公开(公告)号：US11287942B2

公开(公告)日：2022-03-29

申请号：US16843638

申请日：2020-04-08

Applicant: Apple Inc.

Inventor： Byron Han ,  Matthew E. Shepherd ,  Imran Chaudhri ,  Gregory N. Christie ,  Patrick L. Coffman ,  Craig M. Federighi ,  Matthew H. Gamble ,  Brittany D. Paine ,  Brendan J. Langoulant ,  Craig A. Marciniak ,  Donald W. Pitschel ,  Daniel O. Schimpf ,  Andrew R. Whalley ,  Christopher R. Whitney ,  Jonathan R. Dascola ,  Lawrence Y. Yang

IPC: G06F3/048 ,  G06F3/0481 ,  G06F3/04883 ,  G06F21/31 ,  G06F21/32 ,  H04W12/06 ,  H04L29/06 ,  H04L9/32 ,  G06F21/41 ,  G06V40/13 ,  G06V40/12 ,  H04W88/02 ,  H04W12/68

Abstract: An electronic device with a display and a fingerprint sensor displays a fingerprint enrollment interface and detects, on the fingerprint sensor, a plurality of finger gestures performed with a finger. The device collects fingerprint information from the plurality of finger gestures performed with the finger. After collecting the fingerprint information, the device determines whether the collected fingerprint information is sufficient to enroll a fingerprint of the finger. When the collected fingerprint information for the finger is sufficient to enroll the fingerprint of the finger, the device enrolls the fingerprint of the finger with the device. When the collected fingerprint information for the finger is not sufficient to enroll the fingerprint of the finger, the device displays a message in the fingerprint enrollment interface prompting a user to perform one or more additional finger gestures on the fingerprint sensor with the finger.

公开(公告)号：US10747435B2

公开(公告)日：2020-08-18

申请号：US16250890

申请日：2019-01-17

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: G06F3/06 ,  H04L29/08 ,  H04W4/08 ,  H04L9/32 ,  G06Q90/00 ,  G06Q10/06 ,  G06Q10/10

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

公开(公告)号：US10587654B2

公开(公告)日：2020-03-10

申请号：US16048934

申请日：2018-07-30

Applicant: Apple Inc.

Inventor： Aaron M. Sigel ,  Andrew R. Whalley ,  Awartika Pandey ,  Robert J. Walsh

IPC: H04L29/06 ,  H04W12/00 ,  H04W12/02 ,  H04W12/08 ,  H04W48/16 ,  H04W12/04

Abstract: A wireless device can obtain a network information record from another device operating as a credential source. The network information record can include network access information for a wireless network (e.g., SSID and password) and a usage policy specifying conditions under which the wireless device should search for the wireless network (e.g., temporal and/or spatial conditions). The wireless device can implement the usage policy by searching for the wireless network only when the conditions are satisfied. In some instances, the network access information can include instructions for dynamically generating time-varying network access information, and the wireless device can use the instructions to generate network access information during a search for wireless networks.

公开(公告)号：US10079880B2

公开(公告)日：2018-09-18

申请号：US14871210

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Richard F. Murphy ,  Yannick L. Sierra ,  Andrew R. Whalley

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/1044 ,  H04L63/0428 ,  H04L63/065 ,  H04L63/104 ,  H04L67/1095 ,  H04L67/22

Abstract: A method of identifying invalid participants in a synchronization group. The method generates a device synchronization group identifier (DSGI) for a first device from a device-specific key of the first device. The method joins the first device in the synchronization group by using the DSGI of the first device. Prior to the joining of the first device, the synchronization group stores a set of DSGIs of a set of devices that have joined the synchronization group. The method determines that a particular DSGI stored in the synchronization group is the same as the DSGI of the first device. The method identifies the particular DSGI stored in the synchronization group as a DSGI of an invalid participant of the synchronization group.

公开(公告)号：US20160359965A1

公开(公告)日：2016-12-08

申请号：US14871210

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Richard F. Murphy ,  Yannick L. Sierra ,  Andrew R. Whalley

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/1044 ,  H04L63/0428 ,  H04L63/065 ,  H04L63/104 ,  H04L67/1095 ,  H04L67/22

Abstract: A method of identifying invalid participants in a synchronization group. The method generates a device synchronization group identifier (DSGI) for a first device from a device-specific key of the first device. The method joins the first device in the synchronization group by using the DSGI of the first device. Prior to the joining of the first device, the synchronization group stores a set of DSGIs of a set of devices that have joined the synchronization group. The method determines that a particular DSGI stored in the synchronization group is the same as the DSGI of the first device. The method identifies the particular DSGI stored in the synchronization group as a DSGI of an invalid participant of the synchronization group.

Abstract translation: 识别同步组中的无效参与者的方法。 该方法从第一设备的设备专用密钥生成第一设备的设备同步组标识符（DSGI）。 该方法通过使用第一个设备的DSGI连接同步组中的第一个设备。 在加入第一设备之前，同步组存储已经加入同步组的一组设备的DSGI集合。 该方法确定存储在同步组中的特定DSGI与第一设备的DSGI相同。 该方法将同步组中存储的特定DSGI标识为同步组的无效参与者的DSGI。

公开(公告)号：US20140025521A1

公开(公告)日：2014-01-23

申请号：US13668109

申请日：2012-11-02

Applicant: APPLE INC.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q30/06

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

Abstract translation: 在一个实施例中，唯一的（或准唯一的）标识符可以由应用商店或其他在线商店接收，并且商店可以创建包括从唯一标识符所期望的数据的签名收据。 然后将该签名的收据发送到运行从在线商店获取的应用的设备，并且设备可以通过从签名的收据导出唯一（或准唯一）标识符来验证收据，并将导出的标识符与 存储在设备上的设备标识符或分配给应用供应商的供应商标识符。

公开(公告)号：US11764954B2

公开(公告)日：2023-09-19

申请号：US16730931

申请日：2019-12-30

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L9/40 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

CPC classification number: H04L9/0861 ,  G06F21/32 ,  G06F21/72 ,  G06F21/74 ,  G06F21/78 ,  H04L9/006 ,  H04L9/0877 ,  H04L9/14 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L9/3263 ,  H04L9/3268 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  G06F13/28 ,  G06F13/4063 ,  G06F21/79 ,  H04L2209/12 ,  H04L2209/127 ,  H04L2463/081

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US11494046B2

公开(公告)日：2022-11-08

申请号：US16369473

申请日：2019-03-29

Applicant: Apple Inc.

Inventor： Byron Han ,  Matthew E. Shepherd ,  Imran Chaudhri ,  Gregory N. Christie ,  Patrick L. Coffman ,  Craig M. Federighi ,  Matthew H. Gamble ,  Brittany D. Paine ,  Brendan J. Langoulant ,  Craig A. Marciniak ,  Donald W. Pitschel ,  Daniel O. Schimpf ,  Andrew R. Whalley ,  Christopher R. Whitney ,  Jonathan R. Dascola ,  Lawrence Y. Yang

IPC: G06F3/048 ,  G06F3/0481 ,  G06F3/04883 ,  G06F21/31 ,  G06F21/32 ,  H04W12/06 ,  H04L9/40 ,  H04L9/32 ,  G06F21/41 ,  G06V40/12 ,  H04W88/02 ,  H04W12/68

Abstract: An electronic device with a display and a fingerprint sensor displays a fingerprint enrollment interface and detects, on the fingerprint sensor, a plurality of finger gestures performed with a finger. The device collects fingerprint information from the plurality of finger gestures performed with the finger. After collecting the fingerprint information, the device determines whether the collected fingerprint information is sufficient to enroll a fingerprint of the finger. When the collected fingerprint information for the finger is sufficient to enroll the fingerprint of the finger, the device enrolls the fingerprint of the finger with the device. When the collected fingerprint information for the finger is not sufficient to enroll the fingerprint of the finger, the device displays a message in the fingerprint enrollment interface prompting a user to perform one or more additional finger gestures on the fingerprint sensor with the finger.

公开(公告)号：US10536271B1

公开(公告)日：2020-01-14

申请号：US15435229

申请日：2017-02-16

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Conrad Sauerwald ,  Jerrold V. Hauck ,  Timothy R. Paaske ,  Zhimin Chen ,  Andrew R. Whalley

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32 ,  G06F21/70 ,  G06F21/73 ,  G06F21/57

Abstract: Systems and methods are disclosed for generating one or more hardware reference keys (HRK) on a computing device, and for attesting to the validity of the hardware reference keys. An initial hardware reference key can be a silicon attestation key (SIK) generated during manufacture of a computing system, such as a system-on-a-chip. The SIK can comprise an asymmetric key pair based at least in part on an identifier of the processing system type and a unique identifier of the processing system. The SIK can be signed by the computing system and stored thereon. The SIK can be used to generate further HRKs on the computing device that can attest to the processing system type of the computing device and an operating system version that was running when the HRK was generated. The computing device can generate an HRK attestation (HRKA) for each HRK generated on the computing system.

公开(公告)号：US10484172B2

公开(公告)日：2019-11-19

申请号：US15173647

申请日：2016-06-04

Applicant: Apple Inc.

Inventor： Libor Sykora ,  Wade Benson ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L29/06 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. In some embodiments, the secure circuit is configured to generate a public key and a private key for an application, and receive, from the application via an API, a request to perform a cryptographic operation using the private key. The secure circuit is further configured to perform the cryptographic operation in response to the request.