公开(公告)号：US20170359169A1

公开(公告)日：2017-12-14

申请号：US15497203

申请日：2017-04-26

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: H04L9/08 ,  H04L9/14 ,  H04W12/08 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06

CPC classification number: G06F9/44505 ,  H04L9/0822 ,  H04L9/085 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3226 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/08 ,  H04L63/083 ,  H04L63/107 ,  H04L63/108 ,  H04L63/1466 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US20170357523A1

公开(公告)日：2017-12-14

申请号：US15275203

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: G06F9/445 ,  H04W12/04 ,  H04W12/06 ,  H04L29/06

CPC classification number: G06F9/44505 ,  H04L9/0822 ,  H04L9/085 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3226 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/08 ,  H04L63/083 ,  H04L63/107 ,  H04L63/108 ,  H04L63/1466 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US09825762B2

公开(公告)日：2017-11-21

申请号：US15268471

申请日：2016-09-16

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L29/12 ,  G06F21/62 ,  H04L9/08 ,  G06F21/00 ,  H04L29/06 ,  G06F21/33 ,  G06F21/44 ,  G06F21/60 ,  G06F21/64

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US20160350238A1

公开(公告)日：2016-12-01

申请号：US14871484

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: G06F12/14 ,  G06F11/14

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the devices. The method receives a command to create a backup for a subset of data synchronized between a subset of the devices, which is a subset of all data synchronized between the devices. The method identifies the subset of synchronization data from the set of all synchronization data. The subset of synchronization data is tagged as pertaining to a particular set of criteria for synchronization between only the subset of devices. The method stores a backup of the subset of synchronization data in a backup storage encrypted in such a way that requires a recovery key associated with any one of the devices in the subset of devices to access the backup while preventing access to the backup with recovery keys of any of the other devices.

Abstract translation: 一些实施例为一组相关设备中的特定设备提供用于备份在设备之间同步的数据的方法。 该方法接收命令以创建在设备子集之间同步的数据子集的备份，这是设备之间同步的所有数据的子集。 该方法从所有同步数据的集合中识别同步数据的子集。 同步数据的子集被标记为仅在设备子集之间进行同步的特定标准集合。 所述方法将备份所述同步数据的子集存储在备份存储器中，所述备份存储器以需要与所述设备子集中的所述设备中的任一个相关联的恢复密钥加密的方式来访问所述备份，同时防止使用恢复密钥访问所述备份 的任何其他设备。

公开(公告)号：US20130058355A1

公开(公告)日：2013-03-07

申请号：US13657737

申请日：2012-10-22

Applicant: Apple Inc.

Inventor： Jerrold V. Hauck ,  Colin Whitby-Strevens

IPC: H04L12/56

CPC classification number: H04L12/6418 ,  H04L1/0002 ,  H04L12/40052 ,  H04L12/40071

Abstract: A data communications system is disclosed having at least one Legacy cloud coupled to at least one Beta cloud. The system further having at least one BOSS node and at least one border node. A method for ensuring compatibility is disclosed comprising determining when the BOSS node is idle, determining whether the last packet transmitted by any border node was an Alpha format packet if the BOSS node is idle, and unlocking the Legacy cloud if the last packet transmitted by the border node was not an Alpha format packet.

Abstract translation: 公开了一种数据通信系统，其具有耦合到至少一个Beta云的至少一个Legacy云。 该系统还具有至少一个BOSS节点和至少一个边界节点。 公开了一种用于确保兼容性的方法，包括确定BOSS节点何时空闲，如果BOSS节点空闲，则确定由任何边界节点发送的最后一个分组是否是Alpha格式分组，如果由 边界节点不是Alpha格式数据包。

公开(公告)号：US20240169046A1

公开(公告)日：2024-05-23

申请号：US18521808

申请日：2023-11-28

Applicant: Apple Inc.

Inventor： Deepti S. Prakash ,  Lucia E. Ballard ,  Jerrold V. Hauck ,  Feng Tang ,  Etai Littwin ,  Pavan Kumar Anasosalu Vasu ,  Gideon Littwin ,  Thorsten Gernoth ,  Lucie Kucerova ,  Petr Kostka ,  Steven P. Hotelling ,  Eitan Hirsh ,  Tal Kaitz ,  Jonathan Pokrass ,  Andrei Kolin ,  Moshe Laifenfeld ,  Matthew C. Waldon ,  Thomas P. Mensch ,  Lynn R. Youngs ,  Christopher G. Zeleznik ,  Michael R. Malone ,  Ziv Hendel ,  Ivan Krstic ,  Anup K. Sharma

IPC: G06F21/32 ,  G06F21/83 ,  G06V40/16 ,  G06V40/40 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04W12/06

CPC classification number: G06F21/32 ,  G06F21/83 ,  G06V40/166 ,  G06V40/172 ,  G06V40/40 ,  H04L9/0844 ,  H04L9/085 ,  H04L9/3228 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3247 ,  H04L63/0861 ,  H04W12/06

Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.

公开(公告)号：US11764954B2

公开(公告)日：2023-09-19

申请号：US16730931

申请日：2019-12-30

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L9/40 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

CPC classification number: H04L9/0861 ,  G06F21/32 ,  G06F21/72 ,  G06F21/74 ,  G06F21/78 ,  H04L9/006 ,  H04L9/0877 ,  H04L9/14 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L9/3263 ,  H04L9/3268 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  G06F13/28 ,  G06F13/4063 ,  G06F21/79 ,  H04L2209/12 ,  H04L2209/127 ,  H04L2463/081

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US11722315B2

公开(公告)日：2023-08-08

申请号：US16532197

申请日：2019-08-05

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Chiye K. Kojima ,  Han Jong Yu ,  Jerrold V. Hauck ,  Muralidhar S. Vempaty ,  Peter Chang ,  Tiffany Shih-Yu Fang ,  Yiqun Zhu

IPC: H04L9/32 ,  G06T7/80 ,  G06F16/901

CPC classification number: H04L9/3263 ,  G06F16/901 ,  G06T7/80

Abstract: Systems and methods for storing and recovering data for a device are described. In one embodiment, factory generated calibration data can be generated, sealed and restored securely even if two sensors in two different devices, such as a first ambient light sensor and a second ambient light sensor have the same sensor identifier. In one embodiment, a device transmits a database key to cause storage or recovery of the calibration data, and the database key includes a sensor identifier and a public cryptographic key of the device.

公开(公告)号：US11468199B2

公开(公告)日：2022-10-11

申请号：US16936150

申请日：2020-07-22

Applicant: Apple Inc.

Inventor： Mukesh Kataria ,  Jerrold V. Hauck

IPC: H04L29/06 ,  G06F21/71 ,  H04L9/32 ,  G01R31/3177 ,  G01R31/317 ,  H04L9/40

Abstract: An apparatus includes one or more functional circuits, a debug circuit configured to implement one or more debug features for the one or more functional circuits, and a validation circuit. The validation circuit is configured to receive a request to access debug features, and to send an identification value corresponding to the apparatus. The validation circuit is further configured to receive a certificate generated by a server computer system, the certificate including encoded debug permissions, and to decode the debug permissions using the identification value. Using the decoded debug permissions, the validation circuit is further configured to enable one or more of the debug features.

公开(公告)号：US11250118B2

公开(公告)日：2022-02-15

申请号：US16388831

申请日：2019-04-18

Applicant: Apple Inc.

Inventor： Alexander R. Ledwith ,  Wade Benson ,  Marc J. Krochmal ,  John J. Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra ,  Libor Sykora ,  Jiri Margaritov

IPC: G06F21/34 ,  G06F1/16 ,  H04W12/63

Abstract: In some embodiments, a first device performs ranging operations to allow a user to perform one or more operations on the first device without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account that is authorized to perform operations on the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the operations to be performed on the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the operation is authorized on the first device.