Patents by Inventor Oren M. Elrad
Oren M. Elrad has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240062602Abstract: The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.Type: ApplicationFiled: August 31, 2023Publication date: February 22, 2024Inventors: Oren M. Elrad, Florian Galdo
-
Patent number: 11891015Abstract: During operation, an electronic device may provide, to a second electronic device, an invitation to share a digital car key associated with a user of the electronic device and a vehicle, where the invitation includes information for creating another instance of the digital car key on the second electronic device. Then, the electronic device may receive, from the second electronic device, a message accepting the invitation, where the message includes a certificate associated with the other instance of the digital car key on the second electronic device. Moreover, the electronic device may provide, to the second electronic device, an approved version of the certificate with a digital signature of the user. Next, the electronic device may provide, to the computer, an instruction to share the digital car key with a set of electronic devices, which is associated with a second user of the second electronic device.Type: GrantFiled: April 8, 2022Date of Patent: February 6, 2024Assignee: Apple Inc.Inventors: Matthias Lerch, Alexander D Pelletier, Florian Galdo, Gordon Y Scott, Oren M Elrad, Yogesh D Karandikar
-
Publication number: 20240037533Abstract: A device implementing an express credential transaction system includes at least one processor configured to receive an indication that a payment applet for a service provider has been provisioned on a secure element of the device with a first attribute indicating that the payment applet can be utilized for a transaction without authentication associated with the transaction. The processor is configured to set the first attribute of the payment applet to indicate that authentication is required to utilize the payment applet when another payment applet for the service provider provisioned on the secure element of the device has an attribute that indicates the other payment applet can be utilized for the transaction without user authentication. The at least one processor is configured to control whether the user authentication is requested when utilizing the payment applet or the other payment applet, respectively, in transactions.Type: ApplicationFiled: October 10, 2023Publication date: February 1, 2024Inventors: Najeeb M. ABDULRAHIMAN, Matthias LERCH, George R. DICKER, Oren M. ELRAD, Glen W. STEELE, Charles T. AHN, Onur E. TACKIN, Gordon Y. SCOTT
-
Publication number: 20230351377Abstract: Techniques are disclosed relating to authenticate a user with a mobile device. In one embodiment, a computing device includes a short-range radio and a secure element. The computing device reads, via the short-range radio, a portion of credential information stored in a circuit embedded in an identification document issued by an authority to a user for establishing an identity of the user. The computing device issues, to the authority, a request to store the credential information, the request specifying the portion of the credential information. In response to an approval of the request, the computing device stores the credential information in the secure element, the credential information being usable to establish the identity of the user. In some embodiments, the identification document is a passport that includes a radio-frequency identification (RFID) circuit storing the credential information, and the request specifies a passport number read from the RFID circuit.Type: ApplicationFiled: June 23, 2023Publication date: November 2, 2023Inventors: Herve Sibert, Onur E. Tackin, Matthias Lerch, Ahmer A. Khan, Franck Rakotomalala, Oren M. Elrad
-
Patent number: 11790365Abstract: Techniques are disclosed relating to secure data storage. In various embodiments, a mobile device includes a wireless interface, a secure element, and a secure circuit. The secure element is configured to store confidential information associated with a plurality of users and to receive a request to communicate the confidential information associated with a particular one of the plurality of users. The secure element is further configured to communicate, via the wireless interface, the confidential information associated with the particular user in response to an authentication of the particular user. The secure circuit is configured to perform the authentication of the particular user. In some embodiments, the mobile device also includes a biosensor configured to collect biometric information from a user of the mobile device. In such an embodiment, the secure circuit is configured to store biometric information collected from the plurality of users by the biosensor.Type: GrantFiled: July 23, 2021Date of Patent: October 17, 2023Assignee: Apple Inc.Inventors: Herve Sibert, Oren M. Elrad, Jerrold V. Hauck, Onur E. Tackin, Zachary A. Rosen, Matthias Lerch
-
Publication number: 20230322186Abstract: An electronic device that at least semi-automatically performs car-key pairing is described. During operation, the electronic device may perform wireless pairing with a second electronic device (e.g., a vehicle), where the wireless pairing establishes a connection between the electronic device and the second electronic device. Moreover, during the wireless pairing, the electronic device may receive information associated with the car-key pairing of the electronic device and the second electronic device. Then, after the wireless pairing is completed, the electronic device may determine that the car-key pairing is supported or available based at least in part on the information.Type: ApplicationFiled: April 8, 2022Publication date: October 12, 2023Inventors: Matthias Lerch, Gordon Y. Scott, Najeeb M. Abdulrahiman, Oren M. Elrad
-
Publication number: 20230322185Abstract: During operation, an electronic device may provide, to a second electronic device, an invitation to share a digital car key associated with a user of the electronic device and a vehicle, where the invitation includes information for creating another instance of the digital car key on the second electronic device. Then, the electronic device may receive, from the second electronic device, a message accepting the invitation, where the message includes a certificate associated with the other instance of the digital car key on the second electronic device. Moreover, the electronic device may provide, to the second electronic device, an approved version of the certificate with a digital signature of the user. Next, the electronic device may provide, to the computer, an instruction to share the digital car key with a set of electronic devices, which is associated with a second user of the second electronic device.Type: ApplicationFiled: April 8, 2022Publication date: October 12, 2023Inventors: Matthias Lerch, Alexander D. Pelletier, Florian Galdo, Gordon Y. Scott, Oren M. Elrad, Yogesh D. Karandikar
-
Patent number: 11783654Abstract: The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.Type: GrantFiled: October 13, 2021Date of Patent: October 10, 2023Assignee: APPLE INC.Inventors: Oren M. Elrad, Florian Galdo
-
Patent number: 11734678Abstract: Techniques are disclosed relating to authenticate a user with a mobile device. In one embodiment, a computing device includes a short-range radio and a secure element. The computing device reads, via the short-range radio, a portion of credential information stored in a circuit embedded in an identification document issued by an authority to a user for establishing an identity of the user. The computing device issues, to the authority, a request to store the credential information, the request specifying the portion of the credential information. In response to an approval of the request, the computing device stores the credential information in the secure element, the credential information being usable to establish the identity of the user. In some embodiments, the identification document is a passport that includes a radio-frequency identification (RFID) circuit storing the credential information, and the request specifies a passport number read from the RFID circuit.Type: GrantFiled: January 25, 2017Date of Patent: August 22, 2023Assignee: Apple Inc.Inventors: Herve Sibert, Onur E. Tackin, Matthias Lerch, Ahmer A. Khan, Franck Rakotomalala, Oren M. Elrad
-
Publication number: 20230108614Abstract: A user device including near-field communication (NFC) circuitry may receive a polling message from an NFC terminal. The user device may obtain information based at least in part on the polling message. The user device may determine a characteristic of the NFC terminal based at least in part on the information. The characteristic may be indicative of a radio frequency (RF) field strength of the NFC terminal. The user device may adjust an RF setting of the NFC circuitry based at least in part on the characteristic. The RF setting may correspond to an RF sensitivity of the NFC circuitry.Type: ApplicationFiled: September 22, 2022Publication date: April 6, 2023Applicant: Apple Inc.Inventors: Vignesh Babu Moorthy, Rahul Narayan Singh, Gordon Y. Scott, Ho Cheung Chung, Nischay Goel, Mahendra Bangalore, Nitin Byregowda, Vincent Chauvin, Oren M. Elrad
-
Publication number: 20220392286Abstract: The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.Type: ApplicationFiled: October 13, 2021Publication date: December 8, 2022Inventors: Oren M. Elrad, Florian Galdo
-
Publication number: 20220101301Abstract: A device implementing a scalable wireless transaction system includes at least one processor configured to receive, from a wireless transaction system server, a list of wireless transaction group identifiers, and an indication of at least one applet associated with each of the wireless transaction group identifiers. The at least one processor is further configured to receive, from a wireless transaction device, a polling frame that includes one of the wireless transaction device group identifiers. The at least one processor is further configured to select an applet provisioned on a device secure element that is assigned to the wireless transaction group identifier, the assigning being based at least in part on the received list. The at least one processor is further configured to utilize the selected applet to perform a wireless transaction with the wireless transaction device.Type: ApplicationFiled: December 13, 2021Publication date: March 31, 2022Inventors: Matthias LERCH, Ahmer A. KHAN, Oren M. ELRAD, Franck RAKOTOMALALA
-
Publication number: 20220051257Abstract: Techniques are disclosed relating to secure data storage. In various embodiments, a mobile device includes a wireless interface, a secure element, and a secure circuit. The secure element is configured to store confidential information associated with a plurality of users and to receive a request to communicate the confidential information associated with a particular one of the plurality of users. The secure element is further configured to communicate, via the wireless interface, the confidential information associated with the particular user in response to an authentication of the particular user. The secure circuit is configured to perform the authentication of the particular user. In some embodiments, the mobile device also includes a biosensor configured to collect biometric information from a user of the mobile device. In such an embodiment, the secure circuit is configured to store biometric information collected from the plurality of users by the biosensor.Type: ApplicationFiled: July 23, 2021Publication date: February 17, 2022Inventors: Herve Sibert, Oren M. Elrad, Jerrold V. Hauck, Onur E. Tackin, Zachary A. Rosen, Matthias Lerch
-
Patent number: 11228421Abstract: Secure secrets can be used, in one embodiment, to generate a master key. In one embodiment, a first secret value, generated and stored in a first secure element, can be used with a user's credential (e.g., a user's passcode) to generate, through a first key derivation function, a second secret value. A master key can then be generated through a second key derivation function based on the second secret value and a derived or stored secret such as a device's unique identifier.Type: GrantFiled: January 30, 2018Date of Patent: January 18, 2022Assignee: Apple Inc.Inventors: Arthur Mesh, Jerrold V. Hauck, Pierre-Olivier J. Martel, Wade Benson, Oren M. Elrad
-
Patent number: 11200557Abstract: A device implementing a scalable wireless transaction system includes at least one processor configured to receive, from a wireless transaction system server, a list of wireless transaction group identifiers, and an indication of at least one applet associated with each of the wireless transaction group identifiers. The at least one processor is further configured to receive, from a wireless transaction device, a polling frame that includes one of the wireless transaction device group identifiers. The at least one processor is further configured to select an applet provisioned on a device secure element that is assigned to the wireless transaction group identifier, the assigning being based at least in part on the received list. The at least one processor is further configured to utilize the selected applet to perform a wireless transaction with the wireless transaction device.Type: GrantFiled: May 30, 2019Date of Patent: December 14, 2021Assignee: Apple Inc.Inventors: Matthias Lerch, Ahmer A. Khan, Oren M. Elrad, Franck Rakotomalala
-
Patent number: 11074582Abstract: Techniques are disclosed relating to secure data storage. In various embodiments, a mobile device includes a wireless interface, a secure element, and a secure circuit. The secure element is configured to store confidential information associated with a plurality of users and to receive a request to communicate the confidential information associated with a particular one of the plurality of users. The secure element is further configured to communicate, via the wireless interface, the confidential information associated with the particular user in response to an authentication of the particular user. The secure circuit is configured to perform the authentication of the particular user. In some embodiments, the mobile device also includes a biosensor configured to collect biometric information from a user of the mobile device. In such an embodiment, the secure circuit is configured to store biometric information collected from the plurality of users by the biosensor.Type: GrantFiled: September 20, 2017Date of Patent: July 27, 2021Assignee: Apple Inc.Inventors: Herve Sibert, Oren M. Elrad, Jerrold V. Hauck, Onur E. Tackin, Zachary A. Rosen, Matthias Lerch
-
Patent number: 10936719Abstract: Systems, methods, and computer-readable media for preserving trust data during operating system updates of a secure element of an electronic device are provide. An update package is received to update an existing secure element operating system to a new secure element operating system by exporting trust data from the existing secure element operating system, after the exporting, uninstalling the existing secure element operating system, migrating the exported trust data using a migration operating system when a data format version of the existing secure element operating system is different than a data format version of the new secure element operating system, installing the new secure element operating system, and importing the migrated trust data into the installed new secure element operating system.Type: GrantFiled: September 21, 2017Date of Patent: March 2, 2021Assignee: Apple Inc.Inventors: Hervé Sibert, Matthias Lerch, Oren M. Elrad, Peng Liu, Rahul Narayan Singh
-
Patent number: 10579997Abstract: Techniques are disclosed relating to authenticate a user with a mobile device. In one embodiment, a computing device includes a short-range radio and a secure element. The computing device reads, via the short-range radio, a portion of credential information stored in a circuit embedded in an identification document issued by an authority to a user for establishing an identity of the user. The computing device issues, to the authority, a request to store the credential information, the request specifying the portion of the credential information. In response to an approval of the request, the computing device stores the credential information in the secure element, the credential information being usable to establish the identity of the user. In some embodiments, the identification document is a passport that includes a radio-frequency identification (RFID) circuit storing the credential information, and the request specifies a passport number read from the RFID circuit.Type: GrantFiled: March 30, 2018Date of Patent: March 3, 2020Assignee: Apple Inc.Inventors: Herve Sibert, Onur E. Tackin, Matthias Lerch, Ahmer A. Khan, Franck Rakotomalala, Oren M. Elrad
-
Publication number: 20190370778Abstract: A device implementing a scalable wireless transaction system includes at least one processor configured to receive, from a wireless transaction system server, a list of wireless transaction group identifiers, and an indication of at least one applet associated with each of the wireless transaction group identifiers. The at least one processor is further configured to receive, from a wireless transaction device, a polling frame that includes one of the wireless transaction device group identifiers. The at least one processor is further configured to select an applet provisioned on a device secure element that is assigned to the wireless transaction group identifier, the assigning being based at least in part on the received list. The at least one processor is further configured to utilize the selected applet to perform a wireless transaction with the wireless transaction device.Type: ApplicationFiled: May 30, 2019Publication date: December 5, 2019Inventors: Matthias LERCH, Ahmer A. KHAN, Oren M. ELRAD, Franck RAKOTOMALALA
-
Patent number: 10303884Abstract: A device facilitating countersigning updates for multi-chip devices includes at least one processor configured to receive, from a collocated chip, a data item and a software update, the data item being signed using a private key corresponding to a primary entity associated with the collocated chip and the data item comprising an authentication code generated using a symmetric key corresponding to a secondary entity associated with the software update. At least one processor is further configured to verify the data item using a public key associated with the primary entity. At least one processor is further configured to verify the software update based at least in part on the authentication code and using the symmetric key corresponding to the primary entity. At least one processor is further configured to install the software update when both the data item and the software update are verified, otherwise discard the software update.Type: GrantFiled: May 5, 2017Date of Patent: May 28, 2019Assignee: APPLE INC.Inventors: Peng Liu, Ahmer A. Khan, Onur E. Tackin, Oren M. Elrad