公开(公告)号：US11880808B2

公开(公告)日：2024-01-23

申请号：US16659078

申请日：2019-10-21

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q20/00 ,  B63H20/02 ,  B63H20/06

CPC classification number: G06Q20/00 ,  B63H20/02 ,  B63H20/06

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US11877157B2

公开(公告)日：2024-01-16

申请号：US17398723

申请日：2021-08-10

Applicant: Apple Inc.

Inventor： Haya Iris Villanueva Gaviola ,  Gianpaolo Fasoli ,  Vinay Ganesh ,  Irene M. Graff ,  Martijn Theo Haring ,  Ahmer A. Khan ,  Franck Farian Rakotomalala ,  Gordon Y. Scott ,  Ho Cheung Chung ,  Antonio Allen ,  Mayura Dhananjaya Deshpande ,  Thomas John Miller ,  Christopher Sharp ,  David W. Silver ,  Policarpo B. Wood ,  Ka Yang

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/69 ,  H04W4/80 ,  H04W12/037 ,  H04W12/47 ,  H04W12/02 ,  H04L29/00 ,  G06Q50/26

CPC classification number: H04W12/69 ,  H04W4/80 ,  H04W12/02 ,  H04W12/037 ,  H04W12/47 ,  G06Q50/265

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

公开(公告)号：US11475106B2

公开(公告)日：2022-10-18

申请号：US16177250

申请日：2018-10-31

Applicant: Apple Inc.

Inventor： Jean-Pierre Ciudad ,  Augustin J. Farrugia ,  David M'Raihi ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Nicholas T. Sullivan

IPC: G06F21/10 ,  G06Q30/06

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.

公开(公告)号：US10979529B2

公开(公告)日：2021-04-13

申请号：US16539512

申请日：2019-08-13

Applicant: Apple Inc.

Inventor： Srinivas Vedula ,  Daniel P. Carter ,  Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Eugene Jivotovski

IPC: H04L29/06 ,  H04L29/08

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

公开(公告)号：US20200047865A1

公开(公告)日：2020-02-13

申请号：US16659078

申请日：2019-10-21

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: B63H20/06 ,  B63H20/12 ,  B63H20/02

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US20180365390A1

公开(公告)日：2018-12-20

申请号：US16012388

申请日：2018-06-19

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Apoorva Govind ,  Augustin J. Farrugia ,  Raffi T. Khatchadourian

IPC: G06F21/10 ,  H04L29/06 ,  G06F17/30 ,  H04W4/60 ,  H04N21/254 ,  H04N21/6334

CPC classification number: G06F21/10 ,  G06F16/2228 ,  G06F2221/0717 ,  H04L63/061 ,  H04L63/104 ,  H04L2463/101 ,  H04N21/2541 ,  H04N21/63345 ,  H04W4/60

Abstract: User accounts can be linked together to form a group of linked user accounts that can access content items assigned to the other user accounts in the group. A user can download content items assigned to their user account, as well as shared content items assigned to one of the other user accounts in the group of linked user accounts. Use of shared content items can be restricted to client devices running specified versions of an operating system. The key ID tagged to a shared content item can be altered such that the key ID no longer correctly identifies the corresponding DRM key that enables use of the shared content item. Client devices authorized to use shared content items can be configured to recognize that a content item is a shared content item and generate the original key ID form the altered key ID.

公开(公告)号：US10042989B2

公开(公告)日：2018-08-07

申请号：US14872112

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Mathieu Ciet ,  Jean-Francois Riendeau

IPC: H04L29/06 ,  G06F21/30 ,  G06F21/44 ,  H04L9/32

Abstract: The embodiments set forth systems and techniques to activate and provide other device services for user devices. An activation manager is configured to activate a user device by receiving an activation request for the device, accepting previously stored and encrypted trusted data for the device, getting current data for the device, determining whether the current data compares with the trusted data, and sending an authorization to activate the device when the current data compares favorably with the trusted data. Data can include a seed component divided into seed segments that are each combined with a unique device identifier using varying cryptographic primitives. Each encrypted seed segment and unique device identifier combination can be dedicated to a different device use or service, and can be used separately for device identification for that use or service.

公开(公告)号：US20170221055A1

公开(公告)日：2017-08-03

申请号：US15275122

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Karl Anders Carlsson ,  Anton K. Diederich ,  Christopher Sharp ,  Gianpaolo Fasoli ,  Maciej Stachowiak ,  Matthew C. Byington ,  Nicholas J. Shearer ,  Samuel M. Weinig

IPC: G06Q20/38 ,  G06Q20/32 ,  H04L29/06

CPC classification number: G06Q20/3821 ,  G06Q20/12 ,  G06Q20/3227 ,  G06Q20/3278 ,  G06Q20/40 ,  G06Q2220/00 ,  H04L63/10

Abstract: Systems, methods, and computer-readable media for validating online access to secure device functionality are provided that may use shared secrets between different subsystems and limited use validation data.

公开(公告)号：US20160204939A1

公开(公告)日：2016-07-14

申请号：US15074914

申请日：2016-03-18

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC: H04L9/32

CPC classification number: H04L9/32 ,  G06F21/10 ,  G06F21/602

Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.

Abstract translation: 本发明的一些实施例提供了一种用于在各种不同基础下分发内容的内容分发系统。 例如，在一些实施例中，内容分发系统分发受设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 设备无限制的内容是可以在任何设备上播放的内容，没有任何限制。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须认证设备无限制的内容。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制的内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制的内容。 在一些实施例中，接收媒体存储结构的设备将接收到的加密密钥或验证参数插入接收到的媒体存储结构中。 在一些实施例中，该组服务器还提供用于设备无限制内容的加密内容密钥。 这些密钥用于在到达时，首次播放时或在其他时间对内容进行解密。 然而，一些实施例不将这些加密密钥存储在用于设备无限制内容的媒体存储结构中。

公开(公告)号：US20160019375A1

公开(公告)日：2016-01-21

申请号：US14634405

申请日：2015-02-27

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Apoorva Govind ,  Augustin J. Farrugia ,  Raffi T. Khatchadourian

IPC: G06F21/10 ,  H04L29/06 ,  G06F17/30

CPC classification number: G06F21/10 ,  G06F17/30321 ,  G06F2221/0717 ,  H04L63/061 ,  H04L63/104 ,  H04L2463/101 ,  H04N21/2541 ,  H04N21/63345 ,  H04W4/60

Abstract: User accounts can be linked together to form a group of linked user accounts that can access content items assigned to the other user accounts in the group. A user can download content items assigned to their user account, as well as shared content items assigned to one of the other user accounts in the group of linked user accounts. Use of shared content items can be restricted to client devices running specified versions of an operating system. The key ID tagged to a shared content item can be altered such that the key ID no longer correctly identifies the corresponding DRM key that enables use of the shared content item. Client devices authorized to use shared content items can be configured to recognize that a content item is a shared content item and generate the original key ID form the altered key ID.

Abstract translation: 用户帐户可以链接在一起，形成一组可以访问分配给组中其他用户帐户的内容项的关联用户帐户。 用户可以下载分配给其用户帐户的内容，以及分配给链接的用户帐户组中的其他用户帐户之一的共享内容项。 可以将共享内容项的使用限制为运行指定版本的操作系统的客户端设备。 可以改变标记为共享内容项的密钥ID，使得密钥ID不再正确地识别能够使用共享内容项的相应DRM密钥。 授权使用共享内容项目的客户端设备可以被配置为识别内容项目是共享内容项目，并且从改变的密钥ID生成原始密钥ID。