公开(公告)号：US10121144B2

公开(公告)日：2018-11-06

申请号：US14474803

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan

IPC: G06Q20/38 ,  G06Q20/20 ,  G06Q20/32 ,  G06Q20/40

Abstract: In order to validate a user to facilitate conducting a high-valued financial transaction via wireless communication between an electronic device (such as a smartphone) and another electronic device (such as a point-of-sale terminal), the electronic device may authenticate the user prior to the onset of the high-valued financial transaction. In particular, a secure enclave processor in a processor may provide local validation information that is specific to the electronic device to a secure element in the electronic device when received local authentication information that is specific to the electronic device (such as a biometric identifier of the user) matches stored authentication information. Moreover, an authentication applet in the secure element may provide the local validation information to an activated payment applet in the secure element. This may enable the payment applet to conduct the high-valued financial transaction via wireless communication, such as near-field communication.

公开(公告)号：US09880830B2

公开(公告)日：2018-01-30

申请号：US15269490

申请日：2016-09-19

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Joakim Linde ,  Mehdi Ziat

IPC: H04L29/06 ,  H04L29/08 ,  G06F9/445 ,  H04L9/32 ,  H04W12/06 ,  H04W4/00 ,  G06F21/57

CPC classification number: G06F8/65 ,  G06F21/57 ,  H04L9/3247 ,  H04L67/06 ,  H04L67/306 ,  H04L67/34 ,  H04L67/42 ,  H04W4/60 ,  H04W12/06

Abstract: An electronic device (such as a cellular telephone) automatically installs and personalizes updates to an applet on a secure element in the electronic device. In particular, when a digitally signed update package containing the update is received from an updating device (such as a server), the secure element identifies any previous versions of the applet installed on the secure element. If there are any previously installed versions, the secure element verifies the digital signature of the update package using an encryption key associated with a vendor of the secure element. Then, the secure element uninstalls the previous versions of the applet and exports the associated user data. Next, the secure element installs the update to the applet, and personalizes the new version of the applet using the user data.

公开(公告)号：US09619799B2

公开(公告)日：2017-04-11

申请号：US14174791

申请日：2014-02-06

Applicant: Apple Inc.

Inventor： David T. Haggerty ,  Ahmer A. Khan ,  Christopher B. Sharp ,  Jerrold Von Hauck ,  Joakim Linde ,  Kevin P. McLaughlin ,  Mehdi Ziat ,  Yousuf H. Vaid

IPC: G06Q20/36 ,  G06Q20/38 ,  G06Q20/32 ,  G06Q20/12 ,  G06Q20/34

CPC classification number: G06Q20/36 ,  G06Q20/1235 ,  G06Q20/3227 ,  G06Q20/3552 ,  G06Q20/382

Abstract: Methods and apparatus for the deployment of financial instruments and other assets are disclosed. In one embodiment, a security software protocol is disclosed that guarantees that the asset is always securely encrypted, that one and only one copy of an asset exists, and the asset is delivered to an authenticated and/or authorized customer. Additionally, exemplary embodiments of provisioning systems are disclosed that are capable of, among other things, handling large bursts of traffic (such as can occur on a so-called “launch day” of a device).

公开(公告)号：US20160344710A1

公开(公告)日：2016-11-24

申请号：US14475308

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Jerrold V. Hauck

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L63/0492

Abstract: Systems, methods, and computer-readable media for securely pairing a secure element and a processor of an electronic device are provided. In one example embodiment, a method, at an electronic device, includes, inter cilia, deriving a key using a processor of the electronic device, sharing the derived key with a commercial entity subsystem, and receiving the shared key from the commercial entity subsystem at a secure element of the electronic device, where the received key may be leveraged for enabling a secure communication channel between the processor and the secure element. Additional embodiments are also provided.

Abstract translation: 提供了用于安全地配对电子设备的安全元件和处理器的系统，方法和计算机可读介质。 在一个示例实施例中，一种在电子设备处的方法包括使用电子设备的处理器导出密钥，使用商业实体子系统共享导出的密钥，以及从商业实体子系统接收共享密钥 电子设备的安全元件，其中可以利用所接收的密钥来实现处理器和安全元件之间的安全通信信道。 还提供了另外的实施例。

公开(公告)号：US20150371226A1

公开(公告)日：2015-12-24

申请号：US14502109

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Timothy S. Hurley ,  Ahmer A. Khan ,  George R. Dicker ,  Christopher Sharp

IPC: G06Q20/40 ,  G06Q20/38 ,  G06Q20/10 ,  H04L29/06

CPC classification number: G06Q20/40 ,  G06Q20/108 ,  G06Q20/3223 ,  G06Q20/3229 ,  G06Q20/3672 ,  G06Q20/382 ,  H04L63/08

Abstract: Systems, methods, and computer-readable media for using an online resource to manage reloadable credentials on an electronic device are provided. In one example embodiment, a method, at an electronic device, includes, inter alia, receiving selection data via an online resource, where the selection data may be indicative of a particular credential applet stored on a secure element of the electronic device, in response to the receiving the selection data, accessing validation data from the particular credential applet on the secure element, transmitting initialization results comprising the accessed validation data to a remote subsystem associated with the online resource, in response to the transmitting, receiving reload data from the remote subsystem, and adjusting a balance of the particular credential applet based on the received reload data. Additional embodiments are also provided.

Abstract translation: 提供了用于使用在线资源来管理电子设备上的可重新加载凭证的系统，方法和计算机可读介质。 在一个示例性实施例中，电子设备的方法尤其包括经由在线资源接收选择数据，其中选择数据可以指示存储在电子设备的安全元件上的特定凭证小应用程序 为了接收选择数据，从安全元件上的特定证书小应用程序访问验证数据，响应于发送，接收来自远程的重新加载数据，将包括访问的验证数据的初始化结果发送到与在线资源相关联的远程子系统 子系统，并且基于接收到的重新加载数据调整特定凭证小应用程序的平衡。 还提供了另外的实施例。

公开(公告)号：US20150348000A1

公开(公告)日：2015-12-03

申请号：US14474754

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Zachary A. Rosen ,  Joakim Linde

IPC: G06Q20/32 ,  G06Q20/38 ,  G06Q20/36

CPC classification number: G06Q20/325 ,  G06Q20/0453 ,  G06Q20/10 ,  G06Q20/20 ,  G06Q20/322 ,  G06Q20/3227 ,  G06Q20/3278 ,  G06Q20/36 ,  G06Q20/3821 ,  G06Q20/385 ,  G06Q20/425

Abstract: To facilitate conducting a financial transaction via wireless communication between a portable electronic device (such as a smartphone) and another electronic device (such as a point-of-sale terminal), the portable electronic device may, after a final command is received from the other electronic device, determine a unique transaction identifier for the financial transaction. In particular, the final command may be specific to a payment applet, stored in a secure element in the portable electronic device, which conducts the financial transaction. The secure element may generate the unique transaction identifier based on financial-account information associated with the payment applet, which is communicated to the other electronic device. Moreover, the financial-account information may specify a financial account that is used to pay for the financial transaction. Next, the secure element may provide, to a processor in the portable electronic device, an end message for the financial transaction with the unique transaction identifier.

Abstract translation: 为了便于通过便携式电子设备（例如智能电话）和另一电子设备（例如销售点终端）之间的无线通信进行金融交易，便携式电子设备可以在从 其他电子设备，确定金融交易的唯一交易标识符。 特别地，最终命令可以特定于存储在便携式电子设备中的执行金融交易的安全元件中的支付小应用程序。 安全元件可以基于与支付小应用程序相关联的财务帐户信息来生成唯一的交易标识符，该信息被传送到另一个电子设备。 此外，金融账户信息可以指定用于支付金融交易的金融账户。 接下来，安全元件可以向便携式电子设备中的处理器提供具有唯一事务标识符的用于金融交易的结束消息。

公开(公告)号：US20240406010A1

公开(公告)日：2024-12-05

申请号：US18205278

申请日：2023-06-02

Applicant: Apple Inc.

Inventor： Ravi Chotrani ,  Ahmer A. Khan ,  David W. Silver ,  Gianpaolo Fasoli ,  Ka Yang ,  Vishnu Janardhanan

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/40

Abstract: A computing device can generate a set of transaction keys, the computing device configured to present a digital credential to a requesting device. The computing device can generate a request bundle. The request bundle can include the set of transaction keys. The computing device can transmit, to a first server, the request bundle. The first server can be configured to verify the request bundle. The first server can be configured to send the request bundle to a second server with a request for a set of credentials. Each credential of the set of credentials can correspond to a transaction key of the set of transaction keys. Each credential can include data elements and a security object. The data elements for each credential can be the same. The security object for each credential can be different. The computing device can receive, from the first server, the set of credentials. The computing device can store the set of credentials. The computing device can be configured to generate a response based on a particular credential of the set of credentials when a requesting device requests the digital credential.

公开(公告)号：US11658959B2

公开(公告)日：2023-05-23

申请号：US17033415

申请日：2020-09-25

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Ahmer A. Khan ,  Martijn T. Haring

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/3247 ,  H04L63/0861

Abstract: Techniques are disclosed relating to authenticating a user with a mobile device. In some embodiments, a computing device stores a first signed attestation indicating an ability of the computing device to securely perform a user authentication. The computing device receives a request to store credential information of an identification document issued by an issuing authority to a user for establishing an identity of the user. In response to the request, the computing device sends, to the issuing authority, a request to store the credential information, the sent request including the first signed attestation to indicate an ability to perform a user authentication prior to permitting access to the credential information. In response to an approval of the sent request based on the first signed attestation, the computing device stores the credential information in a secure element of the computing device.

公开(公告)号：US11526591B1

公开(公告)日：2022-12-13

申请号：US17485098

申请日：2021-09-24

Applicant: Apple Inc.

Inventor： Haya Iris Villanueva Gaviola ,  Antonio A. Allen ,  Mayura D. Deshpande ,  Thomas John Miller ,  Policarpo Bonilla Wood, Jr. ,  Ho Cheung Chung ,  Gianpaolo Fasoli ,  Vinay Ganesh ,  Irene M. Graff ,  Martijn Theo Haring ,  Ahmer A. Khan ,  Franck Farian Rakotomalala ,  Gordon Scott ,  Christopher Sharp ,  David W. Silver ,  Ka Yang

IPC: G06F21/32 ,  G06V40/40 ,  G06V40/50 ,  G06F3/0482

Abstract: The present disclosure generally relates to digital identification credential user interfaces.

公开(公告)号：US11200557B2

公开(公告)日：2021-12-14

申请号：US16427194

申请日：2019-05-30

Applicant: Apple Inc.

Inventor： Matthias Lerch ,  Ahmer A. Khan ,  Oren M. Elrad ,  Franck Rakotomalala

IPC: G06Q20/32 ,  H04L29/06

Abstract: A device implementing a scalable wireless transaction system includes at least one processor configured to receive, from a wireless transaction system server, a list of wireless transaction group identifiers, and an indication of at least one applet associated with each of the wireless transaction group identifiers. The at least one processor is further configured to receive, from a wireless transaction device, a polling frame that includes one of the wireless transaction device group identifiers. The at least one processor is further configured to select an applet provisioned on a device secure element that is assigned to the wireless transaction group identifier, the assigning being based at least in part on the received list. The at least one processor is further configured to utilize the selected applet to perform a wireless transaction with the wireless transaction device.