SPOOFING PROTECTION FOR SECURE-ELEMENT IDENTIFIERS

US 20160286391A1
Filed: 09/02/2014
Published: 09/29/2016
Est. Priority Date: 12/30/2013
Status: Active Grant

First Claim

Patent Images

1. An electronic device, comprising:

an antenna;

an interface circuit, coupled to the antenna, configured to communicate with another electronic device; and

a secure element, coupled to the interface circuit, configured to;

receive, from the other electronic device, a challenge and a request for a secure-element identifier of the secure element; and

provide, to the other electronic device, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the challenge and the secure-element identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments related to a first electronic device (such as a cellular telephone) that includes a secure element. In response to a challenge and a request for a secure-element identifier associated with the secure element, which are received from a second electronic device (such as a trusted services manager that loads content onto the secure element), the secure element provides to the second electronic device: the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature. The digital signature may include a signed version of the challenge and the secure-element identifier, which are encrypted using an encryption key associated with a provider of the secure element. In this way, the second electronic device may certify the secure element.

77 Citations

View as Search Results

20 Claims

1. An electronic device, comprising:
- an antenna;
  
  an interface circuit, coupled to the antenna, configured to communicate with another electronic device; and
  
  a secure element, coupled to the interface circuit, configured to;
  
  receive, from the other electronic device, a challenge and a request for a secure-element identifier of the secure element; and
  
  provide, to the other electronic device, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the challenge and the secure-element identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The electronic device of claim 1, wherein the other electronic device includes a trusted services manager that loads content onto the secure element.
  - 3. The electronic device of claim 1, wherein the certificate includes a digital certificate associated with a controlling authority security domain in the secure element;
    - andwherein the controlling authority security domain is associated with the provider of the secure element.
  - 4. The electronic device of claim 1, wherein the secure element is configured to, in response to receiving the challenge, generate the digital signature by encrypting the challenge and the secure-element identifier using an encryption key associated with the provider.
  - 5. The electronic device of claim 4, wherein the secure element is configured to, prior to the encryption, hash the secure-element identifier and the challenge.
  - 6. The electronic device of claim 4, wherein the electronic device further includes:
    - a processor; and
      
      memory, coupled to the processor, which stores a program module configured to be executed by the processor, the program module including;
      
      instructions for receiving, from a user, an identifier;
      
      instructions for providing, to a third electronic device, the identifier;
      
      instructions for receiving, from the third electronic device, a sign-in token that is based on the identifier; and
      
      instructions for providing, to the secure element, the sign-in token;
      
      wherein, prior to the encryption, the secure element is configured to hash the secure-element identifier, the challenge and the sign-in token of a user of the electronic device; and
      
      wherein the identifier includes one of;
      
      a username, a password and a biometric identifier of the user.
  - 7. The electronic device of claim 6, wherein the secure element is further configured to, after the encryption, add the sign-in token to the digital signature.

8. A secure element for use with an electronic device, comprising:
- a processor; and
  
  memory, coupled to the processor, which stores a program module configured to be executed by the processor, the program module including;
  
  instructions for receiving, from another electronic device, a challenge and a request for a secure-element identifier of the secure element; and
  
  instructions for providing, to the other electronic device, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the challenge and the secure-element identifier.
- View Dependent Claims (9)
- - 9. The secure element of claim 8, wherein the secure element is further configured to, in response to receiving the challenge, generate the digital signature by encrypting the challenge and the secure-element identifier using an encryption key associated with the provider.

10. A processor-implemented method for certifying a secure element in an electronic device, wherein the method comprises:
- receiving, from another electronic device, a challenge and a request for a secure-element identifier of the secure element; and
  
  using the processor, providing, to the other electronic device, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the challenge and the secure-element identifier.
- View Dependent Claims (11)
- - 11. The method of claim 10, wherein, in response to receiving the challenge, the method further comprises generating the digital signature by encrypting the challenge and the secure-element identifier using an encryption key associated with the provider.

12. An electronic device, comprising:
- an antenna;
  
  an interface circuit, coupled to the antenna, configured to communicate with a second electronic device and a third electronic device;
  
  a processor;
  
  a secure element coupled to the processor; and
  
  memory, coupled to the processor, which stores a program module configured to be executed by the processor, the program module including;
  
  instructions for providing, to the third electronic device, an identifier of a user;
  
  instructions for receiving, from the third electronic device, a sign-in token that is based on the identifier;
  
  instructions for providing the sign-in token and a request to the secure element for a secure-element identifier;
  
  instructions for receiving, from the secure element, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the secure-element identifier and the sign-in token; and
  
  instructions for providing, to the second electronic device, the secure-element identifier, the certificate, the digital signature, and the sign-in token.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The electronic device of claim 12, wherein the program module further includes:
    - instructions for receiving, from the second electronic device, the challenge; and
      
      instructions for providing, to the secure element, the challenge, wherein the secure element is configured to generate the digital signature by encrypting the challenge, the sign-in token and the secure-element identifier using an encryption key associated with the provider.
  - 14. The electronic device of claim 13, wherein the secure element is further configured to, prior to the encryption, hash the secure-element identifier, the challenge and the sign-in token.
  - 15. The electronic device of claim 12, wherein the second electronic device includes a trusted services manager that loads content onto the secure element;
    - andwherein the third electronic device is associated with a provider of the electronic device.
  - 16. The electronic device of claim 12, wherein the certificate includes a digital certificate associated with a controlling authority security domain in the secure element;
    - andwherein the controlling authority security domain is associated with the provider of the secure element.
  - 17. The electronic device of claim 12, wherein the identifier includes one of:
    - a username, a password and a biometric identifier of the user.

18. A computer-program product for use in conjunction with an electronic device, the computer-program product comprising a non-transitory computer-readable storage medium and a computer-program mechanism embedded therein, to certify a secure element in the electronic device, the computer-program mechanism including:
- instructions for providing, to a third electronic device, an identifier of a user;
  
  instructions for receiving, from the third electronic device, a sign-in token that is based on the identifier;
  
  instructions for providing the sign-in token and a request to a secure element in the electronic device for a secure-element identifier;
  
  instructions for receiving, from the secure element, the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature, wherein the digital signature includes a signed version of the sign-in token and the secure-element identifier; and
  
  instructions for providing, to a second electronic device, the secure-element identifier, the certificate, the digital signature, and the sign-in token.
- View Dependent Claims (19, 20)
- - 19. The computer-program product of claim 18, wherein the computer-program mechanism further includes:
    - instructions for receiving, from the second electronic device, the challenge; and
      
      instructions for providing, to the secure element, the challenge, wherein the secure element generates the digital signature by encrypting the challenge, the sign-in token and the secure-element identifier using an encryption key associated with the provider.
  - 20. The computer-program product of claim 18, wherein the second electronic device includes a trusted services manager that loads content onto the secure element;
    - andwherein the third electronic device is associated with a provider of the electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Khan, Ahmer A.

Granted Patent

US 9,918,226 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/3227   using secure elements embed...

G06Q 20/327   Short range or proximity pa...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3827   Use of message hashing

G06Q 20/3829   involving key management

H04L 63/0823   using certificates cryptogr...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

H04W 12/069   using certificates or pre-s...

H04W 12/12   Detection or prevention of ...

SPOOFING PROTECTION FOR SECURE-ELEMENT IDENTIFIERS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

77 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SPOOFING PROTECTION FOR SECURE-ELEMENT IDENTIFIERS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links