Abstract: Techniques for using an authorizer in a virtual terminal on a multipurpose device to authorize operations of a cryptographic applet in a secure element associated with the multipurpose device are described herein. These techniques include receiving an authorization token and setting authorization criteria for the operation of the cryptographic applet based on the authorization token.

Abstract: Techniques for using a virtual terminal on a multipurpose device for PIN entry to authorize a data transfer are described herein. These techniques provide the secure receipt of each PIN digit by the device and encryption of the PIN multipurpose device and while the PIN entry data is transferred, while still providing the information to a server for further processing.

Abstract: Techniques to privacy proof secure element generated certificates anonymous secure element attestations are described herein. An attestation certificate request can be generated that is signed using the static key of the secure element. The attestation certificate request can then be sent to an attestation server, which can verify the attestation certificate request and return an anonymized attestation certificate. The device containing the secure element can transmit the certificate to third parties to verify attestation data signed by the secure element using the certificate and provide assurance to the third parties that the data being attested to has been generated inside a secure element associated with a specific manufacturer.

Abstract: The present application relates to devices and components including apparatus, systems, and methods to manage kernels within a secure element for performance of a data transfer.

Abstract: A secure trusted service manager provider may include at least one processor configured to provide, to an electronic device, a first script to provision an applet instance corresponding to a third party server, the script including a public key corresponding to the third party server. The at least one processor may be configured to receive, from the electronic device, an encrypted symmetric key and provide the encrypted symmetric key to the third party server, the symmetric key being encrypted with the public key. The at least one processor may be configured to receive, from the third party server, an encrypted data element corresponding to a transaction to be performed by the applet instance, the encrypted data element being encrypted with the symmetric key, generate a second script that includes the encrypted data element and provide, to the electronic device, the second script that includes the encrypted data element.

Abstract: A user device including near-field communication (NFC) circuitry may receive a polling message from an NFC terminal. The user device may obtain information based at least in part on the polling message. The user device may determine a characteristic of the NFC terminal based at least in part on the information. The characteristic may be indicative of a radio frequency (RF) field strength of the NFC terminal. The user device may adjust an RF setting of the NFC circuitry based at least in part on the characteristic. The RF setting may correspond to an RF sensitivity of the NFC circuitry.

Abstract: Techniques to privacy proof secure element generated certificates anonymous secure element attestations are described herein. An attestation certificate request can be generated that is signed using the static key of the secure element. The attestation certificate request can then be sent to an attestation server, which can verify the attestation certificate request and return an anonymized attestation certificate. The device containing the secure element can transmit the certificate to third parties to verify attestation data signed by the secure element using the certificate and provide assurance to the third parties that the data being attested to has been generated inside a secure element associated with a specific manufacturer.

Abstract: Systems, methods, and computer-readable media for preserving trust data during operating system updates of a secure element of an electronic device are provide. An update package is received to update an existing secure element operating system to a new secure element operating system by exporting trust data from the existing secure element operating system, after the exporting, uninstalling the existing secure element operating system, migrating the exported trust data using a migration operating system when a data format version of the existing secure element operating system is different than a data format version of the new secure element operating system, installing the new secure element operating system, and importing the migrated trust data into the installed new secure element operating system.

Abstract: A secure trusted service manager provider may include at least one processor configured to provide, to an electronic device, a first script to provision an applet instance corresponding to a third party server, the script including a public key corresponding to the third party server. The at least one processor may be configured to receive, from the electronic device, an encrypted symmetric key and provide the encrypted symmetric key to the third party server, the symmetric key being encrypted with the public key. The at least one processor may be configured to receive, from the third party server, an encrypted data element corresponding to a transaction to be performed by the applet instance, the encrypted data element being encrypted with the symmetric key, generate a second script that includes the encrypted data element and provide, to the electronic device, the second script that includes the encrypted data element.

Abstract: Systems, methods, and computer-readable media for preserving trust data during operating system updates of a secure element of an electronic device are provided.