOAW12/04
`G06O 30/06
`GU6E21/00
`
`(2012.01)
`(2009.01)
`(2012.01)
`(2006.01)
`
`(73)
`
`Assignee:
`
`RECyber Corp.
`
`(21)
`
`Appl. No.:
`
`13/350,832
`
`(22)
`
`Tiled:
`
`Jan. 16, 2012
`
`Related U.S. Application Data
`
`(63)
`
`Continuation-in-part of application No. 11/534,653,
`filed on Sep. 24, 2006, now Pat. No. 8,118,218, Con-
`tinuation-in-part of application No. 11/739,044, filed
`on Apr. 23, 2007, which is a continuation-in-part of
`application No. 11/534,653, filed on Sep. 24, 2006,
`now Pat. No. 8,118,218.
`
`(52) US. CM. cescccsssssssesssssesesssee 705/26.1; 726/6; 705/44
`
`(57)
`
`ABSTRACT
`
`Techniques for personalizing secure elements in NFC devices
`to enable various secure transactions over a network (wired
`and/or wireless network) are disclosed. With a personalized
`secure element (hence secured element) in place, techniques
`for provisioning, various applications or servicesare also pro-
`vided. Interactions among, different parties are managed to
`effectuate a personalization or provisioning process flaw-
`lessly to enable an NFC device for a user thereof to start
`enjoying the convenience of commerce over a data network
`with minimum effort.
`
`E
`Processor |
`a ee
`yz
`
`Secured
`
`memary
`
`40?
`
`409
`Card
`interface
`
`404 Network interface
`
`Secure Element
`
`NEC controller
`
`103
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 1 of 40
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 1 of 40
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 1 of 25
`
`US 2012/0130838 Al
`
`6ob pleD|painseg=sossaodig
`
`
`BORO|yo.AjoujeusSUL
`
`
`
`juoReayddy|BSNaa
`
`
`
`RARAAAAARRRRERSSEORAERESCARAERAEAREEAESEORAEERSSOAAARMERERREAORRRERSSORARARARENERERRAAERASTaemsannnarennmnssenngenssestoe
`
`
`
`
`
`
`
`£04|SOBLS]ULOMB
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`SoTt—°N®D©oO—ai°Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 2 of 40
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 2 of 25
`
`US 2012/0130838 Al
`
`anaOLL“oy
`
`Hera
`
`
` noneSa{SOREaunusdcanoe
`
`
`
`are
`
`”
`
`MIS
`
`
`
`
`
`PloaGeLeB4}RASSPOIAODBulUABye8)
`
`Ohhmoe
`
`neJeibend
`
`
`iiOug1208
` BILLDOE
`
`
`
`
`
`fo
`Nea
`
`ag
`
`ws;osoeEGOERUOFi.ayomaanpoppin98£)]
`
`OF}ieminaeanondececccetcecscttscctscccnnccnssnssonttontseaniteatscttesttiscth
`
`
`
`
`
`SOBulOyyasAmypapaualaugWd|
`
`BQ
`
`
`
`WOUUCYLYGAGEHUDGlueaunSziMEAS
`
`JOSS!ESBUUA
`
`
`
`
`
`eentRstaANNAahaharsshrseerannsssemanas
`
`CNS
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`SoTt—°©®D©oO—ai°Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 3 of 40
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 3 of 25
`
`US 2012/0130838 Al
`
`AepueACenAE
`
`ASEHRIEDOHH
`
`eee
`
`teOEEPEERRms
`
`
`
`
`
`WeYSAGISLPAUPWNLJee9S
`
`
`
`BjepdyGS}yejeq10]yseouddyyojyegeuiC
`
`
`
`
`
`anespantpA
`
`HeeDON
`
`
`
`HEBIEARAGLARTIRTABG
`
`
`
`
`
`4L‘c)]afayepdyGS!|uNejeqJo)yoRouddyyoyegauyuc
`
`
`
`
`
`aaa2D°3oO
`
`Oo
`
`LLaSs
`
`i®2>Oo
`
`aoNS©3OoO
`SoTt—°s®D©oO—ai°Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 4 of 40
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`OFL
`
`PRESS
`
`—=aoe=nD
`
`a=eSa+gheeaaay5
`
`=Oo=o8
`ef)—S:S2=g<Pq*o-SGt‘Ola:=ee2=“nae>a°Ac=):>Ooaaa2emno°°+°©
`ooOa
`
`ow
`
`TO
`
`av—_
`
`ao
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 5 of 40
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 5 of 25
`
`US 2012/0130838 Al
`
`Fb‘Old
`
`
`
`
`
`OGLfiwep%-asnyoind‘dn-doy
`
`OSL
`
`uoggund
`aijug
`BIGsisexs
`
`uourn.
`
`
`
`poundCiCietyJOsQuenbas
`
`
`
`Jebueyy€}SPUBLAIOS
`
`
`
`SeYoNssuoneieds
`
`ssooyiO]SPURUHUOSshey
`
`
`igaind-eyrouueduy
`
`Pi
`
`“2YIOANIGN
`
`IBAIBS
`
`asund
`
`“PUEY
`
`pesey
`
`40Wys
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`SoTt—°©®D©oO—ai°Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 6 of 40
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 6 of 25
`
`US 2012/0130838 Al
`
`008
`
`einoes
`
`jusUIEIS
`
`SISPAGld
`
`COE
`
`ddy
`
`SIBPIAGI
`
`@O1AGC)
`
`S1@plAOld
`
`OLE
`
`VeSia
`ULIOPE]|SIO
`jusuebeury-
`BOCsiapyAdd
`
`aO4N)wersksoogAyuswheg
`
`gotf‘jeouUEUlS
`SIUSUBIa8siequosqns
`
`syqoy|
`
`BiNIe>pares
`:\SUONNYNSU]
`S1apiaodid"Oz
`
`BSUAIOSS1IVCOl@Aa
`iQddy
`
`ELE
`
` «~Sispepey
`
`oo”Faeyoreyy
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`SoTt—°xR®D©oO—ai°Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 7 of 40
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 7 of 25
`
`US 2012/0130838 Al
`
`reeporeeeeeeebenncniSEE|Gayeie)pasespepe@UE|we4GSS3EIS,|,ULEYDUOROUNDBSIGS|
`
`
`
`
`
`
`
`
`
`
`
`i
`
`PUNE?DRS&URISS
`
`f
`ff
`¥
`
`in
`
`%
`
`| §
`
`
`
`hoe,a!
`
`i<
`
`cagyorsinosdBASoSaeeee
`
`pauNuER!oNee|usinvoneogddeorgjosnyesaug<soy,oyrr7BJepLAO.KIaigAONerEYaSMsHeoORO62miuogeowdde
`
`
`
`
`eeTauengep.Feeeee
`|goIAepaggo
`opeaoO
`.nopcasseoeannSH‘088-caeGZOld
`
`
`
`
`
`
`
`
`
` gy_poseoooenoseneuensonesnessoensoencesoceantbenncnetsuetneNNeONENITECNEONSINES|GSSparsisuaBuisn9gayypes
`
`oe
`
`
`
`
`
`a?voqeagideayyijepepauedaig
`
`poucusiacudBua
`
`
`
`
`
`wud$BUUBUODOINOeSapincers|
`
`
`
`OS]pasuepGuissgEennqua
`
`
`
`ON
`
`ig9378
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`SoTt—°©®D©oO—ai°Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 8 of 40
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 8 of 25
`
`US 2012/0130838 Al
`
`22‘Old
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`SoTt—°o>)®D©oO—ai°Oo
`
`oS
`iy
`Od
`
`potenettentetenie
`
`}}}}y
`
`
`
`BEE,BIARGBES
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 9 of 40
`
`
`
`
`
`
`Patent Application Publication
`
`nN=Sa+aPa=
`
`oSe
`
`aPAGEON
`
`
`
`ieatinasuerssaat
`
`
`
`sruaierudnddunddidddetidddn:—CebuddbentttCLTHPLIHEITEPDTEEDDE,
`
`
`
`
`
`SoaS>“oniL=)aw>OoawmanN2ml°5“A°-oOaoe=a
`
`=Oooot=o<odOs&oOx~=2=eynomey5SC}o=r#,
`
`a+—_
`
`oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 10 of 40
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 10 of 25
`
`US 2012/0130838 Al
`
`aggweSianegwrtBote,.edLEEAE,
`fEmente,
`ern*a,aebe
`
`eS,
`
`#02ie
`peYOYMEGae
`
`
`
`
`
`|,UOHRodepeyKuaMayySNOG]yeu)ASSut
`
`ose"|GhysanbesuoreredouesayeqnaoiAeDGUL
`
`
`
`SAREERENIKEAKERnReRAKeRnnAmaaennnnnnnininennneatinranneannennnnnnneannnnnnnenanenananasennaannnaannunnnennns
`
`uogeagddeagBuqqesipAqspeesoid9g|
`
`fSOA
`
`
`
`nueuonmouddewinced@Anguep
`
`
`
`AQASDGu}O}(Wiel)PUBLICS&pues
`
`ysndepues|aiepcrnnccscnnsnrneingsintniisnaeititiiiitetititie
`
`BBEwereiTerenceOSALBAaeOy
`
`noree|povep@@abeceau
`
`
`
`
`
`
`
`plz-~|spuasZs|Oaenwauelipamouyoeueyorg
`
` ca
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—3<=®D©oO~ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 11 of 40
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 11 of 25
`
`US 2012/0130838 Al
`
`
`
`O8eAWS
`
`
`
`FUGUUCAUSDeSsDIOUT
`
`ueul(uoneuadaue:|
`
`
`
`eneesnneencnnnenBOeJapRo2)SeORO
`
`
`
`SIMO’POSEPURDedUOpew]O8ERIBUBEpue
`
`
`20)SueapueysBugsy|mabyden,
`
`icSaunt3BeayerAARRAEPSEAAEERAREESESORTED
`
`
`
`
`MATER)JUGHIAR|
`
`déOld
`
`
`
`SIGEes
`
`EREAanne~~
`
`Sorpaiu
`
`ipeucirnangabuse
`
`COOPIB
`GSCI|pespes{SSSOHIOS|aoe
`
`eaund-a
`
`
`
`JN*iYRANoff)LDhewaGeupyy
`
`Hirgjoyddygence
`
`BOS
`
`es|dA0)sse0oy
`
`FACHIN
`
`?f4,é
`QONPLRLIOD2
`
`
`
`
`
`
`
`augedeeddieeeseeseineseoeeeleeeleeleeeeeeeevaebinnetit
`
`SUG
`
`Lea>oO--2Da°°°Oo
`
`a2>Oo
`
`aoNS©3OoO
`So+—°N=ooD©a—ar=°oO
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 12 of 40
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 12 of 25
`
`US 2012/0130838 Al
`
`VeSia
`
`COE
`
`BE
`
`
`
`SeenERRORS&
`
`Gugexg||wonezqeucsie.4
`WS[Menpeayddy
`
`aoneemmemaneenneamneenanemeneit
`BOEAWS
`
`surimen
`
`EEE#
`
`ieund-¢
`
` izbEyaudchy
`
`ACEH
`
`saesissesseeeserssoonieesrrerss
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—°o2®D©oO~ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 13 of 40
`
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 13 of 25
`
`US 2012/0130838 Al
`
`Ge‘Oia
`
` ZeSIGNSS
`eeund<<Mon
`
`BUGHIOMISR,
`
`yuewAg
`
`BAS
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—3+=®D©oO~ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 14 of 40
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 14 of 25
`
`US 2012/0130838 Al
`
` aoeiyayiddeasnd-3OidenedoeanedebomcuseuaraceeeaeIPsGundemeuounueesiedsuidpupedeyuonm|deauund-eapmeuery: SaiNaR
`sexiaeund-s
`
`
`
`
`
`seibeUi
`
`
`
`
`
`ea4£*£)|aaascc
`
`ia@uepews64Hah
`
`
`
`ESE—‘chBeaeannueweveFinjoeGu)BIAJORSTTLGSUSIOSASyDeLLOruGrepexscy
`
`Seawa3SthRUEFYWSBusiauUSaaIEG~
`
`
`
`
`
`
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—°re)=®D©oO~ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 15 of 40
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 15 of 25
`
`US 2012/0130838 Al
`
`VPOld
`
`
`
`PULFesRUD
`
`~rrannnnnnnnnnnnnnnnnnn
`
`
`
`Peterpuny8ayennnpuRpuneooeBuiprodsanceeBAgIAA|
`
`nen —]jobouwur
`wearedGunSeRo5eOFNic
`
`
`
`MenentetetesctattihtetttttCnOteleCetOCsAACtCLEDACAALLAERAALLLEEELERDALCTIEEREETE
`
`sy=1.BRUGESELoeDipee
`weERR
`
`geenON,
`
`wt
`
`oa
`
`es
`=F
`
`Lea>oO--2Da°°°Oo
`
`a2>Oo
`
`aoNS©3OoO
`So+—°©=ooD©a—ar=°oO
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 16 of 40
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 16 of 25
`
`US 2012/0130838 Al
`
`
`
`aLbwealesseOMjSUBUIpeppaqusesuodseloLyPleANuo|
`
`
`
`
`
`
`
`ele,8SuNd-8OU)O]LUBLYDuesPURSPURUAUOSIiddyPRikenuediisleIpyy
`
`
`
`
`
`
`
`
`
`SPUBLLLUIOOspuasDueAMOQUGLINGMididyGuisaquesacind-a
`
`
`
`
`
`
`
`
`
`Ba,uonoesuma@seyepcdnDueioueSu]oO}
`
`
`
`
`
`SSuCdea(iCledtyUESETRINUIC)JEU)TERIBulCO}jowONBSepmoUad)
`
`
`
`
`
`
`
`j@aiesjueuAedoLnOLisenbesyronieu2uN
`
`
`
`
`
`gp“Sls
`
`
`
`
`
`[UONRDYLISABIE]401PepaulEye:8!;asuodsal-ndavaulaye|
`
`Lea>oO--2Da°°°Oo
`
`a2>Oo
`
`aoNS©3OoO
`So+—°--ooD©a~ar=°oO
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 17 of 40
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 17 of 25
`
`US 2012/0130838 Al
`
`“ZRFOPPPPP
`
`Deceunceurccucceuceeeceevcnevonenenenecenesenetttate
`
`3
`
`
`
`
`DOMIONWweWAR?
`
`:SIGAIOSDUR
`
`
`
`
`
`£ALLELEALLELELIEEANCCEORALERLEERLERAREttl
`
`
`
`
`
`
`
`IbDla
`
`seuA
`
`33
`
`aeane“ehseaenenenenenenanenaeeWi
`yerddy©Bein
`
`
`FAC
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—°©2®D©oO~ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 18 of 40
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 18 of 25
`
`US 2012/0130838 Al
`
`ae;POS
`
`BREuoyeagdyone,HOHBOHEYbeeeesseyoyAoi]
`
`
`
`Arpsetiay,at,vviotinn,AIBCBYpoet
`
`apypoPeayiunysodey
`
`
`SEMEAEoiesain,oahiiesiwetswortCOG
`
`GSVESdotee
`BAMAOasSAG
`
`FLOSIGAIOG
`
`ae
`aw“
`
`EbSiaesAomenG
`
`ronaneteeeeeea,a“NS,
`ao.,
`seserge,
`DEGOMANf)eUUREDiL.Shonmoumuanay’5panes:
`
`sagarcagaeit
`
`Peoae
`
`a
`
`e
`
`
`Ons:OC}coePomei
`ogOSi:fa
`
`peteeries,FE
`
`vs‘Old
`
`629i
`
`oeGJO}aS
`
`
`
`
`
`quSUWETypaunoeg~~
`
`
`
`
`
`£25waddyuoqeaddyozyiadeueyypeIS
`
`Pepuegeseg-~
`
`
`aFrevenwrenerewneeucecucerececerceeecenereneceeetereierederetedes+£wewereweedheendrenewedeweneecnnecanereneceneccnecenceeneeedePa
`
`
`fESmipuoHBoydyMeZGDRURYBOIAIES
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—°o2®D©oO~ai3Oo
`
`f
`
`
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 19 of 40
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 19 of 25
`
`US 2012/0130838 Al
`
`puegesegSHADEeeBIG”otGFve‘“vn
`62SFINNuogeayddy|gzgwebeueyysovuegpainveg|y#4a\pegp69
`|a,
`
`
`
`
`
`2;&
`
`
`
`ZEGARSucyeoyddy
`
`zOPSmAETS
`sseeeeeArcuieaciosy
`
`‘a.-
`wecainnanianeee
`
`;z3i3
`
`
`
`posthocny
`
`Sy
`
`ody
`
`eneHOE
`Aeysodey
`
`otha
`a
`
`
`
`SISAGIGGABE
`
`¥LOSeAIS
`
`
`
`
`
`J“enapaegtggaenanaeewa
`yIOMyERY.iUEC”BangHK
`a“renin&einen
`weNA,
`foSEGUO
`
`
`
`@$‘Old62s
`
`BEGSARS
`
`tf
`
`
`
`juswegpeinasga
`
`
`
`£26yoreuogecnidy
`
`
`
`gggseBeueyyIEDdEWennSpREY~~~
`
`
`INRrenrtetg—;feSBARORUODf:BLEaaeney
`
`2
`
`
`
`BOHAIS|
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—3SoN®D©oO—ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 20 of 40
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 20 of 25
`
`US 2012/0130838 Al
`
`oS
`43
`ei:
`
`uogduosaneuopesegBuns
`
`
`
`GES"peratasqeNeURPURROLL]
`
`non|SieKdde}sucgecpidessamases
`
`
`
`
`GscsssetssetssOPSSADSSAISIADSIADSLADSIADSLADAALISSADSSADSSADSSADSSADSSADSSADASADSSADDSADISE%
`
`
`
`2¢‘Oldenn
`
`
`
`aocwhe——PSPaouBeqnsLueree—
`
`itanidepepsoumopouezymucdiag
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—3<N®D©oO—ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 21 of 40
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 21 of 25
`
`US 2012/0130838 Al
`
`V9Old969s01009
`
`
`
`HOHORSUREiauuyyessOl
`
`869i
`
`USNS
`
`PORRUG
`
`eesGh:vonmiada
`SIGEMOed:IMRIBYO
`:LEE)uc:
`
`t
`
`869FFcacnvnvennemvanvarsmnvarardhadavacnenvnviwnvavanmernnuraran
`
`rFNS
`Teacti
`
`aiB25WOMIan)
`
`
`
`a,gobo,Sui)oa
`
`DaagaLOOSE
`
`awPED
`
`pupgeded
`
`
`
`}URUEIYpounded
`
`629
`
`aaa2D°3oO
`
`LLaSOo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—3nNN®D©oO~ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 22 of 40
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 22 of 25
`
`US 2012/0130838 Al
`
`Ove
`
`pampas
`
`fBUURYTS
`
`
`
`89Jah
`
`fag
`retfeetn,
`
`uogoNSUELLSO||.
`£19suesaomen:
`WELTON)MINoebananas
`feoixjuslySOc
`
`sept:
`
`G9Old
`
`9RURQSSESR
`
`BOAR]aRGRUO
`oof
`
`
`
`WiGWelyPAIS
`
`Sees
`
`an
`a
`“te
`6G.
`
`sx
`
`RE
`ERS
`
`Sanceraernnnnnnaennenstt
`
`aaa2D°3oO
`
`LLaSOo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—°Ce)N®D©oO~ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 23 of 40
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 23 of 25
`
`US 2012/0130838 Al
`
`25
`
`J2A198FusooO)SUCoesuEpeony
`
`sP
`
`e
`
`
`
`
`
`
`
`freaduw"30BORTRSHENyope)
`
`
`
`gc9ado}LBAIO
`
`ne~dr-doypeUasok
`
`cNe)
`
`sagie&
`
`aecnet
`{SoyOrePBA,>“nr
`
` OMnAilagOGG-“peteiwaenvloguaOeCERNal(041390ene~@LyBoUBIEGaa,B“eseea“BraueBiBSphgntenawee
`
`
`DEEooBOROHOYyunowe2paseyaandApe|Pr
`
`z
`
`
`
`aaa2D°3oO
`
`LLa>Oo
`
`i®2>Oo
`
`GOOG-1029
`So+—3xN®D©oO—ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 24 of 40
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 24,2012 Sheet 24 of 25
`
`US 2012/0130838 Al
`
`START
`
`Oo) ™] ©
`
`Send an initial purchase requestto e-
`token enabled device of a purchaser
`
`72
`
`676
`
`674
`
`
`
`
`
`
`Enough balance
`in e-token
`
`enabled device?
`
`
`
`yes
`
`no
`
`END
`
`Forward the received responsefrom the e-
`token enabled device to POS SAM
`
`678
`
`Receive a debit request containing a
`MAC from POS SAM
`
`Send the debit request to e-token
`enabled device to debit e-token
`
`Receive debit confirm message including additional
`MACs for transaction verification and settlement
`
`Forward the debit confirm message to
`POS SAM for verification
`
`86
`
`Display transaction after POS SAM
`has recorded the transaction
`
`FIG. 6D
`
`
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 25 of 40
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 25 of 40
`
`
`
`Patent Application Publication
`
`May 24, 2012 Sheet 25 of 25
`
`US 2012/0130838 Al
`
`002
`
`ens
`
`HGSCARAL
`
`queued
`
`nue,Zee
`
`taysdg
`Phd
`-oy,
`
`Z£9ld
`
`
`toep\“.AIBAYBP
`FONOBMa4i.
`
`PUB‘ahd5OYaseuciedjeyoniqueASf|egtleerveSoBU-t0iESIUaSEyy:,SOgOxOg|
`
`HaofauUn
`
`isAIGAHODPubéNSeeeundTaNon?Burmegund“\SsHeuAOS-e-
`
`uorearddy
`
`Ob
`
`ofaside
`
`
`
` SeDEeN|UPSOBUSleood
`
`
`
`oesjuaUIENSFaynoas
`
`quoPRIOISPeyoNs
`
`“SsOBE
`
`BGO
`
`SABC
`
`aaa2D°3oO
`
`LLaSOo
`
`i®2>Oo
`
`aoNS©3OoO
`So+—°©N®D©oO~ai3Oo
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 26 of 40
`
`
`
`
`
`
`
`
`
`
`US 2012/0130838 Al
`
`May 24, 2012
`
`METHOD AND APPARATUS FOR
`PERSONALIZING SECURE ELEMENTSIN
`MOBILE DEVICES
`
`
`
`CROSS-REFERENCE TO RELATED
`
`APPLICATIONS
`
`
`
`continuation-in-part of
`a
`[0001] This application is
`co-pending U.S. patent application Ser. No.: 11/534,653 filed
`
`on Sep. 24, 2006, nowUSPat. No.
`, and also a con-
`tinuation-in-part of U.S. patent application Ser. No.: 11/739,
`044 filed on Apr. 23, 2007, which is a continuation-in-part of
`co-pending U.S. patent application Ser. No.: 11/534,653 filed
`on Sep. 24, 2006, now U.S. Pat. No.
`
`BACKGROUND
`
`1. Technical Field
`[0002]
`[0003] The present invention is generallyrelated to com-
`merce over networks. Particularly, the present invention is
`related to techniques for personalizing a secure element and
`provisioning an application such as an electronic purse that
`can be advantageously used in portable devices configured
`for both electronic commerce (a.k.a., e-commerce) and
`mobile commerce (a.k.a., m-commerce).
`[0004]
`2. Description of the Related Art
`[0005]
`Single functional cards have been successfully used
`in enclosed environments such as transportation systems.
`One example of such single functional cards is MIPARE that
`has been selected as the most successful contactless smart
`card technology. MIFAREis the perfect solution for applica-
`tions like loyalty and vending cards, roadtolling, city cards,
`access control and gaming.
`[0006] However, single functional card applications arc
`deployed in enclosed systems, which are difficult to be
`expanded into other areas such as e-commerce and m-com-
`merce because stored values and transaction information are
`stored in data storage of each tag that is protected bya set of
`keys. The natureofthe tag, is that the keys need to be delivered
`to the card for authentication before any data can be accessed
`during a transaction. This constraint makes systems using
`such technology difficult to be expanded to an open environ-
`ment such as the Internet for e-commerce and/or wireless
`networks for m-commerce as the delivery of keys over a
`public domain network causes security concerns.
`[0007]
`In general, a smart card, chip card, or integrated
`circuit card (CC), is any pocket-sized card with embedded
`integrated circuits. A smart card or microprocessor cards
`contain volatile memory and microprocessor components.
`Smart cards mayalso provide strong security authentication
`for single sign-on (SSO) within large organizations. The ben-
`efits of smart cards are directly related to the volume of
`information and applicationsthat are programmedfor use on
`a card. A single contact/contactless smart card can be pro-
`grammed with multiple banking credentials, medical entitle-
`ment, driver’s license/public transport entitlement, loyalty
`programs and club memberships to name just a few. Multi-
`factor and proximityauthentication can and has been embed-
`ded into smart cards to increase the security of all services on
`the card.
`
`[0008] Contactless smart cards that do not require physical
`contact between card and reader are becoming increasingly
`popular for payment andticketing applications such as mass
`transit and highwaytolls. Such Near Field Communication
`(NI'C) between a contactless smart card anda reader presents
`
`significant business opportunities when used in NFC-enabled
`mobile phones for applications such as payment, transport
`ticketing, loyalty, physical access control, and other exciting
`new services.
`[0009]
`To support this fast evolving business environment,
`several entities including financial institutions, manufactures
`of various NFC-enabled mobile phones and sofiware devel-
`opers,
`in addition to mobile network operators (MNO),
`become involved in the NFC mobile ecosystem. By nature of
`their individual roles, these players need to communicate
`with each other and exchange messages in a reliable and
`interoperable way.
`[0010] Onc ofthe concerns in the NFC mobile ecosystem is
`its security in an open network. Thusthere is a need to provide
`techniques to personalize a secure element in a contactless
`smart card or an NFC-enabled mobile device so that such a
`device is so secured and personalized when it comesto finan-
`cial applications or secure transactions. With a personalized
`secure element in an NFC-enabled mobile device. various
`applications or services, such as electronic purse or pay-
`ments, can be realized. Accordingly, there is another need for
`techniques to provision or manage anapplicationor service in
`connection with a personalized secure element.
`
`SUMMARY
`
`[0011] This sectionis forthe purpose of summarizing some
`aspects ofembodimentsofthe present invention and to briefly
`introduce some preferred embodiments. Simplifications or
`omissionsin this section as well as thetitle and the abstract of
`this disclosure may be made to avoid obscuring the purpose of
`the section, the title and the abstract. Such simplifications or
`omissions are not intended to limit the scope ofthe present
`invention.
`[0012] Broadly speaking, the inventionis related to tech-
`niques for personalizing secure elements in NI'Cdevices to
`enable various secure transactions over a network (wired
`and/or wireless network). With a personalized secure clement
`(hence secured clement), techniques for provisioning various
`applicationsorservices are also provided. Interactions among
`different parties are managed to effectuate a personalization
`or provisioning process flawlessly to enable an NFC device
`for a user thereof to start enjoying the convenience of com-
`merce over a data network with minimum effort.
`[0013] As an example ofapplication to be provided over a
`secured element, a mechanism is provided to enable devices,
`especially portable devices, to functionas an electronic purse
`(e-purse) to conduct transactions over an open network with
`a payment server without compromising security. According
`to one embodiment, a device is installed with an e-purse
`manager(i.e., an application). The e-purse manager is con-
`figured to manage various transactions and functions as a
`mechanism to access an emulator therein. Secured financial
`transactions can then be conducted over a wired network, a
`wireless network or a combination ofboth wired and wireless
`network.
`[0014] According to another aspect of the present inven-
`tion, security keys (either symmetric or asymmetric) are per-
`sonalized so as to personalize an e-purse and perform a
`secured transaction with a paymentserver. In one embodi-
`ment, the essential data to be personalized into an e-purse
`include one or more operation keys (e.g., a load key and a
`purchase key), default PINs, administration keys (e.g., an
`unblock PIN key and a reload PIN key), and passwords(e.g.,
`from Mifare). During a transaction, the security keys are used
`
`
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 27 of 40
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 27 of 40
`
`
`
`US 2012/0130838 Al
`
`May 24, 2012
`
`to establish a secured channel between an embedded e-purse
`and an SAM (Security Authentication Module) or a backend
`server.
`
`enable the application via the secured channel; and notifying
`a providerof the application abouta status of the application
`now active with the secure element on the mobile device.
`[0019] According to yet another embodiment, the present
`[0015] The present invention may be implemented in vari-
`invention is a mobile device for conducting a transaction over
`ous forms including a method, a system, an apparatus, a part
`a network, the mobile device comprises a network interface,
`ofa systemor acomputer readable medium. According to one
`asecure element, amemoryspace forstoring al least a module
`embodiment, the present invention is a method for personal-
`and anapplication downloadedfromthe network, a processor
`izing a secure element associated with a computing device.
`coupled to the memory space and configured to execute the
`The method comprisesinitiating data communication with a
`module to cause operations including verifying whether the
`server, sending device information of the secure element in
`application has been provisioned. Whenit 1s verified that the
`responding to a request from theserver after the server deter-
`application has not been provisioned, the operations further
`mines that the secure elementis registered therewith, wherein
`comprise sending to a server via the network interface an
`the device information is a sequence of characters uniquely
`identifier identifying the application together with device
`identifying the secure element, and the requestis a command
`information ofa secure element, establishing a secured chan-
`causing the computing device to retrieve the device informa-
`nel between the secure element and theserver using a key set
`tion from the secure element, receiving at least a set of keys
`installed on the secure element, wherein the server is config-
`fromthe server, wherein the keys are generated in the server
`in accordance with the device informationof the secure ele-
`ured to prepare data necessaryfor the application to function
`as designed on the mobile device, receiving the data from the
`ment, and storing the set of keys in the secure element to
`server to associate the application with the secure element,
`facilitate a subsequent transaction by the computing device.
`and sending out an acknowledgement to a provider of the
`[0016] According to another embodiment,
`the present
`application about a status of the application that is now active
`invention is a method for personalizing a secure element
`with the secure element. The processoris further configured
`associated with a computing device. The method comprises
`to determine if the secure element has been personalized
`receiving an inquiry to establish data communication
`before performing a provisioning process of the application.
`betweena server and the computing device, sending a request
`If the secure clement has not been personalized, the mobile
`from the server to the computing device to request device
`information of the secure elementafter the server determines
`device is caused to personalize the secure element with a
`designed server.
`that the computing deviceis registered therewith, wherein the
`[0020] One ofthe objects, features, and advantages of the
`device information is a sequence ofcharacters uniquelyiden-
`presentinvention is to enable a mobile device that can be used
`tifying the secure element, and the request is a commandthat
`to perform a secured transaction withaparty (e.g., al a point
`subsequently causes the computing device to retrieve the
`ofsale, with a commercial server or accessing, remotely) over
`device information from the secure element therein, generat-
`an unsecured network (e.g., the Internet).
`ing al least a set of keys in accordance with the device infor-
`[0021] Other objects,
`features, and advantages of the
`mation received, delivering the set of keys through a secured
`present invention, which will become apparent upon exam-
`channel over a data network to the computing, device, wherein
`ining the following detailed description of an embadiment
`the set ofkeys is caused to be stored in the secure element with
`thercof, taken in conjunction with the attached drawings.
`the computing device, and notifying at least a related party
`that the secure element is nowpersonalized for subsequent
`trusted transactions.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`
`
`[0017] According to still another embodiment, the present
`invention is a method for provisioning, an application
`installed in a mobile device, the method comprises sending, to
`a serveranidentifier identifying the application together with
`device information of a secure element associated with a
`mobile device on which the application has been installed,
`establishing a secured channel between the secure element
`and the server using a set of key set installed in the secure
`element, receiving data prepared bythe server to enable the
`application to function as designed on the mobile device; and
`sending out an acknowledgementto a provider of the appli-
`cation about a status of the application now being active with
`the secure element on the mobile device. The data received in
`the mobile device includes a user interface of the application
`per the mobile device and a generated application keyset.
`[0018] According tostill another embodiment, the present
`invention is a method for provisioning an application, the
`method comprises receiving from a mobile device an identi-
`fier identifying the application together with device informa-
`tion of a secure element associated with the mobile device on
`which the application has been installed, establishing a
`secured channel between the secure element and the server
`using a set of key set installed on the secure element, prepar-
`ing data necessary for the applicationto function as designed
`on the mobile device, transporting the data from the server to
`
`[0022] The invention will be readily understood by the
`following detailed description in conjunction withthe accom-
`panying, drawings, wherein like reference numerals designate
`like structural elements, and in which:
`[0023] FIG.1A showsa simplified architecture of an NFC-
`
`enabled mobile device with a secure element (SE);
`[0024]
`FIG. 1B showsa flowchart or process of personal-
`izing an SE according to one embodiment of the present
`invention;
`
`[0025]
`FIG. 1C showsrelationships among an SE manu-
`facturer, a TSM admin and the TSM system for both offline
`and online modes;
`[0026]
`FIG. 1D illustrates data flows among a user for an
`NFC device (e.g., an NFC mobile phone), the NFC device
`itself, a TSM server, a corresponding SE manufacturer and an
`SE issuer;
`[0027]
`FIG. 1E showsa data flowchart or process ofper-
`sonalizing data flow amongthree entities: a land-based SAM
`or a network e-purseserver, an e-purseacting, as a gatekeeper,
`and a single function tag, according to one embodiment;
`[0028]
`FIG. 2A shows a mobile payment ecosystem in
`whichrelated parties are shown in order for the mobile pay-
`ment ecosystem successful:
`[0029]
`FIG. 2B showsa flowchart or process of provision-
`ing one or more applications according to one embodiment;
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 28 of 40
`
`GOOG-1029
`Google LLC v. RFCyber Corp. / Page 28 of 40
`
`
`
`US 2012/0130838 Al
`
`May 24, 2012
`
`Go
`
`FIG. 2C showsa data flow illustrating variousinter-
`[0030]
`actions amongdifferent parties when an application is being
`provisioned in one embodiment;
`[0031]
`['IG. 2D showsa data flow among different entities
`whenpreparing the application data in provisioning an appli-
`cation;
`FIG. 2E showsa flowchart or process for locking or
`[0032]
`disabling an installed application:
`[0033]
`FIG. 2F shows an exemplary architecture diagram
`ofa portable device enabled as an e-purse conducting e-com-
`merce and m-commerce, according to one embodiment of the
`present invention;
`[0034] FIG.3A isa block diagram ofrelated modulesinter-
`acting with each other to achieve whatis referred to herein as
`e-purse personalization by an authorized personnel (a.k.a.,
`personalizing a mobile device or a secure element therein
`while provisioning an application);
`[0035]
`FIG. 3B showsa block diagram of related modules
`interacting with cach other to achieve what is referred to
`herein as e-purse personalization bya user of the e-purse;
`[0036]
`FIG. 3C showsa flowchart or process of personal-
`izing an e-purse according to one embodimentof the present
`invention;
`[0037]
`[TIG. 4A and FIG. 4B showtogether a flowchart or
`process of financing, funding,
`load or top-up an e-purse
`according to one embodimentofthe present invention;
`[0038]
`FIG. 4C shows an exemplary block diagram of
`related blocks interacting with eachother to achieve the pro-
`cess FIG. 4A and FIG. 4B;
`[0039]
`FIG. 5A is a diagram showing a first exemplary
`architecture of a portable device for enabling e-commerce
`and m-commerce functionalities over a cellular communica-
`tions network (i.e., 3G, LTE or GPRSnetwork), according an
`embodimentof the present invention;
`[0040]
`FIG. 5B is a diagram showing a second exemplary
`architecture of a portable device for enabling e-commerce
`and m-commerce functionalities over a wired and/or wireless
`data network(e.g., Internet), according another embodiment
`of the present invention;
`[0041]
`FIG. 5C is a flowchart illustrating an exemplary
`process of enabling the portable device of FIG. 5A for ser-
`vices/applications provided byone or moreservice providers
`in accordance with one embodimentofthe present invention;
`[0042]
`['IG. 6A is a diagram showing an exemplary archi-
`tecture, in which a portable device is enabled as amobile POS
`conducting e-commerce and m-commerce, according to one
`embodimentofthe present invention;
`[0043]
`FIG.6B is a diagram showing an exemplary archi-
`tecture, in which a portable device is enabled as amobile POS
`conducting a transaction upload operation over a network,
`according to an embodiment of the present invention;
`[0044]
`FIG. 6C is a flowchart illustrating an exemplary
`process of conducting m-commerceusing the portable device
`enabled as a mobile POS with an e-token enabled device as a
`single functional card in accordance with one embodiment of
`the present invention;
`[0045]
`FIG. 6D is a flowchart illustrating an exemplary
`process of conducting m-commerceusing the portable device
`enabled as a mobile POS against a an e-token enabled device
`as a multi-functional card; and.
`
`[0046] FIG.7 is adiagram depicting an exemplaryconfigu-
`ration in which a portable device used for an e-ticking appli-
`cation.
`
`DETAILED DESCRIPTION OF ‘THE INVENTION
`
`In the following description, numerous specific
`[0047]
`details are set forth to provide a thorough understanding ofthe
`present invention. The present invention may be practiced
`without these specific details. The description and represen-
`tation herein are the means used by those experienced or
`skilled in the art to effectively convey the substance oftheir
`work to others skilled in the art. In other instances, well-
`known methods, procedures, components, and circuitry have
`not been described in detail since they are already well under-
`stood and to avoid unnecessarily obscuring aspects of the
`present invention.