-
公开(公告)号:US20170357830A1
公开(公告)日:2017-12-14
申请号:US15275273
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Wade Benson , Conrad Sauerwald , Mitchell D. Adler , Michael Brouwer , Timothee Geoghegan , Andrew R. Whalley , David P. Finkelstein , Yannick L. Sierra
Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.
-
公开(公告)号:US09813389B2
公开(公告)日:2017-11-07
申请号:US15217674
申请日:2016-07-22
Applicant: Apple Inc.
Inventor: Conrad Sauerwald , Vrajesh Rajesh Bhavsar , Kenneth Buffalo McNeil , Thomas Brogan Duffy, Jr. , Michael Lambertus Hubertus Brouwer , Matthew John Byom , Mitchell David Adler , Eric Brandon Tamura
CPC classification number: H04L63/0428 , G06F11/1458 , G06F11/1464 , H04L9/0637 , H04L9/0822 , H04L9/0825 , H04L9/0863 , H04L9/0894 , H04L63/0435 , H04L63/061 , H04L2463/062 , H04W12/04 , H04W12/08
Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.
-
公开(公告)号:US20140086406A1
公开(公告)日:2014-03-27
申请号:US13626476
申请日:2012-09-25
Applicant: APPLE INC.
Inventor: R. Stephen Polzin , Fabrice L. Gautier , Mitchell D. Adler , Conrad Sauerwald , Michael L.H. Brouwer
IPC: H04L9/00
CPC classification number: H04L9/0861 , G06F21/72 , G09C1/00 , H04L9/0822 , H04L9/0897 , H04L2209/24
Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.
Abstract translation: SOC实现安全飞地处理器(SEP)。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离(例如SOC中的一个或多个中央处理单元(CPU),或SOC中的应用处理器(AP))。 对SEP的访问可以由硬件严格控制。 例如,描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息,SEP可以读取并响应。 在一些实施例中,SEP可以包括以下一个或多个:使用包装密钥的安全密钥管理,引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。
-
公开(公告)号:US20240320721A1
公开(公告)日:2024-09-26
申请号:US18418654
申请日:2024-01-22
Applicant: Apple Inc.
Inventor: Thomas Matthieu Alsina , Scott T. Boyd , Michael Kuohao Chu , Augustin J. Farrugia , Gianpaolo Fasoli , Patrice O. Gautier , Sean B. Kelly , Payam Mirrashidi , Pedraum Pardehpoosh , Conrad Sauerwald , Kenneth W. Scott , Rajit Shinh , Braden Jacob Thomas , Andrew R. Whalley
IPC: G06Q30/0601 , B63H20/02 , B63H20/06 , G06Q20/00
CPC classification number: G06Q30/0601 , B63H20/02 , B63H20/06 , G06Q20/00
Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.
-
公开(公告)号:US20210281426A1
公开(公告)日:2021-09-09
申请号:US17203560
申请日:2021-03-16
Applicant: Apple Inc.
Inventor: Tristan F. Schaap , Conrad Sauerwald , Craig Marciniak , Jerrold V. Hauck , Zachary F. Papilion , Jeffrey Lee
IPC: H04L9/32 , H04L9/06 , H04L9/08 , H04L9/14 , H04L9/30 , H04L29/06 , H04W12/04 , H04W12/06 , H04W76/14 , G06F8/654 , H04W12/50
Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.
-
Patent Agency Ranking
公开(公告)号:US10951419B2
公开(公告)日:2021-03-16
申请号:US16537391
申请日:2019-08-09
Applicant: Apple Inc.
Inventor: Tristan F. Schaap , Conrad Sauerwald , Craig Marciniak , Jerrold V. Hauck , Zachary F. Papilion , Jeffrey Lee
IPC: H04L29/06 , H04L9/32 , H04L9/06 , H04L9/08 , H04L9/14 , H04L9/30 , H04W12/04 , H04W12/06 , H04W76/14 , G06F8/654 , H04W12/00 , H04L29/08 , H04W4/80
Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.
-
公开(公告)号:US10521596B1
公开(公告)日:2019-12-31
申请号:US16138670
申请日:2018-09-21
Applicant: Apple Inc.
Inventor: Timothy R. Paaske , Mitchell D. Adler , Conrad Sauerwald , Fabrice L. Gautier , Shu-Yi Yu
Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
-
公开(公告)号:US10114956B1
公开(公告)日:2018-10-30
申请号:US15860314
申请日:2018-01-02
Applicant: Apple Inc.
Inventor: Timothy R. Paaske , Mitchell D. Adler , Conrad Sauerwald , Fabrice L. Gautier , Shu-Yi Yu
Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
-
公开(公告)号:US09547778B1
公开(公告)日:2017-01-17
申请号:US14498820
申请日:2014-09-26
Applicant: Apple Inc.
Inventor: Timothy R. Paaske , Mitchell D. Adler , Conrad Sauerwald , Fabrice L. Gautier , Shu-Yi Yu
CPC classification number: G06F21/602 , G06F21/32 , G06F21/6218 , G06F21/71 , G09C1/00 , H04L9/0866 , H04L9/0877 , H04L9/30 , H04L9/3231 , H04L2209/125
Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
Abstract translation: 在一个实施例中,提供一种系统,其中私钥是以硬件管理的,并且对于软件是不可见的。 该系统可以为公开密钥生成,数字签名生成,加密/解密以及大量随机素数生成提供硬件支持,而不会向软件揭示私有密钥。 因此,私钥比基于软件的版本更安全。 在一个实施例中,可以访问专用密钥的私有密钥和硬件可以集成到与集成电路(例如芯片上的系统(SOC))相同的半导体衬底上。 私钥在集成电路之外可能不可用,因此,恶意的第三方在尝试获取私钥时面临着很大障碍。
-
公开(公告)号:US20250053667A1
公开(公告)日:2025-02-13
申请号:US18774305
申请日:2024-07-16
Applicant: Apple Inc.
Inventor: Timothy R. Paaske , Mitchell D. Adler , Conrad Sauerwald , Fabrice L. Gautier , Shu-Yi Yu
Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
-
-
-
-
-
-
-
-
-
Search Results
38
records
(took 0.021 seconds)
