Apparatuses and Methods for Using a Random Authorization Number to Provide Enhanced Security for a Secure Element

US 20150348022A1
Filed: 09/02/2014
Published: 12/03/2015
Est. Priority Date: 05/29/2014
Status: Active Grant

First Claim

Patent Images

1. A method of operating an electronic device that includes a secure element and a corresponding trusted processor, comprising:

with the trusted processor, generating a random authorization number; and

with the trusted processor, injecting the random authorization number into the secure element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for provisioning credentials onto an electronic device is provided. The system may include a payment network subsystem, a service provider subsystem, and one or more user devices that can be used to perform mobile transactions at a merchant terminal. The user device may communicate with the service provider subsystem in order to obtained commerce credentials from the payment network subsystem. The user device may include a secure element and a corresponding trusted processor. The trusted processor may generate a random authorization number and inject that number into the secure element. Mobile payments should only be completed if the random authorization number on the secure element matches the random authorization number at the trusted processor. The trusted processor may be configured to efface the previous random authorization number and generate a new random authorization number when detecting a potential change in ownership at the user device.

Citations

24 Claims

1. A method of operating an electronic device that includes a secure element and a corresponding trusted processor, comprising:
- with the trusted processor, generating a random authorization number; and
  
  with the trusted processor, injecting the random authorization number into the secure element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method defined in claim 1, further comprising:
    - deriving the generated random authorization number at the trusted processor; and
      
      using the electronic device to complete a financial transaction only when the random authorization number on the secure element matches the random authorization number that is derived at the trusted processor.
  - 3. The method defined in claim 1, further comprising:
    - receiving payment card information at the electronic device.
  - 4. The method defined in claim 3, further comprising:
    - enabling a passcode lock function on the electronic device prior to receiving the payment card information.
  - 5. The method defined in claim 4, further comprising:
    - in response to detecting a potential risky event, using the trusted processor to erase the previously generated random authorization number, to generate a new random authorization number, and to inject the newly generated random authorization number into the secure element.
  - 6. The method defined in claim 5, further comprising:
    - in response to injecting the newly generated random authorization number into the secure element, disabling all payment applets on the secure element so that the secure element can no longer be used to complete a financial transaction.
  - 7. The method defined in claim 5, wherein detecting the potential risky event comprises detecting that the passcode lock function has been disabled.
  - 8. The method defined in claim 5, further comprising:
    - using the electronic device to communicate with a service provider subsystem to provision the payment card onto the electronic device, wherein detecting the potential risky event comprises detecting that a user of the electronic device has logged out of a network-based service at the service provider subsystem.
  - 9. The method defined in claim 5, wherein detecting the potential risky event comprises detecting that all contents and settings on the electronic device have been erased.
  - 10. The method defined in claim 5, wherein detecting the potential risky event comprises detecting a selected one of:
    - a device firmware update and a recovery mode installation at the electronic device.
  - 11. The method defined in claim 8, further comprising:
    - restoring previously provisioned payment card information using the network-based service without receiving any additional payment card information.

12. A method of operating a portable electronic device that includes a secure element and an associated trust processor, comprising:
- receiving commerce credentials at the electronic device; and
  
  in response to detecting a potential ownership change at the electronic device, disabling use of the commerce credentials so that the electronic device can no longer be used to conduct mobile payment transactions and using the trusted processor to generate a new authorization value and to inject the newly generated authorization value into the secure element.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method defined in claim 12, further comprising:
    - storing the authorization value only at the secure element.
  - 14. The method defined in claim 12, further comprising:
    - in response to detecting that the secure element has been injected with the newly generated authorization value, removing the commerce credentials from the electronic device.
  - 15. The method defined in claim 14, further comprising:
    - after removing the commerce credentials from the electronic device, receiving new commerce credentials to be provisioned onto the electronic device.
  - 16. The method defined in claim 14, wherein detecting the potential ownership change at the electronic device comprises receiving a remote notification from a network-based service module.
  - 17. The method defined in claim 16, further comprising:
    - using backup data on the network-based service module to restore previously provisioned commerce credentials onto the electronic device.
  - 18. The method defined in claim 12, further comprising:
    - in response to detecting that an authorized user is still in possession of the electronic device, enabling use of the commerce credentials so that the electronic device can be used to conduct mobile payment transactions without having to re-provision the commerce credentials.

19. A portable electronic device, comprising:
- a secure element on which payment card information is stored; and
  
  a trusted processor that is configured to overwrite a currently existing random authorization value by generating a new random authorization value that is injected into the secure element in response to detecting a potential ownership change at the electronic device.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The portable electronic device defined in claim 19, wherein the trusted processor comprises a main processor on the electronic device.
  - 21. The portable electronic device defined in claim 20, wherein the trusted processor is configured to maintain a keychain that includes encrypted information, and wherein the newly generated random authorization value is encrypted on the keychain.
  - 22. The portable electronic device defined in claim 19, further comprising:
    - an applications processor that is interposed between the trusted processor and the secure element, wherein the trusted processor comprises a secure enclave processor.
  - 23. The portable electronic device defined in claim 22, wherein the trusted processor is configured to maintain a keychain having a universal unique identifier, wherein the trusted processor includes a monotonic counter that outputs a value, and wherein the trusted processor is configured to derive in real time a random authorization value that matches the random authorization value stored locally within the secure element based on universal unique identifier in the keychain and based on the value output by the monotonic counter.
  - 24. The portable electronic device defined in claim 19, wherein the electronic device can be used to complete a mobile payment transaction only when the random authorization value that is stored locally within the secure element matches the random authorization value at the trusted processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Khan, Ahmer A., Hauck, Jerrold V., Dicker, George R., Adler, Mitchell D., Lee, Jeffrey C., Benson, Wade

Granted Patent

US 10,546,293 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/7867   using information manually ...

G06F 3/0482   Interaction with lists of s...

G06Q 10/06395   Quality analysis or management

G06Q 20/321   using wearable devices

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/354   Card activation or deactiva...

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 30/0264   based upon schedule

H04N 21/458   Scheduling content for crea...

H04N 21/812   involving advertisement dat...

Apparatuses and Methods for Using a Random Authorization Number to Provide Enhanced Security for a Secure Element

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatuses and Methods for Using a Random Authorization Number to Provide Enhanced Security for a Secure Element

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links