A Major Apple Pay Patent Surfaces in Europe that's Focused on Fighting Fraud
On Thursday March 6, 2015 we posted a patent application report titled "Apple Reveals One of the Systems behind Passbook and Apple Pay." It was an extremely light patent compared to the one that we discovered in Europe this past week that had some real teeth to it. While the filing was steeped in details that only a financial institution could love, the underlining fanaticism found in this patent filing was Apple's determination to fight fraud. Yet, no matter how fanatical the Apple Pay system was designed to be in rooting out potential fraud, if the bank's weak "Apple Pay" back-end security is failing, then fraud is able to surface as we reported on earlier today. Today's patent report relates to the secure provisioning of credentials on iDevices, and more particularly, to the secure provisioning of commerce credentials on an iDevice for use during near field communications.
Apple's Patent Background
Portable electronic devices (e.g., cellular telephones) may be provided with near field communication ("NFC") components for enabling contactless proximity-based communications with another entity. Often times, these communications are associated with financial transactions or other secure data transactions that require the electronic device to access and share a commerce credential, such as a credit card credential or a public transportation ticket credential. However, data sources commonly used for determining whether a particular commerce credential ought to be provisioned on a particular electronic device are often limited.
One of the Patents behind Apple Pay
Apple's invention describes systems, methods, and computer-readable media for securely provisioning credentials on an electronic device that is capable of near field communications and/or other wireless communications. In short, it's an Apple Pay related invention.
For example, a secure platform system may be in communication with an electronic device and a financial institution subsystem. The secure platform system may include a processor component, a memory component, and a communications component. The secure platform system may be configured to receive user account information from the electronic device, authenticate a user account with a commercial entity using the received user account information, detect a commerce credential associated with the authenticated user account, run a commercial entity fraud check on the detected commerce credential, commission the financial institution subsystem to run a financial entity fraud check on the detected commerce credential based on the results of the commercial entity fraud check, and facilitate provisioning of the detected commerce credential on the electronic device based on the results of the financial entity fraud check.
As another example, a method may include authenticating a user account with a commercial entity using user account information received from an electronic device, detecting at least one commerce credential associated with the authenticated user account, and running a commercial entity fraud risk analysis on each of the at least one detected commerce credential using data available to the commercial entity.
As yet another example, a secure platform system may be in communication with an electronic device and a financial institution subsystem. The secure platform system may include a processor component, a memory component, and a communications component. The secure platform system may be configured to receive user account information from the electronic device, authenticate a user account using the received user account information, detect a commerce credential associated with the authenticated user account, run a commercial entity fraud check on the detected commerce credential, and instruct the financial institution subsystem to run a financial entity fraud check on the detected commerce credential when the result of the commercial entity fraud check meets a particular standard.
As yet another example, an electronic device may include a contactless proximity-based communication component, another communication component, and a processor configured to communicate user account information to a commercial entity via the other communication component, receive account authentication information from the commercial entity via the other communication component based on the user account information, and, in response to the received account authentication information, transmit a request to the commercial entity via the other communication component for initiating a credential provisioning process.
As yet another example, a non-transitory computer-readable medium may include computer-readable instructions recorded thereon for authenticating a user account with a commercial entity using user account information received from an electronic device, detecting a commerce credential associated with the authenticated user account, and running a commercial entity fraud risk analysis on the detected commerce credential using data available to the commercial entity.
Apple clearly notes that their Summary noted above is merely to summarize some example embodiments, so as to provide a basic understanding of some aspects of the subject matter described in their patent filing. Accordingly, it will be appreciated that the features described in the Summary are merely examples and should not be construed to narrow the scope or spirit of the subject matter.
Analyzing for Fraud Risk
Apple notes that the provisioning of a credential on an electronic device may include authenticating a user account for a commercial entity using the electronic device and then detecting that the credential is associated with the authenticated user account (e.g., an account that enables a user to purchase goods or services from the commercial entity using the associated credential).
The credential may then be analyzed for fraud risk, not only by a financial entity responsible for the credential, but also by the commercial entity responsible for the authenticated user account with which the credential is associated. This may provide at least one additional layer of security while determining whether the credential ought to be provisioned on the electronic device.
Moreover, if the credential generates a positive fraud risk determination or a positive combination of fraud risk determinations based on the commercial entity fraud risk analysis and/or based on the financial entity fraud risk analysis, the credential may be at least partially provisioned on the electronic device without the user having to manually enter certain credential information or any credential information. This may provide a more seamless user experience for the user of the electronic device.
For example, in order for a credential to be provisioned on an electronic device, a user of the electronic device may only interact with the device to authenticate his or her user account with the commercial entity. This may provide a simple and unobtrusive user interface, whereas other instances of provisioning a credential on an electronic device (e.g., the instance of provisioning a new credential not yet associated with an authenticated user account, or the instance of provisioning a credential that does not pass one or both of the financial entity fraud risk analysis and the commercial entity fraud risk analysis) may require additional user interaction to help bolster confidence that the credential ought to be provisioned (e.g., user responses to security questions and/or user receipt and acknowledgement of one-time passwords provided to the electronic device by the financial entity and/or by the commercial entity may be required in such instances).
One or more credentials associated with an authenticated user account may be analyzed for fraud risk by a commercial entity, then a user may select one or more credentials that pass such a commercial entity fraud risk analysis, and then a financial entity fraud risk analysis may be run on the one or more user-selected credentials.
Alternatively, one or more credentials associated with an authenticated user account may be analyzed for fraud risk by a commercial entity, then a financial entity fraud risk analysis may be run on each of the one or more credentials that pass such a commercial entity fraud risk analysis, and then a user may select one or more credentials that pass such a financial entity fraud risk analysis.
Alternatively, a user may select one or more credentials from a list of credentials associated with an authenticated user account, then each one of the user-selected credentials may be analyzed for fraud risk by a commercial entity, and then a financial entity fraud risk analysis may be run on each of the one or more credentials that pass such a commercial entity fraud risk analysis. The commercial entity and the financial entity may be distinct entities, and the commercial entity fraud risk analysis may be performed based on data accessible to the commercial entity without requiring specific information from the financial entity.
Apple's patent FIG. 1 noted below is a schematic view of an illustrative system 1 that may allow for the secure provisioning of credentials on an electronic device and/or that may allow for the use of such credentials in a financial transaction.
For example, as shown in FIG. 1, system 1 may include an end-user electronic device (#100) as well as a secure mobile platform subsystem #400 and a financial institution subsystem #350 for securely provisioning credentials on electronic device.
Moreover, as shown in FIG. 1, the system may also include a merchant terminal #200 for receiving contactless proximity-based communications 15 (e.g., near field communications) from electronic device 100 based on such provisioned credentials, as well as an acquiring bank subsystem 300 that may utilize such contactless proximity-based communications 15 for completing a financial transaction with financial institution subsystem 350.
There's a very detailed segment on NFC which we're not going to cover in detail, but Apple does interestingly notes that the NFC memory module may be tamper resistant and may provide at least a portion of a secure element. For example, such a secure element may be configured to provide a tamper-resistant platform (e.g., as a single or multiple chip secure microcontroller) that may be capable of securely hosting applications and their confidential and cryptographic data in accordance with rules and security requirements that may be set forth by a set of well-identified trusted authorities (e.g., an authority of financial institution subsystem and/or an industry standard, such as GlobalPlatform).
Remember that beyond the "secure element" related a tamper resistant NCF component, Apple provides Touch ID biometric information on Apple's processor in a Secure Enclave not available to third parties (at the moment).
Apple's patent FIG. 4 noted below is a more detailed schematic view of a secure mobile platform of the system of FIG. 1 above.
Apple's patent FIGS. 5 and 8 are flowcharts of illustrative processes for provisioning credentials.
The Apple Pay related patent lists a plethora of current and future devices that Apple Pay could be associated with, such as: the iPhone, iPad, Apple Watch, Apple TV, headsets, virtual reality devices, smart glasses, televisions and many others.
The Apple Pay related patent application that was discovered in Europe this week was originally filed in Q4 2013 or about ten months prior to Apple Pay being officially introduced with the iPhone 6. The patent application clearly illustrates the depth of Apple's invention regarding security and multiple measures put in place to fight fraud.
Patently Apple presents a detailed summary of patent applications with associated graphics for journalistic news purposes as each such patent application is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application should be read in its entirety for full and accurate details. About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Comments are reviewed daily from 5am to 7pm MST and sporadically over the weekend.
Comments