公开(公告)号：HK1092234A1

公开(公告)日：2007-02-02

申请号：HK06112544

申请日：2006-11-15

Applicant: APPLE INC

Inventor： KIEHTREIBER PERRY ,  BROUWER MICHAEL

IPC: G06F21/00 ,  H04L9/32

Abstract: The present invention discloses a method for quickly and easily authenticating large computer program. The system operates by first sealing the computer program with digital signature in an incremental manner. Specifically, the computer program is divided into a set of pages and a hash value is calculated for each page. The set of hash values is formed into a hash value array and then the hash value array is then sealed with a digital signature. The computer program is then distributed along with the hash value array and the digital signature. To authenticate the computer program, a recipient first verifies the authenticity of the hash value array with the digital signature and a public key.; Once the hash value array has been authenticated, the recipient can then verify the authenticity of each page of the computer program by calculating a hash of a page to be loaded and then comparing with an associated hash value in the authenticated hash value array. If the hash values do not match, then execution may be halted.

公开(公告)号：AU2021200451A1

公开(公告)日：2021-02-25

申请号：AU2021200451

申请日：2021-01-22

Applicant: APPLE INC

Inventor： BENSON WADE ,  KROCHMAL MARC J ,  LEDWITH ALEXANDER R ,  IAROCCI JOHN ,  HAUCK JERROLD V ,  BROUWER MICHAEL ,  ADLER MITCHELL D ,  SIERRA YANNICK L

IPC: H04L29/06

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：AU2020203360B2

公开(公告)日：2020-11-19

申请号：AU2020203360

申请日：2020-05-22

Applicant: APPLE INC

Inventor： ADLER MITCHELL D ,  BROUWER MICHAEL ,  WHALLEY ANDREW R ,  HURLEY JOHN C ,  MURPHY RICHARD F ,  FINKELSTEIN DAVID P

IPC: H04W4/08 ,  H04L29/08

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

公开(公告)号：AU2016271071A1

公开(公告)日：2017-12-21

申请号：AU2016271071

申请日：2016-03-31

Applicant: APPLE INC

Inventor： ADLER MITCHELL D ,  BROUWER MICHAEL ,  WHALLEY ANDREW R ,  HURLEY JOHN C ,  MURPHY RICHARD F ,  FINKELSTEIN DAVID P

IPC: H04W4/08 ,  H04L29/08

Abstract: A user that owns multiple devices with overlapping functionality is becoming increasingly common. Smartphones, tablets, and computers all access the web, allow a user to process photos, etc., and users tend to have several such devices. Thus, a user wanting to share data between their devices and have access to data on multiple devices is increasingly common as well. Users may commonly use all sorts of different techniques to transfer data between devices, such as flash memory sticks, e-mail, etc. More efficient techniques for automatically sharing data between a user's devices are desired.

公开(公告)号：AU2013374203B2

公开(公告)日：2016-09-08

申请号：AU2013374203

申请日：2013-12-24

Applicant: APPLE INC

Inventor： BROUWER MICHAEL ,  DE ATLEY DALLAS B ,  ADLER MITCHELL D

IPC: H04L29/06 ,  H04L29/08

Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of key chains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.

公开(公告)号：AU2009222007A1

公开(公告)日：2009-09-11

申请号：AU2009222007

申请日：2009-03-02

Applicant: APPLE INC

Inventor： ATLEY DALLAS DE ,  ADLER MITCHELL ,  REDA MATT ,  COOPER SIMON ,  PANTHER HEIKO ,  BROUWER MICHAEL

IPC: G06F21/00

Abstract: Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments. Profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. A request in a first program may be received from a second program. A profile is then identified. The profile includes at least one entitlement associated with the second program. The profile is authenticated based on a first digest indicative of the profile and the second program is authenticated based on a second digest indicative of the second program. The request is then executed based on the entitlement.

公开(公告)号：WO2009111411A3

公开(公告)日：2009-11-12

申请号：PCT/US2009035755

申请日：2009-03-02

Applicant: APPLE INC ,  DE ATLEY DALLAS ,  PANTHER HEIKO ,  ADLER MITCHELL ,  COOPER SIMON ,  BROUWER MICHAEL ,  REDA MATT

Inventor： DE ATLEY DALLAS ,  PANTHER HEIKO ,  ADLER MITCHELL ,  COOPER SIMON ,  BROUWER MICHAEL ,  REDA MATT

IPC: G06F21/00

CPC classification number: G06F21/51

Abstract: Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments based on at least one carrier profile. Carrier profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The carrier profiles allow entities to add software code to a device without reauthorizing each distribution by the trusted authority, or to limited groups of devices controlled or authorized by the other entities.

Abstract translation: 实施例包括用于基于至少一个载波配置文件授权要在安全操作环境中执行的软件代码或访问能力的系统和方法。 运营商简档可由可信实体发布以将信任扩展到其他实体以允许那些其他实体提供或控制诸如特定计算设备之类的安全操作环境中的应用的执行。 载体配置文件允许实体向设备添加软件代码，而无需由可信管理机构重新授权每个分发，或允许其他实体控制或授权的有限设备组。

公开(公告)号：AU2021200403A1

公开(公告)日：2021-03-18

申请号：AU2021200403

申请日：2021-01-21

Applicant: APPLE INC

Inventor： ADLER MITCHELL D ,  BROUWER MICHAEL ,  WHALLEY ANDREW R ,  HURLEY JOHN C ,  MURPHY RICHARD F ,  FINKELSTEIN DAVID P

IPC: H04W4/08 ,  H04L29/08

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

公开(公告)号：AU2018274985B2

公开(公告)日：2021-02-25

申请号：AU2018274985

申请日：2018-12-07

Applicant: APPLE INC

Inventor： BROUWER MICHAEL ,  DE ATLEY DALLAS B ,  ADLER MITCHELL D

IPC: H04L29/06 ,  H04L29/08

Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of key chains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.

公开(公告)号：AU2019201374B2

公开(公告)日：2020-03-05

申请号：AU2019201374

申请日：2019-02-27

Applicant: APPLE INC

Inventor： ADLER MITCHELL D ,  BROUWER MICHAEL ,  WHALLEY ANDREW R ,  HURLEY JOHN C ,  MURPHY RICHARD F ,  FINKELSTEIN DAVID P

IPC: H04W4/08 ,  H04L29/08

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.