-
31.发明申请SECURE PROVISIONING OF CREDENTIALS ON AN ELECTRONIC DEVICE USING ELLIPTIC CURVE CRYPTOGRAPHY 审中-公开使用ELLIPTIC CURVE CRYPTOGRAPHY安全地在电子设备上提供证书公开(公告)号:US20150213433A1
公开(公告)日:2015-07-30
申请号:US14475227
申请日:2014-09-02
Applicant: Apple Inc.
Inventor: Ahmer A. Khan
CPC classification number: G06Q20/3227 , G06Q20/3821 , G06Q20/3829 , G06Q2220/00 , H04L9/0844 , H04L9/3013 , H04L9/3066 , H04L2209/56 , H04L2209/80
Abstract: Systems, methods, and computer-readable media for provisioning credentials are provided. In one example embodiment, an electronic device may include a communications component that receives encrypted commerce credential data from a service provider subsystem. The electronic device may also include a secure element that, inter alia, generates on the secure element a secure element public key and a secure element private key, derives on the secure element a secure element shared secret from the secure element private key, derives on the secure element a secure element secure key from the secure element shared secret, and decrypts on the secure element the encrypted commerce credential data using the secure element secure key. Additional embodiments are also provided.
Abstract translation: 提供了用于供应凭证的系统,方法和计算机可读介质。 在一个示例实施例中,电子设备可以包括从服务提供商子系统接收加密的商业凭证数据的通信组件。 电子设备还可以包括安全元件,其特别地,在安全元件上生成安全元件公钥和安全元件私钥,从安全元件私有密钥导出安全元件共享秘密的安全元件,导出 所述安全元件是来自所述安全元件共享秘密的安全元件安全密钥,并且使用所述安全元件安全密钥在所述安全元件上解密所述加密的商业凭证数据。 还提供了另外的实施例。
-
公开(公告)号:US20150193221A1
公开(公告)日:2015-07-09
申请号:US14466850
申请日:2014-08-22
Applicant: Apple Inc.
Inventor: Ahmer A. Khan , Joakim Linde , Mehdi Ziat
CPC classification number: G06F8/65 , G06F21/57 , H04L9/3247 , H04L67/06 , H04L67/306 , H04L67/34 , H04L67/42 , H04W4/60 , H04W12/06
Abstract: An electronic device (such as a cellular telephone) automatically installs and personalizes updates to an applet on a secure element in the electronic device. In particular, when a digitally signed update package containing the update is received from an updating device (such as a server), the secure element identifies any previous versions of the applet installed on the secure element. If there are any previously installed versions, the secure element verifies the digital signature of the update package using an encryption key associated with a vendor of the secure element. Then, the secure element uninstalls the previous versions of the applet and exports the associated user data. Next, the secure element installs the update to the applet, and personalizes the new version of the applet using the user data.
Abstract translation: 电子设备(例如蜂窝电话)在电子设备中的安全元件上自动安装并个性化对小应用程序的更新。 特别地,当从更新设备(例如服务器)接收到包含更新的数字签名的更新包时,安全元件识别安装在安全元件上的小应用程序的任何先前版本。 如果有任何先前安装的版本,则安全元件使用与安全元件的供应商相关联的加密密钥验证更新包的数字签名。 然后,安全元素会卸载以前版本的applet并导出关联的用户数据。 接下来,安全元件将更新安装到小程序,并使用用户数据个性化新版本的小应用程序。
-
公开(公告)号:US20150178723A1
公开(公告)日:2015-06-25
申请号:US14475292
申请日:2014-09-02
Applicant: Apple Inc.
Inventor: Ahmer A. Khan , Joakim Linde , Christopher Sharp , Jerrold V. Hauck
Abstract: Systems, methods, and computer-readable media for managing credentials are provided. In one example embodiment, an electronic device may include a secure element with a security domain element stored on the secure element. The electronic device may also include a processor component that may be configured to, inter alia, permanently terminate the functionality of the security domain element, after the functionality has been permanently terminated, communicatively couple the electronic device to a trusted service manager, and transmit data to the communicatively coupled trusted service manager that may be usable by the trusted service manager to determine that the functionality has been permanently terminated. Additional embodiments are also provided.
Abstract translation: 提供了用于管理凭证的系统,方法和计算机可读介质。 在一个示例实施例中,电子设备可以包括具有存储在安全元件上的安全域元素的安全元件。 电子设备还可以包括处理器组件,其可以被配置为在功能已经被永久地终止之后永久地终止安全域元件的功能,通信地将电子设备耦合到可信服务管理器,并且发送数据 涉及由可信服务管理器可用以确定功能已被永久终止的通信耦合的可信服务管理器。 还提供了另外的实施例。
-
公开(公告)号:US20150127549A1
公开(公告)日:2015-05-07
申请号:US14474803
申请日:2014-09-02
Applicant: Apple Inc.
Inventor: Ahmer A. Khan
CPC classification number: G06Q20/3829 , G06Q20/20 , G06Q20/32 , G06Q20/3227 , G06Q20/3278 , G06Q20/40145
Abstract: In order to validate a user to facilitate conducting a high-valued financial transaction via wireless communication between an electronic device (such as a smartphone) and another electronic device (such as a point-of-sale terminal), the electronic device may authenticate the user prior to the onset of the high-valued financial transaction. In particular, a secure enclave processor in a processor may provide local validation information that is specific to the electronic device to a secure element in the electronic device when received local authentication information that is specific to the electronic device (such as a biometric identifier of the user) matches stored authentication information. Moreover, an authentication applet in the secure element may provide the local validation information to an activated payment applet in the secure element. This may enable the payment applet to conduct the high-valued financial transaction via wireless communication, such as near-field communication.
Abstract translation: 为了验证用户以便通过电子设备(例如智能电话机)和另一电子设备(例如销售点终端)之间的无线通信进行高价值的金融交易,电子设备可以认证 用户在高价值金融交易发生之前。 特别地,处理器中的安全飞地处理器可以在接收到特定于电子设备的本地认证信息时(例如,电子设备的生物识别标识符)向电子设备中的安全元件提供特定于电子设备的本地验证信息 用户)匹配存储的认证信息。 此外,安全元件中的认证小应用程序可以将本地验证信息提供给安全元件中的激活的支付小应用程序。 这可以使得支付小程序通过诸如近场通信的无线通信来进行高价值的金融交易。
-
公开(公告)号:US20150095238A1
公开(公告)日:2015-04-02
申请号:US14481526
申请日:2014-09-09
Applicant: Apple Inc.
Inventor: Ahmer A. Khan , Timothy S. Hurley , Anton K. Diederich , George R. Dicker , Scott M. Herz , Christopher Sharp
CPC classification number: G06Q20/325 , G06Q20/10 , G06Q20/12 , G06Q20/3227 , G06Q20/3278 , G06Q20/382 , G06Q20/3823 , G06Q20/3829 , G06Q20/40
Abstract: Systems, methods, and computer-readable media for securely conducting online payments with a secure element of an electronic device are provided. In one example embodiment, a method includes, inter alia, at an electronic device, generating first data that includes payment card data, generating second data by encrypting the first data and merchant information with a first key, transmitting to a commercial entity subsystem the generated second data, receiving third data that includes the first data encrypted with a second key that is associated with the merchant information, and transmitting the received third data to a merchant subsystem that is associated with the merchant information, where the first key is not accessible to the merchant subsystem, and where the second key is not accessible to the electronic device. Additional embodiments are also provided.
Abstract translation: 提供了使用电子设备的安全元件安全地进行在线支付的系统,方法和计算机可读介质。 在一个示例实施例中,一种方法尤其包括在电子设备上,生成包括支付卡数据的第一数据,通过用第一密钥加密第一数据和商家信息来生成第二数据,向商业实体子系统发送生成的 第二数据,接收包括用与所述商家信息相关联的第二密钥加密的第一数据的第三数据,以及将所接收的第三数据发送到与所述商家信息相关联的商户子系统,其中所述第一密钥不可访问 商业子系统,以及第二密钥不能被电子设备访问的地方。 还提供了另外的实施例。
-
Patent Agency Ranking
公开(公告)号:US12200497B2
公开(公告)日:2025-01-14
申请号:US18404058
申请日:2024-01-04
Applicant: Apple Inc.
Inventor: Haya Iris Villanueva Gaviola , Gianpaolo Fasoli , Vinay Ganesh , Irene M. Graff , Martijn Theo Haring , Ahmer A. Khan , Franck Farian Rakotomalala , Gordon Y. Scott , Ho Cheung Chung , Antonio Allen , Mayura Dhananjaya Deshpande , Thomas John Miller , Christopher Sharp , David W. Silver , Policarpo B. Wood , Ka Yang
Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.
-
公开(公告)号:US11950101B2
公开(公告)日:2024-04-02
申请号:US17398723
申请日:2021-08-10
Applicant: Apple Inc.
Inventor: Haya Iris Villanueva Gaviola , Gianpaolo Fasoli , Vinay Ganesh , Irene M. Graff , Martijn Theo Haring , Ahmer A. Khan , Franck Farian Rakotomalala , Gordon Y. Scott , Ho Cheung Chung , Antonio Allen , Mayura Dhananjaya Deshpande , Thomas John Miller , Christopher Sharp , David W. Silver , Policarpo B. Wood , Ka Yang
IPC: H04L29/06 , H04L29/08 , H04W4/80 , H04W12/02 , H04W12/037 , H04W12/47 , H04W12/69 , G06Q50/26 , H04L29/00
CPC classification number: H04W12/69 , H04W4/80 , H04W12/02 , H04W12/037 , H04W12/47 , G06Q50/265
Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.
-
公开(公告)号:US20230351377A1
公开(公告)日:2023-11-02
申请号:US18340654
申请日:2023-06-23
Applicant: Apple Inc.
Inventor: Herve Sibert , Onur E. Tackin , Matthias Lerch , Ahmer A. Khan , Franck Rakotomalala , Oren M. Elrad
CPC classification number: G06Q20/3829 , H04L9/3263 , G06Q20/3278 , G06Q20/40145 , H04L9/3231 , H04L9/3247 , H04L9/0894 , H04L63/083 , H04L63/0861 , G06Q20/3825 , G06Q20/405 , G06Q20/4014 , G06Q20/204 , G06Q20/385 , G06Q20/3227 , H04W12/069 , G06Q2220/00 , H04L2463/082 , H04L2209/805
Abstract: Techniques are disclosed relating to authenticate a user with a mobile device. In one embodiment, a computing device includes a short-range radio and a secure element. The computing device reads, via the short-range radio, a portion of credential information stored in a circuit embedded in an identification document issued by an authority to a user for establishing an identity of the user. The computing device issues, to the authority, a request to store the credential information, the request specifying the portion of the credential information. In response to an approval of the request, the computing device stores the credential information in the secure element, the credential information being usable to establish the identity of the user. In some embodiments, the identification document is a passport that includes a radio-frequency identification (RFID) circuit storing the credential information, and the request specifies a passport number read from the RFID circuit.
-
公开(公告)号:US11770715B2
公开(公告)日:2023-09-26
申请号:US17398723
申请日:2021-08-10
Applicant: Apple Inc.
Inventor: Ho Cheung Chung , Gianpaolo Fasoli , Vinay Ganesh , Irene M. Graff , Martijn Theo Haring , Ahmer A. Khan , Franck Farian Rakotomalala , Gordon Y. Scott
IPC: H04L29/06 , H04L29/08 , H04W12/69 , H04W12/47 , H04W12/037 , H04W4/80 , H04W12/02 , H04L29/00 , G06Q50/26
CPC classification number: H04W12/69 , H04W4/80 , H04W12/02 , H04W12/037 , H04W12/47 , G06Q50/265
Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.
-
公开(公告)号:US11734678B2
公开(公告)日:2023-08-22
申请号:US15415467
申请日:2017-01-25
Applicant: Apple Inc.
Inventor: Herve Sibert , Onur E. Tackin , Matthias Lerch , Ahmer A. Khan , Franck Rakotomalala , Oren M. Elrad
CPC classification number: G06Q20/3829 , G06Q20/204 , G06Q20/3227 , G06Q20/3278 , G06Q20/385 , G06Q20/3825 , G06Q20/405 , G06Q20/4014 , G06Q20/40145 , H04L9/0894 , H04L9/3231 , H04L9/3247 , H04L9/3263 , H04L63/083 , H04L63/0861 , H04W12/069 , G06Q2220/00 , H04L2209/805 , H04L2463/082
Abstract: Techniques are disclosed relating to authenticate a user with a mobile device. In one embodiment, a computing device includes a short-range radio and a secure element. The computing device reads, via the short-range radio, a portion of credential information stored in a circuit embedded in an identification document issued by an authority to a user for establishing an identity of the user. The computing device issues, to the authority, a request to store the credential information, the request specifying the portion of the credential information. In response to an approval of the request, the computing device stores the credential information in the secure element, the credential information being usable to establish the identity of the user. In some embodiments, the identification document is a passport that includes a radio-frequency identification (RFID) circuit storing the credential information, and the request specifies a passport number read from the RFID circuit.
-
-
-
-
-
-
-
-
-
Search Results
96
records
(took 0.022 seconds)
