Enhanced security using service provider authentication
US-9313214-B2 · Apr 12, 2016 · US
Spoofing protection for secure-element identifiers
US2016286391A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016286391-A1 |
| Application number | US-201414474737-A |
| Country | US |
| Kind code | A1 |
| Filing date | Sep 2, 2014 |
| Priority date | Dec 30, 2013 |
| Publication date | Sep 29, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosed embodiments related to a first electronic device (such as a cellular telephone) that includes a secure element. In response to a challenge and a request for a secure-element identifier associated with the secure element, which are received from a second electronic device (such as a trusted services manager that loads content onto the secure element), the secure element provides to the second electronic device: the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature. The digital signature may include a signed version of the challenge and the secure-element identifier, which are encrypted using an encryption key associated with a provider of the secure element. In this way, the second electronic device may certify the secure element.
First claim
Opening claim text (preview).
What is claimed is: 1 . An electronic device, comprising: an antenna; an interface circuit, coupled to the antenna, configured to communicate with another electronic device; and a secure element, coupled to the interface circuit, configured to: receive, from the other electronic device, a challenge and a request for a secure-element identifier of the secure element; and provide, to the other electronic device, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the challenge and the secure-element identifier. 2 . The electronic device of claim 1 , wherein the other electronic device includes a trusted services manager that loads content onto the secure element. 3 . The electronic device of claim 1 , wherein the certificate includes a digital certificate associated with a controlling authority security domain in the secure element; and wherein the controlling authority security domain is associated with the provider of the secure element. 4 . The electronic device of claim 1 , wherein the secure element is configured to, in response to receiving the challenge, generate the digital signature by encrypting the challenge and the secure-element identifier using an encryption key associated with the provider. 5 . The electronic device of claim 4 , wherein the secure element is configured to, prior to the encryption, hash the secure-element identifier and the challenge. 6 . The electronic device of claim 4 , wherein the electronic device further includes: a processor; and memory, coupled to the processor, which stores a program module configured to be executed by the processor, the program module including: instructions for receiving, from a user, an identifier; instructions for providing, to a third electronic device, the identifier; instructions for receiving, from the third electronic device, a sign-in token that is based on the identifier; and instructions for providing, to the secure element, the sign-in token; wherein, prior to the encryption, the secure element is configured to hash the secure-element identifier, the challenge and the sign-in token of a user of the electronic device; and wherein the identifier includes one of: a username, a password and a biometric identifier of the user. 7 . The electronic device of claim 6 , wherein the secure element is further configured to, after the encryption, add the sign-in token to the digital signature. 8 . A secure element for use with an electronic device, comprising: a processor; and memory, coupled to the processor, which stores a program module configured to be executed by the processor, the program module including: instructions for receiving, from another electronic device, a challenge and a request for a secure-element identifier of the secure element; and instructions for providing, to the other electronic device, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the challenge and the secure-element identifier. 9 . The secure element of claim 8 , wherein the secure element is further configured to, in response to receiving the challenge, generate the digital signature by encrypting the challenge and the secure-element identifier using an encryption key associated with the provider. 10 . A processor-implemented method for certifying a secure element in an electronic device, wherein the method comprises: receiving, from another electronic device, a challenge and a request for a secure-element identifier of the secure element; and using the processor, providing, to the other electronic device, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the challenge and the secure-element identifier. 11 . The method of claim 10 , wherein, in response to receiving the challenge, the method further comprises generating the digital signature by encrypting the challenge and the secure-element identifier using an encryption key associated with the provider. 12 . An electronic device, comprising: an antenna; an interface circuit, coupled to the antenna, configured to communicate with a second electronic device and a third electronic device; a processor; a secure element coupled to the processor; and memory, coupled to the processor, which stores a program module configured to be executed by the processor, the program module including: instructions for providing, to the third electronic device, an identifier of a user; instructions for receiving, from the third electronic device, a sign-in token that is based on the identifier; instructions for providing the sign-in token and a request to the secure element for a secure-element identifier; instructions for receiving, from the secure element, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the secure-element identifier and the sign-in token; and instructions for providing, to the second electronic device, the secure-element identifier, the certificate, the digital signature, and the sign-in token. 13 . The electronic device of claim 12 , wherein the program module further includes: instructions for receiving, from the second electronic device, the challenge; and instructions for providing, to the secure element, the challenge, wherein the secure element is configured to generate the digital signature by encrypting the challenge, the sign-in token and the secure-element identifier using an encryption key associated with the provider. 14 . The electronic device of claim 13 , wherein the secure element is further configured to, prior to the encryption, hash the secure-element identifier, the challenge and the sign-in token. 15 . The electronic device of claim 12 , wherein the second electronic device includes a trusted services manager that loads content onto the secure element; and wherein the third electronic device is associated with a provider of the electronic device. 16 . The electronic device of claim 12 , wherein the certificate includes a digital certificate associated with a controlling authority security domain in the secure element; and wherein the controlling authority security domain is associated with the provider of the secure element. 17 . The electronic device of claim 12 , wherein the identifier includes one of: a username, a password and a biometric identifier of the user. 18 . A computer-program product for use in conjunction with an electronic device, the computer-program product comprising a non-transitory computer-readable storage medium and a computer-program mechanism embedded therein, to certify a secure element in the electronic device, the computer-program mechanism including: instructions for providing, to a third electronic device, an identifier of a user; instructions for receiving, from the third electronic device, a sign-in token that is based on the identifier; instructions for providing the sign-in token and a request to a secure element in the electronic device for a secure-element identifier; instructions for receiving, from the secure element, the secure-element identifier, a certificate associated with a provider of the secure element, and a
Assignees
Inventors
Classifications
Detection or prevention of fraud · CPC title
Electronic credentials · CPC title
involving key management · CPC title
Use of electronic signatures · CPC title
Use of secure elements separate from M-devices · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016286391A1 cover?
- The disclosed embodiments related to a first electronic device (such as a cellular telephone) that includes a secure element. In response to a challenge and a request for a secure-element identifier associated with the secure element, which are received from a second electronic device (such as a trusted services manager that loads content onto the secure element), the secure element provides to…
- Who is the assignee on this patent?
- Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/322. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Sep 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).