公开(公告)号：US12265605B2

公开(公告)日：2025-04-01

申请号：US17943155

申请日：2022-09-12

Applicant: Apple Inc.

Inventor： Matthias Lerch ,  Florian Galdo

IPC: G06F21/45 ,  H04L9/40 ,  H04W12/06

Abstract: A device implementing a digital credential revocation system includes at least one processor configured to maintain a valid digital credential list, a revocation list, and a synchronization counter value. The at least one processor is configured to transmit a request to synchronize the valid digital credential list with an electronic device, the request including the valid digital credential list and the revocation list. The at least one processor is further configured to, in response to receipt of an updated valid digital credential list from the electronic device: clear the revocation list, replace the valid digital credential list with the updated valid digital credential list, and increment the synchronization counter value, and fulfill a received credential maintenance request when the received credential maintenance request comprises an other synchronization counter value that is greater than or equal to the incremented synchronization counter value, otherwise deny the received credential maintenance request.

公开(公告)号：US20220392286A1

公开(公告)日：2022-12-08

申请号：US17500394

申请日：2021-10-13

Applicant: APPLE INC.

Inventor： Oren M. Elrad ,  Florian Galdo

IPC: G07C9/00 ,  H04L9/30 ,  H04W12/06 ,  H04W12/041 ,  H04L9/32 ,  H04B5/00 ,  H04W4/33

Abstract: The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.

公开(公告)号：US11128478B2

公开(公告)日：2021-09-21

申请号：US16490418

申请日：2018-03-01

Applicant: Apple Inc.

Inventor： Florian Galdo ,  Arun G. Mathias ,  Matthias Lerch ,  Najeeb M. Abdulrahiman ,  Onur E. Tackin ,  Yannick Sierra

IPC: H04W12/50 ,  H04L9/32 ,  H04L9/08 ,  H04L29/06

Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.

公开(公告)号：US20200052905A1

公开(公告)日：2020-02-13

申请号：US16490418

申请日：2018-03-01

Applicant: Apple Inc.

Inventor： Arun G. Mathias ,  Florian Galdo ,  Matthias Lerch ,  Najeeb M. Abdulrahiman ,  Onur E. Tackin ,  Yannick Sierra

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.

公开(公告)号：US20240244683A1

公开(公告)日：2024-07-18

申请号：US18537062

申请日：2023-12-12

Applicant: Apple Inc.

Inventor： Lochan Verma ,  Martijn T. Haring ,  Florian Galdo ,  Su Khiong Yong ,  Siegfried Lehmann ,  Yann Ly-Gagnon

IPC: H04W76/11 ,  H04W76/14

CPC classification number: H04W76/11 ,  H04W76/14

Abstract: This disclosure relates to techniques for access control operation between devices in a wireless communication system. An access device may store reader group identifier information for one or more reader devices. The access device may receive an advertisement indication from a reader device in a wireless manner. The advertisement indication may include a reader group identifier for the reader device. The access device may determine that the reader group identifier information stored by the access device includes the reader group identifier indicated by the reader device. The access device may attempt to perform access control communication exchange with the reader device based at least in part on determining that the reader group identifier information stored by the access device includes the reader group identifier indicated by the reader device.

公开(公告)号：US11891015B2

公开(公告)日：2024-02-06

申请号：US17716817

申请日：2022-04-08

Applicant: Apple Inc.

Inventor： Matthias Lerch ,  Alexander D Pelletier ,  Florian Galdo ,  Gordon Y Scott ,  Oren M Elrad ,  Yogesh D Karandikar

IPC: B60R25/24 ,  G07C9/00 ,  H04W4/40 ,  H04L9/08

CPC classification number: B60R25/245 ,  G07C9/00309 ,  G07C9/00896 ,  H04L9/08 ,  H04W4/40 ,  B60R2325/108 ,  H04L2209/84

Abstract: During operation, an electronic device may provide, to a second electronic device, an invitation to share a digital car key associated with a user of the electronic device and a vehicle, where the invitation includes information for creating another instance of the digital car key on the second electronic device. Then, the electronic device may receive, from the second electronic device, a message accepting the invitation, where the message includes a certificate associated with the other instance of the digital car key on the second electronic device. Moreover, the electronic device may provide, to the second electronic device, an approved version of the certificate with a digital signature of the user. Next, the electronic device may provide, to the computer, an instruction to share the digital car key with a set of electronic devices, which is associated with a second user of the second electronic device.

公开(公告)号：US20230224709A1

公开(公告)日：2023-07-13

申请号：US17952186

申请日：2022-09-23

Applicant: Apple Inc.

Inventor： Matthias Lerch ,  Florian Galdo ,  Gordon Y. Scott

IPC: H04W12/122 ,  G07C9/00

CPC classification number: H04W12/122 ,  G07C9/00309 ,  G07C2009/00555

Abstract: Systems and methods for detecting and preventing a relay attack in a channel on which a near field communication (NFC) action between a key holder device and a reader is attempted are disclosed. A time limit is established for polling communications between the key holder device and the reader. Each of the reader and the key holder device generates a reader random value and a device random value respectively. The reader sends to the key holder device the reader random value, which includes the time limit for a response from the key holder device, the response including the device random value and the reader random value. The reader receives the response from the key holder device and can then determine whether the response from the key holder device is received within the time limit, to detect whether a relay attack can be made on the channel for the NFC action.

公开(公告)号：US20230396451A1

公开(公告)日：2023-12-07

申请号：US18141886

申请日：2023-05-01

Applicant: Apple Inc.

Inventor： Manuel Roman Cuesta ,  Brandon K. Leventhal ,  Keith W. Rauenbuehler ,  Florian Galdo

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/3213

Abstract: Aspects of the disclosure include a method for delegating the authority to create a token from an owner of a property to a sharing platform managing the reservation of the property. A method can include receiving a request to delegate authority for generating a token for a one or more accessory devices, the delegation to be to a sharing platform. Based on the request, a request for a determination of eligibility of the device for delegation of the authority. A determination of eligibility of the device for delegation of the authority can be received. An intermediate certificate from the sharing platform can be requests based on the determination of eligibility of the device. A delegation file that identifies an approved delegation of authority can be created based on using the intermediate certificate to validate the sharing platform.

公开(公告)号：US20190098499A1

公开(公告)日：2019-03-28

申请号：US15718242

申请日：2017-09-28

Applicant: Apple Inc.

Inventor： Matthias LERCH ,  Florian Galdo

IPC: H04W12/06 ,  H04W76/02 ,  H04W12/12

Abstract: The present disclosure includes an electronic device for selecting a credential based at least in part on location information. The electronic device can include a secure transaction subsystem and a processor. The secure transaction subsystem can be configured to store a plurality of credentials. The processor can be communicatively coupled to the secure transaction subsystem and configured to receive the location information from one or more radios. Further, the processor can be configured to determine that a distance between the electronic device and a terminal is less than a predetermined distance based on the location information. In response to determining the distance between the electronic device and the terminal is less than the predetermined distance, the processor can be configured to select the credential from the plurality of credentials based at least in part on the type of terminal.

公开(公告)号：US20240062602A1

公开(公告)日：2024-02-22

申请号：US18241052

申请日：2023-08-31

Applicant: APPLE INC.

Inventor： Oren M. Elrad ,  Florian Galdo

IPC: G07C9/00 ,  H04L9/30 ,  H04W12/06 ,  H04L9/32 ,  H04B5/00 ,  H04W4/33 ,  H04W12/041

CPC classification number: G07C9/00896 ,  H04L9/3073 ,  H04W12/068 ,  H04L9/3247 ,  H04B5/0056 ,  H04W4/33 ,  H04W12/041 ,  H04L2209/80

Abstract: The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.