公开(公告)号：US11177955B2

公开(公告)日：2021-11-16

申请号：US16528532

申请日：2019-07-31

Applicant: Apple Inc.

Inventor： Frederic Jacobs ,  Thomas Icart ,  Yannick L. Sierra

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32 ,  H04L9/06 ,  H04W4/70

Abstract: One embodiment provides for an electronic device, comprising a network interface, a memory coupled with the network interface, at least one application processor coupled with the memory, the at least one processor to execute instructions stored in the memory, and a secure processor including a cryptographic engine, wherein the cryptographic engine is to generate a sealed encrypted message to be transmitted via the network interface, the sealed encrypted message encrypted on behalf of the at least one application processor and includes a signature to enable integrity verification of the sealed encrypted message, the signature generated based on an identity key of the electronic device and data including ciphertext of the encrypted message and a public key of a recipient of the sealed encrypted message.

公开(公告)号：US11025418B2

公开(公告)日：2021-06-01

申请号：US16436328

申请日：2019-06-10

Applicant: Apple Inc.

Inventor： Kumar Saurav ,  Jerrold V. Hauck ,  Yannick L. Sierra ,  Charles E. Gray ,  Roberto G. Yepez ,  Samuel Gosselin ,  Petr Kostka ,  Wade Benson

IPC: H04L9/08 ,  G06F21/60 ,  G06F21/74

Abstract: A device may include a secure processor and a secure memory coupled to the secure processor. The secure memory may be inaccessible to other device systems. The secure processor may store some keys and/or entropy values in the secure memory and other keys and/or entropy values outside the secure memory. The keys and/or entropy values stored outside the secure memory may be encrypted using information stored inside the secure memory.

公开(公告)号：US20210028928A1

公开(公告)日：2021-01-28

申请号：US16982513

申请日：2019-03-19

Applicant: Apple Inc.

Inventor： Sriram Hariharan ,  Yannick L. Sierra ,  Frederic Jacobs

IPC: H04L9/08 ,  H04L29/06

Abstract: Techniques are disclosed relating to using a device to gain access to another system. In some embodiments, a first mobile device performs a pairing operation with a control unit that controls access to a system, the pairing operation including the first mobile device establishing a first cryptographic key with the control unit. The first mobile device receives a request to enable a second mobile device to communicate with the control unit, and in response to receiving the request, the first mobile device generates a second cryptographic key from the first cryptographic key. The first mobile device provides the second cryptographic key to the second mobile device. The second mobile device is configured to send a beacon including a payload encrypted with the second cryptographic key, and the encrypted payload is usable to authenticate the second mobile device to the control unit.

公开(公告)号：US20200382297A1

公开(公告)日：2020-12-03

申请号：US16888157

申请日：2020-05-29

Applicant: Apple Inc.

Inventor： Bailey E. Basile ,  Keaton F. Mowery ,  Yannick L. Sierra ,  Frederic Jacobs ,  Ryan W. Baker

IPC: H04L9/30 ,  H04L9/32 ,  G06F16/18 ,  G06F16/22 ,  H04L9/08

Abstract: Techniques are disclosed relating to secure message exchanges. In some embodiments, a first computing device generates an account key associated with a user account shared by a plurality of computing devices. The first computing device signs a public key of the first computing device with the generated account key to produce a digital signature and sends the public key and the digital signature to a first server system for distributing the public key to a second computing device attempting to send an encrypted message to the first computing device. The first computing device sends the account key to an external storage external usable by others of the plurality of computing devices to obtain the account key and use the account key to sign public keys of the other computing devices. The first computing device receives, from the second computing device, the encrypted message encrypted using the public key.

公开(公告)号：US20200235914A1

公开(公告)日：2020-07-23

申请号：US16733515

申请日：2020-01-03

Applicant: Apple Inc.

Inventor： Dawei Zhang ,  Fangli Xu ,  Haijing Hu ,  Huarui Liang ,  Lijia Zhang ,  Robert K. Kitchens ,  Samuel D. Post ,  Shu Guo ,  Xiangying Yang ,  Yannick L. Sierra ,  Yuqin Chen

IPC: H04L9/06 ,  H04L29/06 ,  H04W12/06 ,  H04L9/08 ,  H04W12/04

Abstract: Apparatuses, systems, and methods for generating and utilizing improved initialization vectors (IVs) when performing encryption and authentication in wireless communications. In some scenarios, a wireless communication device may generate one or more pseudorandom multi-bit values, e.g., using a respective plurality of key derivation functions (KDFs). A first portion of each value may be used as a respective key for encryption or authentication of traffic on the user plane or the control plane. A second portion of each value may be used as a nonce value in a respective IV for use with a respective key for encryption or authentication of traffic on the user plane or the control plane. In some scenarios, the nonce values may instead be generated as part of an additional pseudorandom value (e.g., by executing an additional KDF), from which all of the IVs may be drawn.

公开(公告)号：US10652736B2

公开(公告)日：2020-05-12

申请号：US16279961

申请日：2019-02-19

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Yannick L. Sierra ,  Ganesha A. G. Batta ,  Michael Giles ,  Akshay M Srivatsa ,  Craig P. Dooley ,  Sriram Hariharan ,  Robert D. Watson

IPC: H04L29/06 ,  H04W12/04 ,  H04L9/08 ,  H04L9/14 ,  H04W12/02

Abstract: Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.

公开(公告)号：US10552631B2

公开(公告)日：2020-02-04

申请号：US16297464

申请日：2019-03-08

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Abhradeep Guha Thakurta ,  Umesh S. Vaishampayan ,  John C. Hurley ,  Keaton F. Mowery ,  Michael Brouwer

IPC: G06F21/62 ,  H04L9/06 ,  H04L29/06 ,  H04L9/08

Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.

公开(公告)号：US10423804B2

公开(公告)日：2019-09-24

申请号：US15275273

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  Conrad Sauerwald ,  Mitchell D. Adler ,  Michael Brouwer ,  Timothee Geoghegan ,  Andrew R. Whalley ,  David P. Finkelstein ,  Yannick L. Sierra

IPC: G06F21/72 ,  H04L9/08 ,  H04L9/14 ,  G06F21/32

Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.

公开(公告)号：US10271209B2

公开(公告)日：2019-04-23

申请号：US15275231

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Yannick L. Sierra ,  Ganesha A. G. Batta ,  Michael Giles ,  Akshay M. Srivatsa ,  Craig P. Dooley ,  Sriram Hariharan ,  Robert D. Watson

IPC: H04L29/06 ,  H04W12/04 ,  H04L9/08 ,  H04L9/14 ,  H04W12/02

Abstract: Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.

公开(公告)号：US10270597B2

公开(公告)日：2019-04-23

申请号：US15273622

申请日：2016-09-22

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Mitchell D. Adler

IPC: H04L9/30 ,  H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04L29/06 ,  H04W12/08

Abstract: Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.