公开(公告)号：US20140189829A1

公开(公告)日：2014-07-03

申请号：US13731935

申请日：2012-12-31

Applicant: APPLE INC.

Inventor： Jonathan G. McLachlan ,  Augustin J. Farrugia ,  Nicholas T. Sullivan

IPC: H04L29/06

CPC classification number: G06Q20/4014 ,  G06F21/31 ,  G06F2221/2101 ,  G06F2221/2103 ,  H04L63/08

Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.

Abstract translation: 描述用于对与在线商店相关联的帐户执行辅助认证的认证挑战系统。 在一个实施例中，认证挑战系统包括问题生成引擎，其可以基于与在线商店的用户帐户相关联的活动而导出一系列问题; 网络接口，其可以传送由问题生成引擎导出的一系列一个或多个问题以将用户认证到在线商店; 置信引擎，其可以确定成功验证所需的置信水平，并且可以计算用户身份的置信度得分; 以及质量引擎，其可以基于对在线商店的多个帐户的问答指标的分析来调整问题生成引擎和置信引擎。 在线商店可以包括诸如音乐，电影，书籍或电子计算设备的应用的数字媒体。

公开(公告)号：US20140189366A1

公开(公告)日：2014-07-03

申请号：US14139826

申请日：2013-12-23

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Mathieu Ciet ,  Benoit Chevallier-Mames

IPC: G06F21/60

CPC classification number: G06F21/60 ,  G06F21/14 ,  G06F2221/2107 ,  G09C1/00 ,  H04L2209/04

Abstract: In a first computer (digital) data obfuscation process, data which is conventionally arranged in a data structure called an array (e.g., a table) and conventionally stored in computer or computer device memory is obfuscated (masked) by logically or mathematically combining the data, entry-by-entry, with a masking value which is computed as a logical or mathematical function of the entry itself or its index in the array, modulo a security value. The complementary unmasking value is a pointer to the entry's address in the table modulo the security value. In a second computer (digital) data obfuscation process, the addresses (location designations) in memory of a data array are themselves obfuscated (masked) by partitioning the array into blocks of entries and shuffling the order of the data entries in each block by a predetermined algorithm, resulting in a shuffled array also differing from the original array in terms of its size (the total number of entries).

Abstract translation: 在第一计算机（数字）数据混淆处理中，通过逻辑地或数学地组合数据来模拟（掩蔽）常规地被布置在被称为阵列（例如，一个表格）的数据结构中并且通常存储在计算机或计算机设备存储器中的数据 逐个输入，具有屏蔽值，其被计算为条目本身的逻辑或数学函数或其阵列中的索引，模数为安全值。 补充取消掩码值是指向该表中条目地址的指针，以模拟安全值。 在第二计算机（数字）数据混淆处理中，数据阵列的存储器中的地址（位置指定）本身通过将阵列划分成条目块并将每个块中的数据条目的顺序按顺序排列（A）来进行混淆（掩蔽） 预定的算法，导致在其大小（入口总数）方面与原始阵列不同的混洗阵列。

公开(公告)号：US20140082695A1

公开(公告)日：2014-03-20

申请号：US13732056

申请日：2012-12-31

Applicant: APPLE INC.

Inventor： Thomas Alsina ,  Michael K. Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Sean B. Kelly ,  Delfin Jorge Rojas ,  Nicholas T. Sullivan ,  Zhiyuan Zhao

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L29/06 ,  H04L63/0807 ,  H04L63/126

Abstract: In one embodiment, non-transitory computer-readable medium stores instructions for establishing a trusted two-way communications session for account creation for an online store, which include instructions for causing a processor to perform operations comprising retrieving and verifying a signed configuration file from a server, requesting a communication session using the configuration file, receiving a payload of account creation forms from a network client, signing the payload according to the server configuration file, and sending the signed payload containing account creation information to the server. In one embodiment, a computer-implemented method comprises analyzing timestamps for requests for data forms for supplying account creation information for evidence of automated account creation activity and rejecting the request for the locator of the second account creation form if evidence of automated account creation activity is detected. Methods for secure account authentication and asset purchase are also disclosed.

Abstract translation: 在一个实施例中，非暂时性计算机可读介质存储用于建立用于在线商店的帐户创建的可信双向通信会话的指令，其包括用于使处理器执行操作的指令，所述指令包括从以下操作检索和验证签名配置文件： 服务器，使用配置文件请求通信会话，从网络客户端接收帐户创建表单的有效载荷，根据服务器配置文件签名有效载荷，以及将包含帐户创建信息的签名的有效载荷发送到服务器。 在一个实施例中，计算机实现的方法包括分析用于数据表单的请求的时间戳，用于提供用于创建自动化帐户的活动的证据的帐户创建信息，并且如果自动帐户创建活动的证据是拒绝第二帐户创建表单的定位者的请求， 检测到。 还披露了安全帐户认证和资产购买的方法。

公开(公告)号：US20130145167A1

公开(公告)日：2013-06-06

申请号：US13723097

申请日：2012-12-20

Applicant: APPLE INC.

Inventor： Augustin J. Farrugia ,  Melanie Riendeau

IPC: G06F21/64

CPC classification number: G06F21/64

Abstract: Some embodiments of the invention provide a method of verifying the integrity of digital content. At a source of the digital content, the method generates a signature for the digital content by applying a hashing function to a particular portion of the digital content, where the particular portion is less than the entire digital content. The method supplies the signature and the digital content to a device. At the device, the method applies the hashing function to the particular portion of the digital content in order to verify the supplied signature, and thereby verifies the integrity of the supplied digital content.

Abstract translation: 本发明的一些实施例提供了一种验证数字内容的完整性的方法。 在数字内容的源头上，该方法通过对数字内容的特定部分应用散列函数来生成数字内容的签名，其中特定部分小于整个数字内容。 该方法将签名和数字内容提供给设备。 在该设备中，该方法将哈希函数应用于数字内容的特定部分，以验证所提供的签名，从而验证所提供的数字内容的完整性。

公开(公告)号：US20240320721A1

公开(公告)日：2024-09-26

申请号：US18418654

申请日：2024-01-22

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q30/0601 ,  B63H20/02 ,  B63H20/06 ,  G06Q20/00

CPC classification number: G06Q30/0601 ,  B63H20/02 ,  B63H20/06 ,  G06Q20/00

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US11727376B2

公开(公告)日：2023-08-15

申请号：US16417470

申请日：2019-05-20

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Thomas Dowdy ,  Gianpaolo Fasoli

IPC: G06Q20/12 ,  H04N21/00 ,  G06F21/10 ,  G06F21/62

CPC classification number: G06Q20/1235 ,  G06F21/10 ,  G06F21/6218 ,  H04N21/00 ,  G06Q2220/12

Abstract: A method for distributing content. The method distributes a single media storage structure to a device (e.g., a computer, portable player, etc.). The media storage structure includes first and second pieces of encrypted content. Based on whether the device is allowed to access the first piece of content, the second piece of content, or both, the method provides the device with a set of keys for decrypting the pieces of the content that the device is able to access. The provided set of keys might include one or more keys for decrypting only one of the two encrypted pieces of content. Alternatively, it might include one or more keys for decrypting both encrypted pieces of content. For instance, the selected set of keys might include a first key for decrypting the first encrypted piece and a second key for decrypting the second encrypted piece.

公开(公告)号：US20210319418A1

公开(公告)日：2021-10-14

申请号：US17306640

申请日：2021-05-03

Applicant: Apple Inc.

Inventor： Thomas Alsina ,  Augustin J. Farrugia ,  Edward T. Schmidt ,  Gianpaolo Fasoli ,  Sean B. Kelly

IPC: G06Q20/12 ,  H04L29/08 ,  H04L29/06 ,  G06Q20/40 ,  G06Q20/22 ,  G06F21/10 ,  G06Q10/06

Abstract: One or more user accounts can be linked together to form a group of linked user accounts to access content items assigned to the other user accounts in the group of linked user accounts. Prior to completing a purchase for a content item, a requesting user can be alerted that a member of the group of linked user accounts has access to the content item. Content items assigned to a member of a group of linked user accounts can be downloaded by one or more other members of the group of linked user accounts along with a Digital Rights Management (DRM) key that enables use of the content item. The DRM key can represent the group relationship between the downloading user account and the content owner's user account to which the content item is assigned.

公开(公告)号：US10423763B2

公开(公告)日：2019-09-24

申请号：US16012388

申请日：2018-06-19

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Apoorva Govind ,  Augustin J. Farrugia ,  Raffi T. Khatchadourian

IPC: G06F21/10 ,  H04W4/60 ,  G06F16/22 ,  H04L29/06 ,  H04N21/254 ,  H04N21/6334

Abstract: User accounts can be linked together to form a group of linked user accounts that can access content items assigned to the other user accounts in the group. A user can download content items assigned to their user account, as well as shared content items assigned to one of the other user accounts in the group of linked user accounts. Use of shared content items can be restricted to client devices running specified versions of an operating system. The key ID tagged to a shared content item can be altered such that the key ID no longer correctly identifies the corresponding DRM key that enables use of the shared content item. Client devices authorized to use shared content items can be configured to recognize that a content item is a shared content item and generate the original key ID form the altered key ID.

公开(公告)号：US20180089465A1

公开(公告)日：2018-03-29

申请号：US15707847

申请日：2017-09-18

Applicant: Apple Inc.

Inventor： Lucas O. Winstrom ,  Eric D. Friedman ,  Ritwik K. Kumar ,  Jeremy M. Stober ,  Amol V. Pattekar ,  Benoit Chevallier-Mames ,  Julien Lerouge ,  Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: G06F21/64 ,  G06Q10/10 ,  H04L9/32 ,  H04L12/58 ,  H04L29/06

CPC classification number: G06F21/64 ,  G06F21/55 ,  G06Q10/107 ,  H04L9/3247 ,  H04L51/12 ,  H04L51/22 ,  H04L63/1441 ,  H04L2463/144

Abstract: Systems and methods are described for rate-limiting a message-sending client interacting with a message service based on dynamically calculated risk assessments of the probability that the client is, or is not, a sender of a spam messages. The message service sends a proof of work problem to a sending client device with a difficulty level that is related to a risk assessment that the client is a sender of spam messages. The message system limits the rate at which a known or suspected spammer can send messages by giving the known or suspected spammer client harder proof of work problems to solve, while minimizing the burden on normal users of the message system by given them easier proof of work problems to solve that can typically be solved by the client within the time that it takes to type a message.

公开(公告)号：US09530133B2

公开(公告)日：2016-12-27

申请号：US14685429

申请日：2015-04-13

Applicant: Apple Inc.

Inventor： Jonathan G. McLachlan ,  Augustin J. Farrugia ,  Nicholas T. Sullivan

IPC: G06F21/31 ,  G06Q20/40 ,  H04L29/06

CPC classification number: G06Q20/4014 ,  G06F21/31 ,  G06F2221/2101 ,  G06F2221/2103 ,  H04L63/08

Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.