公开(公告)号：US09813389B2

公开(公告)日：2017-11-07

申请号：US15217674

申请日：2016-07-22

Applicant: Apple Inc.

Inventor： Conrad Sauerwald ,  Vrajesh Rajesh Bhavsar ,  Kenneth Buffalo McNeil ,  Thomas Brogan Duffy, Jr. ,  Michael Lambertus Hubertus Brouwer ,  Matthew John Byom ,  Mitchell David Adler ,  Eric Brandon Tamura

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/08 ,  G06F11/14 ,  H04W12/04 ,  H04L9/06 ,  H04W12/08

CPC classification number: H04L63/0428 ,  G06F11/1458 ,  G06F11/1464 ,  H04L9/0637 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0894 ,  H04L63/0435 ,  H04L63/061 ,  H04L2463/062 ,  H04W12/04 ,  H04W12/08

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

公开(公告)号：US10348497B2

公开(公告)日：2019-07-09

申请号：US15884200

申请日：2018-01-30

Applicant: Apple Inc.

Inventor： Michael Lambertus Hubertus Brouwer ,  Mitchell David Adler

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/14 ,  H04L9/06 ,  H04L9/30 ,  G06F21/62

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Additionally, a method of generating a cryptographic key based on a user-entered password and a device-specific identifier secret utilizing an encryption algorithm is disclosed.

公开(公告)号：US20150201324A1

公开(公告)日：2015-07-16

申请号：US14602639

申请日：2015-01-22

Applicant: Apple Inc.

Inventor： Jerry Hauck ,  Jeffrey Bush ,  Michael Lambertus Hubertus Brouwer ,  Daryl Mun-Kid Low

IPC: H04W8/20 ,  H04L29/12

CPC classification number: H04W8/205 ,  H04L61/6054 ,  H04W8/245 ,  H04W8/265 ,  H04W12/08

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket encoded with SIM policy data that corresponds to the combination of the device and one of a number of SIM cards belonging to a set of SIM cards defined by the SIM policy data. The activation ticket is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card in accordance with the SIM policy in the activation ticket, and initiates activation when the verification of the activation ticket is successful.

Abstract translation: 描述用于激活与服务提供商一起使用的移动设备的系统和方法。 在一个示例性方法中，具有当前插入的SIM卡的移动设备可以准备用于使用签名过程进行激活，其中激活服务器生成用SIM策略数据编码的签名激活票据，SIM策略数据对应于该设备的组合和 属于由SIM策略数据定义的一组SIM卡的SIM卡的数量。 激活票安全地存储在移动设备上。 在另一示例性方法中，可以在激活过程中激活移动设备，其中设备根据激活票中的SIM策略来验证针对设备和SIM卡特有的信息的激活票，并且当验证 激活票成功。

公开(公告)号：US09912476B2

公开(公告)日：2018-03-06

申请号：US15010858

申请日：2016-01-29

Applicant: Apple Inc.

Inventor： Michael Lambertus Hubertus Brouwer ,  Mitchell David Adler

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/14 ,  H04L9/06 ,  H04L9/30 ,  G06F21/62

CPC classification number: H04L9/0863 ,  G06F21/62 ,  H04L9/0643 ,  H04L9/0838 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3231 ,  H04L2209/80

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Additionally, a method of generating a cryptographic key based on a user-entered password and a device-specific identifier secret utilizing an encryption algorithm is disclosed.

公开(公告)号：US09572014B2

公开(公告)日：2017-02-14

申请号：US14602639

申请日：2015-01-22

Applicant: Apple Inc.

Inventor： Jerry Hauck ,  Jeffrey Bush ,  Michael Lambertus Hubertus Brouwer ,  Daryl Mun-Kid Low

IPC: H04M3/00 ,  H04W8/20 ,  H04W8/26 ,  H04L29/12 ,  H04W8/24 ,  H04W12/08

CPC classification number: H04W8/205 ,  H04L61/6054 ,  H04W8/245 ,  H04W8/265 ,  H04W12/08

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket encoded with SIM policy data that corresponds to the combination of the device and one of a number of SIM cards belonging to a set of SIM cards defined by the SIM policy data. The activation ticket is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card in accordance with the SIM policy in the activation ticket, and initiates activation when the verification of the activation ticket is successful.

Abstract translation: 描述用于激活与服务提供商一起使用的移动设备的系统和方法。 在一个示例性方法中，具有当前插入的SIM卡的移动设备可以准备用于使用签名过程进行激活，其中激活服务器生成用SIM策略数据编码的签名激活票据，SIM策略数据对应于该设备的组合和 属于由SIM策略数据定义的一组SIM卡的SIM卡的数量。 激活票安全地存储在移动设备上。 在另一示例性方法中，可以在激活过程中激活移动设备，其中设备根据激活票中的SIM策略来验证针对设备和SIM卡特有的信息的激活票，并且当验证 激活票成功。

公开(公告)号：US20170019383A1

公开(公告)日：2017-01-19

申请号：US15217674

申请日：2016-07-22

Applicant: Apple Inc.

Inventor： Conrad Sauderwald ,  Vrajesh Rajesh Bhavsar ,  Kenneth Buffalo McNeil ,  Thomas Brogan Duffy ,  Michael Lambertus Hubertus Brouwer ,  Michael John Byom ,  Mitchell David Adler ,  Eric Brandon Tamura

IPC: H04L29/06 ,  G06F11/14 ,  H04L9/06 ,  H04W12/04 ,  H04L9/08

CPC classification number: H04L63/0428 ,  G06F11/1458 ,  G06F11/1464 ,  H04L9/0637 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0894 ,  H04L63/0435 ,  H04L63/061 ,  H04L2463/062 ,  H04W12/04 ,  H04W12/08

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted tile key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract translation: 这里公开的是用于在主设备和备用设备上利用密码密钥管理的无线数据保护的系统，方法和非暂时的计算机可读存储介质。 系统使用文件密钥加密文件，并对文件密钥进行两次加密，从而产生两个加密的文件密钥。 该系统对每个文件密钥进行不同的加密，并将第一个文件密钥存储在主设备上，并将加密的文件密钥之一加到备份设备上以进行存储。 在备份设备上，系统将加密的瓦片密钥与用户密码保护的一组备份密钥相关联。 在一个实施例中，系统基于文件密钥生成用于加密操作的初始化向量。 在另一个实施例中，系统在用户密码改变期间管理备份设备上的加密密钥。

公开(公告)号：US09401898B2

公开(公告)日：2016-07-26

申请号：US14874360

申请日：2015-10-02

Applicant: Apple Inc.

Inventor： Conrad Sauerwald ,  Vrajesh Rajesh Bhavsar ,  Kenneth Buffalo McNeil ,  Thomas Brogan Duffy ,  Michael Lambertus Hubertus Brouwer ,  Matthew John Byom ,  Mitchell David Adler ,  Eric Brandon Tamura

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/08 ,  G06F11/14 ,  H04W12/04 ,  H04W12/08

CPC classification number: H04L63/0428 ,  G06F11/1458 ,  G06F11/1464 ,  H04L9/0637 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0894 ,  H04L63/0435 ,  H04L63/061 ,  H04L2463/062 ,  H04W12/04 ,  H04W12/08

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract translation: 这里公开的是用于在主设备和备用设备上利用密码密钥管理的无线数据保护的系统，方法和非暂时的计算机可读存储介质。 系统使用文件密钥加密文件，并对文件密钥进行两次加密，从而产生两个加密的文件密钥。 该系统对每个文件密钥进行不同的加密，并将第一个文件密钥存储在主设备上，并将加密的文件密钥之一加密到备份设备进行存储。 在备份设备上，系统将加密的文件密钥与受用户密码保护的一组备份密钥相关联。 在一个实施例中，系统基于文件密钥生成用于加密操作的初始化向量。 在另一个实施例中，系统在用户密码改变期间管理备份设备上的加密密钥。

公开(公告)号：US09288047B2

公开(公告)日：2016-03-15

申请号：US14299375

申请日：2014-06-09

Applicant: Apple Inc.

Inventor： Michael Lambertus Hubertus Brouwer ,  Mitchell David Adler

IPC: H04L9/08 ,  G06F21/62 ,  G06F11/30

CPC classification number: H04L9/0863 ,  G06F21/62 ,  H04L9/0643 ,  H04L9/0838 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3231 ,  H04L2209/80

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Additionally, a method of generating a cryptographic key based on a user-entered password and a device-specific identifier secret utilizing an encryption algorithm is disclosed.

Abstract translation: 本文公开了用于加密和密钥管理的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件，用相应的类加密密钥加密每个唯一文件加密密钥，并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密，使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密，以及用附加加密密钥加密每个类加密密钥。 此外，公开了一种基于用户输入密码生成密码密钥的方法和利用加密算法的设备特定标识符秘密。

公开(公告)号：US20160036791A1

公开(公告)日：2016-02-04

申请号：US14874360

申请日：2015-10-02

Applicant: Apple Inc.

Inventor： Conrad Sauerwald ,  Vrajesh Rajesh Bhavsar ,  Kenneth Buffalo McNeil ,  Thomas Brogan Duffy ,  Michael Lambertus Hubertus Brouwer ,  Matthew John Byom ,  Mitchell David Adler ,  Eric Brandon Tamura

IPC: H04L29/06 ,  H04W12/08 ,  H04W12/04

CPC classification number: H04L63/0428 ,  G06F11/1458 ,  G06F11/1464 ,  H04L9/0637 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0894 ,  H04L63/0435 ,  H04L63/061 ,  H04L2463/062 ,  H04W12/04 ,  H04W12/08

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.