公开(公告)号：US11425104B2

公开(公告)日：2022-08-23

申请号：US16654683

申请日：2019-10-16

Applicant: Apple Inc.

Inventor： Arun G. Mathias ,  Thomas A. Dilligan ,  Matthew C. Lucas ,  Anush G. Nadathur ,  Kevin P. McLaughlin

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/40 ,  H04L67/06 ,  H04L67/1095 ,  H04L67/10 ,  H04L9/12 ,  H04L9/08 ,  H04L9/32

Abstract: A data transfer process can include multiple verification features usable by a “source” device to ensure that a “destination” device is authorized to receive a requested data object. The source device and destination device can communicate via a first communication channel (which can be on a wide-area network) to exchange public keys, then use the public keys to verify their identities and establish a secure session on a second communication channel (which can be a local channel). The data object can be transferred via the secure session. Prior to sending the data object, the source device can perform secondary verification operations (in addition to the key exchange) to confirm the identity of the second device and/or the locality of the connection on the second communication channel.

公开(公告)号：US11283703B2

公开(公告)日：2022-03-22

申请号：US16405221

申请日：2019-05-07

Applicant: Apple Inc.

Inventor： Joe S. Abuan ,  Bob Bradley ,  Craig P. Dooley ,  Gregg J. Golembeski, Jr. ,  Andrew W. Burks ,  Srinivas Rama ,  Arun G. Mathias ,  Anush G. Nadathur ,  Kevin P. McLaughlin

IPC: H04L29/06 ,  H04L43/10 ,  G06F11/30 ,  H04W4/70 ,  H04L67/303 ,  H04L67/04 ,  H04L67/12 ,  H04L67/02 ,  H04L9/00 ,  H04L9/08 ,  H04L9/32 ,  G06F21/44 ,  H04W12/50 ,  H04W12/04 ,  H04W4/80 ,  H04W12/06

Abstract: A uniform protocol can facilitate secure, authenticated communication between a controller device and an accessory device that is controlled by the controller. An accessory and a controller can establish a pairing, the existence of which can be verified at a later time and used to create a secure communication session. The accessory can provide an accessory definition record that defines the accessory as a collection of services, each service having one or more characteristics. Within a secure communication session, the controller can interrogate the characteristics to determine accessory state and/or modify the characteristics to instruct the accessory to change its state.

公开(公告)号：US10999074B2

公开(公告)日：2021-05-04

申请号：US16051040

申请日：2018-07-31

Applicant: Apple Inc.

Inventor： Carmen A. Bovalino, III ,  Shyam S. Toprani ,  George Lin ,  Yin Shun Osborn Chan ,  Anush G. Nadathur ,  Dennis Mathews

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

Abstract: An authentication process for an endpoint device uses a pair of tokens. Tokens are generated at an authentication server that maintains a data store of token states, where the states are defined to include a “normal” state sequence along which a token is expected to advance. The endpoint device can store a token pair in non-volatile local storage. To authenticate, the endpoint device can provide its stored token pair to the authentication server, which can determine whether authentication succeeds based on the states of the tokens in the token pair. After successful authentication, the authentication server can provide a new token pair to the endpoint device and advance the token states along the normal sequence. When the endpoint device confirms receipt of the new token pair, which replaces the previous token pair, the authentication server can advance the state of the tokens again.

公开(公告)号：US20200380266A1

公开(公告)日：2020-12-03

申请号：US16560678

申请日：2019-09-04

Applicant: Apple Inc.

Inventor： Anush G. Nadathur ,  Keith W. Rauenbuehler ,  Kenneth A. York ,  Varinder Singh ,  Nicholas M. Fraioli

IPC: G06K9/00 ,  H04N5/14 ,  H04N5/232 ,  H04L9/08

Abstract: Embodiments of the present disclosure can provide devices, methods, and computer-readable medium for secure frame management. The techniques disclosed herein provide an intelligent method for detecting triggering items in one or more frames of streaming video from an Internet Protocol camera. Upon detection, the camera transmits one or more frames of the video over a network to a computing device. Upon detecting a triggering item in a frame of the video stream, the computing device can begin a streaming session with a server and stream the one or more frames of video and accompanying metadata to the server. The frames, metadata, and associated keys can all be encrypted prior to streaming to the server. For each subsequent segment of video frames that includes the triggering item, the server can append the frames of that segment to the video clip in an encrypted container. Once the triggering item is no longer detected, the streaming session can be closed.

公开(公告)号：US20200228362A1

公开(公告)日：2020-07-16

申请号：US16816709

申请日：2020-03-12

Applicant: Apple Inc.

Inventor： Anush G. Nadathur ,  Srinivas Rama ,  Matthew C. Lucas ,  Nathan E. Carroll ,  Kevin P. McLaughlin ,  Thomas A. Dilligan ,  Arun G. Mathias

IPC: H04L12/28 ,  H04W4/80 ,  H04W84/18 ,  H04W88/04 ,  H04L12/26 ,  H04L29/08 ,  H04W84/20

Abstract: An automated environment can include multiple controller devices capable of communicating with multiple accessory devices. The controller devices can automatically elect one of their number as a coordinator device for the environment and can automatically perform a new election if an incumbent coordinator becomes unavailable or resigns. The election processes can be transparent to any users. An elected coordinator can perform various operations to facilitate management of the automated environment, including routing of communications between controllers and accessories.

公开(公告)号：US20200044849A1

公开(公告)日：2020-02-06

申请号：US16051040

申请日：2018-07-31

Applicant: Apple Inc.

Inventor： Carmen A. Bovalino, III ,  Shyam S. Toprani ,  George Lin ,  Yin Shun Osborn Chan ,  Anush G. Nadathur ,  Dennis Mathews

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: An authentication process for an endpoint device uses a pair of tokens. Tokens are generated at an authentication server that maintains a data store of token states, where the states are defined to include a “normal” state sequence along which a token is expected to advance. The endpoint device can store a token pair in non-volatile local storage. To authenticate, the endpoint device can provide its stored token pair to the authentication server, which can determine whether authentication succeeds based on the states of the tokens in the token pair. After successful authentication, the authentication server can provide a new token pair to the endpoint device and advance the token states along the normal sequence. When the endpoint device confirms receipt of the new token pair, which replaces the previous token pair, the authentication server can advance the state of the tokens again.

公开(公告)号：US20190068371A1

公开(公告)日：2019-02-28

申请号：US16105464

申请日：2018-08-20

Applicant: Apple Inc.

Inventor： Anush G. Nadathur ,  Gokul P. Thirumalai ,  Kevin P. McLaughlin ,  Matthew C. Lucas ,  Andrew Burks

IPC: H04L9/14 ,  H04W12/06 ,  H04L29/08 ,  H04L12/28 ,  H04L12/64 ,  H04L9/00 ,  H04L29/06 ,  H04W12/02 ,  H04W12/04

Abstract: A relay service can relay messages between controllers and electronically controllable accessory devices that may be located remotely from the controllers. Relaying of messages by the relay service can be decoupled from any knowledge of the functionality of the accessory or the content of the messages. Device identification and relaying of messages can be managed using “relay aliases” that are meaningful only to the relay service and the endpoint devices (the controller and accessory). The endpoint devices can implement end-to-end security for messages transported by the relay service.

公开(公告)号：US10057062B2

公开(公告)日：2018-08-21

申请号：US15618707

申请日：2017-06-09

Applicant: Apple Inc.

Inventor： Anush G. Nadathur ,  Gokul P. Thirumalai ,  Kevin P. McLaughlin ,  Matthew C. Lucas ,  Andrew Burks

IPC: H04L9/32 ,  G03F7/04 ,  H04L9/14 ,  H04L9/00 ,  H04L12/28 ,  H04L29/06 ,  H04L29/08 ,  H04W12/06 ,  H04W12/04

CPC classification number: H04L9/14 ,  H04L9/006 ,  H04L12/2818 ,  H04L12/6418 ,  H04L63/0823 ,  H04L63/0884 ,  H04L67/125 ,  H04L67/141 ,  H04W12/0013 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: A relay service can relay messages between controllers and electronically controllable accessory devices that may be located remotely from the controllers. Relaying of messages by the relay service can be decoupled from any knowledge of the functionality of the accessory or the content of the messages. Device identification and relaying of messages can be managed using “relay aliases” that are meaningful only to the relay service and the endpoint devices (the controller and accessory). The endpoint devices can implement end-to-end security for messages transported by the relay service.

公开(公告)号：US10012967B2

公开(公告)日：2018-07-03

申请号：US15274424

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Matthew C. Lucas ,  Anush G. Nadathur ,  Nathan E. Carroll

IPC: H04L12/28 ,  G05B15/02

CPC classification number: G05B15/02 ,  H04L12/2809 ,  H04L63/104

Abstract: Modifications made by multiple controller devices to an environment model describing a shared automated environment can be coordinated. One of the controller devices can be designated as a coordinator, and any controller device other than the coordinator can send an update request to the coordinator. The coordinator can determine whether to accept or reject the requested modification and can report its determination to the requesting controller device. If the coordinator accepts the request, the coordinator can instigate operations to update the environment model across all controller devices of all users. If the coordinator rejects the request, the environment model is not updated. The controller device that made the request can update its local copy of the environment model and roll back the update if the request is rejected.

公开(公告)号：US20170359314A1

公开(公告)日：2017-12-14

申请号：US15274388

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Arun G. Mathias ,  Thomas A. Dilligan ,  Matthew C. Lucas ,  Anush G. Nadathur ,  Kevin P. McLaughlin

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/14 ,  H04L29/08

CPC classification number: H04L63/0428 ,  H04L9/0827 ,  H04L9/0894 ,  H04L9/12 ,  H04L9/3215 ,  H04L63/06 ,  H04L63/061 ,  H04L63/083 ,  H04L63/18 ,  H04L67/06 ,  H04L67/10 ,  H04L67/1095

Abstract: A data transfer process can include multiple verification features usable by a “source” device to ensure that a “destination” device is authorized to receive a requested data object. The source device and destination device can communicate via a first communication channel (which can be on a wide-area network) to exchange public keys, then use the public keys to verify their identities and establish a secure session on a second communication channel (which can be a local channel). The data object can be transferred via the secure session. Prior to sending the data object, the source device can perform secondary verification operations (in addition to the key exchange) to confirm the identity of the second device and/or the locality of the connection on the second communication channel.