公开(公告)号：US20170011234A1

公开(公告)日：2017-01-12

申请号：US15274733

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F21/62 ,  G06F17/30 ,  H04L29/08

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.

Abstract translation: 一些实施例提供了将存储在设备上的钥匙串与一组其他设备同步的程序。 钥匙扣包括一套钥匙扣项目。 程序接收（1）用于更新存储在设备上的钥匙串的钥匙串项的列表，以及（2）表示钥匙串项目列表中指定的钥匙串项的数据。 对于钥匙串项列表中的每个钥匙串项，程序使用代表钥匙串项的数据来更新存储在设备上的钥匙串。

公开(公告)号：US20160350238A1

公开(公告)日：2016-12-01

申请号：US14871484

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: G06F12/14 ,  G06F11/14

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the devices. The method receives a command to create a backup for a subset of data synchronized between a subset of the devices, which is a subset of all data synchronized between the devices. The method identifies the subset of synchronization data from the set of all synchronization data. The subset of synchronization data is tagged as pertaining to a particular set of criteria for synchronization between only the subset of devices. The method stores a backup of the subset of synchronization data in a backup storage encrypted in such a way that requires a recovery key associated with any one of the devices in the subset of devices to access the backup while preventing access to the backup with recovery keys of any of the other devices.

Abstract translation: 一些实施例为一组相关设备中的特定设备提供用于备份在设备之间同步的数据的方法。 该方法接收命令以创建在设备子集之间同步的数据子集的备份，这是设备之间同步的所有数据的子集。 该方法从所有同步数据的集合中识别同步数据的子集。 同步数据的子集被标记为仅在设备子集之间进行同步的特定标准集合。 所述方法将备份所述同步数据的子集存储在备份存储器中，所述备份存储器以需要与所述设备子集中的所述设备中的任一个相关联的恢复密钥加密的方式来访问所述备份，同时防止使用恢复密钥访问所述备份 的任何其他设备。

公开(公告)号：US20160308674A1

公开(公告)日：2016-10-20

申请号：US14827532

申请日：2015-08-17

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: H04L9/08 ,  H04L29/06 ,  H04L29/08

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that provides data protection for a device when synchronizing a set of keychains stored on the device with a set of other devices. The program receives keychain data for synchronizing the set of keychains stored on the device with the set of other devices. The keychain data is specified as belonging to a protection domain. The program determines whether a set of conditions defined for the protection domain is satisfied. When the set of conditions is determined as satisfied, the program allows access to the keychain data in order to process the keychain data and synchronize the set of keychains stored on the device with the set of other devices.

Abstract translation: 一些实施例提供了一种在将设备上存储的一组钥匙串与一组其他设备同步时为设备提供数据保护的程序。 该程序接收用于使存储在设备上的一组密钥串与其他设备的集合同步的钥匙串数据。 钥匙串数据被指定为属于保护域。 该程序确定是否满足为保护域定义的一组条件。 当满足条件集合时，程序允许访问钥匙串数据，以便处理钥匙串数据并使存储在设备上的一组密钥串与其他设备的集合同步。

公开(公告)号：US20160065548A1

公开(公告)日：2016-03-03

申请号：US14937830

申请日：2015-11-10

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: H04L29/06 ,  H04L12/44 ,  H04L29/08

CPC classification number: H04L63/061 ,  G06F17/30174 ,  G06F17/30575 ,  H04L9/12 ,  H04L9/3247 ,  H04L12/185 ,  H04L12/44 ,  H04L63/062 ,  H04L63/065 ,  H04L63/068 ,  H04L63/104 ,  H04L67/104 ,  H04L67/1042 ,  H04L67/1095 ,  H04L2209/122 ,  H04W84/18

Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.

Abstract translation: 一些实施例提供了一种非暂时机器可读介质，其存储当设备的至少一个处理单元执行时将存储在设备上的一组密钥链与一组其他设备同步的程序。 设备和其他设备的集合通过对等（P2P）网络彼此通信地耦合。 该程序接收对存储在设备上的一组钥匙串中的钥匙串的修改。 该程序为该组其他设备中的每个设备生成更新请求，以便将存储在设备上的一组密钥链与该组其他设备同步。 该程序通过一组独立的安全通信信道通过P2P网络将该组更新请求发送到其他设备的集合。

公开(公告)号：US20160036949A1

公开(公告)日：2016-02-04

申请号：US14742501

申请日：2015-06-17

Applicant: Apple Inc.

Inventor： Paul-Phillip Holden ,  Lawrence G. Bolton ,  Nitin Ganatra ,  Mitchell D. Adler ,  Emily Clark Schubert ,  Jesse Lee Dorogusker

IPC: H04M1/02

CPC classification number: H04M1/0254 ,  G06F13/385 ,  H04M1/72527 ,  H04M1/7253

Abstract: Embodiments of the present invention provide various communication techniques for communication between a mobile computing device and an accessory. An accessory protocol that is generic to the mobile computing device can be used for some communication. An application executing at the mobile computing device can communicate with the accessory using an application communication protocol. In some embodiments, the application communication protocol can be different from the accessory communication protocol. In other embodiments the application protocol may only be recognized by the application and the accessory. In some embodiments, messages conforming to an application protocol can be communicated between the application and the accessory by packaging the messages inside a message conforming to the accessory communication protocol.

Abstract translation: 本发明的实施例提供了用于移动计算设备和附件之间的通信的各种通信技术。 通用于移动计算设备的附件协议可用于一些通信。 在移动计算设备处执行的应用可以使用应用通信协议与附件进行通信。 在一些实施例中，应用通信协议可以不同于附件通信协议。 在其他实施例中，应用协议仅可由应用程序和附件识别。 在一些实施例中，符合应用协议的消息可以通过将消息封装在符合附件通信协议的消息内，在应用和附件之间进行通信。

公开(公告)号：US20140208404A1

公开(公告)日：2014-07-24

申请号：US13839084

申请日：2013-03-15

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: H04L29/06

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.

Abstract translation: 一些实施例提供了将存储在设备上的钥匙串与一组其他设备同步的程序。 钥匙扣包括一套钥匙扣项目。 程序接收（1）用于更新存储在设备上的钥匙串的钥匙串项的列表，以及（2）表示钥匙串项目列表中指定的钥匙串项的数据。 对于钥匙串项列表中的每个钥匙串项，程序使用代表钥匙串项的数据来更新存储在设备上的钥匙串。

公开(公告)号：US20140086406A1

公开(公告)日：2014-03-27

申请号：US13626476

申请日：2012-09-25

Applicant: APPLE INC.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Michael L.H. Brouwer

IPC: H04L9/00

CPC classification number: H04L9/0861 ,  G06F21/72 ,  G09C1/00 ,  H04L9/0822 ,  H04L9/0897 ,  H04L2209/24

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US11669244B2

公开(公告)日：2023-06-06

申请号：US16427235

申请日：2019-05-30

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: G06F3/06 ,  H04L9/32 ,  H04L67/1095 ,  H04W4/08 ,  G06Q90/00 ,  G06Q10/06 ,  G06Q10/10 ,  H04L67/104

CPC classification number: G06F3/0604 ,  G06F3/065 ,  G06F3/0683 ,  G06Q10/06 ,  G06Q10/10 ,  G06Q90/00 ,  H04L9/3268 ,  H04L67/1095 ,  H04W4/08 ,  H04L67/1044

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

公开(公告)号：US11582215B2

公开(公告)日：2023-02-14

申请号：US15275203

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: G06F7/04 ,  G06F17/30 ,  H04L9/40 ,  H04W12/041 ,  H04W12/086 ,  H04W12/0431 ,  G06F9/445 ,  H04W12/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US10853504B1

公开(公告)日：2020-12-01

申请号：US16691900

申请日：2019-11-22

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/30 ,  G06F21/71 ,  H04L9/32 ,  G09C1/00 ,  H04L9/08 ,  G06F21/32

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.