公开(公告)号：US08706081B1

公开(公告)日：2014-04-22

申请号：US13717904

申请日：2012-12-18

Applicant: Google Inc.

Inventor： Ismail Cem Paya ,  Shane Alexander Farmer ,  Robert Tsai

IPC: H04M1/66

CPC classification number: H04M1/7253 ,  G06Q20/3227 ,  G06Q20/3278 ,  H04L63/0227 ,  H04M15/93 ,  H04M17/103 ,  H04W4/80 ,  H04W12/08

Abstract: A method and system for packet inspection in a near field communication (NFC) controller for secure element (SE) protection are described. In a communication device, the NFC controller can receive filtering rules that correspond to security for an applet in the SE. The NFC controller can also receive a packet with commands or instructions for the SE. The NFC controller can inspect the contents of the packet based on the filtering rules and determine whether to communicate the packet to the SE. The packet filtering performed by the NFC controller can also be based on whether the packet was received through an interface with an operating system in the communication device or through an interface with an NFC antenna. The filtering rules can be removed or disabled when an update for the applet is received and installed in the SE.

Abstract translation: 描述了用于安全元件（SE）保护的近场通信（NFC）控制器中的分组检查的方法和系统。 在通信设备中，NFC控制器可以接收与SE中的小应用程序的安全性相对应的过滤规则。 NFC控制器还可以接收具有用于SE的命令或指令的分组。 NFC控制器可以根据过滤规则检查数据包的内容，并确定是否将数据包传送给SE。 由NFC控制器执行的分组过滤也可以基于通过与通信设备中的操作系统的接口或通过与NFC天线的接口来接收分组。 当小程序的更新被接收并安装在SE中时，可以删除或禁用过滤规则。

公开(公告)号：US08625800B2

公开(公告)日：2014-01-07

申请号：US13776660

申请日：2013-02-25

Applicant: Google Inc.

Inventor： Sarel Kobus Jooste ,  John Joseph ,  Shane Alexander Farmer

IPC: H04L9/00 ,  H04L9/32

CPC classification number: H04L9/0861 ,  G06Q20/027 ,  G06Q20/3227 ,  H04L9/0822 ,  H04L9/0877 ,  H04L63/062 ,  H04L2463/062 ,  H04W12/04

Abstract: Transferring control of a secure element between TSMs comprises a zone master key established between the TSMs that facilitates encryption of a temporary key. The TSMs create the zone master key prior to initiation of transfer of control. Once transfer of control is initiated, the first TSM establishes a communication channel and deletes its key from the secure element. The first TSM creates a temporary key that is encrypted with the zone master key established between the first TSM and the second TSM. The encrypted temporary key is communicated to the second TSM with a device identifier. The second TSM decrypts the temporary key using the zone master key and identifies the user device using the device identifier. The new TSM establishes a communication channel and deletes the temporary key from the secure element. The new TSM then inputs and saves its key into the secure element.

Abstract translation: 在TSM之间传输安全元件的控制包括在促进临时密钥的加密的TSM之间建立的区域主密钥。 在开始传输控制之前，TSM创建区域主密钥。 一旦发起控制传输，第一个TSM建立通信通道，并从安全元件中删除其密钥。 第一个TSM创建一个临时密钥，该临时密钥使用在第一个TSM和第二个TSM之间建立的区域主密钥进行加密。 加密的临时密钥通过设备标识符传送到第二TSM。 第二个TSM使用区域主密钥解密临时密钥，并使用设备标识符标识用户设备。 新的TSM建立通信通道，并从安全元素中删除临时密钥。 然后，新的TSM输入并将其保存到安全元件中。