公开(公告)号：US20190272101A1

公开(公告)日：2019-09-05

申请号：US16250890

申请日：2019-01-17

Applicant: Apple Inc.

Inventor： Mitchell D. ADLER ,  Michael BROUWER ,  Andrew R. WHALLEY ,  John C. HURLEY ,  Richard F. MURPHY ,  David P. FINKELSTEIN

IPC: G06F3/06 ,  G06Q90/00 ,  H04L9/32 ,  G06Q10/10 ,  G06Q10/06 ,  H04W4/08 ,  H04L29/08

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

公开(公告)号：US20190286614A1

公开(公告)日：2019-09-19

申请号：US16428914

申请日：2019-05-31

Applicant: Apple Inc.

Inventor： Per Love HORNQUIST ASTRAND ,  Benjamin I. WILLIAMSON ,  Keaton F. MOWERY ,  Mitchell D. ADLER ,  Michelle A. AURICCHIO ,  Luke T. HIESTERMAN

IPC: G06F16/178 ,  H04L9/08 ,  H04L9/30 ,  G06F16/182

Abstract: The subject technology may be implemented by a device that includes at least one processor configured to encrypt a data object based at least in part on an encryption key. The at least one processor may be further configured to sign the encrypted data object with a private key and transmit the signed encrypted data object to a server for retrieval by another device. The at least one processor may be further configured to generate a sharing object corresponding to the data object, wherein the sharing object includes an encryption key and a public key that corresponds to the private key. The at least one processor may be further configured to encrypt the sharing object using a key of the other device and transmit, over a secure channel, the encrypted sharing object to the other device for subsequent retrieval and verification of the signed data object from the server.

公开(公告)号：US20190171465A1

公开(公告)日：2019-06-06

申请号：US16264478

申请日：2019-01-31

Applicant: Apple Inc.

Inventor： Wade BENSON ,  Marc J. KROCHMAL ,  Alexander R. LEDWITH ,  John IAROCCI ,  Jerrold V. HAUCK ,  Michael BROUWER ,  Mitchell D. ADLER ,  Yannick L. SIERRA

IPC: G06F9/445 ,  H04L29/06 ,  H04L9/08 ,  H04W12/08 ,  H04L9/14 ,  H04L9/32 ,  H04W12/06 ,  H04W12/04

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US20190261174A1

公开(公告)日：2019-08-22

申请号：US16279961

申请日：2019-02-19

Applicant: Apple Inc.

Inventor： Mitchell D. ADLER ,  Yannick L. SIERRA ,  Ganesha A.G. BATTA ,  Michael GILES ,  Akshay M. SRIVATSA ,  Craig P. DOOLEY ,  Sriram HARIHARAN ,  Robert D. WATSON

IPC: H04W12/04 ,  H04L9/14 ,  H04L29/06 ,  H04L9/08

Abstract: Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.

公开(公告)号：US20190182041A1

公开(公告)日：2019-06-13

申请号：US16186426

申请日：2018-11-09

Applicant: Apple Inc.

Inventor： Dallas B. DE ATLEY ,  Jerrold V. HAUCK ,  Mitchell D. ADLER

IPC: H04L9/08 ,  H04L29/06 ,  G06F21/64 ,  G06F21/62 ,  G06F21/00 ,  G06F21/44 ,  G06F21/33 ,  G06F21/60

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US20180352030A1

公开(公告)日：2018-12-06

申请号：US15996390

申请日：2018-06-01

Applicant: Apple Inc.

Inventor： Per Love HORNQUIST ASTRAND ,  Benjamin I. WILLIAMSON ,  Keaton F. MOWERY ,  Mitchell D. ADLER ,  Michelle A. AURICCHIO ,  Luke T. HIESTERMAN

IPC: H04L29/08

Abstract: Some embodiments of the subject technology provide a novel system for synchronizing content items among a group of peer devices. The content synchronizing system of some embodiments includes the group of peer devices and a set of one or more synchronizing servers communicatively connected with the peer devices through one or more networks. In some embodiments, the synchronizing system uses a star architecture, in which each peer device offloads its synchronization operations to the synchronizing server set. Without establishing a peer-to-peer communication with any other peer device, the particular peer device in these embodiments supplies an encrypted content item set along with the N−1 encryptions of a content key used to encrypt the content item set to the synchronizing server set so that this server set can distribute the encrypted content item set and an encrypted content key to each of the N−1 peer devices.

公开(公告)号：US20180276367A1

公开(公告)日：2018-09-27

申请号：US15996413

申请日：2018-06-01

Applicant: Apple Inc.

Inventor： Wade BENSON ,  Alexander R. LEDWITH ,  Marc J. KROCHMAL ,  John J. IAROCCI ,  Jerrold V. HAUCK ,  Michael BROUWER ,  Mitchell D. ADLER ,  Yannick L. SIERRA ,  Libor SYKORA

IPC: G06F21/36 ,  G06F21/34 ,  H04W4/02 ,  H04W4/80 ,  H04W12/06

CPC classification number: G06F21/36 ,  G06F21/34 ,  H04W4/02 ,  H04W4/80 ,  H04W12/00503 ,  H04W12/06 ,  H04W12/0802

Abstract: In some embodiments, a first device performs ranging operations to allow a user to access the first device under one of several user accounts without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account under which a user can access (e.g., can log into) the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the user is allowed to access the first device under the first user account. In some embodiments, the substitute interaction occurs while the first device is logged into under a second user account.

公开(公告)号：US20230259276A1

公开(公告)日：2023-08-17

申请号：US18304309

申请日：2023-04-20

Applicant: Apple Inc.

Inventor： Mitchell D. ADLER ,  Michael BROUWER ,  Andrew R. WHALLEY ,  John C. HURLEY ,  Richard F. MURPHY ,  David P. FINKELSTEIN

IPC: G06F3/06 ,  H04L67/1095 ,  H04W4/08 ,  H04L9/32 ,  G06Q90/00 ,  G06Q10/06 ,  G06Q10/10

CPC classification number: G06F3/0604 ,  H04L67/1095 ,  H04W4/08 ,  H04L9/3268 ,  G06Q90/00 ,  G06Q10/06 ,  G06Q10/10 ,  G06F3/065 ,  G06F3/0683 ,  H04L67/1044

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

公开(公告)号：US20190318074A1

公开(公告)日：2019-10-17

申请号：US16388831

申请日：2019-04-18

Applicant: Apple Inc.

Inventor： Alexander R. LEDWITH ,  Wade BENSON ,  Marc J. KROCHMAL ,  John J. IAROCCI ,  Jerrold V. HAUCK ,  Michael BROUWER ,  Mitchell D. ADLER ,  Yannick L. SIERRA ,  Libor SYKORA ,  Jiri MARGARITOV

IPC: G06F21/34 ,  H04W12/00 ,  G06F1/16

Abstract: In some embodiments, a first device performs ranging operations to allow a user to perform one or more operations on the first device without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account that is authorized to perform operations on the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the operations to be performed on the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the operation is authorized on the first device.

公开(公告)号：US20190312726A1

公开(公告)日：2019-10-10

申请号：US16293541

申请日：2019-03-05

Applicant: Apple Inc.

Inventor： Yannick L. SIERRA ,  Mitchell D. ADLER

IPC: H04L9/30 ,  H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L9/14

Abstract: Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.