公开(公告)号：US11880808B2

公开(公告)日：2024-01-23

申请号：US16659078

申请日：2019-10-21

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q20/00 ,  B63H20/02 ,  B63H20/06

CPC classification number: G06Q20/00 ,  B63H20/02 ,  B63H20/06

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US11494574B2

公开(公告)日：2022-11-08

申请号：US16805214

申请日：2020-02-28

Applicant: Apple Inc.

Inventor： Mathieu Ciet ,  Bruno Benteo ,  Michael Mouchous ,  Augustin J. Farrugia

IPC: G06K5/00 ,  G06K7/12 ,  G06Q30/06 ,  G06V30/413

Abstract: A device implementing a system for authenticating an identity document includes at least one processor configured to receive, from a service provider, a request associated with verifying an integrity of an identity document, and capture, responsive to receiving the request, image data of the identity document. The at least one processor is further configured to generate a representation based on the image data, the representation comprising form factor data of the identity document, and compare the representation with a prior representation of the identity document, the prior representation comprising prior form factor data of the identity document. The at least one processor is further configured to provide, to the service provider, a response to the request based on comparing the representation with the prior representation.

公开(公告)号：US11475106B2

公开(公告)日：2022-10-18

申请号：US16177250

申请日：2018-10-31

Applicant: Apple Inc.

Inventor： Jean-Pierre Ciudad ,  Augustin J. Farrugia ,  David M'Raihi ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Nicholas T. Sullivan

IPC: G06F21/10 ,  G06Q30/06

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.

公开(公告)号：US10979529B2

公开(公告)日：2021-04-13

申请号：US16539512

申请日：2019-08-13

Applicant: Apple Inc.

Inventor： Srinivas Vedula ,  Daniel P. Carter ,  Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Eugene Jivotovski

IPC: H04L29/06 ,  H04L29/08

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

公开(公告)号：US20200047865A1

公开(公告)日：2020-02-13

申请号：US16659078

申请日：2019-10-21

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: B63H20/06 ,  B63H20/12 ,  B63H20/02

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US10313725B2

公开(公告)日：2019-06-04

申请号：US15159772

申请日：2016-05-19

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Jeffrey Robbin ,  Hiro Mitsuji ,  Mihailo Despotovic ,  Colin Meldrum

IPC: H04N21/266 ,  H04N7/16 ,  H04N7/173 ,  H04N21/254 ,  H04N21/472 ,  H04N21/61 ,  H04N21/437 ,  H04N21/4405 ,  H04N21/4408 ,  G06F21/10 ,  G06F21/62

Abstract: A video on demand system in the context of the Internet, for video rentals. A user accesses an on-line store to rent a video program or movie. The rental is for a limited time (such as 30 days) and within that thirty days, the video program or movie can only be viewed for a 24 hour time window. The time limits are enforced by the on-line store which maintains a database of each rental transaction and allows supply of the needed keys for decrypting the (encrypted) video or movie only if within the time limits.

公开(公告)号：US20180365390A1

公开(公告)日：2018-12-20

申请号：US16012388

申请日：2018-06-19

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Apoorva Govind ,  Augustin J. Farrugia ,  Raffi T. Khatchadourian

IPC: G06F21/10 ,  H04L29/06 ,  G06F17/30 ,  H04W4/60 ,  H04N21/254 ,  H04N21/6334

CPC classification number: G06F21/10 ,  G06F16/2228 ,  G06F2221/0717 ,  H04L63/061 ,  H04L63/104 ,  H04L2463/101 ,  H04N21/2541 ,  H04N21/63345 ,  H04W4/60

Abstract: User accounts can be linked together to form a group of linked user accounts that can access content items assigned to the other user accounts in the group. A user can download content items assigned to their user account, as well as shared content items assigned to one of the other user accounts in the group of linked user accounts. Use of shared content items can be restricted to client devices running specified versions of an operating system. The key ID tagged to a shared content item can be altered such that the key ID no longer correctly identifies the corresponding DRM key that enables use of the shared content item. Client devices authorized to use shared content items can be configured to recognize that a content item is a shared content item and generate the original key ID form the altered key ID.

公开(公告)号：US10042989B2

公开(公告)日：2018-08-07

申请号：US14872112

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Mathieu Ciet ,  Jean-Francois Riendeau

IPC: H04L29/06 ,  G06F21/30 ,  G06F21/44 ,  H04L9/32

Abstract: The embodiments set forth systems and techniques to activate and provide other device services for user devices. An activation manager is configured to activate a user device by receiving an activation request for the device, accepting previously stored and encrypted trusted data for the device, getting current data for the device, determining whether the current data compares with the trusted data, and sending an authorization to activate the device when the current data compares favorably with the trusted data. Data can include a seed component divided into seed segments that are each combined with a unique device identifier using varying cryptographic primitives. Each encrypted seed segment and unique device identifier combination can be dedicated to a different device use or service, and can be used separately for device identification for that use or service.

公开(公告)号：US09565018B2

公开(公告)日：2017-02-07

申请号：US14291591

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/00 ,  H04L9/06 ,  G09C1/00

CPC classification number: H04L9/0631 ,  G06F9/30007 ,  G09C1/00 ,  H04L2209/16 ,  H04L2209/603 ,  H04L2209/76

Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).

Abstract translation: 一些实施例提供了用于执行AES加密操作的改进方法。 该方法应用查询表操作，其中包含嵌入在查找表中的多个操作。 嵌入式操作包括将AES状态置换几个字节的置换操作，将下一轮的保护应用于AES状态的乘法运算，用于隐藏乘法运算的仿射函数和反向仿射函数以及用于去除的逆置换操作 前一轮的保护。 一些实施例提供了用于有效执行这种受保护的AES操作的优化方法。 该方法在软件处理（例如，CPU的处理，根据软件指令执行）和硬件处理（例如通过加密ASIC的处理）之间交替进行AES处理。

公开(公告)号：US09515818B2

公开(公告)日：2016-12-06

申请号：US14487872

申请日：2014-09-16

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Mathieu Ciet ,  Benoit Chevallier-Mames ,  Thomas Icart ,  Augustin J. Farrugia

IPC: H04L9/00 ,  H04L9/28 ,  H04L9/06 ,  H04L9/08 ,  G06F11/00 ,  G06F12/14

CPC classification number: H04L9/0618 ,  H04L9/0637 ,  H04L2209/04 ,  H04L2209/043 ,  H04L2209/16 ,  H04L2209/24

Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.

Abstract translation: 一些实施例提供了一种用于执行包括多个轮次的块密码操作的方法。 该方法接收包含几个块的消息。 该方法选择一组块。 该集合具有特定数量的块。 该方法对所选择的块集合应用加密操作。 在集合中的第一块的特定轮次的加密操作在对于集合中的第二块的特定轮次之后的轮次之后执行，而在第一块之前的不同的特定轮次在比不同的前一轮之前执行 特别是第二块。 在一些实施例中，用于第一块的至少两个轮次一个接一个地执行，而对于该组中的任何其他块，没有任何中间轮。