Patents by Inventor Florian Galdo
Florian Galdo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240062602Abstract: The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.Type: ApplicationFiled: August 31, 2023Publication date: February 22, 2024Inventors: Oren M. Elrad, Florian Galdo
-
Patent number: 11891015Abstract: During operation, an electronic device may provide, to a second electronic device, an invitation to share a digital car key associated with a user of the electronic device and a vehicle, where the invitation includes information for creating another instance of the digital car key on the second electronic device. Then, the electronic device may receive, from the second electronic device, a message accepting the invitation, where the message includes a certificate associated with the other instance of the digital car key on the second electronic device. Moreover, the electronic device may provide, to the second electronic device, an approved version of the certificate with a digital signature of the user. Next, the electronic device may provide, to the computer, an instruction to share the digital car key with a set of electronic devices, which is associated with a second user of the second electronic device.Type: GrantFiled: April 8, 2022Date of Patent: February 6, 2024Assignee: Apple Inc.Inventors: Matthias Lerch, Alexander D Pelletier, Florian Galdo, Gordon Y Scott, Oren M Elrad, Yogesh D Karandikar
-
Patent number: 11888594Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.Type: GrantFiled: September 20, 2021Date of Patent: January 30, 2024Assignee: Apple Inc.Inventors: Florian Galdo, Arun G. Mathias, Matthias Lerch, Najeeb M. Abdulrahiman, Onur E. Tackin, Yannick Sierra
-
Publication number: 20230396451Abstract: Aspects of the disclosure include a method for delegating the authority to create a token from an owner of a property to a sharing platform managing the reservation of the property. A method can include receiving a request to delegate authority for generating a token for a one or more accessory devices, the delegation to be to a sharing platform. Based on the request, a request for a determination of eligibility of the device for delegation of the authority. A determination of eligibility of the device for delegation of the authority can be received. An intermediate certificate from the sharing platform can be requests based on the determination of eligibility of the device. A delegation file that identifies an approved delegation of authority can be created based on using the intermediate certificate to validate the sharing platform.Type: ApplicationFiled: May 1, 2023Publication date: December 7, 2023Applicant: Apple Inc.Inventors: Manuel Roman Cuesta, Brandon K. Leventhal, Keith W. Rauenbuehler, Florian Galdo
-
Publication number: 20230322185Abstract: During operation, an electronic device may provide, to a second electronic device, an invitation to share a digital car key associated with a user of the electronic device and a vehicle, where the invitation includes information for creating another instance of the digital car key on the second electronic device. Then, the electronic device may receive, from the second electronic device, a message accepting the invitation, where the message includes a certificate associated with the other instance of the digital car key on the second electronic device. Moreover, the electronic device may provide, to the second electronic device, an approved version of the certificate with a digital signature of the user. Next, the electronic device may provide, to the computer, an instruction to share the digital car key with a set of electronic devices, which is associated with a second user of the second electronic device.Type: ApplicationFiled: April 8, 2022Publication date: October 12, 2023Inventors: Matthias Lerch, Alexander D. Pelletier, Florian Galdo, Gordon Y. Scott, Oren M. Elrad, Yogesh D. Karandikar
-
Patent number: 11783654Abstract: The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.Type: GrantFiled: October 13, 2021Date of Patent: October 10, 2023Assignee: APPLE INC.Inventors: Oren M. Elrad, Florian Galdo
-
Patent number: 11777936Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.Type: GrantFiled: June 7, 2019Date of Patent: October 3, 2023Assignee: Apple Inc.Inventors: Florian Galdo, Stephanie R. Martin, Yannick L. Sierra, Ivan Krstic, Christopher A. Volkert, Najeeb M. Abdulrahiman, Matthias Lerch, Onur E. Tackin, Kyle C. Brogle
-
Publication number: 20230224709Abstract: Systems and methods for detecting and preventing a relay attack in a channel on which a near field communication (NFC) action between a key holder device and a reader is attempted are disclosed. A time limit is established for polling communications between the key holder device and the reader. Each of the reader and the key holder device generates a reader random value and a device random value respectively. The reader sends to the key holder device the reader random value, which includes the time limit for a response from the key holder device, the response including the device random value and the reader random value. The reader receives the response from the key holder device and can then determine whether the response from the key holder device is received within the time limit, to detect whether a relay attack can be made on the channel for the NFC action.Type: ApplicationFiled: September 23, 2022Publication date: July 13, 2023Applicant: Apple Inc.Inventors: Matthias Lerch, Florian Galdo, Gordon Y. Scott
-
Publication number: 20230004636Abstract: A device implementing a digital credential revocation system includes at least one processor configured to maintain a valid digital credential list, a revocation list, and a synchronization counter value. The at least one processor is configured to transmit a request to synchronize the valid digital credential list with an electronic device, the request including the valid digital credential list and the revocation list.Type: ApplicationFiled: September 12, 2022Publication date: January 5, 2023Inventors: Matthias LERCH, Florian GALDO
-
Publication number: 20220392286Abstract: The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.Type: ApplicationFiled: October 13, 2021Publication date: December 8, 2022Inventors: Oren M. Elrad, Florian Galdo
-
Patent number: 11443028Abstract: A device implementing a digital credential revocation system includes at least one processor configured to maintain a valid digital credential list, a revocation list, and a synchronization counter value. The at least one processor is configured to transmit a request to synchronize the valid digital credential list with an electronic device, the request including the valid digital credential list and the revocation list.Type: GrantFiled: September 20, 2019Date of Patent: September 13, 2022Assignee: Apple Inc.Inventors: Matthias Lerch, Florian Galdo
-
Publication number: 20220078029Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.Type: ApplicationFiled: September 20, 2021Publication date: March 10, 2022Inventors: Florian Galdo, Arun G. Mathias, Matthias Lerch, Najeeb M. Abdulrahiman, Onur E. Tackin, Yannick Sierra
-
Patent number: 11190507Abstract: A device implementing a trusted device establishment system includes at least one processor configured to receive, via a direct wireless connection and from an other device, a public key associated with the other device and an indication of a data item previously provided to the other device via an out-of-band channel. The at least one processor is further configured to verify that the indication of the data item corresponds to the data item previously provided to the other device, and store, in a secure memory region, the public key in association with an identifier corresponding to the other device when the indication of the data item is verified. The at least one processor is further configured to authorize the public key to access a secure device based at least in part on the public key being stored in the secure memory region.Type: GrantFiled: February 4, 2019Date of Patent: November 30, 2021Assignee: Apple Inc.Inventors: Matthias Lerch, Florian Galdo
-
Patent number: 11128478Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.Type: GrantFiled: March 1, 2018Date of Patent: September 21, 2021Assignee: Apple Inc.Inventors: Florian Galdo, Arun G. Mathias, Matthias Lerch, Najeeb M. Abdulrahiman, Onur E. Tackin, Yannick Sierra
-
Publication number: 20210250355Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.Type: ApplicationFiled: June 7, 2019Publication date: August 12, 2021Inventors: Florian Galdo, Stephanie R. Martin, Yannick L. Sierra, Ivan Krstic, Christopher A. Volkert, Najeeb M. Abdulrahiman, Matthias Lerch, Onur E. Tackin, Kyle C. Brogle
-
Patent number: 10972911Abstract: The present disclosure includes an electronic device for selecting a credential based at least in part on location information. The electronic device can include a secure transaction subsystem and a processor. The secure transaction subsystem can be configured to store a plurality of credentials. The processor can be communicatively coupled to the secure transaction subsystem and configured to receive the location information from one or more radios. Further, the processor can be configured to determine that a distance between the electronic device and a terminal is less than a predetermined distance based on the location information. In response to determining the distance between the electronic device and the terminal is less than the predetermined distance, the processor can be configured to select the credential from the plurality of credentials based at least in part on the type of terminal.Type: GrantFiled: September 28, 2017Date of Patent: April 6, 2021Assignee: Apple Inc.Inventors: Matthias Lerch, Florian Galdo
-
Publication number: 20200104481Abstract: A device implementing a digital credential revocation system includes at least one processor configured to maintain a valid digital credential list, a revocation list, and a synchronization counter value. The at least one processor is configured to transmit a request to synchronize the valid digital credential list with an electronic device, the request including the valid digital credential list and the revocation list.Type: ApplicationFiled: September 20, 2019Publication date: April 2, 2020Inventors: Matthias LERCH, Florian GALDO
-
Publication number: 20200106774Abstract: A device implementing a trusted device establishment system includes at least one processor configured to receive, via a direct wireless connection and from an other device, a public key associated with the other device and an indication of a data item previously provided to the other device via an out-of-band channel. The at least one processor is further configured to verify that the indication of the data item corresponds to the data item previously provided to the other device, and store, in a secure memory region, the public key in association with an identifier corresponding to the other device when the indication of the data item is verified. The at least one processor is further configured to authorize the public key to access a secure device based at least in part on the public key being stored in the secure memory region.Type: ApplicationFiled: February 4, 2019Publication date: April 2, 2020Inventors: Matthias LERCH, Florian GALDO
-
Patent number: 10581589Abstract: A method for the authentication of a first electronic entity (C) by a second electronic entity (H), wherein the first electronic entity (C) implements the following steps: reception of a challenge (HCH) from the second electronic entity (H); generation of a number (CCH) according to a current value of a counter (SQC) and a first secret key (K-ENC); generation of a cryptogram (CAC) according to the challenge (HCH) and a second secret key (S-MAC); and transmission of a response including the cryptogram (CAC) to the second electronic entity (H), without transmission of the number (CCH).Type: GrantFiled: May 29, 2015Date of Patent: March 3, 2020Assignee: IDEMIA FRANCEInventors: Emmanuelle Dottax, Florian Galdo, Jean-Philippe Vallieres
-
Publication number: 20200052905Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.Type: ApplicationFiled: March 1, 2018Publication date: February 13, 2020Inventors: Arun G. Mathias, Florian Galdo, Matthias Lerch, Najeeb M. Abdulrahiman, Onur E. Tackin, Yannick Sierra