-
公开(公告)号:US10198182B2
公开(公告)日:2019-02-05
申请号:US14872013
申请日:2015-09-30
Applicant: Apple Inc.
Inventor: Mitchell D. Adler , Michael Brouwer , Andrew R. Whalley , John C. Hurley , Richard F. Murphy , David P. Finkelstein
Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.
-
公开(公告)号:US10013567B2
公开(公告)日:2018-07-03
申请号:US14866782
申请日:2015-09-25
Applicant: Apple Inc.
Inventor: Per Love Hornquist Astrand , Paul A. Seligman , Van Hong , Mitchell D. Adler
CPC classification number: G06F21/6209 , H04L9/0825 , H04L9/0894 , H04L9/14 , H04L63/06 , H04L63/10
Abstract: The embodiments set forth techniques for implementing a cloud service that enables cloud data to be shared between different users in a secure manner. One embodiment involves a sharing manager and a sharing client, where the sharing manager is configured to manage various data components stored within a storage system managed by the cloud service. These data components can include user accounts, share objects (for sharing data between users—and, in some cases, public users not known to the sharing manager)—as well as various “wrapping objects” that enable data to be logically separated in an organized manner within the storage system. According to this approach, the sharing client is configured to interface with the sharing manager in order to carry out various encryption/decryption techniques that enable the cloud data to be securely shared between the users.
-
公开(公告)号:US09892267B1
公开(公告)日:2018-02-13
申请号:US15372697
申请日:2016-12-08
Applicant: Apple Inc.
Inventor: Timothy R. Paaske , Mitchell D. Adler , Conrad Sauerwald , Fabrice L. Gautier , Shu-Yi Yu
CPC classification number: G06F21/602 , G06F21/32 , G06F21/6218 , G06F21/71 , G09C1/00 , H04L9/0866 , H04L9/0877 , H04L9/30 , H04L9/3231 , H04L2209/125
Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
-
公开(公告)号:US20170359169A1
公开(公告)日:2017-12-14
申请号:US15497203
申请日:2017-04-26
Applicant: Apple Inc.
Inventor: Wade Benson , Marc J. Krochmal , Alexander R. Ledwith , John Iarocci , Jerrold V. Hauck , Michael Brouwer , Mitchell D. Adler , Yannick L. Sierra
CPC classification number: G06F9/44505 , H04L9/0822 , H04L9/085 , H04L9/0894 , H04L9/14 , H04L9/3226 , H04L63/0428 , H04L63/06 , H04L63/08 , H04L63/083 , H04L63/107 , H04L63/108 , H04L63/1466 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W12/08
Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.
-
公开(公告)号:US20170357830A1
公开(公告)日:2017-12-14
申请号:US15275273
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Wade Benson , Conrad Sauerwald , Mitchell D. Adler , Michael Brouwer , Timothee Geoghegan , Andrew R. Whalley , David P. Finkelstein , Yannick L. Sierra
Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.
-
Patent Agency Ranking
公开(公告)号:US20170357523A1
公开(公告)日:2017-12-14
申请号:US15275203
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Wade Benson , Marc J. Krochmal , Alexander R. Ledwith , John Iarocci , Jerrold V. Hauck , Michael Brouwer , Mitchell D. Adler , Yannick L. Sierra
CPC classification number: G06F9/44505 , H04L9/0822 , H04L9/085 , H04L9/0894 , H04L9/14 , H04L9/3226 , H04L63/0428 , H04L63/06 , H04L63/08 , H04L63/083 , H04L63/107 , H04L63/108 , H04L63/1466 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W12/08
Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.
-
公开(公告)号:US09825762B2
公开(公告)日:2017-11-21
申请号:US15268471
申请日:2016-09-16
Applicant: Apple Inc.
Inventor: Dallas B. De Atley , Jerrold V. Hauck , Mitchell D. Adler
IPC: H04L29/12 , G06F21/62 , H04L9/08 , G06F21/00 , H04L29/06 , G06F21/33 , G06F21/44 , G06F21/60 , G06F21/64
CPC classification number: H04L9/0894 , G06F21/00 , G06F21/33 , G06F21/445 , G06F21/606 , G06F21/6245 , G06F21/64 , H04L9/0861 , H04L63/0428 , H04L63/0442 , H04L63/06 , H04L63/062 , H04L63/08 , H04L63/101
Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.
-
公开(公告)号:US20170222992A1
公开(公告)日:2017-08-03
申请号:US15274999
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Mitchell D. Adler , Andrew Roger Whalley
CPC classification number: H04L63/061 , G06F21/10 , G06F21/31 , G06F21/35 , G06F21/6209 , G06F21/78 , H04L9/0841 , H04L9/0894 , H04L63/102 , H04L2209/603 , H04L2463/101
Abstract: Some embodiments provide convenient auto-authentication for user data on a primary device, while still providing a significant level of security, by taking advantage of existing security and cryptographic measures used to communicate with a secondary device. The primary device of some embodiments encrypts the user data on the primary device using a cryptographic key based on a set of keys received from the secondary device. In some embodiments, the primary device encrypts authentication data, or a local key generated from the authentication data, using a remote key received from the secondary device, and encrypts the user data with the local key. In some embodiments, the keys received from the secondary device are an existing set of keys for establishing an encrypted channel of communication for transmitting digital rights management (DRM) protected content according to a DRM protection scheme.
-
公开(公告)号:US09684801B2
公开(公告)日:2017-06-20
申请号:US14827532
申请日:2015-08-17
Applicant: Apple Inc.
Inventor: Michael Brouwer , Dallas B. De Atley , Mitchell D. Adler
CPC classification number: G06F21/6263 , G06F17/30581 , G06F21/606 , G06F21/62 , H04L9/0816 , H04L63/0428 , H04L63/062 , H04L63/10 , H04L63/166 , H04L63/20 , H04L67/104 , H04L67/1095 , H04L67/1097 , H04L2209/24
Abstract: Some embodiments provide a program that provides data protection for a device when synchronizing a set of keychains stored on the device with a set of other devices. The program receives keychain data for synchronizing the set of keychains stored on the device with the set of other devices. The keychain data is specified as belonging to a protection domain. The program determines whether a set of conditions defined for the protection domain is satisfied. When the set of conditions is determined as satisfied, the program allows access to the keychain data in order to process the keychain data and synchronize the set of keychains stored on the device with the set of other devices.
-
公开(公告)号:US20170012974A1
公开(公告)日:2017-01-12
申请号:US15273622
申请日:2016-09-22
Applicant: Apple Inc.
Inventor: Yannick L. Sierra , Mitchell D. Adler
CPC classification number: H04L9/30 , H04L9/0833 , H04L9/0863 , H04L9/14 , H04L9/3247 , H04L63/0884 , H04L63/0892 , H04L63/104 , H04L2209/80 , H04W12/08
Abstract: Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.
Abstract translation: 一些实施例提供了一种用于第一设备加入一组相关设备的方法。 该方法接收到具有集中实体的帐户的密码输入和由组中的第二设备生成的代码。 当第二设备确定在第一设备上输入的代码与生成的代码匹配时,该方法从第二设备接收认证代码,用于授权具有该实体的第一设备作为该帐户的有效设备。 该方法使用密码和有关第一个设备的信息来生成组的应用程序。 在将应用发送到第二设备之后,该方法从第二设备接收使第一设备能够将自身添加到组中的信息。 第二设备验证生成的应用程序,并且该方法使用从第二设备接收的信息加入该组。
-
-
-
-
-
-
-
-
-
Search Results
86
records
(took 0.106 seconds)
