公开(公告)号：WO2009111411A2

公开(公告)日：2009-09-11

申请号：PCT/US2009/035755

申请日：2009-03-02

Applicant: APPLE INC. ,  DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

Inventor： DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

IPC: G06F21/00

CPC classification number: G06F21/51

Abstract: Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments based on at least one carrier profile. Carrier profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The carrier profiles allow entities to add software code to a device without reauthorizing each distribution by the trusted authority, or to limited groups of devices controlled or authorized by the other entities.

Abstract translation: 实施例包括用于基于至少一个载体简档来授权在安全操作环境中执行软件代码或访问能力的系统和方法。 运营商简档可以由可信实体发布以将信任扩展到其他实体，以允许这些其他实体在诸如特定计算设备的安全操作环境中提供或控制应用的执行。 运营商配置文件允许实体向设备添加软件代码，而不必由可信管理机构重新授权每个分发，或由其他实体控制或授权的有限的设备组。

公开(公告)号：WO2016195798A1

公开(公告)日：2016-12-08

申请号：PCT/US2016/025431

申请日：2016-03-31

Applicant: APPLE INC.

Inventor： ADLER, Mitchell, D. ,  BROUWER, Michael ,  WHALLEY, Andrew, R. ,  HURLEY, John, C. ,  MURPHY, Richard, F. ,  FINKELSTEIN, David, P.

IPC: H04W4/08 ,  H04L29/08

CPC classification number: G06F3/0604 ,  G06F3/065 ,  G06F3/0683 ,  H04L9/3268 ,  H04L67/1044 ,  H04L67/1095 ,  H04W4/08

Abstract: A user that owns multiple devices with overlapping functionality is becoming increasingly common. Smartphones, tablets, and computers all access the web, allow a user to process photos, etc., and users tend to have several such devices. Thus, a user wanting to share data between their devices and have access to data on multiple devices is increasingly common as well. Users may commonly use all sorts of different techniques to transfer data between devices, such as flash memory sticks, e-mail, etc. More efficient techniques for automatically sharing data between a user's devices are desired.

Abstract translation: 拥有多个具有重叠功能的设备的用户正变得越来越普遍。 智能手机，平板电脑和计算机都可以访问网络，允许用户处理照片等，并且用户倾向于具有多个这样的设备。 因此，希望在其设备之间共享数据并且能够访问多个设备上的数据的用户也越来越普遍。 用户通常可以使用各种不同的技术来在设备之间传输数据，例如闪存棒，电子邮件等。需要在用户设备之间自动共享数据的更有效的技术。

公开(公告)号：EP3925254A1

公开(公告)日：2021-12-22

申请号：EP20724335.3

申请日：2020-04-16

Applicant: Apple Inc.

Inventor： LEDWITH, Alexander, R. ,  BENSON, Wade ,  KROCHMAL, Marc, J. ,  IAROCCI, John, J. ,  HAUCK, Jerrold, V. ,  BROUWER, Michael ,  ADLER, Mitchell, D. ,  SIERRA, Yannick, L. ,  SYKORA, Libor ,  MARGARITOV, Jiri

IPC: H04W12/00 ,  H04L29/06

公开(公告)号：WO2017218208A1

公开(公告)日：2017-12-21

申请号：PCT/US2017/035601

申请日：2017-06-02

Applicant: APPLE INC.

Inventor： BENSON, Wade ,  KROCHMAL, Marc, J. ,  LEDWITH, Alexander, R. ,  IAROCCI, John ,  HAUCK, Jerrold, V. ,  BROUWER, Michael ,  ADLER, Mitchell, D. ,  SIERRA, Yannick, L.

IPC: H04L29/06

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

Abstract translation: 本发明的一些实施例提供一种用于可信任（或发起者）设备基于安全测距操作来修改目标设备的安全状态（例如，解锁设备）的方法（例如，确定 距离，接近度等）。 一些实施例的方法交换消息作为测距操作的一部分，以便在允许可信设备修改目标设备的安全状态之前确定可信设备和目标设备是否在彼此的指定范围内。 在一些实施例中，消息是由两个设备基于共享秘密导出的并且被用于验证用于测距操作的测距信号源。 在一些实施例中，该方法使用多个不同的频带来执行。

公开(公告)号：WO2009111409A1

公开(公告)日：2009-09-11

申请号：PCT/US2009/035752

申请日：2009-03-02

Applicant: APPLE INC. ,  DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

Inventor： DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

IPC: G06F21/00

CPC classification number: G06F21/51

Abstract: Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments. Profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. A request in a first program may be received from a second program. A profile is then identified. The profile includes at least one entitlement associated with the second program. The profile is authenticated based on a first digest indicative of the profile and the second program is authenticated based on a second digest indicative of the second program. The request is then executed based on the entitlement.

Abstract translation: 实施例包括用于授权在安全操作环境中执行软件代码或访问能力的系统和方法。 配置文件可以由受信任的实体发布以将信任扩展到其他实体，以允许其他实体在诸如特定计算设备的安全操作环境中提供或控制应用的执行。 可以从第二程序接收第一程序中的请求。 然后识别配置文件。 该简档包括与第二程序相关联的至少一个授权。 基于指示简档的第一摘要来鉴定简档，并且基于指示第二程序的第二摘要对第二程序进行认证。 然后根据授权执行该请求。

公开(公告)号：WO2009111408A1

公开(公告)日：2009-09-11

申请号：PCT/US2009/035750

申请日：2009-03-02

Applicant: APPLE INC. ,  DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

Inventor： DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

IPC: G06F21/00

CPC classification number: G06F21/51 ,  G06F21/31 ,  G06F21/33 ,  G06F21/44 ,  G06F21/50 ,  G06F21/53

Abstract: Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments. Profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The profiles allow entities to add software code to the device without reauthorizing each distribution by a trusted authority such as testing, quality assurance, or to limited groups of devices controlled or authorized by the other entities.

Abstract translation: 实施例包括用于授权在安全操作环境中执行软件代码或访问能力的系统和方法。 配置文件可以由受信任的实体发布以将信任扩展到其他实体，以允许其他实体在诸如特定计算设备的安全操作环境中提供或控制应用的执行。 配置文件允许实体向设备添加软件代码，而不必由受信任的机构（例如测试，质量保证）或由其他实体控制或授权的有限的设备组重新授权每个分发。

公开(公告)号：WO2009111401A1

公开(公告)日：2009-09-11

申请号：PCT/US2009/035736

申请日：2009-03-02

Applicant: APPLE INC. ,  DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

Inventor： DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

IPC: G06F21/00

CPC classification number: G06F21/6218 ,  G06F2221/2141

Abstract: Systems and methods for managing access to restricted data and system resources in secure operating environments are disclosed. Developer access profiles are issued by trusted authorities to developers which define entitlements that provide limited access to system resources and data on specified computing devices. The developer access profiles allow software developers to write software which accesses parts of the target platform environment which are typically off limits to third party developers.

Abstract translation: 公开了用于在安全操作环境中管理对受限数据和系统资源的访问的系统和方法。 开发人员访问配置文件由受信任的权限发布给开发人员，这些开发人员定义了对指定计算设备上的系统资源和数据的有限访问权限。 开发人员访问配置文件允许软件开发人员编写访问目标平台环境部分的软件，这些部分通常不受第三方开发人员的限制。

公开(公告)号：WO2020214833A1

公开(公告)日：2020-10-22

申请号：PCT/US2020/028549

申请日：2020-04-16

Applicant: APPLE INC.

Inventor： LEDWITH, Alexander R. ,  BENSON, Wade ,  KROCHMAL, Marc J. ,  IAROCCI, John J. ,  HAUCK, Jerrold V. ,  BROUWER, Michael ,  ADLER, Mitchell D. ,  SIERRA, Yannick L. ,  SYKORA, Libor ,  MARGARITOV, Jiri

IPC: H04W12/00 ,  H04L29/06

Abstract: In some embodiments, a first device performs ranging operations to allow a user to perform one or more operations on the first device without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account that is authorized to perform operations on the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the operations to be performed on the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the operation is authorized on the first device.

公开(公告)号：WO2016195799A1

公开(公告)日：2016-12-08

申请号：PCT/US2016/025440

申请日：2016-03-31

Applicant: APPLE INC.

Inventor： ADLER, Mitchell, D. ,  BROUWER, Michael ,  WHALLEY, Andrew, R. ,  HURLEY, John, C. ,  MURPHY, Richard, F. ,  FINKELSTEIN, David, P.

IPC: H04W4/08 ,  H04L29/08

CPC classification number: G06F3/0604 ,  G06F3/065 ,  G06F3/0683 ,  H04L9/3268 ,  H04L67/1044 ,  H04L67/1095 ,  H04W4/08

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

Abstract translation: 一些实施例提供了一种用于识别不同组的设备的定义的第一设备的方法，每个设备组由设备成为成员所需的一组属性来定义。 该方法监视第一个设备的属性，以确定设备何时符合组中的成员身份。 当第一设备有资格成为设备不是其成员的第一组的成员资格时，该方法向至少一个其他设备发送用于设备的至少一个私钥签名的第一组中的成员身份的应用， 第一组的成员。 当第一设备变得不符合第一设备成员的第二组的成员资格时，该方法从第二组中移除设备并通知作为第二组的成员的其他设备。

公开(公告)号：WO2014113196A4

公开(公告)日：2014-07-24

申请号：PCT/US2013/077724

申请日：2013-12-24

Applicant: APPLE INC.

Inventor： BROUWER, Michael ,  DE ATLEY, Dallas, B. ,  ADLER, Mitchell, D.

IPC: H04L29/06 ,  H04L29/08

Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of key chains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.