GB2551907B - Method and system for providing a symmetric keypair with a master key and a transient derived key - Google Patents
Method and system for providing a symmetric keypair with a master key and a transient derived key Download PDFInfo
- Publication number
- GB2551907B GB2551907B GB201708573A GB201708573A GB2551907B GB 2551907 B GB2551907 B GB 2551907B GB 201708573 A GB201708573 A GB 201708573A GB 201708573 A GB201708573 A GB 201708573A GB 2551907 B GB2551907 B GB 2551907B
- Authority
- GB
- United Kingdom
- Prior art keywords
- mobile device
- transient
- identifier
- idn
- dkn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Description
METHOD AND SYSTEM FOR PROVIDING A SYMMETRIC KEYPAIR WITH A MASTER KEY AND A TRANSIENT DERIVED KEY
Field of Invention
The invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using an adapted communication protocol, such as Near Field Communication (NFC) protocol or Bluetooth (RTM).
The invention can be used to increase the security of software emulations of contactless smartcards in NFC (Near Field Communication) mobile phones. The introduction of HCE (Host Card Emulation) into NFC phones allowed software to emulate contactless smartcards, rather than depending on physical smartcard chips or suitable USIM cards to be physically installed in the phone. This software-based approach significantly reduced the complexity of distributing virtual contactless cards to NFC mobile phones.
It is widely recognised that the default security of standard NFC enabled mobile phones, specifically Android (RTM) based devices, is not high. The evidence being that it is relatively straightforward to remove the imposed operation system security of an Android (RTM) phone by ‘rooting’ the device which, once realised, allows an attacker to read out any data from the phone. This weakness potentially compromises any cryptographic keys used in a software virtual contactless card that uses only standard security in a mobile phone. However, the utility and commercial interest of having virtual cards in a mobile phone remains compelling.
Contactless cards are typically used in mass transit tickets for automatic fare collection. As such, substantial amounts of money are transacted using these cards and so their security is very important. If the keys of a transport card system are compromised then it becomes very expensive for the transport scheme owner to replace the cards and stop the potential losses from fraud. Hence the focus on security for the physical smartcard based contactless cards.
New security features are regularly implemented in the newer generations of mobile phones. For example, the Trusted Execution Environment (TEE) provides a secure execution and storage environment in suitably enabled phones and has been shown to be resistant to software based attacks. However, it is potentially vulnerable to advance hardware attacks. Additionally, there are new software based mechanisms called “white-box” cryptography compilers, which can successfully hide data and application software internals from potential attackers. Attacks on these software methods are proposed and are currently being analysed. All new security features have strengths and weaknesses.
The objective of all these security measures is either to defeat an attacker who wishes to access cryptographic keys in a device or, failing this, to render a successful attack infeasibly long to complete in terms of time and required resources.
Public Transit Scheme operators often use modern symmetric key contactless RFID cards to handle automatic fare collection within their transport networks. They are used to dealing with very high levels of security assurance when they use physical contactless cards, such as commercial products based on Desfire EV1 smartcard chips from NXP.
Through exhaustive analysis these commercial products have been shown to be highly resistant to attackers. In order to assist in approaching the same level of assurance in additional security measures, execution and storage of the virtual card are proposed in addition to simply using the security features described above.
When using a TEE or white-box cryptography, or other security features to store and execute a virtual contactless card, the risk for the transit operator would be the extraction of the keys of the virtual card from the mobile phone. This process would take a non-negligible amount of time due to the physical and logical complexity, and nature of the attack itself. This means that if a key is actually extracted from a phone then it could potentially be used to perform fraudulent transactions on the transport infrastructure. Therefore, a method for easily limiting the valid life of keys in a virtual card would be beneficial, so that even if they were extracted, they could not be used.
For such an invention to be useful it needs to be compatible and implementable in existing contactless based environments, with minimal impact in terms of changes to software infrastructures. In addition, the validity needs to be independent of any network connection of the mobile phone, since there is no guarantee that the phone will have access to a network at the start of a contactless transaction.
Object of Invention
According to a first aspect of the invention, the invention relates to a method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using Near Field Communication (NFC) protocol, the method comprising: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - emitting the first transient identifier (ID n) for the mobile device to the provisioning server, - calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - sending the calculated first transient derived key (DKn) to the mobile device to allow the Trusted Application (TA) of the mobile device to securely communicate with a reader provided with the master key (MK), using said first transient derived key (DKn) during a determined time interval.
According to a second aspect of the invention, the invention relates to a method for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the reader device comprising a master key and the mobile device comprising a derived key, wherein the method comprises: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - emitting the first transient identifier (IDn) for the mobile device to the provisioning server, the provisioning server comprising the master key (MK), - calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - sending the calculated first transient derived key (DKn) to the mobile device, - sending, by means of the mobile device, the first transient identifier (IDn) to the reader device, - checking in the reader device the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn), - if the first transient identifier (IDn) is valid, calculating, in the reader device by means of the master key and the first transient identifier (IDn), the first transient derived key (DKn), - using the first transient derived key (DKn) in the reader device to send an encrypted message to the mobile device, - decrypting the encrypted message in the mobile device to thereby authenticate the identity of the mobile device, and - if the identity of the mobile device is authenticated, allowing the mobile device to securely communicate with the reader device using Near Field Communication protocol
According to a third aspect of the invention, the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using an adapted communication protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (1C) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises: - an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - means for emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises: - means for calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - means for sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device, the mobile device further comprising: - means for receiving and storing the first transient derived key (DKn) to allow the mobile device to securely communicate with a reader device using an adapted communication protocol.
According to a fourth aspect of the invention, the invention relates to a system for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising identifier, such as the unique ID (UID) of an Integrated Circuit (1C) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises: - an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - means for emitting the first transient identifier (IDn) for the mobile device to the provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises: - means for calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - means for sending the calculated first transient derived key (DKn) to the mobile device, the mobile device further comprising: - means for sending the first transient identifier (IDn) to the reader device, using NFC protocol, wherein the reader device comprises: - means for reviewing the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn), and - means for calculating, if the first transient identifier (IDn) is valid, by using the master key and the first transient identifier (IDn), the first transient derived key (DKn), - means for encrypting a message using the first transient derived key (DKn), means for sending the encrypted message to the mobile device, the mobile device comprising: - means for decrypting the encrypted message received from the reader device to thereby authenticate the identity of the mobile device, and - means to allow, if the identity of the mobile device is authenticated, the mobile device to securely communicate with the reader device using Near Field Communication protocol.
Whereas for the purposes of discussion the invention has been described in detail herein with reference to Near Field Communication protocol, it would be evident to the skilled person that the necessary communication can also be effected using another adapted communication protocol, in particular Bluetooth (RTM).
Detailed description of the Invention
This invention proposes a mechanism for limiting the validity of the keys of a virtual contactless card installed in a mobile phone, as a means of limiting the time window for which a particular key is vulnerable. The implication is that by using this method in conjunction with additional system based security features, such as a TEE or white-box cryptography, an attacker who successfully extracts a key from a phone would not be able to use it because the validity of that key would have expired.
According to the invention communication is possible between a mobile device and a reader device only if the reader device comprises a valid ID and a valid derived key, wherein the reader device comprises a master key and means to check the validity of the ID and the derived key of the mobile device.
To increase the security of the communication between the mobile device and the reader device, the time window for which a derived key (on a virtual card) can be used in combination with a master key (on a reader) is limited. This means that the mobile device first receives a first transient derived key (DKn) which is valid for a determined time interval. At the end of the validity of the first transient derived key (DKn), the mobile device can no longer communicate with the reader device using the first transient derived key (DKn). To allow the mobile device to communicate with the reader device the mobile device receives a further transient derived key (DKn+1) which replaces the first transient derived key (DKn). The further transient derived key (DKn+1) can be used until the end of its validity or until it is replaced by yet a further transient derived key (DKn+2).
In order to allow the mobile device to receive a sequence of derived keys (DKn, DKn+1, DKn+2, etc.) the mobile device should be able to generate a sequence of unique ID’s for the mobile device. According to the invention the mobile device comprises an application to generate transient identifiers (ID), each transient identifier (ID) having a determined an limited time period wherein the transient identifier (ID) is valid.
The application in the mobile device will generate a first transient identifier (IDn) by combining a hardware component for the transient identifier with a software component for the transient identifier. The hardware component of the transient identifier is, for instance, the Unique Identifier (UID) of the integrated circuit (IC) used in the mobile device. The software component is, for instance, a time stamp.
The advantage of using both a hardware component and a software component is, that for a single mobile device a sequence of unique transient identifiers (IDn, IDn+1, IDn+2, etc.) can be generated. The software related part of the transient identifier (ID) can be used to check the validity of the transient identifier (ID). This checking of the validity of the transient identifier (ID) is, for instance, executed in the reader device. The checker in the reader device can, for instance, determine whether the transient identifier (IDx) is valid, for instance, by checking whether the transient identifier (IDx) is in accordance with the other transient identifiers in an array of identifiers (IDx-2, IDx-1, IDx). If the validity of the transient ID can not be established, the reader device can abort the communication with the mobile device. According to an embodiment the invention comprises the following parts: • A mobile phone containing one or more security features protecting software for the virtual contactless card execution, including cryptographic keys and other sensitive data; • A specific structure of a transient ID of the virtual card, combined with a derived key in the virtual card; • A reader device having validity checker included into the reader terminal software that checks the validity of the transient ID of the virtual card; • A provisioning server that calculates new transient ID’s and derived keys for a virtual card and sends them to the virtual card using one or more additional security features of the mobile phone. • A mobile phone with NFC, capable of supporting HCE transactions and equipped with one or more security features protecting the installed virtual card software application.
There is a part of the application that provides user interface and network communication (amongst other functions) and runs in the open Android (RTM) operating system environment. The other part of the application is protected by one or more additional security features, which protect the execution of the virtual card emulation and store the cryptographic keys and other sensitive data.
The invention is based on the creation of a special transient ID for the virtual card, and an associated derived key for the virtual card. This ID structure contains within it the details of the validity of the ID itself. This data is used by a validity checker in the reader terminal that reads the virtual card, extracts the validity data of the transient ID, and assesses the validity of the virtual card prior to processing any financial transaction.
According to an embodiment of the invention the following procedure can be followed to obtain a transient identifier (ID).
The transient identifier (ID) is made up of two adjoining parts to form a UID of 7 Bytes: • Subscription Account Number: 3 Bytes • Calculated Timestamp: 4 Bytes
The validity checker in the reader terminal analyses the data encapsulated in the transient identifier (ID) and makes the following checks: • Is the Subscription Account Number Valid? • Is the Calculated Timestamp in the correct range?
The Subscription Account Number is a sequential reference number representing the account of the subscriber owning the particular virtual card, and can verified by using standard account number verification such as black list and white list checking provided by a server to the reader checker, or potentially a separate check digit.
The Calculated Timestamp is the number of seconds expired since the 1st January 2015 until the point at which the transient identifier (ID) for that virtual card was created. The check for whether the Calculated Timestamp is in the correct range uses a ‘time to live’ value stored in the reader. This time to live value defines the validity period of a transient identifier (ID) from the moment it is created. A typical value for a time to live parameter is one day.
The reader checker then calculates the ‘Current Timestamp’ as the number of seconds since 1st January 2015 until that moment. If the sum of the transient identifier (ID) Calculated Timestamp, plus the time to live value is greater than the Current Timestamp then the transient identifier (ID) is deemed valid.
Ifthe Subscriber Account Number and the transient identifier (ID) are both valid, the checker hands the virtual card processing to the next stage of the reader terminal acceptance software. Otherwise the virtual card is rejected and the processing stops.
The transient identifier (ID) is provided by the mobile phone when it is placed in the NFC field of the reader terminal. When this occurs, the phone behaves according to the ISO 14443 protocol standard. As part of this standard the phone must provide a transient identifier (ID) to the reader during the ‘anti-collision’ phase so that the reader can correctly continue the transaction. The standard suggests that the reader assumes that the transient identifier (ID) provided by the phone in this phase is random and should not be used for additional processing. This means that the reader must first request the real transient identifier (ID) of the virtual card or that the transient identifier (ID) is passed some other way.
In an embodiment of this invention the virtual card application will provide the unique identifier (UID) together with some other control data such as:
• Virtual Card Issuer ID • Major version of the virtual card • Minor version of the card • Processing Instructions
This data together with the transient identifier (ID) for the virtual card is passed to the reader in response to the ‘Select AID’ command, which is sent by the reader terminal in the form of an ISO 7816 compliant APDU (application packet data unit). This response, which is a Status response APDU, can then be used as the input for the check process in the reader terminal.
In a full embodiment of the invention the transient identifier (ID) and derived key are provided by a provisioning sever to the mobile phone based application protected by one or more additional security features. A typical key diversification scheme for a general symmetric key based contactless system works along the follows lines, although other methods are available and the present invention also functions with such other methods. 1. Each card has a Unique Identification number (UID). 2. This UID is encrypted using a master key, to generate a new key - diversified key. This is done in a secure location. 3. The derived key is then injected into the contactless card and used to encrypt the contents of the card. 4. When the card is used at a reader terminal it presents its UID to the reader. 5. The reader uses a locally stored master key and the provided UID from the card to recreate the derived key of the card. 6. The reader then uses the diversified key to read and update the card.
The present invention functions in a similar way, with the addition of the following points:
In step 1, the server calculates a transient identifier (ID) for the virtual card based on the structure described above.
Step 2 is the same in that the transient derived key for the virtual card is generated using the diversification algorithm for the card scheme and the calculated transient identifier (ID). This is performed on the provisioning server in a secure environment, such as an HSM.
In Step 3, the transient identifier (ID) and the derived key are passed securely to the virtual card in the TEE of the mobile phone, using standard secure transmission methods. This occurs each time the transient identifier (ID) validity lifetime of a particular virtual card expires. The lifetime of the transient identifier (ID)s in the virtual cards can either be tracked by the server or by the mobile phone. If it is tracked by the server, a new transient identifier (ID) is generated and sent to the phone. If it is tracked by the phone, the phone requests a new transient identifier (ID) key combination from the provisional server.
The transient identifier (ID) checker installed in the contactless reader, as described above, performs the validity checks between steps 4 and 5. This transient identifier (ID) checker requires a small amount of software code to implement, and is independent of any other business logic implemented in the reader. In this way, the reader can check the validity of the virtual card very easily at the beginning of the acceptance process, and stop if the transient identifier (ID) of the virtual card has expired.
Claims (14)
1. Method for providing a mobile device with a derived key (DK), to allow a Trusted Application (TA) on said mobile device to perform a transaction with a reader device provided with a master key (MK), the Trusted Application (TA) and the reader device being adapted to securely communicate using said master key (MK) and said derived key (DK) using an adapted communication protocol, the method comprising: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp, - emitting the first transient identifier (IDn) for the mobile device to a provisioning server, - calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device to allow the Trusted Application (TA) of the mobile device to securely communicate with a reader provided with the master key (MK), using said first transient derived key (DKn) during a determined time interval.
2. Method according to claim 1, wherein the Trusted Application (TA) and the reader device are adapted to securely communicate using said master key (MK) and said derived key (DK) using Near Field Communication (NFC) protocol.
3. Method according to claim 1, wherein the Trusted Application (TA) and the reader device are adapted to securely communicate using said master key (MK) and said derived key (DK) using Bluetooth ®.
4. Method according to claim 1,2 or 3, comprising: - obtaining a further transient identifier (IDn+1) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp, - emitting the further transient identifier (ID n+1) for the mobile device to the provisioning server, - calculating, using the master key (MK) and the further transient identifier (IDn+1) of the mobile device, a further transient derived key (DKn+1) for the mobile device, - sending the calculated further transient derived key (DKn+1) to the mobile device, - replacing the first transient derived key (DKn) by the further transient derived key (DKn+1) to allow the Trusted Application (TA) of the mobile device to securely communicate with a reader provided with the master key (MK), using said further transient derived key (DKn+1) during a determined time interval.
5. Method according to any of the claims 1 to 4, wherein the first transient identifier (IDn) and the further transient identifier (IDn+1) comprise business data provided by the Trusted Application (TA).
6. Method according to any of the claims 1 to 5, wherein the Trusted Application (TA) is run in the Trusted Execution Environment (TEE) of the mobile device.
7. Method according to any of the preceding claims, wherein the Trusted Application (TA) is a wallet application and the transaction with the reader comprises a transfer of a monetary value.
8. Method for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the reader device comprising a master key and the mobile device comprising a derived key, wherein the method comprises: - obtaining a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK), - calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device, - sending, by means of the mobile device, the first transient identifier (IDn) to the reader device, - checking in the reader device the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn), - if the first transient identifier (IDn) is valid, calculating, in the reader device by means of the master key and the first transient identifier (IDn), the first transient derived key (DKn), - using the first transient derived key (DKn) in the reader device to send an encrypted message to the mobile device, - decrypting the encrypted message in the mobile device to thereby authenticate the identity of the mobile device, and - if the identity of the mobile device is authenticated, allowing the mobile device to securely communicate with the reader device using Near Field Communication protocol.
9. Method according to claim 8, comprising: - obtaining a further transient identifier (IDn+1) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp, - emitting the further transient identifier (ID n+1) for the mobile device to the provisioning server, - calculating, using the master key (MK) and the further transient identifier (IDn+1) of the mobile device, a further transient derived key (DKn+1) for the mobile device, - sending the calculated further transient derived key (DKn+1) to the mobile device, - replacing the first transient derived key (DKn) by the further transient derived key (DKn+1).
10. Method according to claim 8 or 9, wherein the first transient identifier (IDn) and the further transient identifier (IDn+1) comprise business data provided by the Trusted Application (TA).
11. Method according to any of the claims 8 to 10, wherein the Trusted Application (TA) is run in the Trusted Execution Environment (TEE) of the mobile device.
12. Method according to any of the claims 8 to 11, wherein the Trusted Application (TA) is a wallet application and the transaction with the reader comprises a transfer of a monetary value.
13. System for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using an adapted communication protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises: - an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (1C) used in the mobile device and a software related component, such as a time stamp, - means for emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises: - means for calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - means for sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device, the mobile device further comprising: - means for receiving and storing the first transient derived key (DKn) to allow the mobile device to securely communicate with a reader device using an adapted communication protocol.
14. System for allowing a Trusted Application (TA) in a mobile device to securely communicate with a reader device using Near Field Communication (NFC) protocol, wherein the communication is secured by means of symmetric cryptography, the system comprising a reader device comprising a master key and a mobile device comprising an identifier, such as the unique ID (UID) of an Integrated Circuit (IC) used in the mobile device and a provisioning server comprising the master key for providing a derived key for the mobile device, wherein the mobile device in the system comprises: - an application adapted to obtain a first transient identifier (IDn) for the mobile device by combining a hardware related component, such as an unique identifier (UID) of an integrated circuit (IC) used in the mobile device and a software related component, such as a time stamp, - means for emitting the first transient identifier (IDn) for the mobile device to a provisioning server, the provisioning server comprising the master key (MK), wherein the provisioning server comprises: - means for calculating, using the master key (MK) and the first transient identifier (IDn) of the mobile device, a first transient derived key (DKn) for the mobile device, - means for sending the calculated first transient derived key (DKn) from the provisioning server to the mobile device, the mobile device further comprising: - means for sending the first transient identifier (IDn) to the reader device, using NFC protocol, wherein the reader device comprises: - means for reviewing the validity of the first transient identifier (IDn) by reviewing the software related component of the first transient identifier (IDn), and - means for calculating, if the first transient identifier (IDn) is valid, by using the master key and the first transient identifier (IDn), the first transient derived key (DKn), - means for encrypting a message using the first transient derived key (DKn), - means for sending the encrypted message to the mobile device, the mobile device comprising - means for decrypting the encrypted message received from the reader device to thereby authenticate the identity of the mobile device, and - means to allow, if the identity of the mobile device is authenticated, the mobile device to securely communicate with the reader device using Near Field Communication protocol.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB1609460.9A GB201609460D0 (en) | 2016-05-30 | 2016-05-30 | Increased security through ephemeral keys for software virtual contactless card in a mobile phone |
PCT/IB2017/000646 WO2017208063A1 (en) | 2016-05-30 | 2017-05-29 | Increased security through ephemeral keys for software virtual contactless card in mobile phone |
Publications (3)
Publication Number | Publication Date |
---|---|
GB201708573D0 GB201708573D0 (en) | 2017-07-12 |
GB2551907A GB2551907A (en) | 2018-01-03 |
GB2551907B true GB2551907B (en) | 2019-11-20 |
Family
ID=56410729
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB1609460.9A Ceased GB201609460D0 (en) | 2016-05-30 | 2016-05-30 | Increased security through ephemeral keys for software virtual contactless card in a mobile phone |
GB201708573A Expired - Fee Related GB2551907B (en) | 2016-05-30 | 2017-05-29 | Method and system for providing a symmetric keypair with a master key and a transient derived key |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB1609460.9A Ceased GB201609460D0 (en) | 2016-05-30 | 2016-05-30 | Increased security through ephemeral keys for software virtual contactless card in a mobile phone |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP3465980A1 (en) |
CN (1) | CN109417481A (en) |
GB (2) | GB201609460D0 (en) |
PH (1) | PH12018502545A1 (en) |
WO (1) | WO2017208063A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11848724B2 (en) | 2021-03-26 | 2023-12-19 | Capital One Services, Llc | Network-enabled smart apparatus and systems and methods for activating and provisioning same |
US12069178B2 (en) | 2018-10-02 | 2024-08-20 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
Families Citing this family (102)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10546444B2 (en) | 2018-06-21 | 2020-01-28 | Capital One Services, Llc | Systems and methods for secure read-only authentication |
US10771254B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for email-based card activation |
US10511443B1 (en) | 2018-10-02 | 2019-12-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10565587B1 (en) | 2018-10-02 | 2020-02-18 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10505738B1 (en) | 2018-10-02 | 2019-12-10 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10623393B1 (en) | 2018-10-02 | 2020-04-14 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10554411B1 (en) | 2018-10-02 | 2020-02-04 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10582386B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10909527B2 (en) | 2018-10-02 | 2021-02-02 | Capital One Services, Llc | Systems and methods for performing a reissue of a contactless card |
US10592710B1 (en) | 2018-10-02 | 2020-03-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
WO2020072474A1 (en) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10797882B2 (en) | 2018-10-02 | 2020-10-06 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10949520B2 (en) | 2018-10-02 | 2021-03-16 | Capital One Services, Llc | Systems and methods for cross coupling risk analytics and one-time-passcodes |
WO2020072670A1 (en) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
WO2020072583A1 (en) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systems and methods for establishing identity for order pick up |
WO2020072552A1 (en) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
CA3115142A1 (en) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10607214B1 (en) | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
MX2021002904A (en) | 2018-10-02 | 2021-06-08 | Capital One Services Llc | Systems and methods for cryptographic authentication of contactless cards. |
US10607216B1 (en) | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
WO2020072440A1 (en) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10542036B1 (en) | 2018-10-02 | 2020-01-21 | Capital One Services, Llc | Systems and methods for signaling an attack on contactless cards |
US10489781B1 (en) | 2018-10-02 | 2019-11-26 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
CA3113590A1 (en) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
KR20210069033A (en) | 2018-10-02 | 2021-06-10 | 캐피탈 원 서비시즈, 엘엘씨 | System and method for cryptographic authentication of contactless card |
US10579998B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10771253B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10748138B2 (en) | 2018-10-02 | 2020-08-18 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10581611B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11210664B2 (en) | 2018-10-02 | 2021-12-28 | Capital One Services, Llc | Systems and methods for amplifying the strength of cryptographic algorithms |
US11361302B2 (en) | 2019-01-11 | 2022-06-14 | Capital One Services, Llc | Systems and methods for touch screen interface interaction using a card overlay |
US11037136B2 (en) | 2019-01-24 | 2021-06-15 | Capital One Services, Llc | Tap to autofill card data |
US11120453B2 (en) | 2019-02-01 | 2021-09-14 | Capital One Services, Llc | Tap card to securely generate card data to copy to clipboard |
US10510074B1 (en) | 2019-02-01 | 2019-12-17 | Capital One Services, Llc | One-tap payment using a contactless card |
US10467622B1 (en) | 2019-02-01 | 2019-11-05 | Capital One Services, Llc | Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms |
US10425129B1 (en) | 2019-02-27 | 2019-09-24 | Capital One Services, Llc | Techniques to reduce power consumption in near field communication systems |
US10523708B1 (en) | 2019-03-18 | 2019-12-31 | Capital One Services, Llc | System and method for second factor authentication of customer support calls |
US10643420B1 (en) | 2019-03-20 | 2020-05-05 | Capital One Services, Llc | Contextual tapping engine |
US10438437B1 (en) | 2019-03-20 | 2019-10-08 | Capital One Services, Llc | Tap to copy data to clipboard via NFC |
US10535062B1 (en) | 2019-03-20 | 2020-01-14 | Capital One Services, Llc | Using a contactless card to securely share personal data stored in a blockchain |
US10984416B2 (en) | 2019-03-20 | 2021-04-20 | Capital One Services, Llc | NFC mobile currency transfer |
US10970712B2 (en) | 2019-03-21 | 2021-04-06 | Capital One Services, Llc | Delegated administration of permissions using a contactless card |
US10467445B1 (en) | 2019-03-28 | 2019-11-05 | Capital One Services, Llc | Devices and methods for contactless card alignment with a foldable mobile device |
US11521262B2 (en) | 2019-05-28 | 2022-12-06 | Capital One Services, Llc | NFC enhanced augmented reality information overlays |
US10516447B1 (en) | 2019-06-17 | 2019-12-24 | Capital One Services, Llc | Dynamic power levels in NFC card communications |
US11392933B2 (en) | 2019-07-03 | 2022-07-19 | Capital One Services, Llc | Systems and methods for providing online and hybridcard interactions |
US10871958B1 (en) | 2019-07-03 | 2020-12-22 | Capital One Services, Llc | Techniques to perform applet programming |
US11694187B2 (en) | 2019-07-03 | 2023-07-04 | Capital One Services, Llc | Constraining transactional capabilities for contactless cards |
US10713649B1 (en) | 2019-07-09 | 2020-07-14 | Capital One Services, Llc | System and method enabling mobile near-field communication to update display on a payment card |
US10498401B1 (en) | 2019-07-15 | 2019-12-03 | Capital One Services, Llc | System and method for guiding card positioning using phone sensors |
US10885514B1 (en) | 2019-07-15 | 2021-01-05 | Capital One Services, Llc | System and method for using image data to trigger contactless card transactions |
US10733601B1 (en) | 2019-07-17 | 2020-08-04 | Capital One Services, Llc | Body area network facilitated authentication or payment authorization |
US10832271B1 (en) | 2019-07-17 | 2020-11-10 | Capital One Services, Llc | Verified reviews using a contactless card |
US11182771B2 (en) | 2019-07-17 | 2021-11-23 | Capital One Services, Llc | System for value loading onto in-vehicle device |
US11521213B2 (en) | 2019-07-18 | 2022-12-06 | Capital One Services, Llc | Continuous authentication for digital services based on contactless card positioning |
US10506426B1 (en) | 2019-07-19 | 2019-12-10 | Capital One Services, Llc | Techniques for call authentication |
US10541995B1 (en) | 2019-07-23 | 2020-01-21 | Capital One Services, Llc | First factor contactless card authentication system and method |
WO2021066823A1 (en) | 2019-10-02 | 2021-04-08 | Capital One Services, Llc | Client device authentication using contactless legacy magnetic stripe data |
US10885410B1 (en) | 2019-12-23 | 2021-01-05 | Capital One Services, Llc | Generating barcodes utilizing cryptographic techniques |
US10657754B1 (en) | 2019-12-23 | 2020-05-19 | Capital One Services, Llc | Contactless card and personal identification system |
US11113685B2 (en) | 2019-12-23 | 2021-09-07 | Capital One Services, Llc | Card issuing with restricted virtual numbers |
US11651361B2 (en) | 2019-12-23 | 2023-05-16 | Capital One Services, Llc | Secure authentication based on passport data stored in a contactless card |
US11615395B2 (en) | 2019-12-23 | 2023-03-28 | Capital One Services, Llc | Authentication for third party digital wallet provisioning |
US10733283B1 (en) | 2019-12-23 | 2020-08-04 | Capital One Services, Llc | Secure password generation and management using NFC and contactless smart cards |
US10862540B1 (en) | 2019-12-23 | 2020-12-08 | Capital One Services, Llc | Method for mapping NFC field strength and location on mobile devices |
US11200563B2 (en) | 2019-12-24 | 2021-12-14 | Capital One Services, Llc | Account registration using a contactless card |
US10853795B1 (en) | 2019-12-24 | 2020-12-01 | Capital One Services, Llc | Secure authentication based on identity data stored in a contactless card |
US10664941B1 (en) | 2019-12-24 | 2020-05-26 | Capital One Services, Llc | Steganographic image encoding of biometric template information on a card |
US10757574B1 (en) | 2019-12-26 | 2020-08-25 | Capital One Services, Llc | Multi-factor authentication providing a credential via a contactless card for secure messaging |
US10909544B1 (en) | 2019-12-26 | 2021-02-02 | Capital One Services, Llc | Accessing and utilizing multiple loyalty point accounts |
US11038688B1 (en) | 2019-12-30 | 2021-06-15 | Capital One Services, Llc | Techniques to control applets for contactless cards |
US11455620B2 (en) | 2019-12-31 | 2022-09-27 | Capital One Services, Llc | Tapping a contactless card to a computing device to provision a virtual number |
US10860914B1 (en) | 2019-12-31 | 2020-12-08 | Capital One Services, Llc | Contactless card and method of assembly |
US11210656B2 (en) | 2020-04-13 | 2021-12-28 | Capital One Services, Llc | Determining specific terms for contactless card activation |
US11030339B1 (en) | 2020-04-30 | 2021-06-08 | Capital One Services, Llc | Systems and methods for data access control of personal user data using a short-range transceiver |
US10861006B1 (en) | 2020-04-30 | 2020-12-08 | Capital One Services, Llc | Systems and methods for data access control using a short-range transceiver |
US11823175B2 (en) | 2020-04-30 | 2023-11-21 | Capital One Services, Llc | Intelligent card unlock |
US11222342B2 (en) | 2020-04-30 | 2022-01-11 | Capital One Services, Llc | Accurate images in graphical user interfaces to enable data transfer |
US10915888B1 (en) | 2020-04-30 | 2021-02-09 | Capital One Services, Llc | Contactless card with multiple rotating security keys |
US10963865B1 (en) | 2020-05-12 | 2021-03-30 | Capital One Services, Llc | Augmented reality card activation experience |
US11063979B1 (en) | 2020-05-18 | 2021-07-13 | Capital One Services, Llc | Enabling communications between applications in a mobile operating system |
US11100511B1 (en) | 2020-05-18 | 2021-08-24 | Capital One Services, Llc | Application-based point of sale system in mobile operating systems |
US11062098B1 (en) | 2020-08-11 | 2021-07-13 | Capital One Services, Llc | Augmented reality information display and interaction via NFC based authentication |
US11482312B2 (en) | 2020-10-30 | 2022-10-25 | Capital One Services, Llc | Secure verification of medical status using a contactless card |
US11165586B1 (en) | 2020-10-30 | 2021-11-02 | Capital One Services, Llc | Call center web-based authentication using a contactless card |
US11373169B2 (en) | 2020-11-03 | 2022-06-28 | Capital One Services, Llc | Web-based activation of contactless cards |
US11216799B1 (en) | 2021-01-04 | 2022-01-04 | Capital One Services, Llc | Secure generation of one-time passcodes using a contactless card |
US11682012B2 (en) | 2021-01-27 | 2023-06-20 | Capital One Services, Llc | Contactless delivery systems and methods |
US11792001B2 (en) | 2021-01-28 | 2023-10-17 | Capital One Services, Llc | Systems and methods for secure reprovisioning |
US11562358B2 (en) | 2021-01-28 | 2023-01-24 | Capital One Services, Llc | Systems and methods for near field contactless card communication and cryptographic authentication |
US11687930B2 (en) | 2021-01-28 | 2023-06-27 | Capital One Services, Llc | Systems and methods for authentication of access tokens |
US11438329B2 (en) | 2021-01-29 | 2022-09-06 | Capital One Services, Llc | Systems and methods for authenticated peer-to-peer data transfer using resource locators |
US11777933B2 (en) | 2021-02-03 | 2023-10-03 | Capital One Services, Llc | URL-based authentication for payment cards |
US11637826B2 (en) | 2021-02-24 | 2023-04-25 | Capital One Services, Llc | Establishing authentication persistence |
US11935035B2 (en) | 2021-04-20 | 2024-03-19 | Capital One Services, Llc | Techniques to utilize resource locators by a contactless card to perform a sequence of operations |
US11961089B2 (en) | 2021-04-20 | 2024-04-16 | Capital One Services, Llc | On-demand applications to extend web services |
US11902442B2 (en) | 2021-04-22 | 2024-02-13 | Capital One Services, Llc | Secure management of accounts on display devices using a contactless card |
US11354555B1 (en) | 2021-05-04 | 2022-06-07 | Capital One Services, Llc | Methods, mediums, and systems for applying a display to a transaction card |
US12041172B2 (en) | 2021-06-25 | 2024-07-16 | Capital One Services, Llc | Cryptographic authentication to control access to storage devices |
US12061682B2 (en) | 2021-07-19 | 2024-08-13 | Capital One Services, Llc | System and method to perform digital authentication using multiple channels of communication |
US12062258B2 (en) | 2021-09-16 | 2024-08-13 | Capital One Services, Llc | Use of a payment card to unlock a lock |
US12069173B2 (en) | 2021-12-15 | 2024-08-20 | Capital One Services, Llc | Key recovery based on contactless card authentication |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100121990A1 (en) * | 2008-11-12 | 2010-05-13 | Acresso Software, Inc. | Method and system for embedded regenerative licensing |
TW201525759A (en) * | 2013-12-31 | 2015-07-01 | Sage Information Systems Co Ltd | Authentication system and authentication method of computer software, and one-time password generator for authenticating the computer software |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8447984B1 (en) * | 2004-06-25 | 2013-05-21 | Oracle America, Inc. | Authentication system and method for operating the same |
CN101902476B (en) * | 2010-07-27 | 2013-04-24 | 浙江大学 | Method for authenticating identity of mobile peer-to-peer user |
US20130042112A1 (en) * | 2011-02-12 | 2013-02-14 | CertiVox Ltd. | Use of non-interactive identity based key agreement derived secret keys with authenticated encryption |
US20130179351A1 (en) * | 2012-01-09 | 2013-07-11 | George Wallner | System and method for an authenticating and encrypting card reader |
CN103268249B (en) * | 2012-03-04 | 2016-11-16 | 深圳市可秉资产管理合伙企业(有限合伙) | The method and apparatus simulating multiple cards in the mobile device |
EP2955872B1 (en) * | 2014-06-12 | 2016-10-12 | Nxp B.V. | Method for configuring a secure element, key derivation program, computer program product and configurable secure element |
CN104618467B (en) * | 2015-01-20 | 2018-12-14 | 西安电子科技大学 | A kind of effective and resisting denying based on Android platform falls down rescue skills and system |
-
2016
- 2016-05-30 GB GBGB1609460.9A patent/GB201609460D0/en not_active Ceased
-
2017
- 2017-05-29 WO PCT/IB2017/000646 patent/WO2017208063A1/en unknown
- 2017-05-29 EP EP17805942.4A patent/EP3465980A1/en not_active Withdrawn
- 2017-05-29 GB GB201708573A patent/GB2551907B/en not_active Expired - Fee Related
- 2017-05-29 CN CN201780033635.3A patent/CN109417481A/en active Pending
-
2018
- 2018-12-03 PH PH12018502545A patent/PH12018502545A1/en unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100121990A1 (en) * | 2008-11-12 | 2010-05-13 | Acresso Software, Inc. | Method and system for embedded regenerative licensing |
TW201525759A (en) * | 2013-12-31 | 2015-07-01 | Sage Information Systems Co Ltd | Authentication system and authentication method of computer software, and one-time password generator for authenticating the computer software |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US12069178B2 (en) | 2018-10-02 | 2024-08-20 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11848724B2 (en) | 2021-03-26 | 2023-12-19 | Capital One Services, Llc | Network-enabled smart apparatus and systems and methods for activating and provisioning same |
Also Published As
Publication number | Publication date |
---|---|
GB201609460D0 (en) | 2016-07-13 |
PH12018502545A1 (en) | 2019-04-08 |
CN109417481A (en) | 2019-03-01 |
GB201708573D0 (en) | 2017-07-12 |
GB2551907A (en) | 2018-01-03 |
WO2017208063A1 (en) | 2017-12-07 |
EP3465980A1 (en) | 2019-04-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2551907B (en) | Method and system for providing a symmetric keypair with a master key and a transient derived key | |
US11157912B2 (en) | Method and system for enhancing the security of a transaction | |
US10909531B2 (en) | Security for mobile applications | |
CA2838763C (en) | Credential authentication methods and systems | |
KR102477453B1 (en) | Transaction messaging | |
EP2695148B1 (en) | Payment system | |
EP3608860A1 (en) | Payment system for authorising a transaction between a user device and a terminal | |
US20190087814A1 (en) | Method for securing a payment token | |
US11880832B2 (en) | Method and system for enhancing the security of a transaction | |
EP3394788B1 (en) | Method and system for enhancing the security of a transaction | |
JP2019517229A (en) | System and method for generating, storing, managing and using digital secrets associated with portable electronic devices | |
Cortier et al. | Designing and proving an EMV-compliant payment protocol for mobile devices | |
Radu et al. | Practical EMV relay protection | |
CA2940465C (en) | Device and method for securing commands exchanged between a terminal and an integrated circuit | |
EP2985724B1 (en) | Remote load and update card emulation support | |
Shepherd et al. | Isolated Hardware Execution Platforms | |
CN103544418A (en) | Authentication device, system and method based on electronic transaction |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20220530 |