公开(公告)号：WO2013022647A3

公开(公告)日：2013-02-14

申请号：PCT/US2012/048944

申请日：2012-07-31

Applicant: APPLE INC. ,  SAUERWALD, Conrad ,  BHAVSAR, Vrajesh Rajesh ,  MCNEIL, Kenneth Buffalo ,  DUFFY, Thomas Brogan ,  BROUWER, Michael Lambertus Hubertus ,  BYOM, Matthew John ,  ADLER, Mitchell David ,  TAMURA, Eric Brandon

Inventor： SAUERWALD, Conrad ,  BHAVSAR, Vrajesh Rajesh ,  MCNEIL, Kenneth Buffalo ,  DUFFY, Thomas Brogan ,  BROUWER, Michael Lambertus Hubertus ,  BYOM, Matthew John ,  ADLER, Mitchell David ,  TAMURA, Eric Brandon

IPC: H04L9/08 ,  G06F11/14

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

公开(公告)号：WO2014014636A2

公开(公告)日：2014-01-23

申请号：PCT/US2013/048329

申请日：2013-06-27

Applicant: APPLE INC.

Inventor： ALSINA, Thomas Matthieu ,  BOYD, Scott T. ,  CHU, Michael Kuohao ,  FARRUGIA, Augustine J. ,  FASOLI, Gianpaolo ,  GAUTIER, Patrice O. ,  KELLY, Sean B. ,  MIRRASHIDI, Payam ,  PARDEHPOOSH, Pedraum R. ,  SAUERWALD, Conrad ,  SCOTT, Kenneth W. ,  SHINH, Rajit ,  THOMAS, Braden Jacob ,  WHALLEY, Andrew R.

IPC: G06Q30/06

CPC classification number: G06Q30/0601

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

Abstract translation: 在一个实施例中，唯一的（或准唯一的）标识符可以由应用商店或其他在线商店接收，并且商店可以创建包括从唯一标识符所期望的数据的签名收据。 然后将该签名的收据发送到运行从在线商店获取的应用的设备，并且设备可以通过从签名的收据导出唯一（或准唯一）标识符来验证收据，并将导出的标识符与 存储在设备上的设备标识符或分配给应用供应商的供应商标识符。

公开(公告)号：WO2017120011A1

公开(公告)日：2017-07-13

申请号：PCT/US2016/067007

申请日：2016-12-15

Applicant: APPLE INC.

Inventor： SCHAAP, Tristan F. ,  SAUERWALD, Conrad ,  MARCINIAK, Craig A. ,  HAUCK, Jerrold V. ,  PAPILION, Zachary F. ,  LEE, Jeffrey

IPC: H04W12/04 ,  H04W12/06 ,  G06F9/445

CPC classification number: H04L9/3252 ,  G06F8/654 ,  H04L9/0643 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3066 ,  H04L63/061 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/0869 ,  H04L67/34 ,  H04L2209/80 ,  H04W4/80 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

Abstract translation: 公开了涉及设备的安全通信的技术。 在一个实施例中，第一设备被配置为执行与第二设备的配对操作以建立第一设备和第二设备之间的安全通信链路。 该配对操作包括：在通过安全通信链路进行通信期间从第二设备接收要由第一设备执行的固件，并且响应于固件的成功验证，建立要由第一和第二设备使用的共享加密密钥 在沟通过程中。 在一些实施例中，配对操作包括接收根据固件的散列值和第二设备的公钥来创建的数字签名，并且通过从数字签名中提取散列值并且将提取的散列值与 接收到的固件的哈希值。

公开(公告)号：WO2012129121A1

公开(公告)日：2012-09-27

申请号：PCT/US2012/029548

申请日：2012-03-16

Applicant: APPLE INC. ,  VYRROS, Andrew, H. ,  WOOD, Justin, N. ,  ADLER, Mitch ,  ABUAN, Joe, S. ,  SAUERWALD, Conrad ,  JEONG, Hyeonkuk ,  GARCIA, Roberto

Inventor： VYRROS, Andrew, H. ,  WOOD, Justin, N. ,  ADLER, Mitch ,  ABUAN, Joe, S. ,  SAUERWALD, Conrad ,  JEONG, Hyeonkuk ,  GARCIA, Roberto

IPC: H04L12/28

CPC classification number: H04L67/104 ,  A63F13/335 ,  A63F13/34 ,  A63F13/71 ,  A63F2300/407 ,  A63F2300/408 ,  A63F2300/532 ,  A63F2300/5546 ,  A63F2300/5566 ,  A63F2300/5573 ,  H04L29/12509 ,  H04L45/745 ,  H04L61/2567 ,  H04L67/04 ,  H04L67/141 ,  H04L67/26

Abstract: A system and method for using bloom filters to identify service providers. Service providers generate bloom filters with the user ID codes of registered users and exchange the filters with one another. A first provider will query its own database to determine if the first user is registered with the first provider. If the first user is not registered with the first provider, then the first provider will query its filters to identify other providers with which the first user may be registered. A positive response from a filter indicates that the first user may or may not be registered with the provider associated with that filter, and a negative response indicates with certainty that the first user is not registered with that provider. The request to locate the first user is only transmitted to those providers for which a positive filter response has been received.

Abstract translation: 一种使用布隆过滤器来识别服务提供商的系统和方法。 服务提供商生成具有注册用户的用户ID代码的bloom过滤器，并将过滤器彼此交换。 第一个提供者将查询自己的数据库，以确定第一个用户是否已向第一个提供者注册。 如果第一个用户没有向第一个提供商注册，则第一个提供商将查询其过滤器，以识别可以注册第一个用户的其他提供商。 来自过滤器的积极响应指示第一用户可能登录到与该过滤器相关联的提供商，也可以不向与该过滤器相关联的提供商注册，并且否定响应肯定地指示第一用户未向该提供商注册。 定位第一用户的请求仅被发送到已经接收到正滤波器响应的那些提供者。

公开(公告)号：EP2730049B1

公开(公告)日：2020-04-22

申请号：EP12775334.1

申请日：2012-07-31

Applicant: Apple Inc.

Inventor： SAUERWALD, Conrad ,  BHAVSAR, Vrajesh Rajesh ,  MCNEIL, Kenneth Buffalo ,  DUFFY, Thomas Brogan ,  BROUWER, Michael Lambertus Hubertus ,  BYOM, Matthew John ,  ADLER, Mitchell David ,  TAMURA, Eric Brandon

IPC: H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W12/08 ,  G06F11/14

公开(公告)号：EP2730049A2

公开(公告)日：2014-05-14

申请号：EP12775334.1

申请日：2012-07-31

Applicant: Apple Inc.

Inventor： SAUERWALD, Conrad ,  BHAVSAR, Vrajesh Rajesh ,  MCNEIL, Kenneth Buffalo ,  DUFFY, Thomas Brogan ,  BROUWER, Michael Lambertus Hubertus ,  BYOM, Matthew John ,  ADLER, Mitchell David ,  TAMURA, Eric Brandon

IPC: H04L9/08 ,  G06F11/14

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract translation: 本文公开了用于利用主设备和备用设备上的加密密钥管理的无线数据保护的系统，方法和非暂时的计算机可读存储介质。 系统使用文件密钥对文件进行加密，并对文件密钥进行两次加密，从而产生两个加密的文件密钥。 系统对每个文件密钥进行不同的加密，并将第一个文件密钥存储在主设备上，并将加密的文件密钥之一加密到备份设备进行存储。 在备份设备上，系统将加密的文件密钥与用户密码保护的一组备份密钥相关联。 在一个实施例中，系统基于文件密钥生成用于加密操作的初始化向量。 在另一个实施例中，系统在用户密码改变期间管理备份设备上的加密密钥。

公开(公告)号：EP3400730A1

公开(公告)日：2018-11-14

申请号：EP16822351.9

申请日：2016-12-15

Applicant: Apple Inc.

Inventor： SCHAAP, Tristan F. ,  SAUERWALD, Conrad ,  MARCINIAK, Craig A. ,  HAUCK, Jerrold V. ,  PAPILION, Zachary F. ,  LEE, Jeffrey

IPC: H04W12/04 ,  H04W12/06 ,  G06F9/445

CPC classification number: H04L9/3252 ,  G06F8/654 ,  H04L9/0643 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3066 ,  H04L63/061 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/0869 ,  H04L67/34 ,  H04L2209/80 ,  H04W4/80 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.