Data Management System Implemented in a Mobile Device

Simple SummaryContent extracted from patent full text and abstract with AI.

This invention presents a data management system for mobile devices that enables highly secure storage and handling of confidential data (e.g., digital keys, payment info) by utilizing a trusted environment, such as a Secure Element (SE) or similar hardware security module. Applications from different service providers interface only through a dedicated central app which handles encryption, decryption, and storage, using a master key that never leaves the trusted environment. The confidential data is encrypted within the secure enclave before being stored either inside it or in regular device storage, enabling secure and user-controlled access across multiple apps without the need for special manufacturer access or expertise.

Use CasesContent extracted from patent full text and abstract with AI.

• Storing and managing digital car keys or hotel room keys on a smartphone for access control and authentication.
• Securing mobile payment data, credit cards, loyalty cards, or sensitive credentials within a mobile wallet.
• Enabling mobile identity verification and secure digital signature for banking, e-government, or enterprise scenarios.
• Allowing multiple third-party apps (like transportation, hospitality, or financial services) to securely store sensitive data on a single mobile device.
• Facilitating user authentication for physical and digital doors, ATMs, and point-of-sale terminals with strong security.
• Providing a trusted basis for biometric authentication, e-tickets, or any use-case requiring high-assurance mobile credential storage.

BenefitsContent extracted from patent full text and abstract with AI.

• High level of data security by ensuring all encryption and decryption occur inside a trusted hardware environment, with master keys never leaving the hardware.
• No need for specialized manufacturer support, contracts, or deep technical knowledge for third-party app integration; easy deployment for service providers.
• Ensures separation and independence of confidential data for different provider apps—data is siloed and not accessible across apps.
• Protects sensitive data from theft even if the device is lost or compromised—requires both device presence and user authentication for access.
• Supports flexible encrypted storage: encrypted data can reside outside the secure module if space is limited, without lowering the security level.
• User can centrally manage and delete stored credentials, maintaining control over their personal data.
• Scalable for multiple service providers and a range of device types and operating systems, encouraging broader adoption.

Technical Classifications (CPCs)

Inventors & Applicants

Patent Abstract

Aspects of the disclosure regard a data management system (100) and method for storing confidential data implemented in a mobile device (1), the system comprising: a trusted environment (2) comprising a master key (KMK) created in and bound to the trusted environment (2); at least one service provider software application (4); and a first software application (3) configured to communicate with the at least one service provider software application (4) to receive confidential data from the service provider software application (4) that is to be stored; wherein the first software application (3) is further configured to communicate with the trusted environment (2) for encryption of the received confidential data in the trusted environment (2); wherein the trusted environment (2) is configured to encrypt by means of the master key (KMK) the confidential data received by the first software application, wherein the data management system (100) is configured that the encrypted confidential data (EMK(data)) is stored either in the trusted environment or through the first software application (3) in a database (38) or other data storage. Further aspects of the disclosure regard a data management system (100) and method for verification of a digital message.