-
公开(公告)号:US20160308674A1
公开(公告)日:2016-10-20
申请号:US14827532
申请日:2015-08-17
Applicant: Apple Inc.
Inventor: Michael Brouwer , Dallas B. De Atley , Mitchell D. Adler
CPC classification number: G06F21/6263 , G06F17/30581 , G06F21/606 , G06F21/62 , H04L9/0816 , H04L63/0428 , H04L63/062 , H04L63/10 , H04L63/166 , H04L63/20 , H04L67/104 , H04L67/1095 , H04L67/1097 , H04L2209/24
Abstract: Some embodiments provide a program that provides data protection for a device when synchronizing a set of keychains stored on the device with a set of other devices. The program receives keychain data for synchronizing the set of keychains stored on the device with the set of other devices. The keychain data is specified as belonging to a protection domain. The program determines whether a set of conditions defined for the protection domain is satisfied. When the set of conditions is determined as satisfied, the program allows access to the keychain data in order to process the keychain data and synchronize the set of keychains stored on the device with the set of other devices.
Abstract translation: 一些实施例提供了一种在将设备上存储的一组钥匙串与一组其他设备同步时为设备提供数据保护的程序。 该程序接收用于使存储在设备上的一组密钥串与其他设备的集合同步的钥匙串数据。 钥匙串数据被指定为属于保护域。 该程序确定是否满足为保护域定义的一组条件。 当满足条件集合时,程序允许访问钥匙串数据,以便处理钥匙串数据并使存储在设备上的一组密钥串与其他设备的集合同步。
-
公开(公告)号:US20160065548A1
公开(公告)日:2016-03-03
申请号:US14937830
申请日:2015-11-10
Applicant: Apple Inc.
Inventor: Michael Brouwer , Dallas B. De Atley , Mitchell D. Adler
CPC classification number: H04L63/061 , G06F17/30174 , G06F17/30575 , H04L9/12 , H04L9/3247 , H04L12/185 , H04L12/44 , H04L63/062 , H04L63/065 , H04L63/068 , H04L63/104 , H04L67/104 , H04L67/1042 , H04L67/1095 , H04L2209/122 , H04W84/18
Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.
Abstract translation: 一些实施例提供了一种非暂时机器可读介质,其存储当设备的至少一个处理单元执行时将存储在设备上的一组密钥链与一组其他设备同步的程序。 设备和其他设备的集合通过对等(P2P)网络彼此通信地耦合。 该程序接收对存储在设备上的一组钥匙串中的钥匙串的修改。 该程序为该组其他设备中的每个设备生成更新请求,以便将存储在设备上的一组密钥链与该组其他设备同步。 该程序通过一组独立的安全通信信道通过P2P网络将该组更新请求发送到其他设备的集合。
-
63.发明申请ACCESSORY AND MOBILE COMPUTING DEVICE COMMUNICATION USING AN APPLICATION COMMUNICATION PROTOCOL 审中-公开使用应用程序通信协议的附件和移动计算设备通信公开(公告)号:US20160036949A1
公开(公告)日:2016-02-04
申请号:US14742501
申请日:2015-06-17
Applicant: Apple Inc.
Inventor: Paul-Phillip Holden , Lawrence G. Bolton , Nitin Ganatra , Mitchell D. Adler , Emily Clark Schubert , Jesse Lee Dorogusker
IPC: H04M1/02
CPC classification number: H04M1/0254 , G06F13/385 , H04M1/72527 , H04M1/7253
Abstract: Embodiments of the present invention provide various communication techniques for communication between a mobile computing device and an accessory. An accessory protocol that is generic to the mobile computing device can be used for some communication. An application executing at the mobile computing device can communicate with the accessory using an application communication protocol. In some embodiments, the application communication protocol can be different from the accessory communication protocol. In other embodiments the application protocol may only be recognized by the application and the accessory. In some embodiments, messages conforming to an application protocol can be communicated between the application and the accessory by packaging the messages inside a message conforming to the accessory communication protocol.
Abstract translation: 本发明的实施例提供了用于移动计算设备和附件之间的通信的各种通信技术。 通用于移动计算设备的附件协议可用于一些通信。 在移动计算设备处执行的应用可以使用应用通信协议与附件进行通信。 在一些实施例中,应用通信协议可以不同于附件通信协议。 在其他实施例中,应用协议仅可由应用程序和附件识别。 在一些实施例中,符合应用协议的消息可以通过将消息封装在符合附件通信协议的消息内,在应用和附件之间进行通信。
-
公开(公告)号:US20140208404A1
公开(公告)日:2014-07-24
申请号:US13839084
申请日:2013-03-15
Applicant: Apple Inc.
Inventor: Michael Brouwer , Dallas B. De Atley , Mitchell D. Adler
IPC: H04L29/06
CPC classification number: G06F21/6263 , G06F17/30581 , G06F21/606 , G06F21/62 , H04L9/0816 , H04L63/0428 , H04L63/062 , H04L63/10 , H04L63/166 , H04L63/20 , H04L67/104 , H04L67/1095 , H04L67/1097 , H04L2209/24
Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.
Abstract translation: 一些实施例提供了将存储在设备上的钥匙串与一组其他设备同步的程序。 钥匙扣包括一套钥匙扣项目。 程序接收(1)用于更新存储在设备上的钥匙串的钥匙串项的列表,以及(2)表示钥匙串项目列表中指定的钥匙串项的数据。 对于钥匙串项列表中的每个钥匙串项,程序使用代表钥匙串项的数据来更新存储在设备上的钥匙串。
-
公开(公告)号:US20140086406A1
公开(公告)日:2014-03-27
申请号:US13626476
申请日:2012-09-25
Applicant: APPLE INC.
Inventor: R. Stephen Polzin , Fabrice L. Gautier , Mitchell D. Adler , Conrad Sauerwald , Michael L.H. Brouwer
IPC: H04L9/00
CPC classification number: H04L9/0861 , G06F21/72 , G09C1/00 , H04L9/0822 , H04L9/0897 , H04L2209/24
Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.
Abstract translation: SOC实现安全飞地处理器(SEP)。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离(例如SOC中的一个或多个中央处理单元(CPU),或SOC中的应用处理器(AP))。 对SEP的访问可以由硬件严格控制。 例如,描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息,SEP可以读取并响应。 在一些实施例中,SEP可以包括以下一个或多个:使用包装密钥的安全密钥管理,引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。
-
Patent Agency Ranking
公开(公告)号:US11669244B2
公开(公告)日:2023-06-06
申请号:US16427235
申请日:2019-05-30
Applicant: Apple Inc.
Inventor: Mitchell D. Adler , Michael Brouwer , Andrew R. Whalley , John C. Hurley , Richard F. Murphy , David P. Finkelstein
IPC: G06F3/06 , H04L9/32 , H04L67/1095 , H04W4/08 , G06Q90/00 , G06Q10/06 , G06Q10/10 , H04L67/104
CPC classification number: G06F3/0604 , G06F3/065 , G06F3/0683 , G06Q10/06 , G06Q10/10 , G06Q90/00 , H04L9/3268 , H04L67/1095 , H04W4/08 , H04L67/1044
Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.
-
公开(公告)号:US11582215B2
公开(公告)日:2023-02-14
申请号:US15275203
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Wade Benson , Marc J. Krochmal , Alexander R. Ledwith , John Iarocci , Jerrold V. Hauck , Michael Brouwer , Mitchell D. Adler , Yannick L. Sierra
IPC: G06F7/04 , G06F17/30 , H04L9/40 , H04W12/041 , H04W12/086 , H04W12/0431 , G06F9/445 , H04W12/06 , H04L9/08 , H04L9/14 , H04L9/32
Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.
-
公开(公告)号:US10853504B1
公开(公告)日:2020-12-01
申请号:US16691900
申请日:2019-11-22
Applicant: Apple Inc.
Inventor: Timothy R. Paaske , Mitchell D. Adler , Conrad Sauerwald , Fabrice L. Gautier , Shu-Yi Yu
Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
-
公开(公告)号:US10686767B2
公开(公告)日:2020-06-16
申请号:US15274999
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Mitchell D. Adler , Andrew Roger Whalley
Abstract: Some embodiments provide convenient auto-authentication for user data on a primary device, while still providing a significant level of security, by taking advantage of existing security and cryptographic measures used to communicate with a secondary device. The primary device of some embodiments encrypts the user data on the primary device using a cryptographic key based on a set of keys received from the secondary device. In some embodiments, the primary device encrypts authentication data, or a local key generated from the authentication data, using a remote key received from the secondary device, and encrypts the user data with the local key. In some embodiments, the keys received from the secondary device are an existing set of keys for establishing an encrypted channel of communication for transmitting digital rights management (DRM) protected content according to a DRM protection scheme.
-
公开(公告)号:US10652736B2
公开(公告)日:2020-05-12
申请号:US16279961
申请日:2019-02-19
Applicant: Apple Inc.
Inventor: Mitchell D. Adler , Yannick L. Sierra , Ganesha A. G. Batta , Michael Giles , Akshay M Srivatsa , Craig P. Dooley , Sriram Hariharan , Robert D. Watson
Abstract: Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.
-
-
-
-
-
-
-
-
-
Search Results
84
records
(took 0.024 seconds)
