公开(公告)号：US20250097018A1

公开(公告)日：2025-03-20

申请号：US18542176

申请日：2023-12-15

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Elad Efrat ,  David Tamagno ,  Armaiti Ardeshiricham ,  Wade Benson ,  Yannick L. Sierra

IPC: H04L9/08

Abstract: Techniques are disclosed relating to cryptographic key exchanges. In some embodiments, a first device belonging to a first device group receives a request to perform a key exchange to establish a shared secret with a second device belonging to a second device group. The first device verifies a key authorization data structure issued by a key authority, the key authorization data structure including a first public key of a first participant authority authorized to identify members of the first device group and a second public key of a second participant authority authorized to identify members of the second device group. In response to the verifying being successful, the first device performs the requested exchange using a public key pair attested to by the first participant authority as belonging to a member in the first device group.

公开(公告)号：US20250094602A1

公开(公告)日：2025-03-20

申请号：US18541961

申请日：2023-12-15

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Elad Efrat ,  David Tamagno ,  Armaiti Ardeshiricham ,  Wade Benson ,  Yannick L. Sierra

IPC: G06F21/60 ,  G06F21/72

Abstract: Techniques are disclosed relating to cryptographic key exchanges. In some embodiments, a computing device includes a cryptographic circuit coupled to a secure memory inaccessible to a processor of the computing device. Program instructions executing on the computing device can request performance of a key exchange to establish a shared secret with another device. The cryptographic circuit is configured to perform the key exchange including deriving the shared secret using private key material maintained in the secure memory. In some embodiments, the key exchange includes verifying a key authorization data structure issued by a key authority including a first public key of a first participant authority and a second public key of a second participant authority. In response to the verifying being successful, the exchange uses a public key pair attested to by the first participant authority as belonging to a member in the first device group.