-
公开(公告)号:US09842062B2
公开(公告)日:2017-12-12
申请号:US14871484
申请日:2015-09-30
Applicant: Apple Inc.
Inventor: Michael D. Ford , Jerrold V. Hauck , Matthew G. Watson , Mitchell D. Adler , Dallas B. De Atley , James Wilson
CPC classification number: G06F12/1408 , G06F11/1448 , G06F21/6218 , G06F2201/80 , G06F2212/1052 , H04L9/006 , H04L9/0822 , H04L9/0825 , H04L9/088 , H04L9/0894 , H04L9/0897
Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the devices. The method receives a command to create a backup for a subset of data synchronized between a subset of the devices, which is a subset of all data synchronized between the devices. The method identifies the subset of synchronization data from the set of all synchronization data. The subset of synchronization data is tagged as pertaining to a particular set of criteria for synchronization between only the subset of devices. The method stores a backup of the subset of synchronization data in a backup storage encrypted in such a way that requires a recovery key associated with any one of the devices in the subset of devices to access the backup while preventing access to the backup with recovery keys of any of the other devices.
-
公开(公告)号:US20170048066A1
公开(公告)日:2017-02-16
申请号:US15268471
申请日:2016-09-16
Applicant: Apple Inc.
Inventor: Dallas B. De Atley , Jerrold V. Hauck , Mitchell D. Adler
CPC classification number: H04L9/0894 , G06F21/00 , G06F21/33 , G06F21/445 , G06F21/606 , G06F21/6245 , G06F21/64 , H04L9/0861 , H04L63/0428 , H04L63/0442 , H04L63/06 , H04L63/062 , H04L63/08 , H04L63/101
Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.
Abstract translation: 一种通过使用一组服务器将第一设备的机密信息项恢复到第二设备的方法。 该方法生成公钥和私钥对,并在生成公钥和私钥时将私钥与服务器的可执行代码的哈希值相关联。 该方法在用用户特定的密钥和公钥加密的安全对象中接收加密的机密信息项。 当第二设备提供与加密安全对象的密钥相同的用户特定密钥时,该方法仅向第二设备提供机密信息,并且在访问私钥以解密时提供服务器的可执行代码的散列 安全对象匹配在生成私钥时在服务器上运行的可执行代码的散列。
-
公开(公告)号:US20170013066A1
公开(公告)日:2017-01-12
申请号:US15269723
申请日:2016-09-19
Applicant: Apple Inc.
Inventor: Shyam S. Toprani , Paul Holden , Emily Clark Schubert , Thomas Alsina , Scott Forstall , Lawrence G. Bolton , Nitin Ganatra , Mitchell D. Adler , Jesse Lee Dorogusker
CPC classification number: H04L67/141 , G06F9/445 , H04L65/1003
Abstract: An application can be launched in response to a launch request from an accessory. For example, the mobile computing device can determine whether it is in a state that allows launching of an application and/or can determine whether the application or application type requested in the launch command is available for launching. In response to the request, and if the mobile computing device is capable, the mobile computing device can launch the application. The mobile computing device can also send a positive acknowledgment message to the accessory indicating that the application may be launched. An open communication session message may also be sent to the accessory. In response thereto the accessory can open a communication session and interoperate with the application.
Abstract translation: 应用程序可以响应来自附件的启动请求而启动。 例如,移动计算设备可以确定它是否处于允许启动应用的状态和/或可以确定在启动命令中请求的应用或应用类型是否可用于启动。 响应于该请求,并且如果移动计算设备是能够的,则移动计算设备可以启动该应用。 移动计算设备还可以向附件发送肯定确认消息,指示应用可以被启动。 开放通信会话消息也可以被发送到附件。 响应于此,附件可以打开通信会话并与应用程序互操作。
-
公开(公告)号:US09419794B2
公开(公告)日:2016-08-16
申请号:US14493458
申请日:2014-09-23
Applicant: Apple Inc.
Inventor: R. Stephen Polzin , Fabrice L. Gautier , Mitchell D. Adler , Conrad Sauerwald , Michael L. H. Brouwer
CPC classification number: H04L9/0861 , G06F21/72 , G09C1/00 , H04L9/0822 , H04L9/0897 , H04L2209/24
Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.
Abstract translation: SOC实现安全飞地处理器(SEP)。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离(例如SOC中的一个或多个中央处理单元(CPU),或SOC中的应用处理器(AP))。 对SEP的访问可以由硬件严格控制。 例如,描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息,SEP可以读取并响应。 在一些实施例中,SEP可以包括以下一个或多个:使用包装密钥的安全密钥管理,引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。
-
公开(公告)号:US09202061B1
公开(公告)日:2015-12-01
申请号:US14696622
申请日:2015-04-27
Applicant: Apple Inc.
Inventor: R. Stephen Polzin , Fabrice L. Gautier , Mitchell D. Adler , Timothy R. Paaske , Michael J. Smith
IPC: G06F15/177 , G06F9/24 , G06F1/24 , G06F7/04 , H04N7/16 , G06F21/57 , G06F21/60 , G06F12/14 , G06F9/44 , G06F9/445 , G06F21/00
CPC classification number: G06F21/575 , G06F1/24 , G06F9/24 , G06F9/4401 , G06F9/44505 , G06F12/14 , G06F15/167 , G06F21/00 , G06F21/572 , G06F21/60 , G06F21/74 , G06F21/76 , G06F21/81
Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.
-
Patent Agency Ranking
公开(公告)号:US09197700B2
公开(公告)日:2015-11-24
申请号:US13839050
申请日:2013-03-15
Applicant: Apple Inc.
Inventor: Michael Brouwer , Dallas B. De Atley , Mitchell D. Adler
CPC classification number: H04L63/061 , G06F17/30174 , G06F17/30575 , H04L9/12 , H04L9/3247 , H04L12/185 , H04L12/44 , H04L63/062 , H04L63/065 , H04L63/068 , H04L63/104 , H04L67/104 , H04L67/1042 , H04L67/1095 , H04L2209/122 , H04W84/18
Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.
Abstract translation: 一些实施例提供了一种非暂时机器可读介质,其存储当设备的至少一个处理单元执行时将存储在设备上的一组密钥链与一组其他设备同步的程序。 设备和其他设备的集合通过对等(P2P)网络彼此通信地耦合。 该程序接收对存储在设备上的一组钥匙串中的钥匙串的修改。 该程序为该组其他设备中的每个设备生成更新请求,以便将存储在设备上的一组密钥链与该组其他设备同步。 该程序通过一组独立的安全通信信道通过P2P网络将该组更新请求发送到其他设备的集合。
-
公开(公告)号:US20140093084A1
公开(公告)日:2014-04-03
申请号:US13767847
申请日:2013-02-14
Applicant: APPLE INC.
Inventor: Dallas B. De Atley , Jerrold V. Hauck , Mitchell D. Adler
IPC: H04L9/08
CPC classification number: H04L9/0894 , G06F21/00 , G06F21/33 , G06F21/445 , G06F21/606 , G06F21/6245 , G06F21/64 , H04L9/0861 , H04L63/0428 , H04L63/0442 , H04L63/06 , H04L63/062 , H04L63/08 , H04L63/101
Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.
Abstract translation: 一种通过使用一组服务器将第一设备的机密信息项恢复到第二设备的方法。 该方法生成公钥和私钥对,并在生成公钥和私钥时将私钥与服务器的可执行代码的哈希值相关联。 该方法在用用户特定的密钥和公钥加密的安全对象中接收加密的机密信息项。 当第二设备提供与加密安全对象的密钥相同的用户特定密钥时,该方法仅向第二设备提供机密信息,并且在访问私钥以解密时提供服务器的可执行代码的散列 安全对象匹配在生成私钥时在服务器上运行的可执行代码的散列。
-
公开(公告)号:US20250165625A1
公开(公告)日:2025-05-22
申请号:US19028436
申请日:2025-01-17
Applicant: Apple Inc.
Inventor: Timothy R. Paaske , Mitchell D. Adler , Conrad Sauerwald , Fabrice L. Gautier , Shu-Yi Yu
Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
-
公开(公告)号:US12287965B2
公开(公告)日:2025-04-29
申请号:US18304309
申请日:2023-04-20
Applicant: Apple Inc.
Inventor: Mitchell D. Adler , Michael Brouwer , Andrew R. Whalley , John C. Hurley , Richard F. Murphy , David P. Finkelstein
IPC: G06F3/06 , G06Q10/06 , G06Q10/10 , G06Q90/00 , H04L9/32 , H04L67/1095 , H04W4/08 , H04L67/104
Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.
-
公开(公告)号:US11630903B1
公开(公告)日:2023-04-18
申请号:US17081276
申请日:2020-10-27
Applicant: Apple Inc.
Inventor: Timothy R. Paaske , Mitchell D. Adler , Conrad Sauerwald , Fabrice L. Gautier , Shu-Yi Yu
Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
-
-
-
-
-
-
-
-
-
Search Results
86
records
(took 0.036 seconds)
