公开(公告)号：US11888594B2

公开(公告)日：2024-01-30

申请号：US17479571

申请日：2021-09-20

Applicant: Apple Inc.

Inventor： Florian Galdo ,  Arun G. Mathias ,  Matthias Lerch ,  Najeeb M. Abdulrahiman ,  Onur E. Tackin ,  Yannick Sierra

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/40

CPC classification number: H04L9/3263 ,  H04L9/0841 ,  H04L9/3247 ,  H04L63/0823

Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.

公开(公告)号：US20220078029A1

公开(公告)日：2022-03-10

申请号：US17479571

申请日：2021-09-20

Applicant: Apple Inc.

Inventor： Florian Galdo ,  Arun G. Mathias ,  Matthias Lerch ,  Najeeb M. Abdulrahiman ,  Onur E. Tackin ,  Yannick Sierra

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.

公开(公告)号：US11190507B2

公开(公告)日：2021-11-30

申请号：US16267314

申请日：2019-02-04

Applicant: Apple Inc.

Inventor： Matthias Lerch ,  Florian Galdo

IPC: H04L29/06 ,  G07C9/00 ,  G07C9/28

Abstract: A device implementing a trusted device establishment system includes at least one processor configured to receive, via a direct wireless connection and from an other device, a public key associated with the other device and an indication of a data item previously provided to the other device via an out-of-band channel. The at least one processor is further configured to verify that the indication of the data item corresponds to the data item previously provided to the other device, and store, in a secure memory region, the public key in association with an identifier corresponding to the other device when the indication of the data item is verified. The at least one processor is further configured to authorize the public key to access a secure device based at least in part on the public key being stored in the secure memory region.

公开(公告)号：US20230322185A1

公开(公告)日：2023-10-12

申请号：US17716817

申请日：2022-04-08

Applicant: Apple Inc.

Inventor： Matthias Lerch ,  Alexander D. Pelletier ,  Florian Galdo ,  Gordon Y. Scott ,  Oren M. Elrad ,  Yogesh D. Karandikar

IPC: B60R25/24 ,  G07C9/00 ,  H04L9/08 ,  H04W4/40

CPC classification number: B60R25/245 ,  G07C9/00309 ,  G07C9/00896 ,  H04L2209/84 ,  H04W4/40 ,  B60R2325/108 ,  H04L9/08

Abstract: During operation, an electronic device may provide, to a second electronic device, an invitation to share a digital car key associated with a user of the electronic device and a vehicle, where the invitation includes information for creating another instance of the digital car key on the second electronic device. Then, the electronic device may receive, from the second electronic device, a message accepting the invitation, where the message includes a certificate associated with the other instance of the digital car key on the second electronic device. Moreover, the electronic device may provide, to the second electronic device, an approved version of the certificate with a digital signature of the user. Next, the electronic device may provide, to the computer, an instruction to share the digital car key with a set of electronic devices, which is associated with a second user of the second electronic device.

公开(公告)号：US11783654B2

公开(公告)日：2023-10-10

申请号：US17500394

申请日：2021-10-13

Applicant: APPLE INC.

Inventor： Oren M. Elrad ,  Florian Galdo

IPC: G07C9/00 ,  H04L9/30 ,  H04W12/06 ,  H04W12/041 ,  H04L9/32 ,  H04B5/00 ,  H04W4/33

CPC classification number: G07C9/00896 ,  H04B5/0056 ,  H04L9/3073 ,  H04L9/3247 ,  H04W4/33 ,  H04W12/041 ,  H04W12/068 ,  H04L2209/80

Abstract: The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.

公开(公告)号：US11777936B2

公开(公告)日：2023-10-03

申请号：US17251140

申请日：2019-06-07

Applicant: Apple Inc.

Inventor： Florian Galdo ,  Stephanie R. Martin ,  Yannick L. Sierra ,  Ivan Krstic ,  Christopher A. Volkert ,  Najeeb M. Abdulrahiman ,  Matthias Lerch ,  Onur E. Tackin ,  Kyle C. Brogle

IPC: H04L9/40 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32 ,  H04W12/03 ,  G06Q20/38 ,  H04W4/12

CPC classification number: H04L63/10 ,  G06F21/335 ,  H04L9/0894 ,  H04L9/3213 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/0823 ,  G06Q20/3825 ,  G06Q20/3829 ,  G06Q2220/00 ,  G06Q2240/00 ,  H04L2209/84 ,  H04W4/12 ,  H04W12/03

Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.

公开(公告)号：US11443028B2

公开(公告)日：2022-09-13

申请号：US16578198

申请日：2019-09-20

Applicant: Apple Inc.

Inventor： Matthias Lerch ,  Florian Galdo

IPC: G06F21/45 ,  H04W12/06 ,  H04L9/40

Abstract: A device implementing a digital credential revocation system includes at least one processor configured to maintain a valid digital credential list, a revocation list, and a synchronization counter value. The at least one processor is configured to transmit a request to synchronize the valid digital credential list with an electronic device, the request including the valid digital credential list and the revocation list. The at least one processor is further configured to, in response to receipt of an updated valid digital credential list from the electronic device: clear the revocation list, replace the valid digital credential list with the updated valid digital credential list, and increment the synchronization counter value, and fulfill a received credential maintenance request when the received credential maintenance request comprises an other synchronization counter value that is greater than or equal to the incremented synchronization counter value, otherwise deny the received credential maintenance request.

公开(公告)号：US20210250355A1

公开(公告)日：2021-08-12

申请号：US17251140

申请日：2019-06-07

Applicant: Apple Inc.

Inventor： Florian Galdo ,  Stephanie R. Martin ,  Yannick L. Sierra ,  Ivan Krstic ,  Christopher A. Volkert ,  Najeeb M. Abdulrahiman ,  Matthias Lerch ,  Onur E. Tackin ,  Kyle C. Brogle

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33 ,  H04L9/08

Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.

公开(公告)号：US10972911B2

公开(公告)日：2021-04-06

申请号：US15718242

申请日：2017-09-28

Applicant: Apple Inc.

Inventor： Matthias Lerch ,  Florian Galdo

IPC: G06F7/04 ,  G06F15/16 ,  H04L29/06 ,  H04W12/06 ,  H04W12/12 ,  H04W76/10 ,  G06Q20/38 ,  G06Q20/22 ,  G06Q20/32 ,  G06Q20/20 ,  G01S5/14 ,  H04W4/80

Abstract: The present disclosure includes an electronic device for selecting a credential based at least in part on location information. The electronic device can include a secure transaction subsystem and a processor. The secure transaction subsystem can be configured to store a plurality of credentials. The processor can be communicatively coupled to the secure transaction subsystem and configured to receive the location information from one or more radios. Further, the processor can be configured to determine that a distance between the electronic device and a terminal is less than a predetermined distance based on the location information. In response to determining the distance between the electronic device and the terminal is less than the predetermined distance, the processor can be configured to select the credential from the plurality of credentials based at least in part on the type of terminal.