US2023351377A1PendingUtilityA1

Document importation into secure element

74
Assignee: APPLE INCPriority: Jan 25, 2016Filed: Jun 23, 2023Published: Nov 2, 2023
Est. expiryJan 25, 2036(~9.5 yrs left)· nominal 20-yr term from priority
G06Q 20/3829H04L 9/3263G06Q 20/3278G06Q 20/40145H04L 9/3231H04L 9/3247H04L 9/0894H04L 63/083H04L 63/0861G06Q 20/3825G06Q 20/405G06Q 20/4014G06Q 20/204G06Q 20/385G06Q 20/3227H04W 12/069G06Q 2220/00H04L 2463/082H04L 2209/805
74
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Techniques are disclosed relating to authenticate a user with a mobile device. In one embodiment, a computing device includes a short-range radio and a secure element. The computing device reads, via the short-range radio, a portion of credential information stored in a circuit embedded in an identification document issued by an authority to a user for establishing an identity of the user. The computing device issues, to the authority, a request to store the credential information, the request specifying the portion of the credential information. In response to an approval of the request, the computing device stores the credential information in the secure element, the credential information being usable to establish the identity of the user. In some embodiments, the identification document is a passport that includes a radio-frequency identification (RFID) circuit storing the credential information, and the request specifies a passport number read from the RFID circuit.

Claims

exact text as granted — not AI-modified
1 . A non-transitory computer readable medium having program instructions stored thereon that are executable by a computer system to perform operations comprising:
 receiving identification information usable to establish an identity of a user;   storing at least a portion of the identification information in a secure element of the computer system, wherein the secure element is configured to restrict direct access to the at least a portion of the identification information by one or more processors of the computer system, and wherein the at least a portion of the identification information is associated with an index value that is derived from biometric data collected from the user via a biometric sensor of the computer system; and   causing, during an authentication process that involves the identification information, the secure element to:
 receive the index value in response to valid biometric data being collected from the user via the biometric sensor during the authentication process; 
 access the at least a portion of the identification information using the index value; and 
 provide the at least a portion of the identification information to a requesting computer system. 
   
     
     
         2 . The non-transitory computer readable medium of  claim 1 , wherein the operations further comprise:
 causing, during the authentication process, a biometric processor of the computer system to:
 collect an instance of biometric data from the user via the biometric sensor; 
 compare the collected instance of biometric data to previously stored biometric data of the user to determine whether the user provided valid biometric data; and 
 send the index value to the secure element in response to a determination that the user provided valid biometric data. 
   
     
     
         3 . The non-transitory computer readable medium of  claim 1 , wherein the operations further comprise:
 issuing, to a system that is operated by an authority that issued an identification document having the identification information, a request to store the at least a portion of the identification information, wherein the storing is performed in response to an approval of the request.   
     
     
         4 . The non-transitory computer readable medium of  claim 1 , wherein the causing further includes causing, during the authentication process, the secure element to:
 provide, to the requesting computer system, a digital certificate and a digital signature from the secure element, wherein the digital signature is generated by the secure element using a private key associated with the digital certificate, wherein the digital certificate is generated by an issuing authority that issued, to the user, an identification document having the identification information, and wherein the digital certificate and the digital signature are usable by the requesting computer system to establish the identity of the user.   
     
     
         5 . The non-transitory computer readable medium of  claim 1 , wherein the receiving includes:
 reading, via a short-range radio of the computer system, the identification information from a circuit embedded in an identification document issued by an authority to the user for establishing the identity of the user.   
     
     
         6 . The non-transitory computer readable medium of  claim 1 , wherein the operations further comprise:
 storing, in the secure element, a token usable to access another portion of the identification information that includes a photograph of the user stored in an identification document issued to the user by an issuing authority.   
     
     
         7 . The non-transitory computer readable medium of  claim 1 , wherein the secure element is configured to:
 generate a public-key pair usable to establish the identity of the user;   issue a certificate signing request (CSR) for the public-key pair to an issuing authority that issued, to the user, an identification document having the identification information; and   receive a certificate for the public-key pair in response to the issuing authority granting the CSR; and   provide, to the requesting computer system, a digital signature generated using a private key of the public-key pair to establish the identity of the user.   
     
     
         8 . A computing device, comprising:
 one or more processors;   memory having program instructions stored therein;   a biometric sensor configured to collect biometric data; and   a secure element that includes a processor distinct from the one or more processors and a memory distinct from the memory having the program instructions, wherein the secure element is configured to:
 store at least a portion of identification information usable to establish an identity of a user, wherein the at least a portion of identification information is stored in association with an index value derived from biometric data collected from the user via the biometric sensor; 
 restrict direct access to the at least a portion of identification information by the one or more processors; 
 during an authentication process that involves the at least a portion of identification information, receive the index value in response to the user providing valid biometric data via the biometric sensor; 
 access the at least a portion of identification information using the index value; and 
 provide the at least a portion of identification information to a requesting computer system. 
   
     
     
         9 . The computing device of  claim 8 , wherein the secure element is configured to:
 generate a digital signature using a private key that was stored in the secure element during fabrication of the secure element;   send, to an authorization system, a request for authorization to store, at the secure element, the at least a portion of identification information, wherein the request identifies an identification number associated with the identification information and the digital signature; and   receive, from the authorization system, a response indicating authorization to store, at the secure element, the at least a portion of identification information, wherein the response includes a signed version of the at least a portion of identification information.   
     
     
         10 . The computing device of  claim 9 , wherein the secure element is configured to:
 obtain the identification number from a passport having the identification number, wherein the identification number is a passport number.   
     
     
         11 . The computing device of  claim 8 , wherein the secure element is configured to:
 generate a public-key pair that is associated with the identification information and usable to authenticate the user;   issue, to a certificate authority system, a certificate signing request for the public-key pair;   receive a certificate for the public-key pair in response to the certificate authority system granting the certificate signing request; and   sign the at least a portion of the identification information using a private key of the public-key pair prior to providing the at least a portion of identification information to the requesting computer system.   
     
     
         12 . The computing device of  claim 8 , wherein the secure element is configured to:
 store a token usable to access another portion of the identification information, wherein the other portion includes a photograph of the user.   
     
     
         13 . The computing device of  claim 8 , further comprising:
 a biometric processor coupled to the biometric sensor and configured to:
 collect an instance of biometric data from the user via the biometric sensor during the authentication process; 
 compare the collected instance of biometric data to previously stored biometric data of the user to determine whether the user provided valid biometric data; and 
 send the index value to the secure element in response to a determination that the user provided valid biometric data. 
   
     
     
         14 . A method, comprising:
 receiving, by a computer system, identification information usable to establish an identity of a user;   storing, by the computer system, at least a portion of the identification information in a secure element of the computer system, wherein the at least a portion of the identification information is associated with an index value that is derived from biometric data collected from the user via a biometric sensor of the computer system; and   during an authentication process that involves the identification information, the computer system:
 collecting an instance of biometric data from the user via a biometric sensor; 
 obtaining the index value in response to valid biometric data being collected from the user via the biometric sensor; 
 accessing the at least a portion of the identification information using the index value; and 
 providing the at least a portion of the identification information to an external computer system. 
   
     
     
         15 . The method of  claim 14 , further comprising:
 providing, by the computer system and to the external computer system, a digital certificate and a digital signature from the secure element, wherein the digital signature is generated by the secure element using a private key associated with the digital certificate, wherein the digital certificate is generated by an issuing authority that issued, to the user, an identification document having the identification information, and wherein the digital certificate and the digital signature are usable by the external computer system to establish the identity of the user.   
     
     
         16 . The method of  claim 14 , wherein the storing of the at least a portion of the identification information is performed in response to receiving authorization from an authorization system of an issuing authority that issued, to the user, an identification document having the identification information. 
     
     
         17 . The method of  claim 14 , wherein the receiving includes:
 reading, by the computer system using a short-range radio, the identification information from an identification document issued to the user by an issuing authority.   
     
     
         18 . The method of  claim 14 , wherein the at least a portion of the identification information includes a photograph of the user that is included in an identification document issued to the user by an issuing authority. 
     
     
         19 . The method of  claim 14 , further comprising:
 after collecting the instance of biometric data, the computer system comparing the collected instance of biometric data to previously stored biometric data of the user; and   determining, by the computer system, that the user provided valid biometric in response to the collected instance of biometric data matching the previously stored biometric data.   
     
     
         20 . The method of  claim 14 , wherein the index value corresponds to a particular finger of the user.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.