WO2022225739A1 - Protection de la confidentialité de certificats générés par un élément sécurisé - Google Patents

Protection de la confidentialité de certificats générés par un élément sécurisé Download PDF

Info

Publication number
WO2022225739A1
WO2022225739A1 PCT/US2022/024356 US2022024356W WO2022225739A1 WO 2022225739 A1 WO2022225739 A1 WO 2022225739A1 US 2022024356 W US2022024356 W US 2022024356W WO 2022225739 A1 WO2022225739 A1 WO 2022225739A1
Authority
WO
WIPO (PCT)
Prior art keywords
attestation
secure element
certificate
package
electronic device
Prior art date
Application number
PCT/US2022/024356
Other languages
English (en)
Inventor
Adrien Surwumwe
Robin Burel
Rahul Narayan Singh
Original Assignee
Apple Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/658,521 external-priority patent/US20220337431A1/en
Application filed by Apple Inc. filed Critical Apple Inc.
Priority to DE112022002221.3T priority Critical patent/DE112022002221T5/de
Priority to CN202280029435.1A priority patent/CN117203633A/zh
Publication of WO2022225739A1 publication Critical patent/WO2022225739A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • a secure element is an industry standard tamper resistant chip that is designed to store payment information for use in electronic transactions.
  • a manufacturer of a secure element can generate a unique certificate for the secure element that can be used to attest to the ownership of the secure element.
  • the unique certificate is signed with the root private key of the manufacturer during manufacturing and can be verified using a public key of the manufacturer.
  • the certificate can be signed using a secret key that is stored in the secure element.
  • a third party can verify data signed by the secure element using the certificate and gain assurance that the data has been generated inside the secure element of a specific manufacturer.
  • One embodiment provides a method comprising creating multiple attestation certificates that enable anonymized attestation of a secure element of an electronic device, where the multiple attestation certificates are cryptographically associated with the secure element.
  • the multiple attestation certificates include a first attestation certificate and a second attestation certificate.
  • the first attestation certificate and the second attestation certificate are different certificates and enable the same electronic device to perform electronic transactions using the secure element without enabling the tracking of the electronic device across transactions.
  • the method additionally includes performing a first electronic data exchange via the secure element in which authenticity of the secure element is attested via the first attestation certificate and performing a second electronic data exchange via the secure element in which authenticity of secure element is attested via the second attestation certificate.
  • Embodiments also provide a system and non-transitory machine-readable medium that implement the above method. [0007] Other features of the present embodiments will be apparent from the accompanying drawings and from the detailed description, which follows. BRIEF DESCRIPTION OF THE DRAWINGS [0008] Embodiments of the disclosure are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings in which like reference numerals refer to similar elements, and in which: [0009] Fig.1 is a block diagram of an example network operating environment for mobile devices, according to an embodiment; [0010] Fig.2 illustrates an online payment system that may use payment information stored by a secure element; [0011] Fig.3 illustrates a system of privacy proofing certificates generated by a secure element of an electronic device; [0012] Fig.4 illustrates a sequence diagram of a process to generate anonymized attestation certificates for a secure element; [0013] Fig.5A-5B illustrate methods of generating and using privacy proof
  • Embodiments described herein provide techniques to privacy proof secure element generated certificate by enabling the generation of anonymous secure element attestations within the secure element.
  • An attestation certificate request can be generated that is signed using the static key of the secure element.
  • the attestation certificate request can then be sent to an attestation server, which can verify the attestation certificate request and return an anonymized attestation certificate.
  • the device containing the secure element can transmit the certificate to third parties to verify attestation data signed by the secure element using the certificate and provide assurance to the third parties that the data being attested to has been generated inside a secure element associated with a specific manufacturer.
  • the attestation data can also be used to verify that the secure element is in an uncompromised state.
  • the new certificates can be shared with third parties to enable the secure element attestation without leaking the stable identifier of the secure element.
  • the certificates described herein are X.509 certificates, which is a standard format for public key certificates. The techniques described herein can apply to other types of certificates.
  • the techniques described herein enable a variety of mechanisms to prevent the long-term tracking of a device based on the stable identifiers of the secure element of the device. For example, a different certificate can be used for each new signature that is generated.
  • a device may also be configured to assign a specific certificate to each unique third party merchant.
  • a device may also assign a global certificate for use on the device for a limited period of time, with the certificate being renewed on a periodic basis.
  • first contact could be termed a second contact
  • second contact could be termed a first contact
  • the first contact and the second contact are both contacts, but they are not the same contact.
  • the phrase “if it is determined” or “if [a stated condition or event] is detected” may be construed to mean “upon determining” or “in response to determining” or “upon detecting [the stated condition or event]” or “in response to detecting [the stated condition or event],” depending on the context.
  • the data processing system may comprise a portable communication device such as a mobile telephone that also contains other functions, such as PDA and/or music player functions.
  • portable multifunction devices include, without limitation, the iPhone®, iPad®, and iPod touch® devices from Apple Computer, Inc. of Cupertino, Calif.
  • a computing device that includes a touch-sensitive display is described. It should be understood, however, that the computing device may include one or more other physical user-interface devices.
  • the various applications that may be executed on the device may use at least one common physical user-interface device, such as the touch-sensitive surface.
  • One or more functions of the touch-sensitive surface as well as corresponding information displayed on the device may be adjusted and/or varied from one application to the next and/or within a respective application.
  • a common physical architecture (such as the touch-sensitive surface) of the device may support the variety of applications with user interfaces that are intuitive and transparent.
  • FIG.1 is a block diagram of a network operating environment 100 for mobile devices, according to an embodiment.
  • the network operating environment 100 includes multiple mobile devices, such as mobile device 102A and mobile device 102B.
  • the mobile devices 102A-102B can each be any electronic device capable of communicating with a wireless network and one or more wireless accessory devices.
  • Some example mobile devices include but are not limited to a smartphone, a tablet computer, a notebook computer, a wearable computer (e.g., smartwatch or other wearable computing accessory), a mobile media player, a personal digital assistant, and other similar devices.
  • Each of mobile device 102A and mobile device 102B include a user interface, such as user interface 104 of mobile device 102B.
  • Mobile device 102A and mobile device 102B can communicate over one or more wired and/or wireless networks 110 to perform data communication.
  • a wireless network 112 e.g., cellular network, Wi-Fi network
  • a wide area network 114 such as the Internet
  • an access device 118 such as a mobile hotspot wireless access device, can provide communication access to the wide area network 114.
  • the gateway 116 and access device 118 can then communicate with the wide area network 114 over a combination of wired and/or wireless networks.
  • both voice and data communications can be established over the wireless network 112 and/or the access device 118.
  • mobile device 102A can place and receive phone calls (e.g., using VoIP protocols), send and receive e-mail messages (e.g., using the POP3 or IMAP protocols), and retrieve electronic documents and/or streams, such as web pages, photographs, and videos, over the wireless network 112, gateway 116, and wide area network 114 (e.g., using TCP/IP or UDP).
  • mobile device 102A can place and receive phone calls, send and receive e-mail messages, and retrieve electronic documents over the access device 118 and the wide area network 114.
  • mobile device 102A or mobile device 102B can be physically connected to the access device 118 using one or more cables, for example, where the access device 118 is a personal computer. In this configuration, mobile device 102A or mobile device 102B can be referred to as a "tethered" device.
  • mobile device 102A can communicate with mobile device 102B via a wireless peer-to-peer connection 120.
  • the wireless peer-to-peer connection 120 can be used to synchronize data between the devices.
  • Mobile device 102A or mobile device 102B can communicate with a service provider that provides or enables one or more services.
  • Exemplary services include a telephony service 130, a messaging service 140, a media service 150, a storage service 160, and an electronic payment service 170 over the one or more wired and/or wireless networks 110.
  • the telephony service 130 can enable telephonic communication between mobile device 102A and mobile device 102B, or between a mobile device and a wired telephonic device.
  • the telephony service 130 can route voice over IP (VoIP) calls over the wide area network 114 or can access a cellular voice network (e.g., wireless network 112).
  • VoIP voice over IP
  • the messaging service 140 can, for example, provide e-mail and/or other messaging services.
  • the media service 150 can, for example, provide access to media files, such as song files, audio books, movie files, video clips, and other media data.
  • the storage service 160 can provide network storage capabilities to mobile device 102A and mobile device 102B to store documents and media files.
  • the electronic payment service 170 also referred to as a mobile payment service, can enable a user to initiate, authorize, and confirm an exchange of financial value in return for goods and services via the one or more wired and/or wireless networks 110.
  • Other services can also be provided, including a software update service to update operating system software or client software on the mobile devices.
  • Fig.2 illustrates an online payment system 200 that enables transactions with merchants using an electronic device.
  • the online payment system 200 includes a mobile device 102 having a payment user interface 204 and/or a point of sale system 202.
  • the mobile device 102 or point of sale system 202 can communicate over a network 214 with a payment server 220 and/or online merchant server 230.
  • the network 214 may be a network similar to the wide area network 114 of Fig.1.
  • the mobile device 102 can be either of mobile device 102A and mobile device 102B, as illustrated in Fig.1.
  • the mobile device 102 can present a payment user interface 204 via a display of the mobile device 102 that facilitates use of the online payment system 200 to pay for goods and/or services. Payment is performed via the online payment system 200 without exposing the specific details of the underlying payment mechanism (e.g., credit card number).
  • a secure element processor on the mobile device 102 can execute applets that are certified by payment networks or card issuers. Credit, debit, or prepaid card data can be sent from a payment network or a card issuer and encrypted for use by the secure element applets using keys that are known only to the payment network or card issuer and the security domain of the applet.
  • Transactions can be performed via an application on the mobile device 102 or via a point of sale system 202.
  • the mobile device 102 can select the online payment system 200 as a payment mechanism for use with the online merchant server 230 and can select a specific payment mechanism to use via the online payment system 200.
  • the specific dataflow can vary across embodiments.
  • a cryptogram e.g., encrypted data message
  • the encrypted information can be used to identify a payment mechanism associated with a user account on the mobile device 102, where the user account is also associated with the online payment system 200.
  • the encrypted information can also include certificates or other cryptographic material to identify the mobile device 102, secure processors, and secure elements within the mobile device 102.
  • the mobile device 102 can also pay for goods and/or services at a physical location of a merchant via the point of sale system 202. The precise data flow may vary according to embodiments.
  • the mobile device 102 can use a short range wireless radio technology, such as near field communication (NFC), to transmit a unique device number and transaction specific dynamic security code to the point of sale system 202.
  • NFC near field communication
  • the point of sale system 202 can verify the unique device number and the transaction specific dynamic security code with the payment server 220 and approve payment.
  • the point of sale system 202 may communicate directly with the secure element through the NFC controller over a dedicated hardware bus.
  • the point of sale system 202 and/or online merchant server 230 may request public keys and/or certificates to verify the validity and authenticity of the secure element.
  • the mobile device 102, online merchant server 230, and payment server 220 may each communicate with a certificate server 240 to retrieve and/or verify certificates used by the mobile device 102 and/or online merchant server 230 to attest to the authenticity of the respective devices or servers.
  • the mobile device 102, and/or secure element within the mobile device 102 can have a public key that can be verified via a certificate that is used via the certificate server 240.
  • the user account on the mobile device 102 may also have a public key that can be verified via a certificate.
  • the online merchant server 230 and/or payment server 220 can also have keys or identities that can be verified via a certificate issued by the certificate server 240.
  • the payment server 220 can communicate with an account database 222 that stores information on user accounts.
  • the account database 222 can include user account information for a user account associated with the mobile device 102.
  • Each user account can include payment material that the user/account holder of the mobile device can use to pay for goods and/or services via the online payment system 200.
  • the payment server 220 can locate an account based on a payment material provided by the mobile device 102 via the online merchant server 230 or point of sale system 202.
  • the payment transaction can be recorded in association with the appropriate account in the account database 222 without directly exposing the account information in the account database 222 to the online merchant server 230 or the merchant associated with the point of sale system 202. Payment may be denied when the provided payment material is not consistent (e.g., an expiration date does not correspond to a credit, debit or gift card number) or when no account includes payment material matching that from the POS communication.
  • application-based payment via the online merchant server 230 and payment via the point of sale system 202 are secured via biometric credentials, such as a fingerprint or facial recognition. The biometric credentials may be gathered by the mobile device 102 and verified before the payment process is initiated by the mobile device.
  • identifiers, keys, and/or certificates associated with the payment process are securely stored in a secure processor or secure memory. Access to the securely stored identifiers, keys, and/or certificates can be unlocked based on successful biometric authentication, or via a fallback authentication mechanism (e.g., passcode, password, PIN).
  • a fallback authentication mechanism e.g., passcode, password, PIN.
  • Fig.3 illustrates a system 300 of privacy proofing certificates generated by a secure element of an electronic device.
  • the system 300 includes a mobile device 102 as described herein. The features enabled by the system 300 are also applicable to other forms of electronic devices that include secure elements.
  • the mobile device 102 described herein can include a secure element 306, a processor 307 and one or more data interfaces 308.
  • the processor 307 can be an application processor and include multiple processor cores.
  • the processor 307 can also include other types of processor cores.
  • the mobile device 102 can also include a secure processor 310 that can perform cryptographic operations and facilitate the secure storage of hardware keys and identification data that is specific to the mobile device 102.
  • the mobile device 102 can also include a certificate store 311 that stores certificates that are accessible to application that execute on the processor 307.
  • the certificate store 311 may be separate from a certificate or key store that may reside within the secure element 306 and/or secure processor 310.
  • the certificate store 311 can store public key certificates, while private keys and associated certificates are secured by the secure element 306 or secure processor 310.
  • An encryption secured channel can be established between the secure element 306 and the secure processor 310 to enable the secure transfer of sensitive data.
  • the secure processor 310 is also configured to securely store data that is used for biometric authentication, such as via a fingerprint reader or camera used for face detection.
  • the mobile device 102 includes software and/or firmware logic associated with an operating system (OS) 305 that is executed by the processor 307.
  • the OS 305 can communicate with logic executed by the secure element 306 and secure processor 310 via one or more secure interfaces.
  • the OS 305 can also include management logic to manage connections that are established via the one or more data interfaces 308 and can configure access to the certificate store 311 for applications executed by the processor 307.
  • the certificate store 311 can store a set of anonymized certificates, which may be X.509 certificates that provide a public key that can be used to attest to data generated by the secure element 306. Instead of sending the same secure element attestation certificate to multiple service providers (e.g., merchant server 230A-230B, point of sale system 202), multiple key pairs and associated certificates can be generated. A separate certificate can be used for each signature, each transaction, or each service provider. A single global certificate may also be used and periodically renewed. A batch of multiple certificates can be requested at once and stored in the certificate store 311 for use over a period of time. [0045] The anonymous certificates can be generated using an attestation server 304.
  • the attestation server 304 includes request validation logic 314 to validate requests for anonymous secure element certificates that are received from the mobile device 102. After receipt of a valid request, certificate generation logic 316 of the attestation server 304 can generate anonymized certificates for the secure element 306 of the mobile device 102.
  • the process of validating a request from the mobile device 102 can include communicating with a factory data server 302 that stores data that is generated during the manufacturing of the mobile device 102.
  • the factory data server 302 includes or couples with a factory database 312 that can be used to verify that the secure element 306 is validly associated with the mobile device 102. For example, the identifier of the secure element 306 is associated with the identifier of the mobile device 102 during manufacturing.
  • the attestation server 304 can request the factory data server 302 to send a manifest for components associated with the mobile device 102. The attestation server 304 can then verify that the secure element 306 has not been extracted from the original device in which it was installed and placed into a different device, as well as verifying that the mobile device 102 includes the secure element 306 that is assigned to the mobile device 102.
  • Fig.4 illustrates a sequence diagram of a process 400 to generate anonymized attestation certificates for a secure element. The process 400 is performed between the factory data server 302, attestation server 304, the OS 305 of the mobile device 102, and the secure element 306 of the mobile device 102.
  • the attestation server 304 can perform a preliminary operation (401) to generate a static secure element attestation key pair.
  • the attestation server 304 can then perform an additional preliminary operation (402) to share the attestation public key with the mobile device OS 305.
  • the attestation public key can be used by the mobile device OS 305 to verify the signature of anonymized attestation certificates that are received from the attestation server 304.
  • the mobile device OS 305 can perform an operation (403) to generate a key pair.
  • generating the key pair includes operations (404) to generate a key pair including a secure element public key (sePK) and a secure element secret key (seSK), which respectively are the public and private portions of the keypair.
  • a secure element public key (sePK)
  • a secure element secret key (seSK)
  • Any number of key pairs can be generated by the secure element 306 in response to a request from an application.
  • An application can request the generation of a secure element key pair to enable the application to perform an operation or action that is mediated or gated by an applet that executes on the secure element, such as performing a payment operation or using an electronic key to access a door or vehicle.
  • SEAttestation For each keypair, a secure element attestation (SEAttestation) package can be generated.
  • the SE attestation package in one embodiment includes an SEID, which is a unique identifier for the hardware within the secure element 306, an ECID, which is a unique identifier for the hardware of the electronic device 102, and the secure element public key.
  • storage of the ECID is managed by the secure processor 310 of Fig.3 and the ECID is sent to the secure element 306 via the secure channel established via the secure processor 310 and the secure element 306.
  • the SE attestation package can be signed using a digital signature algorithm, such as but not limited to an elliptic curve digital signature algorithm (ECDSA).
  • ECDSA elliptic curve digital signature algorithm
  • the signing key for the SE attestation package may be a controlling authority signature domain private key (CASDPrivateKey), which is a long term hardware key that is provisioned to the secure element 306 during manufacturing.
  • the OS 305 can then perform an operation (405) to group the generated SE attestation with a CASDCertificate, which is a certificate (e.g., X.509 certificate) that includes a long term public key (CASDPublicKey) of the secure element.
  • the OS 305 may then perform an additional operation (406), which includes repeating the steps of operation 404 and operation 405 for each additional SE attestation package to be generated.
  • the mobile device OS 305 can then perform an operation (407) to generate a request package that includes the CASDCertificate and an SE attestation package for each generated key pair for which a certificate is to be generated by the attestation server 304.
  • Each SEAttestion package may also include the CASDCertificate for the secure element 306 or a single instance of the CASDCertificate may be stored in the request.
  • the mobile device OS 305 can then perform an operation (408) to send the request package to the attestation server 304 along with the CASDCertificate for the secure element.
  • the attestation server 304 can perform operations (409) to verify the CASDCertificate using the secure element vendor root certificate and then verify the SE attestation using the CASDCertificate.
  • the SE Vendor RootCA certificate is a public key certificate that identifies a root certificate authority (CA) for the CASDCertificate, which will be associated with the vendor of the secure element 306.
  • the root CA cert can be used to verify the legitimacy of the CASDCertificate. Once verified as legitimate, the CASDCertificate can be used to verify the legitimacy of the SE attestation packages.
  • the attestation server 304 can use the ECID that is received with the request to verify that the secure element 306 of the mobile device 102 is legitimately associated with the mobile device 102.
  • the attestation server 304 can send a message (410) to the factory data server 302 that includes the ECID.
  • the factory data server 302 can then perform a lookup operation (411) using the ECID to retrieve the latest sealing manifest associated with the ECID (e.g., from a factory database 312 as in Fig. 3).
  • the sealing manifest includes the digest of each blob of factory calibration and provisioning data assigned to the device and is signed by the factory data server 302, or another server (e.g., sealing server) that is associated with the factory data server 302.
  • the manifest associated with the ECID of the mobile device 102 can be updated with identifiers of the replaced components and re-sealed.
  • the factory data server 302 can return (412) the sealing manifest to the attestation server 304 after retrieving the latest manifest from the factory database.
  • the attestation server 304 having receipt of the latest sealing manifest, can perform operations (413) to verify that the SEID and ECID in the latest sealing manifest matches the identifiers received in thew SE attestation packages.
  • the attestation server 304 can perform an operation (414) generate a new certificate for each SE attestation package within the request.
  • the attestation server 304 can perform an operation (415) to generate a certificate, which may be an X.509 Certificate, for each SE attestation package received in the request from the mobile device OS 305.
  • each certificate can include a signature that is generated using the private portion of the SE attestation key pair generated during operation 401 based on a set of properties (e.g., X.509Properties) specified for the certificate and the secure element public key for which the certificate is to be generated.
  • the properties specified for the certificate can indicate the capabilities of the generated certificate and/or the type of operations that can be performed using the certificate.
  • the properties can specify a validity period for the certificate or the number of times in which a certificate may be used.
  • Properties can also specify an authorized use case for the certificate that indicates the context in which the certificate may be used for attestation of the secure element.
  • a device can specify requested properties for a certificate, or properties can be automatically assigned for a certificate.
  • the attestation server 304 can be configured with rules that will be applied to certificate generation requests. For example, a single device may be limited in the number of certificates that it can request within a time period.
  • server rules can be applied to limit the properties that can be granted to or specified for a certificate. For example, a validity period that may be requested for a certificate may be limited (e.g., 24 hours), but may be extended if use of the certificate is limited to circumstances in which biometric authentication is in use. Furthermore, the properties on generated certificates may be limited based on the type of application or services for which the certificate may be used. Certificates for use with a service may also be limited based on the type of device, class of device, or even the specific device that is requesting certificate generation for a server.
  • the attestation server 304 may be configured to enable a specific version of a device to generate a certificate for use with a specific type of service while preventing generation of the certificate for device versions that are older than the specific version of the device for which certificate generation is enabled.
  • Fig.5A-5B illustrate methods 500, 510 of generating and using privacy proofed secure element generated certificates.
  • Method 500 can be performed by an electronic device to request the generation of anonymized certificates to attest to the secure element within the device.
  • the anonymized certificates enable attestation while preventing long term tracking of the mobile device via the persistent identifier of the secure element.
  • Method 510 can be performed by the electronic device to perform multiple transactions with a service provider while maintaining privacy via the use of anonymized certificates.
  • the electronic device can perform a method 500 that includes operations to generate a key pair via the secure element in response to a request from an application executed by the electronic device, where the key pair includes a first public key (501).
  • the electronic device can then generate an attestation package that includes the first public key, a hardware identifier of the secure element, and at least one hardware identifier of the electronic device (502).
  • the electronic device can then sign the attestation package using a second key associated with the secure element (503).
  • the second key associated with the secure element is the long term/persistent private key of the secure element.
  • the second key can be a controlling authority signature domain (CASD) private key.
  • CASD controlling authority signature domain
  • the electronic device can then generate an attestation request that includes the attestation package and a device certificate for the secure element (504).
  • the device certificate for the secure element is the manufacturer supplied certificate for the secure element that includes manufacturer supplied public key.
  • the electronic device can then transmit the attestation request to an attestation server (505). If the request is determined to be valid by the server, the electronic device will receive an anonymized attestation certificate from the server (506). Multiple attestation packages can be generated in a batch and the multiple attestation packages can be transmitted in a single request.
  • the server will then return an anonymized attestation certificate for each attestation package in the request. In one embodiment, the server may return anonymized certificate for any valid packages that are included in the request, if a request includes one more invalid attestation packages.
  • the server may return an error and none of the anonymized certificates will be generated.
  • the electronic device can perform a method 510 that includes operations to create multiple attestation certificates that enable anonymized attestation of a secure element of an electronic device (511).
  • the multiple attestation certificates may be cryptographically associated with the secure element. For example, a first attestation certificate and a second attestation certificate can be created and the first attestation certificate and the second attestation certificate will be different certificates that include different public keys (e.g., a first public key for the first certificate and a second, different public key for the second certificate).
  • the multiple attestation certificates do not include any persistent identifiers associated with the secure element. Use of the multiple attestation certificates will not enable long-term tracking of the electronic device via persistent identifiers of the secure element.
  • the electronic device is then enabled to perform a first electronic data exchange via the secure element in which authenticity of the secure element is attested via the first attestation certificate (512).
  • the electronic device can then perform a second electronic data exchange via the secure element in which authenticity of secure element is attested via the second attestation certificate (513). Even though the same electronic device performs the first and second electronic data exchanges, should the server providers attempt to collude to track the electronic device, the exchanges will appear as though they were performed by separate devices having separate secure elements.
  • Fig.6 illustrates a method 600 of generating anonymized attestation certificates for an electronic device.
  • the method 600 can be performed by a server device, such as a device attestation server described herein.
  • the server device can receive an attestation request including multiple attestation packages and a device certificate for a secure element (601).
  • the server can then validate the device certificate for the secure element and request data within the multiple attestation packages (602). If the request is valid, the server can then determine authorized properties for a certificates generated for the secure element (603). Determining the authorized properties can include determining the degree of authentication (e.g., type of biometric authentication) that should accompany use of the certificate.
  • degree of authentication e.g., type of biometric authentication
  • Fig.7 is a block diagram of a system architecture 700 associated with a mobile device 102, according to an embodiment.
  • the system architecture 700 can include one or more speaker devices 701 to enable playback of the audio portion of media, alarm, alert, notification, or telephone calls played on or performed by the mobile device 102.
  • the system architecture 700 can also include one or more network interfaces 702, which can include one or more wireless interfaces 703A-703N to enable wireless network connectivity.
  • the one or more wireless interfaces 703A-703N can couple with baseband processing logic that enables support for wireless networking protocols such as, but not limited to Bluetooth, Wi-Fi, near field communication (NFC), other wireless networking technologies.
  • the network interface 702 may also support a wired network connection.
  • the system architecture 700 can also include the secure processor 310 and secure element 306 as also shown in Fig.3. In various embodiments, the secure processor 310 and secure element 306 may be on the same integrated circuit as the processing system 704 or may be on separate chips and/or packages.
  • the computing device also includes a processing system 704 having multiple processor devices.
  • the processing system 704 includes one or more application processor(s) 705 to execute instructions for user and system applications that execute on the computing device.
  • the processing system can also include a sensor processor to process and monitor a suite of sensor devices 708 having sensors including, but not limited to motion sensors, light sensors, proximity sensors, biometric sensors, audio sensors (e.g., microphones), and image sensors (e.g., cameras).
  • the sensor processor 706 can enable low-power monitoring of always-on sensors within the suite of sensor devices 708.
  • the sensor processor 706 can allow the application processor(s) 705 to remain in a low power state when the mobile device 102 is not in active use while allowing the mobile device 102 to remain accessible via voice or gesture input to a virtual assistant or to incoming network data received via the network interface 702.
  • the mobile device 102 includes a system memory 710 which can be a system virtual memory having an address space that includes volatile and non-volatile memory.
  • the system memory 710 can include a telephony application 722, a payment applet 723, and location services logic 724.
  • the telephony application 722 enables the mobile device 102 to contact an emergency service provider.
  • the payment applet 723 can enable the mobile device to make purchases via an online payment system 200 as in Fig. 2.
  • the location services logic 724 enables software logic to query current and historical location data for the mobile device having the system architecture 700.
  • the system memory 710 can also include a cryptographic services library 728 that provides encryption primitives that are accelerated using cryptographic engines within the mobile device.
  • the cryptographic services library can interact with a trusted key store 726, which stores keys and certificates that are generated for use by a mobile device 102 having the system architecture 700, or received from trusted external sources. Certificates received from the certificate server 240 of Fig. 2 and/or attestation server 304 of Fig. 3 may be stored in the trusted key store 726.
  • the payment applet 723 can use primitives provided by the cryptographic services library 728 to perform cryptographic operations described herein.
  • Fig.8 illustrates an overview of a network environment 800 in which an online payment system may be implemented.
  • the network environment 800 can include one or more electronic devices such as a tablet computer 802A, a desktop computer 802B, a television or set top box 802C, a mobile phone 802E, wearable device 802F, and/or a laptop computer 802G, which may be referred to collectively as electronic devices 802.
  • Electronic devices 802 within range of one another can establish a peer-to-peer communication channel via a direct communication link (e.g., a Bluetooth link, an infrared (IR) link, or the like). Further, the electronic devices 802 can be connected to a network 820, either directly or via a connection to a base station 830.
  • a direct communication link e.g., a Bluetooth link, an infrared (IR) link, or the like
  • the base station 830 can be, for example, a network access device (e.g., a router, cellular base station, or the like) which provides the electronic devices 802 with network access.
  • the network environment 800 can also include a set of servers 840 that are accessible to the electronic devices 802 via the network 820.
  • the servers 840 can include online merchant servers, payment servers, and certificate servers as illustrated in Fig. 2.
  • the servers 840 can also include servers to provide authentication and data storage for user accounts associated with the electronic devices 802, including servers that facilitate access to one or more account databases.
  • the servers 840 may be physical servers, virtual servers, or a combination of physical and virtual servers.
  • the network 820 can be any suitable type of wired or wireless network such as a local area network (LAN), a wide area network (WAN), or combination thereof.
  • a LAN can be implemented using various network connection technologies such as, but not limited to Ethernet, wireless LAN (e.g., Wi-Fi), and/or wireless personal area networks (WPAN).
  • WLAN communication over the network 820 can be performed using network protocols such as, but not limited to transmission control protocol (TCP) and Internet protocol (IP).
  • TCP transmission control protocol
  • IP Internet protocol
  • a WAN can be implemented over various physical layer types including fiber-optic and copper cabling using protocols such as, but not limited to synchronous optical networking (SONET) and synchronous digital hierarchy (SDH).
  • SONET synchronous optical networking
  • SDH synchronous digital hierarchy
  • any of the electronic devices 802 can use software logic associated with an application or web browser to initial purchase requests with an online merchant server within the set of servers 840.
  • a mobile phone 802E or wearable device 802F can exchange data over a short range wireless protocol with a point of sale system.
  • the point of sale system may be coupled with the servers 840 via a wireless connection to a base station 830 or via a wired connection to an electronic device 802 such as a desktop computer 802B, tablet computer 802A, or laptop computer 802G.
  • a tablet computer 802A may operate directly as a point of sale system using software logic executed on the tablet computer.
  • Fig.9 is a block diagram of a device architecture 900 for a mobile or embedded device, according to an embodiment.
  • the device architecture 900 includes a memory interface 902, a processing system 904 including one or more data processors, image processors and/or graphics processing units, and a peripherals interface 906.
  • the various components can be coupled by one or more communication buses or signal lines.
  • the various components can be separate logical components or devices or can be integrated in one or more integrated circuits, such as in a system on a chip integrated circuit.
  • the memory interface 902 can be coupled to memory 950, which can include high- speed random-access memory such as static random-access memory (SRAM) or dynamic random-access memory (DRAM) and/or non-volatile memory 905, such as but not limited to flash memory (e.g., NAND flash, NOR flash, etc.).
  • SRAM static random-access memory
  • DRAM dynamic random-access memory
  • non-volatile memory 905 such as but not limited to flash memory (e.g., NAND flash, NOR flash, etc.).
  • Sensors, devices, and subsystems can be coupled to the peripherals interface 906 to facilitate multiple functionalities.
  • a motion sensor 910 can be coupled to the peripherals interface 906 to facilitate the mobile device functionality.
  • One or more biometric sensor(s) 915 may also be present, such as a fingerprint scanner for fingerprint recognition or an image sensor for facial recognition.
  • Other sensors 916 can also be connected to the peripherals interface 906, such as a positioning system (e.g., GPS receiver), a temperature sensor, or other sensing device, to facilitate related functionalities.
  • a camera subsystem 920 and an optical sensor 922 e.g., a charged coupled device (CCD) or a complementary metal-oxide semiconductor (CMOS) optical sensor, can be utilized to facilitate camera functions, such as recording photographs and video clips.
  • CCD charged coupled device
  • CMOS complementary metal-oxide semiconductor
  • Communication functions can be facilitated through one or more wireless communication subsystems 924, which can include radio frequency receivers and transmitters and/or optical (e.g., infrared) receivers and transmitters.
  • the specific design and implementation of the wireless communication subsystems 924 can depend on the communication network(s) over which a mobile device is intended to operate.
  • a mobile device including the illustrated device architecture 900 can include wireless communication subsystems 924 designed to operate over a GSM network, a CDMA network, an LTE network, a Wi-Fi network, a Bluetooth network, or any other wireless network.
  • the wireless communication subsystems 924 can provide a communications mechanism over which a media playback application can retrieve resources from a remote media server or scheduled events from a remote calendar or event server.
  • An audio subsystem 926 can be coupled to a speaker 928 and a microphone 930 to facilitate voice-enabled functions, such as voice recognition, voice replication, digital recording, and telephony functions.
  • the audio subsystem 926 can be a high-quality audio system including support for virtual surround sound.
  • the I/O subsystem 940 can include a touch screen controller 942 and/or other input controller(s) 945.
  • the touch screen controller 942 can be coupled to a touch sensitive display system 946 (e.g., touch-screen).
  • the touch sensitive display system 946 and touch screen controller 942 can, for example, detect contact and movement and/or pressure using any of a plurality of touch and pressure sensing technologies, including but not limited to capacitive, resistive, infrared, and surface acoustic wave technologies, as well as other proximity sensor arrays or other elements for determining one or more points of contact with a touch sensitive display system 946.
  • Display output for the touch sensitive display system 946 can be generated by a display controller 943.
  • the display controller 943 can provide frame data to the touch sensitive display system 946 at a variable frame rate.
  • a sensor controller 944 is included to monitor, control, and/or processes data received from one or more of the motion sensor 910, light sensor 912, proximity sensor 914, or other sensors 916.
  • the sensor controller 944 can include logic to interpret sensor data to determine the occurrence of one of more motion events or activities by analysis of the sensor data from the sensors.
  • the I/O subsystem 940 includes other input controller(s) 945 that can be coupled to other input/control devices 948, such as one or more buttons, rocker switches, thumb-wheel, infrared port, USB port, and/or a pointer device such as a stylus, or control devices such as an up/down button for volume control of the speaker 928 and/or the microphone 930.
  • the memory 950 coupled to the memory interface 902 can store instructions for an operating system 952, including portable operating system interface (POSIX) compliant and non-compliant operating system or an embedded operating system.
  • the operating system 952 may include instructions for handling basic system services and for performing hardware dependent tasks.
  • the operating system 952 can be a kernel.
  • the memory 950 can also store communication instructions 954 to facilitate communicating with one or more additional devices, one or more computers and/or one or more servers, for example, to retrieve web resources from remote web servers.
  • the memory 950 can also include user interface instructions 956, including graphical user interface instructions to facilitate graphic user interface processing.
  • the memory 950 can store sensor processing instructions 958 to facilitate sensor-related processing and functions; telephony instructions 960 to facilitate telephone-related processes and functions; messaging instructions 962 to facilitate electronic- messaging related processes and functions; web browser instructions 964 to facilitate web browsing-related processes and functions; media processing instructions 966 to facilitate media processing-related processes and functions; location services instructions including GPS and/or navigation instructions 968 and Wi-Fi based location instructions to facilitate location based functionality; camera instructions 970 to facilitate camera-related processes and functions; and/or other software instructions 972 to facilitate other processes and functions, e.g., security processes and functions, and processes and functions related to the systems.
  • sensor processing instructions 958 to facilitate sensor-related processing and functions
  • telephony instructions 960 to facilitate telephone-related processes and functions
  • messaging instructions 962 to facilitate electronic- messaging related processes and functions
  • web browser instructions 964 to facilitate web browsing-related processes and functions
  • media processing instructions 966 to facilitate media processing-related processes and functions
  • location services instructions including GPS and/or navigation instructions 968 and Wi-Fi based
  • the memory 950 may also store other software instructions such as web video instructions to facilitate web video-related processes and functions; and/or web shopping instructions to facilitate web shopping-related processes and functions.
  • the media processing instructions 966 are divided into audio processing instructions and video processing instructions to facilitate audio processing-related processes and functions and video processing-related processes and functions, respectively.
  • a mobile equipment identifier such as an International Mobile Equipment Identity (IMEI) 974 or a similar hardware identifier can also be stored in memory 950.
  • IMEI International Mobile Equipment Identity
  • Each of the above identified instructions and applications can correspond to a set of instructions for performing one or more functions described above. These instructions need not be implemented as separate software programs, procedures, or modules.
  • the memory 950 can include additional instructions or fewer instructions.
  • Fig.10 is a block diagram of a computing system 1000, according to an embodiment.
  • the illustrated computing system 1000 is intended to represent a range of computing systems (either wired or wireless) including, for example, desktop computer systems, laptop computer systems, tablet computer systems, cellular telephones, personal digital assistants (PDAs) including cellular-enabled PDAs, set top boxes, entertainment systems or other consumer electronic devices, smart appliance devices, or one or more implementations of a smart media playback device.
  • Alternative computing systems may include more, fewer, and/or different components.
  • the computing system 1000 can be used to provide the computing device and/or a server device to which the computing device may connect.
  • the computing system 1000 includes bus 1035 or other communication device to communicate information, and processor(s) 1010 coupled to bus 1035 that may process information. While the computing system 1000 is illustrated with a single processor, the computing system 1000 may include multiple processors and/or co-processors.
  • the computing system 1000 further may include memory 1020 in the form of random-access memory (RAM) or other dynamic storage device coupled to the bus 1035.
  • the memory 1020 may store information and instructions that may be executed by processor(s) 1010.
  • the memory 1020 may also be main memory that is used to store temporary variables or other intermediate information during execution of instructions by the processor(s) 1010.
  • the computing system 1000 may also include read only memory (ROM) 1030 and/or another data storage device 1040 coupled to the bus 1035 that may store information and instructions for the processor(s) 1010.
  • the data storage device 1040 can be or include a variety of storage devices, such as a flash memory device, a magnetic disk, or an optical disc and may be coupled to computing system 1000 via the bus 1035 or via a remote peripheral interface.
  • the computing system 1000 may also be coupled, via the bus 1035, to a display device 1050 to display information to a user.
  • the computing system 1000 can also include an alphanumeric input device 1060, including alphanumeric and other keys, which may be coupled to bus 1035 to communicate information and command selections to processor(s) 1010.
  • the computing system 1000 may also receive user input from a remote device that is communicatively coupled via one or more network interface(s) 1080.
  • the computing system 1000 further may include one or more network interface(s) 1080 to provide access to a network, such as a local area network.
  • the network interface(s) 1080 may include, for example, a wireless network interface having antenna 1085, which may represent one or more antenna(e).
  • the computing system 1000 can include multiple wireless network interfaces such as a combination of Wi-Fi, Bluetooth®, near field communication (NFC), and/or cellular telephony interfaces.
  • the network interface(s) 1080 may also include, for example, a wired network interface to communicate with remote devices via network cable 1087, which may be, for example, an Ethernet cable, a coaxial cable, a fiber optic cable, a serial cable, or a parallel cable.
  • the network interface(s) 1080 may provide access to a local area network, for example, by conforming to IEEE 802.11 wireless standards and/or the wireless network interface may provide access to a personal area network, for example, by conforming to Bluetooth standards. Other wireless network interfaces and/or protocols can also be supported.
  • network interface(s) 1080 may provide wireless communications using, for example, Time Division, Multiple Access (TDMA) protocols, Global System for Mobile Communications (GSM) protocols, Code Division, Multiple Access (CDMA) protocols, Long Term Evolution (LTE) protocols, and/or any other type of wireless communications protocol.
  • TDMA Time Division, Multiple Access
  • GSM Global System for Mobile Communications
  • CDMA Code Division, Multiple Access
  • LTE Long Term Evolution
  • the computing system 1000 can further include one or more energy sources 1005 and one or more energy measurement systems 1045.
  • Energy sources 1005 can include an AC/DC adapter coupled to an external power source, one or more batteries, one or more charge storage devices, a USB charger, or other energy source.
  • Energy measurement systems include at least one voltage or amperage measuring device that can measure energy consumed by the computing system 1000 during a predetermined period of time.
  • Fig.11 illustrates a computing system 1100 including a secure processor, according to an embodiment.
  • the illustrated secure processor 1103 is a secure enclave processor, although other types of secure processors may be used to accelerate cryptographic operations described herein.
  • the computing system 1100 can enable a device to perform secure accelerated cryptographic operations, to provide secure storage for a subset of private keys, and to enable the encryption of other private keys.
  • a version of the computing system 1100 can be included in a primary device (e.g., smartphone) and a secondary device (e.g., computing device, wearable device, wireless accessory) as described herein.
  • the computing system 1100 includes an application processor 1121 that is communicably coupled with a secure processor 1103 via a secure interface 1119.
  • the computing system 1100 can be a portion of any of the client devices described herein. Additionally, the computing system 1100 can be included into one or more of the servers described herein.
  • the secure processor 1103 can be implemented as a system on chip.
  • the application processor 1121 and the secure processor 1103 can be implemented on a system on chip and include one or more processors and memory controllers and other components on a single integrated circuit.
  • the computing system 1100 can also include a secure element 1122 as generally described herein.
  • the secure element 1122 may be configured to communicate with the secure processor 1103 via the secure interface 1119 or via an encrypted communication channel that is relayed through the application processor 1121.
  • the secure processor 1103 can perform cryptographic operations as described herein, as well as other system security operations such as encrypting user files or verifying code signatures, processing user passcodes, or performing other security operations.
  • the cryptographic operations can be performed in part by the secure processor core 1115 by executing software stored as firmware 1111 in the secure processor 1103.
  • the secure processor core 1115 can also be coupled to a ROM 1113 which can be trusted software that can validate the software in the firmware 1111 before allowing that firmware to execute by checking a code signature of the firmware and verifying that the signature code indicates that the firmware is valid and has not been corrupted before allowing the firmware to be executed by the secure processor core 1115.
  • the secure processor 1103 can also include a cryptographic accelerator such as cryptographic accelerator 1107 which can perform asymmetric cryptography as well as symmetric cryptography using a hardware accelerator.
  • the cryptographic accelerator 1107 can be coupled to non-volatile and immutable memory 1105 which can store in a secure manner a device identifier or a set of device identifiers and a set of one or more certificates and private keys which are hidden from the rest of the system and are not readable by the rest of the system in one embodiment.
  • the cryptographic accelerator 1107 has access to the private keys and other data within the non-volatile and immutable memory 1105 and access to such memory is not allowed for components outside of the secure processor 1103.
  • the cryptographic accelerator 1107 can be coupled to an accelerator memory 1109 which can be a scratch pad memory used to perform the cryptographic operations that are performed by the cryptographic accelerator 1107.
  • the application processor 1121 can be coupled to one or more buses 1123 which are coupled to one or more input and output (I/O) devices 1127, such as a touchscreen display a Bluetooth radio, an NFC radio, a Wi-Fi radio, etc. Other input and output devices can be included.
  • the application processor 1121 is also coupled to an application processor ROM 1125, which provides software to boot the application processor.
  • the ROM 1113 provides code to boot the secure processor core 1115 within the secure processor 1103.
  • the hash functions described herein can utilize specialized hardware circuitry (or firmware) of the system (client device or server).
  • the function can be a hardware-accelerated function.
  • the system can use a function that is part of a specialized instruction set, which may be an extension to an instruction set architecture for particular a type of microprocessor. Accordingly, in an embodiment, the system can provide a hardware-accelerated mechanism for performing cryptographic operations to improve the speed of performing the functions described herein using these instruction sets.
  • the hardware-accelerated engines / functions are contemplated to include any implementations in hardware, firmware, or combination thereof, including various configurations which can include hardware / firmware integrated into the SoC as a separate processor, or included as special purpose CPU (or core), or integrated in a coprocessor on the circuit board, or contained on a chip of an extension circuit board, etc.
  • Embodiments described herein provide techniques to privacy proof secure element generated certificate by enabling the generation of anonymous secure element attestations within the secure element.
  • An attestation certificate request can be generated that is signed using the static key of the secure element.
  • the attestation certificate request can then be sent to an attestation server, which can verify the attestation certificate request and return an anonymized attestation certificate.
  • the device containing the secure element can transmit the certificate to third parties to verify attestation data signed by the secure element using the certificate and provide assurance to the third parties that the data being attested to has been generated inside a secure element associated with a specific manufacturer.
  • One embodiment provides a method comprising creating multiple attestation certificates that enable anonymized attestation of a secure element of an electronic device, where the multiple attestation certificates each cryptographically associated with the secure element.
  • the multiple attestation certificates include a first attestation certificate and a second attestation certificate.
  • the first attestation certificate and the second attestation certificate are different certificates and enable the same electronic device to perform electronic transactions using the secure element without enabling the tracking of the electronic device across transactions.
  • the method additionally includes performing a first electronic data exchange via the secure element in which authenticity of the secure element is attested via the first attestation certificate and performing a second electronic data exchange via the secure element in which authenticity of secure element is attested via the second attestation certificate.
  • One embodiment provides a data processing system on an electronic device, the data processing system comprising a secure element, one or more processors including an application processor and a secure circuit, memory to store instructions for execution by the application processor, where the instructions, when executed, cause the one or more processors to create multiple attestation certificates that enable that enable anonymized attestation of a secure element of an electronic device.
  • the multiple attestation certificates are cryptographically associated with the secure element and the multiple attestation certificates include a first attestation certificate and a second attestation certificate.
  • the first attestation certificate and the second attestation certificate are different.
  • Embodiments also provide a system and non-transitory machine-readable medium that implement the above method.

Abstract

L'invention concerne des techniques de protection de la confidentialité d'attestations d'élément sécurisé anonymes de certificats générés par un élément sécurisé. Une requête de certificat d'attestation peut être générée qui est signée à l'aide de la clé statique de l'élément sécurisé. La requête de certificat d'attestation peut ensuite être envoyée à un serveur d'attestation, qui peut vérifier la requête de certificat d'attestation et renvoyer un certificat d'attestation anonymisé. Le dispositif contenant l'élément sécurisé peut transmettre le certificat à des tiers pour vérifier des données d'attestation signées par l'élément sécurisé à l'aide du certificat et donner la garantie aux tiers que les données qui sont attestées ont été générées dans un élément sécurisé associé à un fabricant spécifique.
PCT/US2022/024356 2021-04-19 2022-04-12 Protection de la confidentialité de certificats générés par un élément sécurisé WO2022225739A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
DE112022002221.3T DE112022002221T5 (de) 2021-04-19 2022-04-12 Datenschutzsicherung von durch ein sicheres element generierten zertifikaten
CN202280029435.1A CN117203633A (zh) 2021-04-19 2022-04-12 安全元件生成的证书的隐私证明

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202163176781P 2021-04-19 2021-04-19
US63/176,781 2021-04-19
US17/658,521 2022-04-08
US17/658,521 US20220337431A1 (en) 2021-04-19 2022-04-08 Privacy proofing of secure element generated certificates

Publications (1)

Publication Number Publication Date
WO2022225739A1 true WO2022225739A1 (fr) 2022-10-27

Family

ID=81579720

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2022/024356 WO2022225739A1 (fr) 2021-04-19 2022-04-12 Protection de la confidentialité de certificats générés par un élément sécurisé

Country Status (1)

Country Link
WO (1) WO2022225739A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024089669A1 (fr) * 2022-10-28 2024-05-02 Stripe, Inc. Systèmes et procédés d'attestation de dispositif terminal pour des paiements sans contact

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160241552A1 (en) * 2013-05-30 2016-08-18 Nok Nok Labs, Inc. System and method for biometric authentication with device attestation
US20200302043A1 (en) * 2019-03-22 2020-09-24 Bloomberg Finance L.P. Authentication system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160241552A1 (en) * 2013-05-30 2016-08-18 Nok Nok Labs, Inc. System and method for biometric authentication with device attestation
US20200302043A1 (en) * 2019-03-22 2020-09-24 Bloomberg Finance L.P. Authentication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ERNIE BRICKELL ET AL: "Direct anonymous attestation", PROCEEDINGS OF THE 11TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY : WASHINGTON, DC, USA, OCTOBER 25 - 29, 2004; [ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY], NEW YORK, NY : ACM PRESS, 2 PENN PLAZA, SUITE 701 NEW YORK NY 10121, 25 October 2004 (2004-10-25), pages 132 - 145, XP058347813, ISBN: 978-1-58113-961-7, DOI: 10.1145/1030083.1030103 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024089669A1 (fr) * 2022-10-28 2024-05-02 Stripe, Inc. Systèmes et procédés d'attestation de dispositif terminal pour des paiements sans contact

Similar Documents

Publication Publication Date Title
US11489678B2 (en) Platform attestation and registration for servers
US10601795B2 (en) Service processing method and electronic device
US11582579B2 (en) Secure streaming of real-time location data between electronic devices
US9386045B2 (en) Device communication based on device trustworthiness
US11405191B2 (en) Guaranteed encryptor authenticity
Ramana et al. A three-level gateway protocol for secure M-commerce transactions using encrypted OTP
WO2019023475A1 (fr) Procédé et appareil de communication entre nœuds de chaîne de blocs
US11177955B2 (en) Device-to-device messaging protocol
WO2014142617A1 (fr) Paiement mobile sécurisé à l'aide d'une liaison d'éléments multimédias
US20220337431A1 (en) Privacy proofing of secure element generated certificates
CN113821835B (zh) 密钥管理方法、密钥管理装置和计算设备
US11824850B2 (en) Systems and methods for securing login access
US20210400037A1 (en) Authenticated interface element interactions
CN111784887A (zh) 一种用户访问的授权放行方法、装置以及系统
US20230421372A1 (en) Accessory assisted account recovery
WO2022225739A1 (fr) Protection de la confidentialité de certificats générés par un élément sécurisé
US20230075275A1 (en) Secure pairing and pairing lock for accessory devices
US11914737B2 (en) Authenticated and encrypted archives
CN115280720A (zh) 在线秘密加密
TWM608662U (zh) 線上交易處理系統
US20220303137A1 (en) Pairing protocol for peripherals with a secure function
US20240163279A1 (en) Systems and methods for securing login access

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22720851

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 112022002221

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22720851

Country of ref document: EP

Kind code of ref document: A1