公开(公告)号：US10423804B2

公开(公告)日：2019-09-24

申请号：US15275273

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  Conrad Sauerwald ,  Mitchell D. Adler ,  Michael Brouwer ,  Timothee Geoghegan ,  Andrew R. Whalley ,  David P. Finkelstein ,  Yannick L. Sierra

IPC: G06F21/72 ,  H04L9/08 ,  H04L9/14 ,  G06F21/32

Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.

公开(公告)号：US10410035B2

公开(公告)日：2019-09-10

申请号：US15899966

申请日：2018-02-20

Applicant: Apple Inc.

Inventor： Byron Han ,  Matthew E. Shepherd ,  Imran Chaudhri ,  Gregory N. Christie ,  Patrick L. Coffman ,  Craig M. Federighi ,  Matthew H. Gamble ,  Brittany D. Paine ,  Brendan J. Langoulant ,  Craig A. Marciniak ,  Donald W. Pitschel ,  Daniel O. Schimpf ,  Andrew R. Whalley ,  Christopher R. Whitney ,  Jonathan R. Dascola ,  Lawrence Y. Yang

IPC: G06F3/048 ,  G06K9/00 ,  G06F3/0488 ,  G06F3/0481 ,  G06F21/31 ,  G06F21/32 ,  H04W12/06 ,  H04L29/06 ,  H04L9/32 ,  G06F21/41 ,  H04W88/02 ,  H04W12/00

Abstract: An electronic device with a display and a fingerprint sensor displays a fingerprint enrollment interface and detects, on the fingerprint sensor, a plurality of finger gestures performed with a finger. The device collects fingerprint information from the plurality of finger gestures performed with the finger. After collecting the fingerprint information, the device determines whether the collected fingerprint information is sufficient to enroll a fingerprint of the finger. When the collected fingerprint information for the finger is sufficient to enroll the fingerprint of the finger, the device enrolls the fingerprint of the finger with the device. When the collected fingerprint information for the finger is not sufficient to enroll the fingerprint of the finger, the device displays a message in the fingerprint enrollment interface prompting a user to perform one or more additional finger gestures on the fingerprint sensor with the finger.

公开(公告)号：US20190013939A1

公开(公告)日：2019-01-10

申请号：US16133645

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  G06F21/32 ,  H04L9/32 ,  H04L9/14 ,  H04L29/06

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US10051003B2

公开(公告)日：2018-08-14

申请号：US14933709

申请日：2015-11-05

Applicant: Apple Inc.

Inventor： Aaron M. Sigel ,  Andrew R. Whalley ,  Awartika Pandey ,  Robert J. Walsh

IPC: H04L29/06 ,  H04W12/02 ,  H04W12/08 ,  H04W48/16 ,  H04W12/04

Abstract: A wireless device can obtain a network information record from another device operating as a credential source. The network information record can include network access information for a wireless network (e.g., SSID and password) and a usage policy specifying conditions under which the wireless device should search for the wireless network (e.g., temporal and/or spatial conditions). The wireless device can implement the usage policy by searching for the wireless network only when the conditions are satisfied. In some instances, the network access information can include instructions for dynamically generating time-varying network access information, and the wireless device can use the instructions to generate network access information during a search for wireless networks.

公开(公告)号：US20170201550A1

公开(公告)日：2017-07-13

申请号：US15274880

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  David M. O'Rourke ,  Michael D. Santos ,  Gopi K. Rangaswamy ,  Selvarajan Subramaniam ,  Timothy P. Hannon ,  Pierre-Olivier Martel ,  Raghu Pai ,  Andrew R. Whalley ,  Michael Brouwer

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  G06F21/41

Abstract: Techniques are disclosed relating to accessing credential information on multiple devices. In one embodiment, a computer system is disclosed that includes one or processors and memory having program instructions stored therein that are executable by the one or more processors to cause the computer system to perform operations. The operations include storing registration information identifying a plurality of devices as being registered to an organization and receiving, over a network from a first device, a request for credential information of a first of a plurality of users associated with the organization. The operations further include authenticating the first request, including verifying that the first device is being used by the first user and determining, based on the registration information, whether the first device is one of the plurality of devices. The operations include granting or denying the first request for the credential information based on the authenticating.

公开(公告)号：US20240039714A1

公开(公告)日：2024-02-01

申请号：US18447083

申请日：2023-08-09

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L9/40

CPC classification number: H04L9/0861 ,  H04L9/3268 ,  H04L9/006 ,  H04L9/3249 ,  G06F21/32 ,  H04L9/3239 ,  H04L9/14 ,  G06F21/74 ,  H04L9/0877 ,  H04L9/3231 ,  H04L9/3234 ,  G06F21/72 ,  G06F21/78 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/127 ,  G06F13/28

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US11768575B2

公开(公告)日：2023-09-26

申请号：US17955311

申请日：2022-09-28

Applicant: Apple Inc.

Inventor： Byron Han ,  Matthew E. Shepherd ,  Imran Chaudhri ,  Gregory N. Christie ,  Patrick L. Coffman ,  Craig M. Federighi ,  Matthew H. Gamble ,  Brittany D. Paine ,  Brendan J. Langoulant ,  Craig A. Marciniak ,  Donald W. Pitschel ,  Daniel O. Schimpf ,  Andrew R. Whalley ,  Christopher R. Whitney ,  Jonathan R. Dascola ,  Lawrence Y. Yang

IPC: G06F3/048 ,  G06F3/0481 ,  G06F3/04883 ,  G06F21/31 ,  G06F21/32 ,  H04W12/06 ,  H04L9/40 ,  H04L9/32 ,  G06F21/41 ,  G06V40/12 ,  H04W88/02 ,  H04W12/68

CPC classification number: G06F3/0481 ,  G06F3/04883 ,  G06F21/31 ,  G06F21/32 ,  G06F21/41 ,  G06V40/1353 ,  H04L9/3231 ,  H04L63/083 ,  H04L63/0815 ,  H04L63/0861 ,  H04L63/105 ,  H04W12/06 ,  G06F2221/2113 ,  H04W12/68 ,  H04W88/02

Abstract: An electronic device with a display and a fingerprint sensor displays a fingerprint enrollment interface and detects, on the fingerprint sensor, a plurality of finger gestures performed with a finger. The device collects fingerprint information from the plurality of finger gestures performed with the finger. After collecting the fingerprint information, the device determines whether the collected fingerprint information is sufficient to enroll a fingerprint of the finger. When the collected fingerprint information for the finger is sufficient to enroll the fingerprint of the finger, the device enrolls the fingerprint of the finger with the device. When the collected fingerprint information for the finger is not sufficient to enroll the fingerprint of the finger, the device displays a message in the fingerprint enrollment interface prompting a user to perform one or more additional finger gestures on the fingerprint sensor with the finger.

公开(公告)号：US20200186337A1

公开(公告)日：2020-06-11

申请号：US16730931

申请日：2019-12-30

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  G06F21/78 ,  G06F21/72 ,  G06F21/74 ,  H04L9/14 ,  G06F21/32 ,  H04L9/00

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US10586260B2

公开(公告)日：2020-03-10

申请号：US13668109

申请日：2012-11-02

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q30/06

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US10523431B2

公开(公告)日：2019-12-31

申请号：US16133645

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.