公开(公告)号：US10856148B2

公开(公告)日：2020-12-01

申请号：US16557770

申请日：2019-08-30

Applicant: Apple Inc.

Inventor： Li Li ,  Xiangying Yang ,  Jerrold Von Hauck ,  Christopher B. Sharp ,  Yousuf H. Vaid ,  Arun G. Mathias ,  David T. Haggerty ,  Najeeb M. Abdulrahiman

IPC: H04L29/06 ,  H04W12/06 ,  H04L12/24 ,  H04W12/00

Abstract: Methods and apparatus for user authentication and human intent verification of administrative operations for eSIMs of an eUICC included in a mobile device are disclosed. Certain administrative operations, such as import, modification, and/or export, of an eSIM and/or for an eUICCs firmware can require user authentication and/or human intent verification before execution of the administrative operations are performed or completed by the mobile device. A user of the mobile device provides information to link an external user account to an eSIM upon (or subsequent to) installation on the eUICC. User credentials, such as a user name and password, and/or information generated therefrom, can be used to authenticate the user with an external server. In response to successful user authentication, the administrative operations are performed. Human intent verification can also be performed in conjunction with user authentication to prevent malware from interfering with eSIM and/or eUICC functions of the mobile device.

公开(公告)号：US09621356B2

公开(公告)日：2017-04-11

申请号：US14279109

申请日：2014-05-15

Applicant: Apple Inc.

Inventor： Yousuf H. Vaid ,  Christopher B. Sharp ,  Medhi Ziat ,  Li Li ,  Jerrold Von Hauck ,  Ramiro Sarmiento ,  Jean-Marc Padova

IPC: H04L9/32

CPC classification number: H04L9/3268

Abstract: Disclosed herein is a technique for revoking a root certificate from at least one client device. In particular, the technique involves causing a secure element—which is included in the at least one client device and is configured to store the root certificate as well as at least one backup root certificate—to permanently disregard the root certificate and prevent the at least one client device from utilizing the specific root certificate. According to one embodiment, this revocation occurs in response to a receiving a revocation message that directly targets the root certificate, where the message includes at least two levels of authentication that are verified by the secure element prior to carrying out the revocation. Once the root certificate is revoked, the secure element can continue to utilize the at least one backup root certificate, while permanently disregarding the revoked root certificate.

公开(公告)号：US20150142644A1

公开(公告)日：2015-05-21

申请号：US14474787

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Yousuf H. Vaid ,  George R. Dicker ,  Ahmer A. Khan ,  Christopher B. Sharp ,  Glen W. Steele ,  Christopher D. Adams ,  David T. Haggerty

IPC: G06Q20/32 ,  G06Q20/02 ,  G06Q20/10

CPC classification number: G06Q20/3278 ,  G06Q20/02 ,  G06Q20/0453 ,  G06Q20/10 ,  G06Q20/327

Abstract: To facilitate conducting a financial transaction via wireless communication between an electronic device and another electronic device, a secure element in the electronic device receives, from a third party, a notification associated with a financial transaction. This third party may be independent of a counterparty in the financial transaction, such as: a provider of the electronic device or a payment network that processes payment for the financial transaction. In response to the notification, the secure element requests, from the third party, receipt information associated with the financial transaction, and then receives the receipt information from the third party. This receipt information may include a first-level information, such as payment status. Alternatively or additionally, the receipt information may include a second-level information, such as an itemized list of purchased items, links to information and/or discounts.

Abstract translation: 为了通过电子设备和另一电子设备之间的无线通信进行金融交易，电子设备中的安全元件从第三方接收与金融交易相关联的通知。 该第三方可能独立于金融交易中的交易对手，例如：电子设备的提供商或处理金融交易支付的支付网络。 响应于通知，安全元件从第三方请求与金融交易相关联的收据信息，然后从第三方接收收据信息。 该收据信息可以包括诸如付款状态的第一级信息。 或者或另外，收据信息可以包括第二级信息，诸如所购项目的逐项列表，到信息和/或折扣的链接。

公开(公告)号：US12086769B2

公开(公告)日：2024-09-10

申请号：US17341711

申请日：2021-06-08

Applicant: Apple Inc.

Inventor： George R. Dicker ,  Christopher B. Sharp ,  Ahmer A. Khan ,  Yousuf H. Vaid ,  Glen W. Steele ,  Christopher D. Adams ,  David T. Haggerty

IPC: G06Q20/38 ,  G06Q20/04 ,  G06Q20/32

CPC classification number: G06Q20/047 ,  G06Q20/322 ,  G06Q20/385

Abstract: To facilitate conducting a financial transaction via wireless communication between an electronic device and another electronic device, the electronic device determines a unique transaction identifier for the financial transaction based on financial-account information communicated to the other electronic device. The financial-account information specifies a financial account that is used to pay for the financial transaction. Moreover, the unique transaction identifier may be capable of being independently computed by one or more other entities associated with the financial transaction (such as a counterparty in the financial transaction or a payment network that processes payment for the financial transaction) based on the financial-account information communicated by the portable electronic device. The electronic device may also associate receipt information, which is subsequently received from a third party (such as the payment network), with the financial transaction by comparing the determined unique transaction identifier to the computed unique transaction identifier.

公开(公告)号：US11580518B2

公开(公告)日：2023-02-14

申请号：US14474773

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： David T. Haggerty ,  George R. Dicker ,  Ahmer A. Khan ,  Christopher B. Sharp ,  Timothy S. Hurley ,  Vineet Chadha

IPC: G06Q20/32 ,  G06Q20/40 ,  H04W8/22

Abstract: If a user loses an electronic device that has the capability to conduct financial transactions, the user may report that the electronic device is lost using a lost-device software application to a management electronic device associated with a provider of the electronic device. In response to receiving this information, a disabling command is sent to a payment network associated with the financial account of the user to temporarily disable use of the electronic device to conduct the financial transactions. In particular, the electronic device may include a secure element that stores a payment applet for a financial account, and the disabling command may disable a mapping from a virtual identifier for the financial account to a financial primary account number. Subsequently, if the user finds the electronic device, the user may re-enable the capability (and, thus, the mapping) by providing authentication information to the electronic device.

公开(公告)号：US09098714B2

公开(公告)日：2015-08-04

申请号：US14085951

申请日：2013-11-21

Applicant: Apple Inc.

Inventor： Christopher B. Sharp ,  Yousuf H. Vaid ,  Li Li ,  Jerrold V. Hauck ,  Arun G. Mathias ,  Xiangying Yang ,  Kevin P. McLaughlin

IPC: H04L29/06 ,  G06F21/60 ,  H04W12/08

CPC classification number: G06F21/604 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04W12/08

Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

Abstract translation: 描述了基于策略的框架。 该基于策略的框架可以用于指定逻辑实体执行与位于电子设备中的安全元件内的访问控制元素（例如电子订户身份模块）相关联的操作的特权。 注意，对于与相同或不同的访问控制元素相关联的不同操作，不同的逻辑实体可以具有不同的权限。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的凭证的类型，使得不同类型的凭证可以用于不同的操作和/或由不同的逻辑实体使用。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的安全协议和安全级别，使得不同的安全协议和安全级别可以用于不同的操作和/或不同的逻辑实体。

公开(公告)号：US11374926B2

公开(公告)日：2022-06-28

申请号：US16780621

申请日：2020-02-03

Applicant: Apple Inc.

Inventor： Li Li ,  Yousuf H. Vaid ,  Christopher B. Sharp ,  Arun G. Mathias ,  David T. Haggerty ,  Jerrold Von Hauck

IPC: H04L29/06 ,  H04L9/40 ,  H04B1/3816 ,  H04B1/3827 ,  H04L41/0806 ,  H04W8/18 ,  H04W8/20 ,  H04W12/06 ,  H04W12/069

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

公开(公告)号：US10554487B2

公开(公告)日：2020-02-04

申请号：US15157332

申请日：2016-05-17

Applicant: Apple Inc.

Inventor： Li Li ,  Yousuf H. Vaid ,  Christopher B. Sharp ,  Arun G. Mathias ,  David T. Haggerty ,  Jerrold Von Hauck

IPC: H04L29/06 ,  H04L12/24 ,  H04B1/3816 ,  H04B1/3827

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

公开(公告)号：US20150142671A1

公开(公告)日：2015-05-21

申请号：US14475113

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： George R. Dicker ,  Christopher B. Sharp ,  Ahmer A. Khan ,  Yousuf H. Vaid ,  Glen W. Steele ,  Christopher D. Adams ,  David T. Haggerty

IPC: G06Q20/38

CPC classification number: G06Q20/382 ,  G06Q20/02 ,  G06Q20/0453 ,  G06Q20/327 ,  G06Q20/3827 ,  G06Q20/385

Abstract: To facilitate conducting a financial transaction via wireless communication between an electronic device and another electronic device, the electronic device determines a unique transaction identifier for the financial transaction based on financial-account information communicated to the other electronic device. The financial-account information specifies a financial account that is used to pay for the financial transaction. Moreover, the unique transaction identifier may be capable of being independently computed by one or more other entities associated with the financial transaction (such as a counterparty in the financial transaction or a payment network that processes payment for the financial transaction) based on the financial-account information communicated by the portable electronic device. The electronic device may also associate receipt information, which is subsequently received from a third party (such as the payment network), with the financial transaction by comparing the determined unique transaction identifier to the computed unique transaction identifier.

公开(公告)号：US20140143826A1

公开(公告)日：2014-05-22

申请号：US14085951

申请日：2013-11-21

Applicant: Apple Inc.

Inventor： Christopher B. Sharp ,  Yousuf H. Vaid ,  Li Li ,  Jerrold V. Hauck ,  Arun G. Mathias ,  Xiangying Yang ,  Kevin P. McLaughlin

IPC: G06F21/60

CPC classification number: G06F21/604 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04W12/08

Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

Abstract translation: 描述了基于策略的框架。 该基于策略的框架可以用于指定逻辑实体执行与位于电子设备中的安全元件内的访问控制元素（例如电子订户身份模块）相关联的操作的权限。 注意，对于与相同或不同的访问控制元素相关联的不同操作，不同的逻辑实体可以具有不同的权限。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的凭证的类型，使得不同类型的凭证可以用于不同的操作和/或由不同的逻辑实体使用。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的安全协议和安全级别，使得不同的安全协议和安全级别可以用于不同的操作和/或不同的逻辑实体。