公开(公告)号：US11178127B2

公开(公告)日：2021-11-16

申请号：US15497203

申请日：2017-04-26

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: H04W12/08 ,  H04L29/06 ,  H04W12/041 ,  H04W12/086 ,  H04W12/0431 ,  G06F9/445 ,  H04W12/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US20190205561A1

公开(公告)日：2019-07-04

申请号：US16297464

申请日：2019-03-08

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Abhradeep Guha Thakurta ,  Umesh S. Vaishampayan ,  John C. Hurley ,  Keaton F. Mowery ,  Michael Brouwer

IPC: G06F21/62 ,  H04L9/08 ,  H04L9/06 ,  H04L29/06

CPC classification number: G06F21/6218 ,  G06F21/6245 ,  H04L9/0631 ,  H04L9/0861 ,  H04L63/0421 ,  H04L63/0435

Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.

公开(公告)号：US10079677B2

公开(公告)日：2018-09-18

申请号：US15173643

申请日：2016-06-04

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14

CPC classification number: H04L9/0861 ,  G06F13/28 ,  G06F13/4063 ,  G06F21/32 ,  G06F21/72 ,  G06F21/74 ,  G06F21/78 ,  G06F21/79 ,  H04L9/006 ,  H04L9/0877 ,  H04L9/14 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L9/3263 ,  H04L9/3268 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  H04L2209/12 ,  H04L2209/127 ,  H04L2463/081

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US20170373843A1

公开(公告)日：2017-12-28

申请号：US15173643

申请日：2016-06-04

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/00 ,  H04L9/14 ,  H04L9/32 ,  G06F21/32

CPC classification number: H04L9/0861 ,  G06F21/32 ,  G06F21/74 ,  H04L9/006 ,  H04L9/0877 ,  H04L9/14 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L9/3263 ,  H04L9/3268 ,  H04L2209/12 ,  H04L2209/127

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US09710673B2

公开(公告)日：2017-07-18

申请号：US15274733

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F21/00 ,  G06F21/62 ,  H04L29/06 ,  G06F21/60 ,  H04L29/08 ,  H04L9/08 ,  G06F17/30

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.

公开(公告)号：US09479583B2

公开(公告)日：2016-10-25

申请号：US14746793

申请日：2015-06-22

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F21/00 ,  H04L29/08 ,  H04L29/06 ,  G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.

公开(公告)号：US09124637B2

公开(公告)日：2015-09-01

申请号：US13839126

申请日：2013-03-15

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F7/04 ,  H04L9/32 ,  G06F21/62 ,  G06F21/60 ,  G06F17/30 ,  H04L29/06

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that provides data protection for a device when synchronizing a set of keychains stored on the device with a set of other devices. The program receives keychain data for synchronizing the set of keychains stored on the device with the set of other devices. The keychain data is specified as belonging to a protection domain. The program determines whether a set of conditions defined for the protection domain is satisfied. When the set of conditions is determined as satisfied, the program allows access to the keychain data in order to process the keychain data and synchronize the set of keychains stored on the device with the set of other devices.

Abstract translation: 一些实施例提供了一种在将设备上存储的一组钥匙串与一组其他设备同步时为设备提供数据保护的程序。 该程序接收用于使存储在设备上的一组密钥串与其他设备的集合同步的钥匙串数据。 钥匙串数据被指定为属于保护域。 该程序确定是否满足为保护域定义的一组条件。 当满足条件集合时，程序允许访问钥匙串数据，以便处理钥匙串数据并使存储在设备上的一组密钥串与其他设备的集合同步。

公开(公告)号：US11669244B2

公开(公告)日：2023-06-06

申请号：US16427235

申请日：2019-05-30

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: G06F3/06 ,  H04L9/32 ,  H04L67/1095 ,  H04W4/08 ,  G06Q90/00 ,  G06Q10/06 ,  G06Q10/10 ,  H04L67/104

CPC classification number: G06F3/0604 ,  G06F3/065 ,  G06F3/0683 ,  G06Q10/06 ,  G06Q10/10 ,  G06Q90/00 ,  H04L9/3268 ,  H04L67/1095 ,  H04W4/08 ,  H04L67/1044

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

公开(公告)号：US11582215B2

公开(公告)日：2023-02-14

申请号：US15275203

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: G06F7/04 ,  G06F17/30 ,  H04L9/40 ,  H04W12/041 ,  H04W12/086 ,  H04W12/0431 ,  G06F9/445 ,  H04W12/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US10552631B2

公开(公告)日：2020-02-04

申请号：US16297464

申请日：2019-03-08

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Abhradeep Guha Thakurta ,  Umesh S. Vaishampayan ,  John C. Hurley ,  Keaton F. Mowery ,  Michael Brouwer

IPC: G06F21/62 ,  H04L9/06 ,  H04L29/06 ,  H04L9/08

Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.