公开(公告)号：US20220391481A1

公开(公告)日：2022-12-08

申请号：US17485086

申请日：2021-09-24

Applicant: Apple Inc.

Inventor： Haya Iris VILLANUEVA GAVIOLA ,  Antonio A. ALLEN ,  Mayura D. DESHPANDE ,  Thomas John MILLER ,  Policarpo Bonilla WOOD, JR. ,  Ho Cheung Chung ,  Gianpaolo Fasoli ,  Vinay Ganesh ,  Irene M. Graff ,  Martijn Theo Haring ,  Ahmer A. Khan ,  Franck Farian Rakotomalala ,  Gordon Scott ,  Christopher Sharp ,  David W. Silver ,  Ka Yang

IPC: G06F21/32 ,  G06F21/34 ,  G06F21/60 ,  G06F3/048

Abstract: The present disclosure generally relates to digital identification credential user interfaces.

公开(公告)号：US20210105265A1

公开(公告)日：2021-04-08

申请号：US17033415

申请日：2020-09-25

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Ahmer A. Khan ,  Martijn T. Haring

IPC: H04L29/06 ,  H04L9/32

Abstract: Techniques are disclosed relating to authenticating a user with a mobile device. In some embodiments, a computing device stores a first signed attestation indicating an ability of the computing device to securely perform a user authentication. The computing device receives a request to store credential information of an identification document issued by an issuing authority to a user for establishing an identity of the user. In response to the request, the computing device sends, to the issuing authority, a request to store the credential information, the sent request including the first signed attestation to indicate an ability to perform a user authentication prior to permitting access to the credential information. In response to an approval of the sent request based on the first signed attestation, the computing device stores the credential information in a secure element of the computing device.

公开(公告)号：US10650372B2

公开(公告)日：2020-05-12

申请号：US14475384

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan

IPC: G06Q20/32 ,  G06Q20/38

Abstract: A system for provisioning credentials onto an electronic device is provided. The user device may include a secure element and a corresponding trusted processor. A contactless registry service (CRS) applet running on the secure element may be used to manage the activation of one or more associated payment applets during a mobile payment transaction. The CRS applet may include at least a user input received flag and an authorization received flag. The user input received flag may be asserted in response to detecting a required user input for initiating payment. The authorization received flag may be asserted when the trusted processor sends an activation request to the secure element. A payment applet should only be activated when at least one of the user input received flag and the authorization received flag has been asserted.

公开(公告)号：US10303884B2

公开(公告)日：2019-05-28

申请号：US15588547

申请日：2017-05-05

Applicant: Apple Inc.

Inventor： Peng Liu ,  Ahmer A. Khan ,  Onur E. Tackin ,  Oren M. Elrad

IPC: G06F1/00 ,  G06F21/57 ,  H04L9/32 ,  H04L29/06

Abstract: A device facilitating countersigning updates for multi-chip devices includes at least one processor configured to receive, from a collocated chip, a data item and a software update, the data item being signed using a private key corresponding to a primary entity associated with the collocated chip and the data item comprising an authentication code generated using a symmetric key corresponding to a secondary entity associated with the software update. At least one processor is further configured to verify the data item using a public key associated with the primary entity. At least one processor is further configured to verify the software update based at least in part on the authentication code and using the symmetric key corresponding to the primary entity. At least one processor is further configured to install the software update when both the data item and the software update are verified, otherwise discard the software update.

公开(公告)号：US10289996B2

公开(公告)日：2019-05-14

申请号：US15865074

申请日：2018-01-08

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Gregory B. Novick ,  Jerrold V. Hauck ,  Saket R. Vora ,  Yehonatan Perez

IPC: G06Q20/32 ,  G06Q20/38 ,  G06Q20/34 ,  G06Q20/40 ,  G06Q20/36

Abstract: Methods for operating a portable electronic device to conduct a mobile payment transaction at a merchant terminal are provided. The electronic device may verify that the current user of the device is indeed the authorized owner by requiring the current user to enter a passcode. If the user is able to provide the correct passcode, the device is only partly ready to conduct a mobile payment. In order for the user to fully activate the payment function, the user may have to supply a predetermined payment activation input such as a double button press that notifies the device that the user intends to perform a financial transaction in the immediate future. The device may subsequently activate a payment applet for a predetermined period of time during which the user may hold the device within a field of the merchant terminal to complete a near field communications based mobile payment transaction.

公开(公告)号：US10257780B2

公开(公告)日：2019-04-09

申请号：US15463905

申请日：2017-03-20

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Joakim Linde ,  Joseph Hakim ,  Zachary A. Rosen

IPC: G06F1/32 ,  H04B5/02 ,  G06F21/35 ,  G06F21/60 ,  G06Q20/32 ,  H04W52/02 ,  H04W12/06 ,  G06F1/3234

Abstract: Systems, methods, and computer-readable media for managing near field communications during a low power management mode of an electronic device are provided that may make credentials of a near field communication (“NFC”) component appropriately secure and appropriately accessible while also limiting the power consumption of the NFC component and of other components of the electronic device.

公开(公告)号：US10083435B2

公开(公告)日：2018-09-25

申请号：US15633106

申请日：2017-06-26

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Zachary A. Rosen ,  Joakim Linde

IPC: G06K5/00 ,  G06Q20/32 ,  G06Q20/04 ,  G06Q20/42 ,  G06Q20/36 ,  G06Q20/20 ,  G06Q20/38 ,  G06Q20/10

CPC classification number: G06Q20/325 ,  G06Q20/0453 ,  G06Q20/10 ,  G06Q20/20 ,  G06Q20/204 ,  G06Q20/322 ,  G06Q20/3227 ,  G06Q20/3278 ,  G06Q20/36 ,  G06Q20/3821 ,  G06Q20/385 ,  G06Q20/425

Abstract: To facilitate conducting a secure transaction via wireless communication between a portable electronic device (such as a smartphone) and another electronic device (such as a point-of-sale terminal), the portable electronic device may, after a final command is received from the other electronic device, determine a unique transaction identifier for the secure transaction. In particular, the final command may be specific to an applet, stored in a secure element in the portable electronic device, which conducts the secure transaction. The secure element may generate the unique transaction identifier based on financial-account information associated with the applet, which is communicated to the other electronic device. Next, the secure element may provide, to a processor in the portable electronic device, an end message for the secure transaction with the unique transaction identifier.

公开(公告)号：US09697514B2

公开(公告)日：2017-07-04

申请号：US15243041

申请日：2016-08-22

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Zachary A. Rosen ,  Joakim Linde

IPC: G06K5/00 ,  G06Q20/32 ,  G06Q20/36 ,  G06Q20/38 ,  G06Q20/04 ,  G06Q20/20 ,  G06Q20/42 ,  G06Q20/10

CPC classification number: G06Q20/325 ,  G06Q20/0453 ,  G06Q20/10 ,  G06Q20/20 ,  G06Q20/322 ,  G06Q20/3227 ,  G06Q20/3278 ,  G06Q20/36 ,  G06Q20/3821 ,  G06Q20/385 ,  G06Q20/425

Abstract: To facilitate conducting a secure transaction via wireless communication between a portable electronic device (such as a smartphone) and another electronic device (such as a point-of-sale terminal), the portable electronic device may, after a final command is received from the other electronic device, determine a unique transaction identifier for the secure transaction. In particular, the final command may be specific to an applet, stored in a secure element in the portable electronic device, which conducts the secure transaction. The secure element may generate the unique transaction identifier based on financial-account information associated with the applet, which is communicated to the other electronic device. Next, the secure element may provide, to a processor in the portable electronic device, an end message for the secure transaction with the unique transaction identifier.

公开(公告)号：US09590963B2

公开(公告)日：2017-03-07

申请号：US14872024

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Ahmer A. Khan

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04W12/04 ,  G06F21/72 ,  G06Q20/32 ,  G06Q20/38

CPC classification number: H04L63/062 ,  G06F21/72 ,  G06Q20/3229 ,  G06Q20/3829 ,  H04L9/0877 ,  H04L9/0891 ,  H04L9/3234 ,  H04W12/04

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key management for Issuer Security Domain (ISD) using GlobalPlatform Specifications. A client receives from a server an authorization to update a first ISD keyset. The client encrypts, via a client-side secure element, a second ISD keyset with a server public key. The client sends the encrypted second ISD keyset to the server for updating the first ISD keyset with the encrypted second ISD keyset. Prior to updating, the client generates the first ISD keyset at a vendor and sends the first ISD keyset to the client-side secure element and sends the first ISD keyset encrypted with the server public key to the server. The disclosed method allows for updating of an ISD keyset of which only the client-side secure element and a server have knowledge.

Abstract translation: 本文公开了使用GlobalPlatform规范的发行商安全域（ISD）的密钥管理的系统，方法和非暂时的计算机可读存储介质。 客户端从服务器接收更新第一个ISD密钥集的授权。 客户端通过客户端安全元素加密具有服务器公钥的第二ISD密钥集。 客户机将加密的第二ISD密钥集发送到服务器，用于用加密的第二ISD密钥集来更新第一ISD密钥集。 在更新之前，客户端在供应商处生成第一个ISD密钥集，并将第一个ISD密钥集发送到客户端安全元素，并将用服务器公钥加密的第一个ISD密钥集发送到服务器。 所公开的方法允许更新只有客户端安全元件和服务器具有知识的ISD密钥集。

公开(公告)号：US09483249B2

公开(公告)日：2016-11-01

申请号：US14466850

申请日：2014-08-22

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Joakim Linde ,  Mehdi Ziat

IPC: G06F21/00 ,  G06F9/445 ,  G06F9/44 ,  G06F21/71 ,  H04L9/32 ,  H04W12/06 ,  H04W4/00 ,  G06F21/57 ,  H04L29/08

CPC classification number: G06F8/65 ,  G06F21/57 ,  H04L9/3247 ,  H04L67/06 ,  H04L67/306 ,  H04L67/34 ,  H04L67/42 ,  H04W4/60 ,  H04W12/06

Abstract: An electronic device (such as a cellular telephone) automatically installs and personalizes updates to an applet on a secure element in the electronic device. In particular, when a digitally signed update package containing the update is received from an updating device (such as a server), the secure element identifies any previous versions of the applet installed on the secure element. If there are any previously installed versions, the secure element verifies the digital signature of the update package using an encryption key associated with a vendor of the secure element. Then, the secure element uninstalls the previous versions of the applet and exports the associated user data. Next, the secure element installs the update to the applet, and personalizes the new version of the applet using the user data.

Abstract translation: 电子设备（例如蜂窝电话）在电子设备中的安全元件上自动安装并个性化对小应用程序的更新。 特别地，当从更新设备（例如服务器）接收到包含更新的数字签名的更新包时，安全元件识别安装在安全元件上的小应用程序的任何先前版本。 如果有任何先前安装的版本，则安全元件使用与安全元件的供应商相关联的加密密钥验证更新包的数字签名。 然后，安全元素会卸载以前版本的applet并导出关联的用户数据。 接下来，安全元件将更新安装到小程序，并使用用户数据个性化新版本的小应用程序。