公开(公告)号：US09892267B1

公开(公告)日：2018-02-13

申请号：US15372697

申请日：2016-12-08

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F11/30 ,  G06F21/60 ,  G06F21/62

CPC classification number: G06F21/602 ,  G06F21/32 ,  G06F21/6218 ,  G06F21/71 ,  G09C1/00 ,  H04L9/0866 ,  H04L9/0877 ,  H04L9/30 ,  H04L9/3231 ,  H04L2209/125

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

公开(公告)号：US20170359169A1

公开(公告)日：2017-12-14

申请号：US15497203

申请日：2017-04-26

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: H04L9/08 ,  H04L9/14 ,  H04W12/08 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06

CPC classification number: G06F9/44505 ,  H04L9/0822 ,  H04L9/085 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3226 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/08 ,  H04L63/083 ,  H04L63/107 ,  H04L63/108 ,  H04L63/1466 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US20170357830A1

公开(公告)日：2017-12-14

申请号：US15275273

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  Conrad Sauerwald ,  Mitchell D. Adler ,  Michael Brouwer ,  Timothee Geoghegan ,  Andrew R. Whalley ,  David P. Finkelstein ,  Yannick L. Sierra

IPC: G06F21/72 ,  G06F21/32 ,  G06F12/14 ,  H04L9/08 ,  H04L9/14

Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.

公开(公告)号：US20170357523A1

公开(公告)日：2017-12-14

申请号：US15275203

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: G06F9/445 ,  H04W12/04 ,  H04W12/06 ,  H04L29/06

CPC classification number: G06F9/44505 ,  H04L9/0822 ,  H04L9/085 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3226 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/08 ,  H04L63/083 ,  H04L63/107 ,  H04L63/108 ,  H04L63/1466 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US09825762B2

公开(公告)日：2017-11-21

申请号：US15268471

申请日：2016-09-16

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L29/12 ,  G06F21/62 ,  H04L9/08 ,  G06F21/00 ,  H04L29/06 ,  G06F21/33 ,  G06F21/44 ,  G06F21/60 ,  G06F21/64

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US20170222992A1

公开(公告)日：2017-08-03

申请号：US15274999

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Andrew Roger Whalley

IPC: H04L29/06 ,  G06F21/10

CPC classification number: H04L63/061 ,  G06F21/10 ,  G06F21/31 ,  G06F21/35 ,  G06F21/6209 ,  G06F21/78 ,  H04L9/0841 ,  H04L9/0894 ,  H04L63/102 ,  H04L2209/603 ,  H04L2463/101

Abstract: Some embodiments provide convenient auto-authentication for user data on a primary device, while still providing a significant level of security, by taking advantage of existing security and cryptographic measures used to communicate with a secondary device. The primary device of some embodiments encrypts the user data on the primary device using a cryptographic key based on a set of keys received from the secondary device. In some embodiments, the primary device encrypts authentication data, or a local key generated from the authentication data, using a remote key received from the secondary device, and encrypts the user data with the local key. In some embodiments, the keys received from the secondary device are an existing set of keys for establishing an encrypted channel of communication for transmitting digital rights management (DRM) protected content according to a DRM protection scheme.

公开(公告)号：US09684801B2

公开(公告)日：2017-06-20

申请号：US14827532

申请日：2015-08-17

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/60 ,  H04L29/08 ,  H04L9/08 ,  G06F17/30

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that provides data protection for a device when synchronizing a set of keychains stored on the device with a set of other devices. The program receives keychain data for synchronizing the set of keychains stored on the device with the set of other devices. The keychain data is specified as belonging to a protection domain. The program determines whether a set of conditions defined for the protection domain is satisfied. When the set of conditions is determined as satisfied, the program allows access to the keychain data in order to process the keychain data and synchronize the set of keychains stored on the device with the set of other devices.

公开(公告)号：US20170012974A1

公开(公告)日：2017-01-12

申请号：US15273622

申请日：2016-09-22

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Mitchell D. Adler

IPC: H04L29/06 ,  H04L9/08 ,  H04W12/06 ,  H04L9/30 ,  H04W12/04 ,  H04L9/32 ,  H04L9/14

CPC classification number: H04L9/30 ,  H04L9/0833 ,  H04L9/0863 ,  H04L9/14 ,  H04L9/3247 ,  H04L63/0884 ,  H04L63/0892 ,  H04L63/104 ,  H04L2209/80 ,  H04W12/08

Abstract: Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.

Abstract translation: 一些实施例提供了一种用于第一设备加入一组相关设备的方法。 该方法接收到具有集中实体的帐户的密码输入和由组中的第二设备生成的代码。 当第二设备确定在第一设备上输入的代码与生成的代码匹配时，该方法从第二设备接收认证代码，用于授权具有该实体的第一设备作为该帐户的有效设备。 该方法使用密码和有关第一个设备的信息来生成组的应用程序。 在将应用发送到第二设备之后，该方法从第二设备接收使第一设备能够将自身添加到组中的信息。 第二设备验证生成的应用程序，并且该方法使用从第二设备接收的信息加入该组。

公开(公告)号：US20170011234A1

公开(公告)日：2017-01-12

申请号：US15274733

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F21/62 ,  G06F17/30 ,  H04L29/08

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.

Abstract translation: 一些实施例提供了将存储在设备上的钥匙串与一组其他设备同步的程序。 钥匙扣包括一套钥匙扣项目。 程序接收（1）用于更新存储在设备上的钥匙串的钥匙串项的列表，以及（2）表示钥匙串项目列表中指定的钥匙串项的数据。 对于钥匙串项列表中的每个钥匙串项，程序使用代表钥匙串项的数据来更新存储在设备上的钥匙串。

公开(公告)号：US20160350238A1

公开(公告)日：2016-12-01

申请号：US14871484

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: G06F12/14 ,  G06F11/14

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the devices. The method receives a command to create a backup for a subset of data synchronized between a subset of the devices, which is a subset of all data synchronized between the devices. The method identifies the subset of synchronization data from the set of all synchronization data. The subset of synchronization data is tagged as pertaining to a particular set of criteria for synchronization between only the subset of devices. The method stores a backup of the subset of synchronization data in a backup storage encrypted in such a way that requires a recovery key associated with any one of the devices in the subset of devices to access the backup while preventing access to the backup with recovery keys of any of the other devices.

Abstract translation: 一些实施例为一组相关设备中的特定设备提供用于备份在设备之间同步的数据的方法。 该方法接收命令以创建在设备子集之间同步的数据子集的备份，这是设备之间同步的所有数据的子集。 该方法从所有同步数据的集合中识别同步数据的子集。 同步数据的子集被标记为仅在设备子集之间进行同步的特定标准集合。 所述方法将备份所述同步数据的子集存储在备份存储器中，所述备份存储器以需要与所述设备子集中的所述设备中的任一个相关联的恢复密钥加密的方式来访问所述备份，同时防止使用恢复密钥访问所述备份 的任何其他设备。