Description:RESERVATION OF RIGHTS
[0001] A portion of the disclosure of this patent document contains material, which is subject to intellectual property rights such as but are not limited to, copyright, design, trademark, integrated circuit (IC) layout design, and/or trade dress protection, belonging to Jio Platforms Limited (JPL) or its affiliates (hereinafter referred as owner). The owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights whatsoever. All rights to such intellectual property are fully reserved by the owner.

FIELD OF INVENTION
[0002] The embodiments of the present disclosure generally relate to systems and methods for facilitating short distance secure communications in telecommunication systems. More particularly, the present disclosure relates to a system and a method for short distance secure communication using a wireless fidelity (Wi-Fi) mode of transmission that is secure, automated, and does not require pairing devices.

BACKGROUND OF THE INVENTION
[0003] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.
[0004] Mobile-based digital transactions are employed during various types of online and offline transactions. Out of various types of online and offline transactions, near field communication (NFC) based transactions are well accepted by users. In NFC based transaction, a smart phone communicates with another smart phone or electronic point of sale (PoS) device at a very short distance (couple of inches) in a peer to peer mode with a significantly high level of security. However, additional components such as a secure element (secure storage and secure processor) and an NFC communication module (13.56 MHz radio frequency (RF)) are incorporated for NFC functioning in a smart phone. The additional components add significant costs to the smartphones and are unaffordable by many users. Further, conventional systems use RF mode of transmission for digital transactions. However, pairing of smartphones/devices in the RF mode of transmission involves user interaction and adds significantly to the digital transaction time.
[0005] There is, therefore, a need in the art to provide a system and a method that can mitigate the problems associated with the prior arts.

OBJECTS OF THE INVENTION
[0006] Some of the objects of the present disclosure, which at least one embodiment herein satisfies are listed herein below.
[0007] It is an object of the present disclosure to provide a system and a method that facilitates secure storage within a subscriber identity module (SIM) card.
[0008] It is an object of the present disclosure to provide a system and a method that enables a wireless fidelity (Wi-Fi) mode of transmission without the requirement of pairing between devices.
[0009] It is an object of the present disclosure to provide a system and a method that enables the Wi-Fi mode of transmission with a service set identifier (SSID) for secure data transmission.
[0010] It is an object of the present disclosure to provide a system and a method that enables the Wi-Fi mode of transmission with sequential multipacket transmissions.

SUMMARY
[0011] This section is provided to introduce certain objects and aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0012] In an aspect, the present disclosure relates to a system that may include one or more processors operatively coupled to a primary entity. The primary entity may be associated with one or more users, and may be connected to the one or more processors. The primary entity may be coupled to a subscriber identity module (SIM) card. The one or more processors may be coupled with a memory that stores instructions to be executed by the one or more processors. The one or more processors may generate one or more data parameters based on one or more target applications requested by the one or more users. Further, the one or more processors may encrypt the generated one or more data parameters. One or more combinations of primary techniques may be used to generate one or more encrypted data based on the one or more target applications. The one or more processors may determine a mode of communication based on the generated one or more encrypted data. The determined mode of communication may include at least a Wi-Fi based mode of communication. The one or more processors may enable the communication of the one or more encrypted data from the primary entity to a secondary entity via the determined mode of communication.
[0013] In an embodiment, one or more service set identifiers (SSIDs) may be associated with the Wi-Fi based mode of communication for communication of the one or more encrypted data from the primary entity to the secondary entity.
[0014] In an embodiment, the one or more processors may be configured to update the one or more SSIDs within a predefined interval. The predefined interval may be associated with the secondary entity.
[0015] In an embodiment, the one or more encrypted data may include at least a sequence number, a device identification (ID), a user data length, user data, and a cyclic redundancy check (CRC).
[0016] In an embodiment, the one or more processors are configured to use any or a combination of a secure hash algorithm (SHA) technique and a message-digest algorithm 5 (MD5) technique before encryption of the generated one or more data parameters.
[0017] In an aspect, the present disclosure relates to a method for enabling communication of data between a primary entity and a secondary entity. The method may include generating, by one or more processors, one or more data parameters based on one or more target applications requested by one or more users. The one or more users may be associated with the primary entity. The primary entity may be coupled to a subscriber identity module (SIM) card. Further, the method may include encrypting, by the one or more processors, the generated one or more data parameters using one or more combinations of primary techniques based on the one or more target applications. The method may include determining, by the one or more processors, a mode of communication using the one or more encrypted data, where the mode of communication may include at least a Wi-Fi based mode of communication. Further, the method may include enabling, by the one or more processors, the communication of the one or more encrypted data from the primary entity to the secondary entity via the determined mode of communication.
[0018] In an aspect, the present disclosure relates to a user equipment (UE) for communication of data to a secondary entity. The UE may include one or more primary processors communicatively coupled to one or more processors in a system, the one or more primary processors coupled with a memory, where the memory stores instructions which when executed by the one or more primary processors causes the UE to generate and transmit one or more data parameters based on one or more target applications requested by one or more users associated with the UE. The one or more processors may be configured to receive the one or more generated data parameters from the UE, encrypt, using one or more primary techniques, the generated one or more data parameters based on the one or more target applications, determine a mode of communication based on the generated one or more encrypted data, where the determined mode of communication may include at least a Wi-Fi based mode of communication, and enable the communication of the one or more encrypted data to the secondary entity via the determined mode of communication.
[0019] In an embodiment, the UE is operatively coupled to a SIM card.
[0020] In an aspect, a subscriber identity module card (SIM) card for enabling communication of data to a secondary entity may include one or more processors operatively coupled to one or more processors in a system. The one or more processors may include a memory that stores instructions to be executed by the one or more processors that may cause the one or more processors to generate one or more data parameters based on one or more target applications requested by one or more users. The one or more processors may encrypt using one or more primary techniques, the generated one or more data parameters based on the requested one or more target applications. The one or more processors may determine a mode of communication based on the generated one or more encrypted data. The mode of communication may include at least a wireless fidelity (Wi-Fi) based mode of communication. The one or more processors may enable the communication of the one or more encrypted data from the SIM card associated with a primary entity to the secondary entity via the determined mode of communication.

BRIEF DESCRIPTION OF DRAWINGS
[0021] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes the disclosure of electrical components, electronic components, or circuitry commonly used to implement such components.
[0022] FIG. 1A illustrates an exemplary network architecture (100) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0023] FIG. 1B illustrates an exemplary system architecture (150) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0024] FIG. 2 illustrates an exemplary representation (200) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0025] FIG. 3 illustrates an exemplary representation of logical blocks (300) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0026] FIG. 4 illustrates an exemplary representation (400) of an application processor (301) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0027] FIG. 5 illustrates an exemplary representation (400) of a secure environment (302), in accordance with an embodiment of the present disclosure.
[0028] FIG. 6 illustrates an exemplary representation (600) of secure communication over wireless fidelity (Wi-Fi), in accordance with an embodiment of the present disclosure.
[0029] FIG. 7 illustrates an exemplary representation of an internal architecture of a subscriber identity module (SIM) card operation (700), in accordance with an embodiment of the present disclosure.
[0030] FIG. 8 illustrates an exemplary representation of a detailed process flow including digital signature and encryption (800), in accordance with an embodiment of the present disclosure.
[0031] FIG. 9 illustrates an exemplary computer system (900) in which or with which a proposed system (110) may be implemented, in accordance with an embodiment of the present disclosure.
[0032] The foregoing shall be more apparent from the following more detailed description of the disclosure.

BRIEF DESCRIPTION OF THE INVENTION
[0033] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address all of the problems discussed above or might address only some of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein.
[0034] The ensuing description provides exemplary embodiments only and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0035] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail to avoid obscuring the embodiments.
[0036] Also, it is noted that individual embodiments may be described as a process that is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination can correspond to a return of the function to the calling function or the main function.
[0037] The word “exemplary” and/or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive in a manner similar to the term “comprising” as an open transition word without precluding any additional or other elements.
[0038] Reference throughout this specification to “one embodiment” or “an embodiment” or “an instance” or “one instance” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
[0039] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items.
[0040] The various embodiments throughout the disclosure will be explained in more detail with reference to FIGs. 1-9.
[0041] Referring to FIG. 1A, the system (110) may enable the communication of data between a primary entity (104) and a secondary entity (108). In an embodiment, the primary entity (104) and the secondary entity (108) may also be known as user equipment (UE) that may include, but not be limited to, a mobile, a laptop, etc. Further, the primary entity (104) and/or the secondary entity (108) may include one or more in-built or externally coupled accessories including, but not limited to, a visual aid device such as a camera, audio aid, a microphone, or a keyboard. Further, the primary entity (104) and/or the secondary entity (108) may include a smartphone, virtual reality (VR) devices, augmented reality (AR) devices, a general-purpose computer, desktop, personal digital assistant, and a mainframe computer. Additionally, input devices for receiving input from a user (102-1, 102-2…102-N) such as a touch pad, touch-enabled screen, electronic pen, and the like may be used.
[0042] Referring to FIG. 1A, the primary entity (104) and the secondary entity (108) may be communicatively connected with each other through a mode of communication (106).
[0043] In an embodiment, the system (110) may generate one or more data parameters based on one or more target applications requested by the one or more users (102-1, 102-2…102-N). A person of ordinary skill in the art will understand that the one or more users (102-1, 102-2…102-N) may be collectively referred as the users (102) and individually referred as the user (102). In an embodiment, the one or more target applications may include, but not be limited to, payment information or any other sensitive data. In an embodiment, a wireless fidelity (Wi-Fi) based mode of communication may be used for communication of data from the primary entity (104) to the secondary entity (108).
[0044] Although FIG. 1A shows exemplary components of the network architecture (100), in other embodiments, the network architecture (100) may include fewer components, different components, differently arranged components, or additional functional components than depicted in FIG. 1A. Additionally, or alternatively, one or more components of the network architecture (100) may perform functions described as being performed by one or more other components of the network architecture (100).
[0045] FIG. 1B illustrates an exemplary system architecture (150) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0046] As illustrated in FIG. 1B, the system architecture (150) includes a transmitter (170) and a receiver (172). A person of ordinary skill in the art will appreciate that the transmitter (170) may be similar to the primary entity (104) of FIG. 1A in its functionality. Further, a person of ordinary skill in the art will appreciate that the receiver (172) may be similar to the secondary entity (108) of FIG. 1A in its functionality.
[0047] Referring to FIG. 1B, the transmitter (170) may include a data generation block (152) for generation of one or more data parameters. Data generation may be supervised (manually entered or attended) or un-supervised (i.e., automatically fetched or unattended). The generated data or data parameters may be encrypted at a data encryption block (154). Once the encryption of the data parameters is completed, the encrypted data parameters may go through a packetization block (156) based on a type of peripheral. Packetization may include generation of one or more data packets based on the encrypted data parameters. Data transmission block (158) may include activation of the desired output peripheral and hardware protocol level configuration for transmission of the packetized data to the receiver (172) using a data communication link (106).
[0048] In an embodiment, the data communication link (106) may include basic attributes such as, but not limited to, time (bit rate), image quality (in case of a quick response (QR) image), distance of communication based on the mode of transmission. In an embodiment, the receiver (172) may be similar to the transmitter (170), but in a reverse mode. The receiver (172) may be configured to scan the data transmitted by the transmitter (170) and select an application specific peripheral (input). Data reception block (162) may control the protocol level configuration to perform the task of receiving the data. Once the data is captured in receiver frontend peripheral, depacketization of the data is performed at a depacketization block (164). Based on the type of communication mode and size of the data packet(s), the depacketization block (164) may parse the desired data leaving the protocol layer overheads.
[0049] Further, the depacketized data may be decrypted at a data decryption block (166). After decryption, the data is verified at a data verification block (168) and further processed based on one or more target applications requested by users such as the users (102) of FIG. 1A.
[0050] In an exemplary embodiment, a subscriber identity module (SIM) card enabled with public key infrastructure (PKI) may be included at the transmitter (170) (for example, the primary entity (104) of FIG. 1A) and the receiver (172) (for example, the secondary entity (108) of FIG. 1A). Further, the SIM card may include an e-SIM or a normal SIM card. Additionally, the PKI-enabled SIM card may have the following features.
• A suitable certifying authority (CA) infrastructure support.
• Onboard key pair generation and protection of private key inside SIM.
• Secure storage of Rivest-Shamir-Adleman (RSA) or elliptical curve cryptography (ECC) keys and digital certificates.
• Secure storage of user data.
• Signing of any user data.
• Encryption and decryption of any data with: asymmetric keys and algorithms such as (RSA, ECC), and/or with symmetric keys and algorithms such as, but not limited to, an advanced encryption standard (AES), a data encryption standard (DES), and a triple data encryption standard (3DES).
• Support of hashing algorithm such as, but not limited to, a secure hash algorithm (SHA) and a message-digest algorithm (MD5).
• Access protection of SIM card applet through appropriate keys and algorithm (secure communication protocol (SCP)-02, 03, 10, 11).
[0051] In an exemplary embodiment, Wi-Fi, Bluetooth, quick response code (QR), audio, and the like may be used in any combination to provide communication of data between the transmitter (170) and the receiver (172). The data communication link (106) may be configured for one or more modes of communication in a specific way to provide a faster transaction cycle time and a maximum data rate. The communication range may also be configurable for the respective mode of communication.
[0052] It may be appreciated that the system architecture (150) may be modular and flexible to accommodate any kind of changes in the system (150).
[0053] FIG. 2 illustrates an exemplary representation (200) of a proposed system (110), in accordance with an embodiment of the present disclosure. A person of ordinary skill in the art will understand that the system (110) of FIG. 2 may be similar to the system (110) of FIG. 1 in its functionality.
[0054] Referring to FIG. 2, the system (110) may comprise one or more processor(s) (202). The one or more processor(s) (202) may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that process data based on operational instructions. Among other capabilities, the one or more processor(s) (202) may be configured to fetch and execute computer-readable instructions stored in a memory (204) of the system (110). The memory (204) may be configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory (204) may comprise any non-transitory storage device including, for example, volatile memory such as random-access memory (RAM), or non-volatile memory such as erasable programmable read-only memory (EPROM), flash memory, and the like.
[0055] In an embodiment, the system (110) may include an interface(s) (206). The interface(s) (206) may comprise a variety of interfaces, for example, interfaces for data input and output devices, referred to as input/output (I/O) devices, storage devices, and the like. The interface(s) (206) may facilitate communication through the system (110). The interface(s) (206) may also provide a communication pathway for one or more components of the system (110). Examples of such components include, but are not limited to, processing engine(s) (208) and a database (210).
[0056] The processing engine(s) (208) may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processing engine(s) (208). In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processing engine(s) (208) may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processing engine(s) (208) may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processing engine(s) (208). In such examples, the system (110) may comprise the machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to the system (110) and the processing resource. In other examples, the processing engine(s) (208) may be implemented by electronic circuitry.
[0057] In an embodiment, the one or more processor(s) (202) may be configured to generate one or more data parameters based on one or more target applications requested by users (102) of FIG. 1A. The one or more processors (s) (202) may store the generated one or more data parameters in the database (210).
[0058] In an embodiment, the one or more processors (202) may be configured to enable the communication of data from the primary entity (104) to the secondary entity (108) via the Wi-Fi based mode of communication. Further, one or more service set identifiers (SSIDs) may be associated with the Wi-Fi based mode of communication for communication of data between the primary entity (104) and the secondary entity (108).
[0059] In an embodiment, the one or more processors (202) may be configured to update the one or more SSIDs within a predefined interval. The predefined interval may be associated with the secondary entity (108). Further, the one or more encrypted data may comprise a sequence number, a device identification (ID), a user data length, user data, and a cyclic redundancy check (CRC).
[0060] In an embodiment, the one or more processors (202) may be configured to encrypt the generated one or more data parameters based on the one or more target applications. Further, the one or more target applications comprise at least one of payment information and sensitive data.
[0061] In an embodiment, the one or more processors (202) may be configured to encrypt the generated one or more data parameters using a certified authority/public key infrastructure (CA/PKI) feature.
[0062] In an embodiment, the one or more processors (202) may be configured to encrypt the generated one or more data parameters using at least one of one or more asymmetric keys, one or more symmetric keys, and the one or more primary techniques.
[0063] In an embodiment, the one or more primary techniques may comprise any or a combination of a Rivest-Shamir-Adleman (RSA) technique and an elliptical curve cryptography (ECC) technique to encrypt the generated one or more data parameters with the one or more asymmetric keys.
[0064] In an embodiment, the one or more primary techniques may comprise any or a combination of an advanced encryption standard (AES) technique, a data encryption standard (DES) technique, and a triple data encryption standard (3 DES) technique to encrypt the one or more generated data parameters with the one or more symmetric keys.
[0065] In an embodiment, the one or more processors (202) may be configured to use any or a combination of a secure hash algorithm (SHA) technique and a message-digest algorithm 5 (MD5) technique to encrypt the generated one or more data parameters.
[0066] FIG. 3 illustrates an exemplary representation of logical blocks (300) of the proposed system (110), in accordance with an embodiment of the present disclosure.
[0067] As shown in FIG. 3, the logical blocks in FIG. 1B of the proposed system (110) are mapped into/onto a physical hardware present in computing devices such as, but not limited to, smartphones. As illustrated in FIG. 3, the corresponding physical sections may be classified into three segments including an application processor (301), a secure environment (302), a hardware peripheral (303), and a data communication link (160). In an embodiment, the data communication link (160) may include a wireless optical link (160a), a wireless radio frequency link (160b), and a wireless acoustic link (160c) for enabling communication of data between a transmitter and a receiver (for example, the transmitter (170) and the receiver (172) of FIG. 1B).
[0068] It may be appreciated that the logical blocks (300) may be modular and flexible to accommodate any kind of changes.
[0069] FIG. 4 illustrates an exemplary representation (400) of an application processor (301) of the proposed system (110), in accordance with an embodiment of the present disclosure. A person of ordinary skill in the art will appreciate that the application processor (301) of FIG. 4 may be similar to the application processor (301) of FIG. 3 in its functionality. The application processor (301) may include data generation, data encryption, and packetization as shown in FIG.3.
[0070] In an embodiment, the application processor (301) may contain a multi-core central processing unit (CPU) and a general purpose input/output (GPIO) feature. The application processor [301] may primarily run a smart phone operating system (OS) (402) and user-level applications. It may be appreciated that the user-level applications (402-A, 402-B, 402-C, 402-D) may be independent of each other and follow their respective life-cycle.
[0071] In an exemplary embodiment, the user-level applications (402-A, 402-B, 402-C, 402-D) may include at least one of a payment application or any other secure/sensitive applications. Alternatively or additionally, sensitive operations may be performed by a secure processor independent of the application processor (301).
[0072] FIG. 5 illustrates an exemplary representation (500) of secure environment (302), in accordance with an embodiment of the present disclosure. A person of ordinary skill in the art will appreciate that the secure environment (302) of FIG. 5 may be similar to the secure environment (302) of FIG. 3 in its functionality.
[0073] In an embodiment, the secure environment (302) may contain a single processor or controller or a chip set based on various independent designs of an original equipment manufacturer (OEM). As illustrated, the secure environment (302) may contain a secure memory (502-A) to ensure the data may be extracted or fetched by a specific handshaking method. The secure environment (302) may be a separate hardware unit or maybe an integrated part of a secure processor (502-B). The secure processor (502-B) may compute various logical operations without exposing any data. Further, a hardware accelerator (502-C) may be incorporated with the secure processor (502-B) to enable high-speed computations. Furthermore, an asymmetric cryptographic operation (502-D) may provide complex cryptographic operations in the secure environment (302). In many configurations, the hardware accelerator (502-C) and the asymmetric cryptographic operation (502-D) may be linked to the secure processor (502-B).
[0074] FIG. 6 illustrates an exemplary representation of secure communication over Wi-Fi (600), in accordance with an embodiment of the present disclosure.
[0075] In an exemplary embodiment, the predicted Wi-Fi based mode of communication between the sender (for example, SIM card (604)) and the receiver (for example, SIM card (604-A)) may not depend on the pairing or the approval from either side. Hence, it may save time and reduce user interaction with the system. For Wi-Fi-based secure data transmission, the feature of SSID of any Wi-Fi device or hotspot may be used to transmit data. Further, pairing between a sender and a receiver may not be required. A WiFi “SSID name” filed may be used to share data.
[0076] In an exemplary embodiment, the predicted Wi-Fi based mode of communication may include multiple parallel/simultaneous transmission, single reception/transmission. Further, the communication range may be controlled by the Wi-Fi module’s transmitting power.
[0077] In an embodiment, the SSID data size may be allowed up to 32 bytes without any restriction on data types. Further, large amounts of transactional data may be divided into parts and shared by updating or changing the SSID name of a Wi-Fi hotspot or transmitter, periodically till the transaction persists. For sending a larger size of data (more than 32 bytes) and transmitting the data in multiple packets sequentially, the SSID name may be updated (with the next part of the data) within a predefined interval. The predefined interval may be linked with the receiver (or recipient device) scanning time capability. Suitable divisions may be ensured based on the amount of data to be transmitted. Additionally, all the remaining blocks in FIG. 6 may include functionalities as described in FIG. 1B. However, they may not be described in detail from the point of view of brevity.
[0078] For sequential multipacket transmission, the Wi-Fi data structure may follow the following data structure as indicated in Table 1

Sequence No.
(1-2 Byte)
Device ID (MAC – 6 Bytes)
User Data Length
(Optional)(0-1 Byte)
User Data
(21-25 Bytes)
CRC (Optional) (0-2 Bytes)
Table 1
[0079] The one to two bytes of sequence number indicates the packet number in sequence, and 6 bytes of device identity (ID) is used to identify a particular device for which, in an embodiment, the media access control (MAC) address of the device can be used. The CRC may ensure data integrity at the application level while the remaining 21-25 bytes may be used as user data.
[0080] In an exemplary embodiment, for transmitting or broadcasting a stream of data containing a string of 36 characters, for example, “abcdefghijklmnopqrstuvwxyz0123456789”, without any CRC following packets, an SSID name of the Wi-Fi as indicated in Table 2 may be required. As shown in Table 2, data may be broadcasted over two SSID updates with 30 bytes and 6 bytes of user data respectively. The SSID may be updated until the transaction is aborted or completed based on a reverse acknowledgment signal from the recipient to the sender during transmission.

Sequence No.
(1-2 Byte)

Device ID (MAC – 6 Bytes)

User Data Length
(Optional)
(0-1 Byte)

User Data
(21-25 Bytes)

CRC (Optional) (0-2 Bytes)
SSID-1

0x01
0Xaabbccddeeff
0x18
Abcdefghijklmnopqrstuvwx
NA
SSID-2

0x02
0xAABBCCDDEEFF
0x0C Yz0123456789 NA
Table 2
[0081] The possibility of a replay attack (as SSID information is easily scannable) may be avoided by considering device hardware information (MAC ID) as a part of the data. Further, the encrypted user data may contain originating or source hardware information and may be invalidated if replayed by other spurious hardware trying to clone or mimic the data.
[0082] FIG. 7 illustrates an exemplary representation of an internal architecture of a SIM card (700), in accordance with an embodiment of the present disclosure.
[0083] As illustrated in FIG. 7, the SIM card (700) may contain a global platform and over the air (OTA) interface (701) and a telecom applet (702). The telecom applet (702) may be accessed using an issuer security domain (ISD) access key (707). A new application such as a secure applet (703) may be added to enable the SIM card (700) with all the functionalities of a secure environment as indicated in block (302) of FIG. 3 or FIG. 5. The secure applet (703) may be placed in a supplementary security domain (SSD) (706) to prevent other applets or applications from accessing the secure applet (703). Additionally, the SIM card (700) may be safely accessed using a global platform and host (708) or a hypertext transfer protocol secure (HTTPS) route (709). Further, the SIM card (700) may be protected from side channel access after deployment.
[0084] In an embodiment, the SIM card applet (703) may contain all the features of the PKI environment with the following attributes of the secure applet (703):
• Onboard key pair generation and protection of private key inside SIM.
• Secure storage of RSA or ECC keys and digital certificates.
• Secure storage of user data.
• Signing of any user data.
• Encryption of any data with asymmetric keys and algorithms (RSA, ECC) and/or symmetric keys (AES, DES, 3DES).
• Decryption of any data.
• Support hashing algorithm such as an SHA and an MD5.
• Access protection of SIM card applet via appropriate keys and algorithm (service control point (SCP)-02, 03, 10, 11).
[0085] In an exemplary implementation, the encryption and decryption techniques may include a symmetric key and/or an asymmetric key. In the case of symmetric key-based security, the SIM card (700) shown in FIG. 7 may be equipped with secure storage of the generated key pairs. For an asymmetric key-based security, the SIM card (700) may be equipped with a PKI-based framework. The PKI-based framework may contain its process flow of key generation, CA, digital certificate generation (at CA), digital certificate storage (at SIM card), etc.
[0086] FIG. 8 illustrates an exemplary representation of a detailed process flow including digital signature and encryption (800), in accordance with an embodiment of the present disclosure.
[0087] As illustrated, the SIM card may perform all the operations of a secure module. The SIM card consists of a secure memory and a secure processor. With a suitable partition, the applications inside the SIM card may also be placed to work independently without interfering with each other. In an exemplary implementation, two smartphones block (104) and block (108) may be participating devices intended for secure transactions. Both devices may communicate with PKI-enabled SIM cards indicated as block (1206) and block (1218) respectively. Further, the devices may contain identical functional logical sub-blocks with different working principles based on the use- case. All PKI-enabled SIM cards may interact with the remote certification authority (CA) as indicated in block (1222).
[0088] In an exemplary implementation, both devices (104) and (108) (sender and receiver) may contain components for transmission and reception.
[0089] The sender side (104) process flow may include the following:
[0090] The transaction may be initiated from a sender device indicated at block (104). Any authorized application prepares the data (in block (1202A)) to be sent securely to another device (block (108)). The plain text data in block (1202A) that needs to be protected may be sent to the PKI-enabled SIM card (1206) through an existing wired bus. The communication channels (1204A) and (1204B) may be optionally protected by a suitable SCP standard derived from Global Specification such as SCP-01/02/03 etc. The security standards may also provide “authorization” capabilities to the specific or selected application(s) residing in a user’s smartphone.
[0091] The SIM card (1206) of a sender (104) device may have a secure memory (1206A) and a secure processor (1206B). The secure memory (1206A) may contain pertinent sensitive data such as a sender’s private key (1206A-1) and a digital certificate (1206A-2). The private key may be generated at the very beginning of PKI initialization or the “key pair generation” process. The digital certificate may be obtained by interaction with remote CA as indicated in block (1222) during PKI initialization too.
[0092] The plain text data (1202A) is taken in a secure process block (1206B-1) in the SIM card’s secure processor (1206B). The encryption process is authorized by providing the user’s personal identification number (PIN) (1214A) and encrypted by the recipient’s public key.
[0093] The recipient’s public key is extracted from the recipient’s digital certificate (RDC). The RDC is made available to the sender’s device by two possible mechanisms: a) directly from the recipient’s device (desired and preferable) in case of pure offline (no internet or back-end connectivity) and b) from CA Server (1222) requesting with recipient’s identity such as a mobile number. In this case, when the other party’s digital certificate is obtained through an offline mechanism (audio), the data route shall be a secure channel (such as (1204A), (1204B)) with host mobile, the data packetization block (1208-A) and the peripheral block (1210-A).
[0094] The encryption type performed in block (1206B-1) is asymmetric such as RSA or ECC or a hybrid i.e. combination of symmetric algorithms such as AES, a DES, and a 3DES, etc. and asymmetric algorithms (RSA, ECC, etc.). The output produced at block (1206B-1) is secure data and transferred to data signing block (1206B-2).
[0095] The encrypted data is digitally signed by the sender’s private key (1206A-1) in the data signing block (1206B-2). The signing process ensures the origin of the transaction. It also requires the user’s authorization by providing a PIN block (1214A).
[0096] Once the data is encrypted (1206B-1) and signed (1206B-2) in the SIM card’s secure processor (1206B), it goes back to the sender’s phone (104) for further step of data packetization block (1208A).
[0097] In the data packetization block (1208A), the encrypted data is prepared as per the mode of communication, which may be a Wi-Fi based transmission.
[0098] In this context, it is necessary to mention that the same data packetization block (1208A) is also used for any auxiliary communication between the sender and the receiver to obtain the recipient’s RDC. For simplicity, it has not been indicated in the diagram.
[0099] Once the packetization is completed in block (1208A), the data is transferred to block (1210A) to select the suitable mode of communication.
[00100] Block (1210A) is a generic representation of communication modalities which can be one or multiple wireless/optical peripheral types such as WiFi, Bluetooth, QR, audio, etc. For example, the certificate information also known as auxiliary data can use only QR as communication media. Sensitive data (1204-B) can use QR and Bluetooth in conjunction with communication. The selection and combination of communication modes are user and use-case specific. A few specific use cases scenario may be referred to correlate the multiple communication modalities. Finally, the secured data is transferred via link block (1222) from the sender device block (104) to the recipient’s device block (108).
[00101] In an exemplary embodiment, the recipient’s (108) side process flow may be given as follows:
[00102] The encrypted and signed data (1204-B) is transferred via link block (1222) from the sender’s device block (104) to the specific block (1210B) of the recipient block (108).
[00103] In a similar fashion to the sender’s block (1210A), block (1210B) is also a generic representation of communication modalities at the recipient’s end and can be one or multiple wireless/optical peripheral types to receive data from single or multiple peripherals.
[00104] The data received at block (1210B) may be fragmented or may be available in parts as per communication property. The packets are sent to the depacketization block (1208B) where the depacketization block (1208B) reverses the operation as per the sender’s packetization block (1204A).
[00105] Once the depacketization is done, the entire data is available at the recipient’s side in an encrypted form. Data is sent to a PKI-enabled SIM (1218) of the recipient’s side via a wired link block (1204C) between the device (108) and the SIM card’s (1218) secure processing unit (1218B).
[00106] The communication channels (1204-C) and (1204-D) on the recipient’s side may be optionally protected by suitable SCP given by a global specification such as SCP-01/02/03 etc. The security standards may also give “authorization” capabilities to the specific or selected application(s) residing in a host smartphone by sharing suitable symmetric keys for communication layer security.
[00107] In an exemplary implementation, the recipient (108) may also contain the PKI-enabled SIM card (1218) with a secure memory (1218A) and a secure processor (1218B). The secure memory (1218A) may mandatorily contain sensitive data such as a recipient’s private key (1218A-1) and a digital certificate (1218A-2). The private key may be generated at the very beginning of PKI initialization or the "key pair generation” process. The digital certificate (1218A-2) may be obtained by interaction with a remote CA as indicated in block (1222) during the PKI initialization process.
[00108] Additionally, the recipient’s SIM card (1218) and the received encrypted data are sent to block (1218B-1) for verification of the sender’s digital certificate to ensure authentication and record of the transaction.
[00109] In an exemplary implementation, the sender’s public key is extracted from the sender’s digital certificate (SDC). The SDC is made available to the recipient’s device by the mechanisms:
[00110] a) directly from the recipient’s device in case of pure offline (no internet or back-end connectivity), and
[00111] b) from the CA Server (1222) requesting the recipient’s identity.
[00112] In the case where the digital certificate is obtained through an offline mechanism, the data route shall be a secure channel (such as (1204-C) and (1204-D)) with the host mobile, the data de-packetization block (1208-B), and the peripheral block (1210-B).
[00113] Further, once the digital signature is verified, the encrypted data is sent to the decryption block (1218B-2). The data originally encrypted with the recipient’s key at the sender’s SIM may be decrypted using the recipient’s private key. The user authorization, the private key of the recipient (1218A-1), and the user authorization PIN (1214B) are required to perform the decryption process which may be RSA, ECC, or hybrid as per the type of encryption performed at the sender’s side block (1206B-1).
[00114] Furthermore, the output of the decryption process may regenerate the plain text data which was originally present at the sender’s side at block (1202A) and may now be available in the recipient’s device block (1202-B).
[00115] FIG. 9 illustrates an exemplary computer system (900) in which or with which the proposed system (110) may be implemented, in accordance with an embodiment of the present disclosure.
[00116] In an embodiment, the primary entity (104), the secondary entity (108), and/or the system (110) may be implemented as the computer system (900).
[00117] As shown in FIG. 9, the computer system (900) may include an external storage device (910), a bus (920), a main memory (930), a read-only memory (940), a mass storage device (950), a communication port(s) (960), and a processor (970). A person skilled in the art will appreciate that the computer system (900) may include more than one processor and communication ports. The communication port (960) may be chosen depending on a network, such as a Local Area Network (LAN), Wide Area Network (WAN), or any network to which the computer system (900) connects. The main memory (930) may be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art. The read-only memory (940) may be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chip for storing static information e.g., start-up or basic input/output system (BIOS) instructions for the processor (970). The mass storage device (950) may be any current or future mass storage solution, which can be used to store information and/or instructions.
[00118] The bus (920) may communicatively couple the processor(s) (970) with the other memory, storage, and communication blocks. Optionally, operator and administrative interfaces, e.g., a display, keyboard, and cursor control device may also be coupled to the bus (920) to support direct operator interaction with the computer system (900). Other operator and administrative interfaces can be provided through network connections connected through the communication port (960). In no way should the aforementioned exemplary computer system (900) limit the scope of the present disclosure.
[00119] While considerable emphasis has been placed herein on the preferred embodiments, it will be appreciated that many embodiments can be made and that many changes can be made in the preferred embodiments without departing from the principles of the disclosure. These and other changes in the preferred embodiments of the disclosure will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be implemented merely as illustrative of the disclosure and not as a limitation.

ADVANTAGES OF THE INVENTION
[00120] The present disclosure provides a system and a method that facilitates secure storage within a subscriber identity module (SIM) card.
[00121] The present disclosure provides a system and a method that enables a wireless fidelity (Wi-Fi) mode of transmission without the requirement of pairing between devices.
[00122] The present disclosure provides a system and a method that enables the Wi-Fi mode of transmission with a service set identifier (SSID) for secure data transmission.
[00123] The present disclosure provides a system and a method that enables the Wi-Fi mode of transmission with a service set identifier (SSID) for secure data transmission.

, Claims:1. A system (110) for enabling communication of data between a primary entity (104) and a secondary entity (108), the system (110) comprising:
one or more processors (202) operatively coupled with the primary entity (104) and a memory (204), wherein said memory (204) stores instructions which when executed by the one or more processors (202) cause the one or more processors (202) to:
generate one or more data parameters based on one or more target applications requested by one or more users (102) associated with the primary entity (104), wherein the primary entity (104) is operably coupled to a subscriber identity module (SIM) card;
encrypt, using one or more primary techniques, the generated one or more data parameters based on the requested one or more target applications;
determine a mode of communication (106) based on the generated one or more encrypted data, wherein the mode of communication (106) comprises at least a Wi-Fi based mode of communication; and
enable the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108) via the determined mode of communication (106).
2. The system (110) as claimed in claim 1, wherein one or more service set identifiers (SSIDs) are associated with the Wi-Fi based mode of communication to enable the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108).
3. The system (110) as claimed in claim 2, wherein the one or more processors (202) are configured to update the one or more SSIDs within a predefined interval, and wherein the predefined interval is associated with the secondary entity (108).

4. The system (110) as claimed in claim 1, wherein the one or more encrypted data comprise at least a sequence number, a device identification (ID), a user data length, user data, and a cyclic redundancy check (CRC).
5. The system (110) as claimed in claim 1, wherein the one or more processors (202) are configured to use any or a combination of a secure hash algorithm (SHA) technique and a message-digest algorithm 5 (MD5) technique before encryption of the generated one or more data parameters.
6. A method for enabling communication of data between a primary entity (104) and a secondary entity (108), the method comprising:
generating, by one or more processors (202), one or more data parameters based on one or more target applications requested by one or more users (102) associated with the primary entity (104), wherein the primary entity (104) is operably coupled to a subscriber identity module (SIM) card;
encrypting, by the one or more processors (202), the generated one or more data parameters, using one or more primary techniques based on the one or more target applications;
determining, by the one or more processors (202), a mode of communication (106) using the one or more encrypted data, wherein the determined mode of communication (106) comprises at least a Wi-Fi based mode of communication; and
enabling, by the one or more processors (202), the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108) via the determined mode of communication (106).
7. A user equipment (UE) (104) for communication of data to a secondary entity (108), said UE (104) comprising:
one or more primary processors communicatively coupled to one or more processors (202) in a system (110), the one or more primary processors coupled with a memory, wherein said memory stores instructions which when executed by the one or more primary processors causes the UE (104) to:
generate and transmit one or more data parameters based on one or more target applications requested by one or more users (102) associated with the UE (104),
wherein the one or more processors (202) are configured to:
receive the one or more generated data parameters from the UE (104);
encrypt, using one or more primary techniques, the generated one or more data parameters based on the one or more target applications;
determine a mode of communication (106) based on the generated one or more encrypted data, wherein the determined mode of communication (106) comprises at least a Wi-Fi based mode of communication; and
enable the communication of the one or more encrypted data to the secondary entity (108) via the determined mode of communication (106).
8. The UE (104) as claimed in claim 7, wherein the UE (104) is operably coupled to a subscriber identity module (SIM).
9. A subscriber identity module card (SIM) card for enabling communication of data to a secondary entity (108), the SIM card comprising:
one or more processors operatively coupled to one or more processors (202) in a system (110) comprising a memory, wherein said memory (204) stores instructions which when executed by the one or more processors causes the SIM card to:
generate one or more data parameters based on one or more target applications requested by one or more users (102);
encrypt, using one or more primary techniques, the generated one or more data parameters based on the requested one or more target applications;
determine a mode of communication (106) based on the generated one or more encrypted data, wherein the mode of communication (106) comprises at least a Wi-Fi based mode of communication; and
enable the communication of the one or more encrypted data from the SIM card associated with a primary entity (104) to the secondary entity (108) via the determined mode of communication (106).