公开(公告)号：US20200213133A1

公开(公告)日：2020-07-02

申请号：US16537391

申请日：2019-08-09

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14 ,  G06F8/654 ,  H04W12/00

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US20200047865A1

公开(公告)日：2020-02-13

申请号：US16659078

申请日：2019-10-21

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: B63H20/06 ,  B63H20/12 ,  B63H20/02

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US10423804B2

公开(公告)日：2019-09-24

申请号：US15275273

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  Conrad Sauerwald ,  Mitchell D. Adler ,  Michael Brouwer ,  Timothee Geoghegan ,  Andrew R. Whalley ,  David P. Finkelstein ,  Yannick L. Sierra

IPC: G06F21/72 ,  H04L9/08 ,  H04L9/14 ,  G06F21/32

Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.

公开(公告)号：US10382210B2

公开(公告)日：2019-08-13

申请号：US15274836

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig A. Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14 ,  G06F8/654 ,  H04L29/08 ,  H04W4/80

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US20170201380A1

公开(公告)日：2017-07-13

申请号：US15274836

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig A. Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04W76/02 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04L9/06 ,  H04L9/30

CPC classification number: H04L9/3252 ,  G06F8/654 ,  H04L9/0643 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3066 ,  H04L63/061 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/0869 ,  H04L67/34 ,  H04L2209/80 ,  H04W4/80 ,  H04W12/003 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US09401898B2

公开(公告)日：2016-07-26

申请号：US14874360

申请日：2015-10-02

Applicant: Apple Inc.

Inventor： Conrad Sauerwald ,  Vrajesh Rajesh Bhavsar ,  Kenneth Buffalo McNeil ,  Thomas Brogan Duffy ,  Michael Lambertus Hubertus Brouwer ,  Matthew John Byom ,  Mitchell David Adler ,  Eric Brandon Tamura

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/08 ,  G06F11/14 ,  H04W12/04 ,  H04W12/08

CPC classification number: H04L63/0428 ,  G06F11/1458 ,  G06F11/1464 ,  H04L9/0637 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0894 ,  H04L63/0435 ,  H04L63/061 ,  H04L2463/062 ,  H04W12/04 ,  H04W12/08

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract translation: 这里公开的是用于在主设备和备用设备上利用密码密钥管理的无线数据保护的系统，方法和非暂时的计算机可读存储介质。 系统使用文件密钥加密文件，并对文件密钥进行两次加密，从而产生两个加密的文件密钥。 该系统对每个文件密钥进行不同的加密，并将第一个文件密钥存储在主设备上，并将加密的文件密钥之一加密到备份设备进行存储。 在备份设备上，系统将加密的文件密钥与受用户密码保护的一组备份密钥相关联。 在一个实施例中，系统基于文件密钥生成用于加密操作的初始化向量。 在另一个实施例中，系统在用户密码改变期间管理备份设备上的加密密钥。

公开(公告)号：US20160036791A1

公开(公告)日：2016-02-04

申请号：US14874360

申请日：2015-10-02

Applicant: Apple Inc.

Inventor： Conrad Sauerwald ,  Vrajesh Rajesh Bhavsar ,  Kenneth Buffalo McNeil ,  Thomas Brogan Duffy ,  Michael Lambertus Hubertus Brouwer ,  Matthew John Byom ,  Mitchell David Adler ,  Eric Brandon Tamura

IPC: H04L29/06 ,  H04W12/08 ,  H04W12/04

CPC classification number: H04L63/0428 ,  G06F11/1458 ,  G06F11/1464 ,  H04L9/0637 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0894 ,  H04L63/0435 ,  H04L63/061 ,  H04L2463/062 ,  H04W12/04 ,  H04W12/08

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

公开(公告)号：US20150347770A1

公开(公告)日：2015-12-03

申请号：US14503244

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Andrew Roger Whalley ,  Wade Benson ,  Conrad Sauerwald

IPC: G06F21/62

CPC classification number: G06F21/6209 ,  G06F21/6218 ,  G06F21/6245 ,  G06F2221/2111 ,  H04L63/062 ,  H04W12/02 ,  H04W12/04 ,  H04W12/08

Abstract: In some implementations, encrypted data (e.g., application data, keychain data, stored passwords, etc.) stored on a mobile device can be accessed (e.g., decrypted, made available) based on the context of the mobile device. The context can include the current device state (e.g., locked, unlocked, after first unlock, etc.). The context can include the current device settings (e.g., passcode enabled/disabled). The context can include data that has been received by the mobile device (e.g., fingerprint scan, passcode entered, location information, encryption key received, time information).

Abstract translation: 在一些实现中，可以基于移动设备的上下文来访问（例如，解密，使得可用）存储在移动设备上的加密数据（例如，应用数据，钥匙串数据，存储的密码等）。 上下文可以包括当前设备状态（例如，锁定，解锁，在首次解锁之后等等）。 上下文可以包括当前设备设置（例如，启用/禁用密码）。 上下文可以包括已经由移动设备接收的数据（例如，指纹扫描，输入的密码，位置信息，接收的加密密钥，时间信息）。