Apple has filed a series of patent applications relating to the sharing and use of secure credentials such as tickets, passes, accounts and payments card information that includes proposed methods and systems for provisioning such credentials to second user devices.
The applications filed with the US Patent and Trademark Office (USPTO) cover techniques for the secure sharing of credential information, sharing and using passes or accounts, configuring an account for second user identity and the creation of restricted mobile accounts that “improve the security of provisioning credentials and processing transactions using secure credentials”.
Specific use cases described include the sharing of electronic passes for “an amusement park that includes near-field ticketing and debiting technology” among a group of friends.
“Such technology may require that each user device include its own unique credential that is associated with the user’s respective electronic ticket,” the application relating to the secure sharing of credential information explains.
“In this manner the tickets may uniquely identify each friend in the group.
“Using the provisioning system described herein, the user may provision the electronic passes on behalf of her friends.
“To begin, the user may open, on her user device (eg, a source user device), a third-party application hosted by the amusement park. Using this application, the user may request ‘sharing’ of the purchased electronic passes with each friend.
“Once initiated, the source user device generates a provisioning target package and encrypts the provisioning target package using a provisioning certificate chain provided by the provisioning system. The provisioning target package is encrypted in such a way that only the provisioning system can decrypt the provisioning target package.
“After encryption using the provisioning certificate chain, the provisioning target package may further be encrypted by a transport service of a messaging system that sends the provisioning target package (eg, end-to-end encryption).
“The messaging system may then send, via a messaging application on the source user device, the encrypted provisioning target package target user devices of each of the friends.
“Depending on the manner of sharing, the provisioning system or the messaging system may store the provisioning package. Each friend then opens the message and is led through a series of prompts, which includes authenticating his or her account with the provisioning system before the credential is activated on his or her respective device.
“Once activated, the friends can use their respective user devices to interact with the near-field ticketing and debiting technology, and because the credentials are unique to the accounts of the friends, the first user is not responsible for purchases of the friends.”
In the same application, Apple says that the techniques described provide “a more efficient process for provisioning credentials on remote devices”, giving the example use case of a parent sending an electronic pass to their child’s watch so that “the child may be able to enter an amusement park by tapping their watch to a reader at the park without the child having ever interacted with a provisioning user interface at their watch.
“In this manner, the credential may be automatically provisioned on the child’s watch without any input from the child.”
Apple applied for a patent for a user authentication framework relating to the storing and display of digital identity documents such as passports, diving licences and national ID cards in April.