Embedded secure element for authentication, storage and transaction within a mobile terminal

摘要

Various embodiments of the present invention relate to incorporating an embedded secure element into a mobile device, and more particularly, to systems, devices and methods of incorporating the embedded secure element into a mobile device for identity authentication, data storage and processing in trusted transactions. These trusted transactions require a high security level to protect sensitive data or programs in bank account management, purchasing orders, contactless payment, passport verification, and many other high-security applications. The secure element will provide a root of trust such that that applications running on the mobile device are executed in a controlled and trusted environment. In addition to conventional password or encryption protection, alternative security features are introduced from both software and hardware levels based on the embedded secure element. Therefore, the security level of the mobile device is not only enhanced, but also may potentially exceed that of the conventional POS terminals.

主权项

1. A secure element, comprising:
a secure memory that stores a sensitive data; a secure processor that receives a request for a trusted transaction and processes the request, the trusted transaction being associated with an operation selected from writing the sensitive data into the secure memory and reading the sensitive data from the secure memory, the secure memory being coupled to and accessed by the secure processor only; a verification/authentication (V/A) unit, coupled to the secure processor, the V/A unit verifying and authenticating the trusted transaction and a user that makes the request as the secure processor receives the request for the trusted transaction; and wherein the secure element is embedded in a mobile device and authorized to process the trusted transaction, and an initial credential, provided by an entity that is different from a manufacturer of the mobile device and provides a user specific credential encrypted with the initial credential to authenticate the trusted transaction, is programmed into the secure element before the secure element is assembled into the mobile device and wherein the secure memory is a component separate from a memory that is coupled to and accessed by only a central processing unit of the mobile device.