Abstract: A device for controlled identity credential release may include at least one processor configured to receive a request to release an identity credential of a user, the identity credential being stored on the device. The at least one processor may be further configured to authenticate the user associated with the identity credential. The at least one processor may be further configured to, responsive to the authentication, provide at least a portion of the identity credential, such as for display and/or to a terminal device over a direct wireless connection. The at least one processor may be further configured to cause the electronic device to enter a locked state and/or to remain in a locked state, responsive to providing the at least the portion of the identity credential.

Abstract: A device for controlled identity credential release may include at least one processor configured to receive a request to release an identity credential of a user, the identity credential being stored on the device. The at least one processor may be further configured to authenticate the user associated with the identity credential. The at least one processor may be further configured to, responsive to the authentication, provide at least a portion of the identity credential, such as for display and/or to a terminal device over a direct wireless connection. The at least one processor may be further configured to cause the electronic device to enter a locked state and/or to remain in a locked state, responsive to providing the at least the portion of the identity credential.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

Abstract: Embodiments described herein provide cryptographic techniques to enable a recipient of a signed message containing encrypted data to verify that the signer of the message and the encryptor of the encrypted data are the same party, or at the least, have joint possession of a common set of secret cryptographic material. These techniques can be used to harden an online payment system against interception and resigning of encrypted payment information.

Abstract: Embodiments described herein provide cryptographic techniques to enable a recipient of a signed message containing encrypted data to verify that the signer of the message and the encryptor of the encrypted data are the same party, or at the least, have joint possession of a common set of secret cryptographic material. These techniques can be used to harden an online payment system against interception and resigning of encrypted payment information.

Abstract: In some implementations, a mobile device can receive identification information for a merchant store location. The mobile device can receive the identification information when the mobile device is proximate to the store location, for example. The mobile device can obtain graphical user interface (GUI) configuration data for the merchant store location based on the store location identification information. For example, the mobile device can obtain GUI content that has been customized for the merchant store location. The mobile device can configure a GUI of an application installed on the mobile device based on the obtained GUI configuration data. The mobile device can make the proximity application accessible to a user of the mobile device when the mobile device is near the store location.

Abstract: In some implementations, a mobile device can receive identification information for a merchant store location. The mobile device can receive the identification information when the mobile device is proximate to the store location, for example. The mobile device can obtain graphical user interface (GUI) configuration data for the merchant store location based on the store location identification information. For example, the mobile device can obtain GUI content that has been customized for the merchant store location. The mobile device can configure a GUI of an application installed on the mobile device based on the obtained GUI configuration data. The mobile device can make the proximity application accessible to a user of the mobile device when the mobile device is near the store location.

Abstract: Embodiments described herein provide cryptographic techniques to enable a recipient of a signed message containing encrypted data to verify that the signer of the message and the encryptor of the encrypted data are the same party, or at the least, have joint possession of a common set of secret cryptographic material. These techniques can be used to harden an online payment system against interception and resigning of encrypted payment information.

Abstract: A device for controlled identity credential release may include at least one processor configured to receive a request to release an identity credential of a user, the identity credential being stored on the device. The at least one processor may be further configured to authenticate the user associated with the identity credential. The at least one processor may be further configured to, responsive to the authentication, provide at least a portion of the identity credential, such as for display and/or to a terminal device over a direct wireless connection. The at least one processor may be further configured to cause the electronic device to enter a locked state and/or to remain in a locked state, responsive to providing the at least the portion of the identity credential.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to send, to a service provider, a request for a service provided by the service provider. The at least one processor may be further configured to receive, from the service provider and in response to the sending, a request for a verified claim, the verified claim comprising plural data fields to identify a user of a device and being a digital certificate signed by a server, the verified claim being associated with to the device. The at least one processor may be further configured to, in response to the receiving, determine a confidence assessment for the verified claim based on a comparison between the plural data fields in the verified claim and corresponding data locally-stored on a device, and send the confidence assessment and the verified claim to the service provider.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a first request to revoke a verified claim, the verified claim comprising information to identify a user of a device, wherein the verified claim includes a hardware reference key of the device, and wherein the hardware reference key is a public key of a public-private key pair, a corresponding private key of which is securely stored on the device. The at least one processor may be further configured to in response to receiving the request, send, to the device, a second request to revoke the verified claim on the device, and add the verified claim to a revocation list.

Abstract: A device implementing the subject system may include a processor configured to send, to a service provider, a request for a service provided by the service provider. The processor may be further configured to receive, in response to sending the request for the service, a request for a verified claim, the verified claim comprising first information to identify a user of a device and being a digital certificate signed by a server, the verified claim being associated with the device. The processor may be further configured to send, in response to receiving the request for the verified claim, the verified claim to the service provider, and receive a request for second information to identify the user, the second information being different than the first information, the request for the second information being based on a determination that the first information is not sufficient to identify the user.

Abstract: A device implementing a system for using a verified claim of identity may include at least one processor configured to receive a response vector corresponding to a verified claim of a user of a device, the verified claim comprising plural data fields to identify the user and being a digital certificate signed by a server, the verified claim being associated with the device, the response vector comprising, for each field of the plural data fields, a confidence score indicating a likelihood that the field is accurate. The at least one processor may be further configured to receive, from the device, a request for a service, determine, in response to receiving the request, that service is to be provided to the device based on the response vector and the verified claim, and provide the service to the device based on the determining.

Abstract: In some implementations, a mobile device can receive identification information for a merchant store location. The mobile device can receive the identification information when the mobile device is proximate to the store location, for example. The mobile device can obtain graphical user interface (GUI) configuration data for the merchant store location based on the store location identification information. For example, the mobile device can obtain GUI content that has been customized for the merchant store location. The mobile device can configure a GUI of an application installed on the mobile device based on the obtained GUI configuration data. The mobile device can make the proximity application accessible to a user of the mobile device when the mobile device is near the store location.