公开(公告)号：US20160269767A1

公开(公告)日：2016-09-15

申请号：US15159772

申请日：2016-05-19

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Jeffrey Robbin ,  Hiro Mitsuji ,  Mihailo Despotovic ,  Colin Meldrum

IPC: H04N21/266 ,  H04N21/254 ,  H04N21/4405 ,  H04N21/437 ,  H04N21/4408 ,  H04N21/61 ,  H04N21/472

CPC classification number: H04N21/26613 ,  G06F21/10 ,  G06F21/62 ,  G06F21/6209 ,  H04N7/165 ,  H04N7/17318 ,  H04N21/2541 ,  H04N21/437 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/47202 ,  H04N21/6125 ,  H04N21/6175

Abstract: A video on demand system in the context of the Internet, for video rentals. A user accesses an on-line store to rent a video program or movie. The rental is for a limited time (such as 30 days) and within that thirty days, the video program or movie can only be viewed for a 24 hour time window. The time limits are enforced by the on-line store which maintains a database of each rental transaction and allows supply of the needed keys for decrypting the (encrypted) video or movie only if within the time limits.

Abstract translation: 视频点播系统在互联网的背景下，用于视频租赁。 用户访问在线商店租用视频节目或电影。 出租时间有限（如30天），而在三十天内，视频节目或电影只能在24小时的时间内观看。 时间限制由维护每个租赁交易的数据库的在线商店实施，并且仅在时限内允许提供用于解密（加密的）视频或电影的所需密钥。

公开(公告)号：US20160204939A1

公开(公告)日：2016-07-14

申请号：US15074914

申请日：2016-03-18

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC: H04L9/32

CPC classification number: H04L9/32 ,  G06F21/10 ,  G06F21/602

Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.

Abstract translation: 本发明的一些实施例提供了一种用于在各种不同基础下分发内容的内容分发系统。 例如，在一些实施例中，内容分发系统分发受设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 设备无限制的内容是可以在任何设备上播放的内容，没有任何限制。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须认证设备无限制的内容。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制的内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制的内容。 在一些实施例中，接收媒体存储结构的设备将接收到的加密密钥或验证参数插入接收到的媒体存储结构中。 在一些实施例中，该组服务器还提供用于设备无限制内容的加密内容密钥。 这些密钥用于在到达时，首次播放时或在其他时间对内容进行解密。 然而，一些实施例不将这些加密密钥存储在用于设备无限制内容的媒体存储结构中。

公开(公告)号：US20160019375A1

公开(公告)日：2016-01-21

申请号：US14634405

申请日：2015-02-27

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Apoorva Govind ,  Augustin J. Farrugia ,  Raffi T. Khatchadourian

IPC: G06F21/10 ,  H04L29/06 ,  G06F17/30

CPC classification number: G06F21/10 ,  G06F17/30321 ,  G06F2221/0717 ,  H04L63/061 ,  H04L63/104 ,  H04L2463/101 ,  H04N21/2541 ,  H04N21/63345 ,  H04W4/60

Abstract: User accounts can be linked together to form a group of linked user accounts that can access content items assigned to the other user accounts in the group. A user can download content items assigned to their user account, as well as shared content items assigned to one of the other user accounts in the group of linked user accounts. Use of shared content items can be restricted to client devices running specified versions of an operating system. The key ID tagged to a shared content item can be altered such that the key ID no longer correctly identifies the corresponding DRM key that enables use of the shared content item. Client devices authorized to use shared content items can be configured to recognize that a content item is a shared content item and generate the original key ID form the altered key ID.

Abstract translation: 用户帐户可以链接在一起，形成一组可以访问分配给组中其他用户帐户的内容项的关联用户帐户。 用户可以下载分配给其用户帐户的内容，以及分配给链接的用户帐户组中的其他用户帐户之一的共享内容项。 可以将共享内容项的使用限制为运行指定版本的操作系统的客户端设备。 可以改变标记为共享内容项的密钥ID，使得密钥ID不再正确地识别能够使用共享内容项的相应DRM密钥。 授权使用共享内容项目的客户端设备可以被配置为识别内容项目是共享内容项目，并且从改变的密钥ID生成原始密钥ID。

公开(公告)号：US20150363580A1

公开(公告)日：2015-12-17

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14 ,  G06F9/45

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

Abstract translation: 伪造的加密层混淆技术可以用来诱骗攻击者在攻击者通常忽略的代码段上花费逆向工程的努力。 为此，混淆技术可以识别可能对攻击者感兴趣的代码段，并将其伪装成较高的值段。 这可以通过将代码的较低值部分转换为包括已知存在于较高值的代码部分中的代码模式，常量或其他特性来实现，例如加密例程。 为了转换代码部分，混淆技术可以使用一个或多个程序修改，包括控制流修改，常数值调整以模拟公知的加密标量，缓冲区扩展，伪特征表插入，类似调试的信息插入，导出函数代码 生成链接和/或加密算法特定指令插入。

公开(公告)号：US20150349951A1

公开(公告)日：2015-12-03

申请号：US14291591

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Mathieu Ciet ,  Thomas Icart

IPC: H04L9/06

CPC classification number: H04L9/0631 ,  G06F9/30007 ,  G09C1/00 ,  H04L2209/16 ,  H04L2209/603 ,  H04L2209/76

Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).

Abstract translation: 一些实施例提供了用于执行AES加密操作的改进方法。 该方法应用查询表操作，其中包含嵌入在查找表中的多个操作。 嵌入式操作包括将AES状态置换几个字节的置换操作，将下一轮的保护应用于AES状态的乘法运算，用于隐藏乘法运算的仿射函数和反向仿射函数以及用于去除的逆置换操作 前一轮的保护。 一些实施例提供了用于有效执行这种受保护的AES操作的优化方法。 该方法在软件处理（例如，CPU的处理，根据软件指令执行）和硬件处理（例如通过加密ASIC的处理）之间交替进行AES处理。

公开(公告)号：US20140298376A1

公开(公告)日：2014-10-02

申请号：US14224010

申请日：2014-03-24

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Jeffrey Robbin ,  Hiro Mitsuji ,  Mihailo Despotovic ,  Colin Meldrum

IPC: H04N21/4408 ,  H04N21/4405 ,  H04N21/266 ,  H04N21/437

CPC classification number: H04N21/26613 ,  G06F21/10 ,  G06F21/62 ,  G06F21/6209 ,  H04N7/165 ,  H04N7/17318 ,  H04N21/2541 ,  H04N21/437 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/47202 ,  H04N21/6125 ,  H04N21/6175

Abstract: A video on demand system in the context of the Internet, for video rentals. A user accesses an on-line store to rent a video program or movie. The rental is for a limited time (such as 30 days) and within that thirty days, the video program or movie can only be viewed for a 24 hour time window. The time limits are enforced by the on-line store which maintains a database of each rental transaction and allows supply of the needed keys for decrypting the (encrypted) video or movie only if within the time limits.

Abstract translation: 视频点播系统在互联网的背景下，用于视频租赁。 用户访问在线商店租用视频节目或电影。 出租时间有限（如30天），而在三十天内，视频节目或电影只能在24小时的时间内观看。 时间限制由维护每个租赁交易的数据库的在线商店实施，并且仅在时限内允许提供用于解密（加密的）视频或电影的所需密钥。

公开(公告)号：US20140165030A1

公开(公告)日：2014-06-12

申请号：US13707437

申请日：2012-12-06

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: G06F9/44

CPC classification number: G06F21/14

Abstract: A method and an apparatus for receiving a first source code having a code block to update the first source code with multiple copies of the code block to protect against correlation attacks are described. The code block can perform one or more operations for execution based on the first source code. The operations can be performed via a random one of the copies of the code block. A second source code based on the updated first source code can be generated to be executed by a processor to produce an identical result as the first source code.

Abstract translation: 描述了一种用于接收具有代码块的第一源代码的方法和装置，用于更新具有代码块的多个副本的第一源代码以防止相关攻击。 代码块可以执行一个或多个基于第一源代码执行的操作。 可以通过代码块的副本中的随机的一个执行操作。 可以生成基于更新的第一源代码的第二源代码以由处理器执行以产生与第一源代码相同的结果。

公开(公告)号：US08495390B2

公开(公告)日：2013-07-23

申请号：US13748184

申请日：2013-01-23

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Mathiew Ciet ,  Jon McLachlan

IPC: G06F11/30 ,  G06F12/14 ,  H04K1/00 ,  H04L9/00 ,  H04L9/28

CPC classification number: G06F21/14 ,  G06F8/51 ,  H04L9/002 ,  H04L9/3013 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/16

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.

公开(公告)号：US11676188B2

公开(公告)日：2023-06-13

申请号：US17031603

申请日：2020-09-24

Applicant: Apple Inc.

Inventor： Thomas Alsina ,  Dallas B. De Atley ,  Augustin J. Farrugia ,  Byron B. Han ,  Sean B. Kelly ,  Craig A. Marciniak ,  Maxim Khutornenko ,  Raymond N. Walsh

IPC: G06Q30/06 ,  G06F21/32 ,  G06Q20/04 ,  G06Q20/12 ,  G06Q20/32 ,  G06Q20/36 ,  G06Q20/38 ,  G06Q20/40 ,  H04L9/40 ,  G06Q30/0601

CPC classification number: G06Q30/0609 ,  G06F21/32 ,  G06Q20/04 ,  G06Q20/12 ,  G06Q20/32 ,  G06Q20/322 ,  G06Q20/3674 ,  G06Q20/3821 ,  G06Q20/40145 ,  H04L63/083 ,  H04L63/0861

Abstract: An online store can transmit an online account token to an electronic device or to a biometric sensing device after a user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store. The user can then make one or more purchases after the online store receives the countersigned online account token.

公开(公告)号：US20210125248A1

公开(公告)日：2021-04-29

申请号：US17031603

申请日：2020-09-24

Applicant: Apple Inc.

Inventor： Thomas Alsina ,  Dallas B. De Atley ,  Augustin J. Farrugia ,  Byron B. Han ,  Sean B. Kelly ,  Craig A. Marciniak ,  Maxim Khutornenko ,  Raymond N. Walsh

IPC: G06Q30/06 ,  G06Q20/32 ,  G06Q20/12 ,  G06F21/32 ,  G06Q20/04 ,  G06Q20/36 ,  G06Q20/38 ,  G06Q20/40 ,  H04L29/06

Abstract: An online store can transmit an online account token to an electronic device or to a biometric sensing device after a user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store. The user can then make one or more purchases after the online store receives the countersigned online account token.