公开(公告)号：US20160203467A1

公开(公告)日：2016-07-14

申请号：US15080130

申请日：2016-03-24

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Gregory B. Novick ,  Jerrold V. Hauck ,  Saket R. Vora ,  Yehonatan Perez

IPC: G06Q20/32 ,  G06Q20/38

CPC classification number: G06Q20/3227 ,  G06Q20/32 ,  G06Q20/3278 ,  G06Q20/352 ,  G06Q20/353 ,  G06Q20/367 ,  G06Q20/382 ,  G06Q20/4018 ,  G06Q20/4097 ,  G06Q20/40975

Abstract: Methods for operating a portable electronic device to conduct a mobile payment transaction at a merchant terminal are provided. The electronic device may verify that the current user of the device is indeed the authorized owner by requiring the current user to enter a passcode. If the user is able to provide the correct passcode, the device is only partly ready to conduct a mobile payment. In order for the user to fully activate the payment function, the user may have to supply a predetermined payment activation input such as a double button press that notifies the device that the user intends to perform a financial transaction in the immediate future. The device may subsequently activate a payment applet for a predetermined period of time during which the user may hold the device within a field of the merchant terminal to complete a near field communications based mobile payment transaction.

公开(公告)号：US09299072B2

公开(公告)日：2016-03-29

申请号：US14475263

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Gregory B. Novick ,  Jerrold V. Hauck ,  Saket R. Vora ,  Yehonatan Perez

IPC: G06K5/00 ,  G06Q20/32 ,  G06Q20/38

CPC classification number: G06Q20/3227 ,  G06Q20/32 ,  G06Q20/3278 ,  G06Q20/352 ,  G06Q20/353 ,  G06Q20/367 ,  G06Q20/382 ,  G06Q20/4018 ,  G06Q20/4097 ,  G06Q20/40975

Abstract: Methods for operating a portable electronic device to conduct a mobile payment transaction at a merchant terminal are provided. The electronic device may verify that the current user of the device is indeed the authorized owner by requiring the current user to enter a passcode. If the user is able to provide the correct passcode, the device is only partly ready to conduct a mobile payment. In order for the user to fully activate the payment function, the user may have to supply a predetermined payment activation input such as a double button press that notifies the device that the user intends to perform a financial transaction in the immediate future. The device may subsequently activate a payment applet for a predetermined period of time during which the user may hold the device within a field of the merchant terminal to complete a near field communications based mobile payment transaction.

Abstract translation: 提供了用于操作便携式电子设备以在商务终端进行移动支付交易的方法。 电子设备可以通过要求当前用户输入密码来验证设备的当前用户确实是授权所有者。 如果用户能够提供正确的密码，则该设备仅部分准备进行移动支付。 为了使用户能够完全启动支付功能，用户可能必须提供预定的支付激活输入，例如双按钮按钮，以在不久的将来通知设备用户打算执行金融交易。 该设备随后可以在预定的时间段内激活支付小应用程序，在该预定时间段期间，用户可以将该设备保存在商家终端的字段内，以完成基于近场通信的移动支付交易。

公开(公告)号：US20150058191A1

公开(公告)日：2015-02-26

申请号：US14092205

申请日：2013-11-27

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  David T. Haggerty ,  George R. Dicker ,  Jerrold V. Hauck ,  Joakim Linde ,  Mitchell D. Adler ,  Zachary A. Rosen ,  Yousuf H. Vaid ,  Christopher Sharp

IPC: G06Q20/42 ,  G06Q20/40

CPC classification number: G06Q20/42 ,  G06F21/35 ,  G06Q20/32 ,  G06Q20/3226 ,  G06Q20/40 ,  G06Q20/4016

Abstract: Systems, methods, and computer-readable media for provisioning credentials on an electronic device are provided. In one example embodiment, a secure platform system may be in communication with an electronic device and a financial institution subsystem. The secure platform system may be configured to, inter alia, receive user account information from the electronic device, authenticate a user account with a commercial entity using the received user account information, detect a commerce credential associated with the authenticated user account, run a commercial entity fraud check on the detected commerce credential, commission the financial institution subsystem to run a financial entity fraud check on the detected commerce credential based on the results of the commercial entity fraud check, and facilitate provisioning of the detected commerce credential on the electronic device based on the results of the financial entity fraud check. Additional embodiments are also provided.

Abstract translation: 提供了用于在电子设备上提供凭证的系统，方法和计算机可读介质。 在一个示例性实施例中，安全平台系统可以与电子设备和金融机构子系统通信。 安全平台系统可以被配置为特别地从电子设备接收用户帐户信息，使用接收到的用户帐户信息向商业实体验证用户帐户，检测与经认证的用户帐户相关联的商业凭证，运行商业广告 实体欺诈检查检测到的商业凭证，委托金融机构子系统根据商业实体欺诈检查的结果对检测到的商业凭证进行金融实体欺诈检查，并促进在电子设备上提供检测到的商业凭证 关于金融实体欺诈检查的结果。 还提供了另外的实施例。

公开(公告)号：US20140143826A1

公开(公告)日：2014-05-22

申请号：US14085951

申请日：2013-11-21

Applicant: Apple Inc.

Inventor： Christopher B. Sharp ,  Yousuf H. Vaid ,  Li Li ,  Jerrold V. Hauck ,  Arun G. Mathias ,  Xiangying Yang ,  Kevin P. McLaughlin

IPC: G06F21/60

CPC classification number: G06F21/604 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04W12/08

Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

Abstract translation: 描述了基于策略的框架。 该基于策略的框架可以用于指定逻辑实体执行与位于电子设备中的安全元件内的访问控制元素（例如电子订户身份模块）相关联的操作的权限。 注意，对于与相同或不同的访问控制元素相关联的不同操作，不同的逻辑实体可以具有不同的权限。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的凭证的类型，使得不同类型的凭证可以用于不同的操作和/或由不同的逻辑实体使用。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的安全协议和安全级别，使得不同的安全协议和安全级别可以用于不同的操作和/或不同的逻辑实体。

公开(公告)号：US20130024593A1

公开(公告)日：2013-01-24

申请号：US13625798

申请日：2012-09-24

Applicant: Apple Inc.

Inventor： Jerrold V. Hauck

IPC: G06F13/36

CPC classification number: H04J3/0697 ,  H04N21/43632

Abstract: A communication function between ports on a node that does not require a common time base to be distributed across the network is disclosed. A data stream received over a first port is placed on an interface between nodes using the time base of the first port; a second port samples the data stream on the interface and timestamps it using the time base of the second port. The data stream is timestamped by the second port and packetized before transmitted to the second node to another bridge or device. Alternatively, the first port extracts a time stamp from the data stream and calculates an offset using a cycle timer value from the bus connected to the first port. The offset is added to the cycle timer value on the bus connected to the second port and used to timestamp the data stream.

Abstract translation: 公开了不需要通过网络分布的公共时基的节点上的端口之间的通信功能。 通过第一端口接收的数据流被放置在使用第一端口的时基的节点之间的接口上; 第二个端口使用接口的数据流进行采样，并使用第二个端口的时基对其进行时间戳。 数据流由第二个端口加时间戳，并在发送到另一个网桥或设备之前进行分组。 或者，第一端口从数据流中提取时间戳，并且使用来自连接到第一端口的总线的周期定时器值来计算偏移量。 偏移被添加到连接到第二个端口的总线上的周期定时器值，并用于对数据流进行时间戳。

公开(公告)号：US12089178B2

公开(公告)日：2024-09-10

申请号：US18482069

申请日：2023-10-06

Applicant: Apple Inc.

Inventor： Jerrold V. Hauck ,  Alejandro J. Marquez ,  Timothy R. Paaske ,  Indranil S. Sen ,  Herve Sibert ,  Yannick L Sierra ,  Raman S. Thiara

IPC: H04W64/00 ,  H04L9/32 ,  H04L9/40 ,  H04W12/02 ,  H04W12/03 ,  H04W12/033 ,  H04W12/04 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04W12/0471 ,  H04W12/06 ,  H04W12/062 ,  H04W12/065 ,  H04W12/069 ,  H04W12/63 ,  H04W76/10 ,  H04W4/80 ,  H04W12/33 ,  H04W12/47

CPC classification number: H04W64/00 ,  H04L9/3273 ,  H04L63/061 ,  H04L63/0869 ,  H04W12/02 ,  H04W12/03 ,  H04W12/033 ,  H04W12/04 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04W12/0471 ,  H04W12/06 ,  H04W12/062 ,  H04W12/065 ,  H04W12/069 ,  H04W12/63 ,  H04W76/10 ,  H04L63/0492 ,  H04W4/80 ,  H04W12/33 ,  H04W12/47

Abstract: A secure ranging system can use a secure processing system to deliver one or more ranging keys to a ranging radio on a device, and the ranging radio can derive locally at the system ranging codes based on the ranging keys. A deterministic random number generator can derive the ranging codes using the ranging key and one or more session parameters, and each device (e.g. a cellular telephone and another device) can independently derive the ranging codes and derive them contemporaneously with their use in ranging operations.

公开(公告)号：US11822664B2

公开(公告)日：2023-11-21

申请号：US17092030

申请日：2020-11-06

Applicant: Apple Inc.

Inventor： Xeno S. Kovah ,  Nikolaj Schlej ,  Thomas P. Mensch ,  Wade Benson ,  Jerrold V. Hauck ,  Josh P. de Cesare ,  Austin G. Jennings ,  John J. Dong ,  Robert C. Graham ,  Jacques Fortier

IPC: G06F21/57 ,  G06F21/72 ,  H04L9/32 ,  H04L9/08 ,  H04L9/40 ,  G06F21/73 ,  G06F9/4401

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F21/72 ,  G06F21/73 ,  H04L9/0897 ,  H04L9/3226 ,  H04L9/3236 ,  H04L9/3268 ,  H04L63/123 ,  G06F2221/034

Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.

公开(公告)号：US11790365B2

公开(公告)日：2023-10-17

申请号：US17384488

申请日：2021-07-23

Applicant: Apple Inc.

Inventor： Herve Sibert ,  Oren M. Elrad ,  Jerrold V. Hauck ,  Onur E. Tackin ,  Zachary A. Rosen ,  Matthias Lerch

IPC: G06Q20/40 ,  G06Q20/32 ,  G06Q20/20 ,  G06Q20/38 ,  G06F21/32 ,  G06F21/31 ,  H04W12/065 ,  H04W12/06 ,  H04L9/32

CPC classification number: G06Q20/40145 ,  G06F21/31 ,  G06F21/32 ,  G06Q20/204 ,  G06Q20/3278 ,  G06Q20/382 ,  G06Q20/4014 ,  H04L9/3231 ,  H04W12/065 ,  H04W12/068

Abstract: Techniques are disclosed relating to secure data storage. In various embodiments, a mobile device includes a wireless interface, a secure element, and a secure circuit. The secure element is configured to store confidential information associated with a plurality of users and to receive a request to communicate the confidential information associated with a particular one of the plurality of users. The secure element is further configured to communicate, via the wireless interface, the confidential information associated with the particular user in response to an authentication of the particular user. The secure circuit is configured to perform the authentication of the particular user. In some embodiments, the mobile device also includes a biosensor configured to collect biometric information from a user of the mobile device. In such an embodiment, the secure circuit is configured to store biometric information collected from the plurality of users by the biosensor.

公开(公告)号：US11537699B2

公开(公告)日：2022-12-27

申请号：US17084172

申请日：2020-10-29

Applicant: Apple Inc.

Inventor： Lucia E. Ballard ,  Jerrold V. Hauck ,  Deepti S. Prakash ,  Jan Cibulka ,  Ivan Krstic

IPC: H04M1/66 ,  G06F21/32 ,  G06F21/78 ,  G06F21/62 ,  H04L9/32 ,  H04L9/40 ,  H04M1/72463 ,  H04W12/06 ,  H04W12/084 ,  G06F21/34 ,  G06Q20/32

Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

公开(公告)号：US11178127B2

公开(公告)日：2021-11-16

申请号：US15497203

申请日：2017-04-26

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: H04W12/08 ,  H04L29/06 ,  H04W12/041 ,  H04W12/086 ,  H04W12/0431 ,  G06F9/445 ,  H04W12/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.