Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: During operation, an electronic device may provide, to a second electronic device, an invitation to share a digital car key associated with a user of the electronic device and a vehicle, where the invitation includes information for creating another instance of the digital car key on the second electronic device. Then, the electronic device may receive, from the second electronic device, a message accepting the invitation, where the message includes a certificate associated with the other instance of the digital car key on the second electronic device. Moreover, the electronic device may provide, to the second electronic device, an approved version of the certificate with a digital signature of the user. Next, the electronic device may provide, to the computer, an instruction to share the digital car key with a set of electronic devices, which is associated with a second user of the second electronic device.

Abstract: A device implementing an express credential transaction system includes at least one processor configured to receive an indication that a payment applet for a service provider has been provisioned on a secure element of the device with a first attribute indicating that the payment applet can be utilized for a transaction without authentication associated with the transaction. The processor is configured to set the first attribute of the payment applet to indicate that authentication is required to utilize the payment applet when another payment applet for the service provider provisioned on the secure element of the device has an attribute that indicates the other payment applet can be utilized for the transaction without user authentication. The at least one processor is configured to control whether the user authentication is requested when utilizing the payment applet or the other payment applet, respectively, in transactions.

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: An electronic device that at least semi-automatically performs car-key pairing is described. During operation, the electronic device may perform wireless pairing with a second electronic device (e.g., a vehicle), where the wireless pairing establishes a connection between the electronic device and the second electronic device. Moreover, during the wireless pairing, the electronic device may receive information associated with the car-key pairing of the electronic device and the second electronic device. Then, after the wireless pairing is completed, the electronic device may determine that the car-key pairing is supported or available based at least in part on the information.

Abstract: During operation, an electronic device may provide, to a second electronic device, an invitation to share a digital car key associated with a user of the electronic device and a vehicle, where the invitation includes information for creating another instance of the digital car key on the second electronic device. Then, the electronic device may receive, from the second electronic device, a message accepting the invitation, where the message includes a certificate associated with the other instance of the digital car key on the second electronic device. Moreover, the electronic device may provide, to the second electronic device, an approved version of the certificate with a digital signature of the user. Next, the electronic device may provide, to the computer, an instruction to share the digital car key with a set of electronic devices, which is associated with a second user of the second electronic device.

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: Systems and methods for detecting and preventing a relay attack in a channel on which a near field communication (NFC) action between a key holder device and a reader is attempted are disclosed. A time limit is established for polling communications between the key holder device and the reader. Each of the reader and the key holder device generates a reader random value and a device random value respectively. The reader sends to the key holder device the reader random value, which includes the time limit for a response from the key holder device, the response including the device random value and the reader random value. The reader receives the response from the key holder device and can then determine whether the response from the key holder device is received within the time limit, to detect whether a relay attack can be made on the channel for the NFC action.

Abstract: A user device including near-field communication (NFC) circuitry may receive a polling message from an NFC terminal. The user device may obtain information based at least in part on the polling message. The user device may determine a characteristic of the NFC terminal based at least in part on the information. The characteristic may be indicative of a radio frequency (RF) field strength of the NFC terminal. The user device may adjust an RF setting of the NFC circuitry based at least in part on the characteristic. The RF setting may correspond to an RF sensitivity of the NFC circuitry.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for transmitting, as part of a polling loop, a value added services (VAS) command that includes capability data corresponding to a payment terminal. For example, the payment terminal can transmit a VAS command that advertises the payment terminal's capabilities as part of a polling loop. The payment terminal can listen for a response to the VAS command and, after receiving a response, the payment terminal may initiate a VAS protocol. The VAS command can also specify a mode in which the payment terminal is operating, such as a payment-only mode, a VAS mode, a payment-plus-VAS mode, etc.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for transmitting, as part of a polling loop, a value added services (VAS) command that includes capability data corresponding to a payment terminal. For example, the payment terminal can transmit a VAS command that advertises the payment terminal's capabilities as part of a polling loop. The payment terminal can listen for a response to the VAS command and, after receiving a response, the payment terminal may initiate a VAS protocol. The VAS command can also specify a mode in which the payment terminal is operating, such as a payment-only mode, a VAS mode, a payment-plus-VAS mode, etc.

Abstract: Systems, methods, and computer-readable media for managing near field communications during a low power express mode of an electronic device are provided that may make credentials of a near field communication (“NFC”) component appropriately secure and appropriately accessible while also limiting the power consumption of the NFC component and of other components of the electronic device.

Abstract: Systems, methods, and computer-readable media for managing near field communications during a low power express mode of an electronic device are provided that may make credentials of a near field communication (“NFC”) component appropriately secure and appropriately accessible while also limiting the power consumption of the NFC component and of other components of the electronic device.

Abstract: A device facilitating script deployment through service provider servers includes at least one processor configured to receive, from a service provider, a request to perform a transaction directly with a device secure element on which a credential is provisioned, where the request includes a credential identifier corresponding to the credential. The at least one processor is further configured to identify, based at least in part on the credential identifier, the device secure element. The at least one processor is further configured to verify that the service provider is authorized to interact directly with the device secure element. The at least one processor is further configured to instruct, responsive to the verifying, the device secure element to communicate directly with a service provider server to perform the transaction. The at least one processor is further configured to receive, from the device secure element, a result associated with the transaction.

Abstract: Systems, methods, and computer-readable media for managing near field communications during a low power express mode of an electronic device are provided that may make credentials of a near field communication (“NFC”) component appropriately secure and appropriately accessible while also limiting the power consumption of the NFC component and of other components of the electronic device.

Abstract: A device facilitating script deployment through service provider servers includes at least one processor configured to receive, from a service provider, a request to perform a transaction directly with a device secure element on which a credential is provisioned, where the request includes a credential identifier corresponding to the credential. The at least one processor is further configured to identify, based at least in part on the credential identifier, the device secure element. The at least one processor is further configured to verify that the service provider is authorized to interact directly with the device secure element. The at least one processor is further configured to instruct, responsive to the verifying, the device secure element to communicate directly with a service provider server to perform the transaction. The at least one processor is further configured to receive, from the device secure element, a result associated with the transaction.

Abstract: A device implementing an express credential transaction system includes at least one processor configured to receive an indication that a payment applet for a service provider has been provisioned on a secure element of the device with a first attribute indicating that the payment applet can be utilized for a transaction without authentication associated with the transaction. The processor is configured to set the first attribute of the payment applet to indicate that authentication is required to utilize the payment applet when another payment applet for the service provider provisioned on the secure element of the device has an attribute that indicates the other payment applet can be utilized for the transaction without user authentication. The at least one processor is configured to control whether the user authentication is requested when utilizing the payment applet or the other payment applet, respectively, in transactions.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for transmitting, as part of a polling loop, a value added services (VAS) command that includes capability data corresponding to a payment terminal. For example, the payment terminal can transmit a VAS command that advertises the payment terminal's capabilities as part of a polling loop. The payment terminal can listen for a response to the VAS command and, after receiving a response, the payment terminal may initiate a VAS protocol. The VAS command can also specify a mode in which the payment terminal is operating, such as a payment-only mode, a VAS mode, a payment-plus-VAS mode, etc.