Methods and systems for secure communications between client applications and secure elements in mobile devices

摘要

Methods and systems for secure communication between a client application and a secure element on a mobile device involve, for example, encrypting a request including a randomly generated session key by the client application with a user's unique public key and sending the encrypted request to the secure element. The request message is decrypted with a user's unique private key on the secure element, a response message is encrypted with the session key retrieved from the decrypted request and sent to the client application, which decrypts the response with the session key.

主权项

1. A method for secure communication between a client application on a mobile device and a secure hardware element on the mobile device, comprising:
providing a physical tamper-resistant integrated circuit chip component of the mobile device, the physical tamper-resistant integrated circuit chip component comprising a secure hardware element having a secure element processor coupled to secure element memory; storing, using the secure element processor, a unique user identifier and a user's unique private key on the mobile device only in the secure element memory on the secure hardware element of the mobile device; storing, using a mobile device processor coupled to mobile device memory, the user's unique public key in the mobile device memory on the mobile device; receiving, using the mobile device processor, entry of the unique user identifier and a request for user access to a client application on the mobile device processor on the mobile device; encrypting, using the mobile device processor, a client application user access request message consisting at least in part of the entered unique user identifier and a randomly generated session key by the client application on the mobile device processor on the mobile device using the user's unique public key stored in the mobile device memory on the mobile device and sending the encrypted request message to the secure element processor on the mobile device; decrypting, using the secure element processor, the client application user access request message by a secure element application on the secure hardware element on the mobile device with the user's unique private key stored on the mobile device only in the secure element memory on the secure hardware element on the mobile device; comparing, using the secure element processor, the entered unique user identifier retrieved from the decrypted client application user access request message with the unique user identifier stored on the mobile device only in the secure element memory on the secure hardware element on the mobile device; encrypting, using the secure element processor, a client application user access response message by the secure element application on the secure hardware element of the mobile device with the randomly generated session key retrieved from the decrypted request message and sending the encrypted response message to the client application on the mobile device processor on the mobile device; and decrypting, using the mobile device processor, the client application user access response message with the randomly generated session key by the client application on the mobile device processor on the mobile device.