公开(公告)号：WO2013022647A3

公开(公告)日：2013-02-14

申请号：PCT/US2012/048944

申请日：2012-07-31

Applicant: APPLE INC. ,  SAUERWALD, Conrad ,  BHAVSAR, Vrajesh Rajesh ,  MCNEIL, Kenneth Buffalo ,  DUFFY, Thomas Brogan ,  BROUWER, Michael Lambertus Hubertus ,  BYOM, Matthew John ,  ADLER, Mitchell David ,  TAMURA, Eric Brandon

Inventor： SAUERWALD, Conrad ,  BHAVSAR, Vrajesh Rajesh ,  MCNEIL, Kenneth Buffalo ,  DUFFY, Thomas Brogan ,  BROUWER, Michael Lambertus Hubertus ,  BYOM, Matthew John ,  ADLER, Mitchell David ,  TAMURA, Eric Brandon

IPC: H04L9/08 ,  G06F11/14

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

公开(公告)号：WO2013022647A2

公开(公告)日：2013-02-14

申请号：PCT/US2012048944

申请日：2012-07-31

Applicant: APPLE INC ,  SAUERWALD CONRAD ,  BHAVSAR VRAJESH RAJESH ,  MCNEIL KENNETH BUFFALO ,  DUFFY THOMAS BROGAN ,  BROUWER MICHAEL LAMBERTUS HUBERTUS ,  BYOM MATTHEW JOHN ,  ADLER MITCHELL DAVID ,  TAMURA ERIC BRANDON

Inventor： SAUERWALD CONRAD ,  BHAVSAR VRAJESH RAJESH ,  MCNEIL KENNETH BUFFALO ,  DUFFY THOMAS BROGAN ,  BROUWER MICHAEL LAMBERTUS HUBERTUS ,  BYOM MATTHEW JOHN ,  ADLER MITCHELL DAVID ,  TAMURA ERIC BRANDON

IPC: H04L9/08 ,  G06F11/14

CPC classification number: H04L63/0428 ,  G06F11/1458 ,  G06F11/1464 ,  H04L9/0637 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0894 ,  H04L63/0435 ,  H04L63/061 ,  H04L2463/062 ,  H04W12/04 ,  H04W12/08

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract translation: 本文公开了利用主设备和备份设备上的密码密钥管理的用于无线数据保护的系统，方法和非暂时性计算机可读存储介质。 系统使用文件密钥加密文件并对文件密钥进行两次加密，从而生成两个加密的文件密钥。 系统以不同的方式加密每个文件密钥，并将第一文件密钥存储在主设备上，并将加密文件密钥之一和加密文件一起发送到备份设备进行存储。 在备份设备上，系统将加密文件密钥与一组由用户密码保护的备份密钥相关联。 在一个实施例中，系统基于文件密钥生成用于密码操作的初始化向量。 在另一个实施例中，系统在用户密码更改期间管理备份设备上的密码密钥。

公开(公告)号：WO2012129121A1

公开(公告)日：2012-09-27

申请号：PCT/US2012/029548

申请日：2012-03-16

Applicant: APPLE INC. ,  VYRROS, Andrew, H. ,  WOOD, Justin, N. ,  ADLER, Mitch ,  ABUAN, Joe, S. ,  SAUERWALD, Conrad ,  JEONG, Hyeonkuk ,  GARCIA, Roberto

Inventor： VYRROS, Andrew, H. ,  WOOD, Justin, N. ,  ADLER, Mitch ,  ABUAN, Joe, S. ,  SAUERWALD, Conrad ,  JEONG, Hyeonkuk ,  GARCIA, Roberto

IPC: H04L12/28

CPC classification number: H04L67/104 ,  A63F13/335 ,  A63F13/34 ,  A63F13/71 ,  A63F2300/407 ,  A63F2300/408 ,  A63F2300/532 ,  A63F2300/5546 ,  A63F2300/5566 ,  A63F2300/5573 ,  H04L29/12509 ,  H04L45/745 ,  H04L61/2567 ,  H04L67/04 ,  H04L67/141 ,  H04L67/26

Abstract: A system and method for using bloom filters to identify service providers. Service providers generate bloom filters with the user ID codes of registered users and exchange the filters with one another. A first provider will query its own database to determine if the first user is registered with the first provider. If the first user is not registered with the first provider, then the first provider will query its filters to identify other providers with which the first user may be registered. A positive response from a filter indicates that the first user may or may not be registered with the provider associated with that filter, and a negative response indicates with certainty that the first user is not registered with that provider. The request to locate the first user is only transmitted to those providers for which a positive filter response has been received.

Abstract translation: 一种使用布隆过滤器来识别服务提供商的系统和方法。 服务提供商生成具有注册用户的用户ID代码的bloom过滤器，并将过滤器彼此交换。 第一个提供者将查询自己的数据库，以确定第一个用户是否已向第一个提供者注册。 如果第一个用户没有向第一个提供商注册，则第一个提供商将查询其过滤器，以识别可以注册第一个用户的其他提供商。 来自过滤器的积极响应指示第一用户可能登录到与该过滤器相关联的提供商，也可以不向与该过滤器相关联的提供商注册，并且否定响应肯定地指示第一用户未向该提供商注册。 定位第一用户的请求仅被发送到已经接收到正滤波器响应的那些提供者。