公开(公告)号：US12206799B2

公开(公告)日：2025-01-21

申请号：US17805335

申请日：2022-06-03

Applicant: Apple Inc.

Inventor： Steven A. Myers ,  Kyle C. Brogle ,  Sean P. Devlin ,  Edwin W. Foo ,  John T. Perry

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/40

Abstract: Techniques are disclosed relating to securely authenticating communicating devices. In various embodiments, a computing device receives, via a network connection with a network, a first certificate for a first public key pair of the computing device. The computing device provides the first certificate to an offline accessory device and receives a second certificate for a second public key pair maintained by the offline accessory device. The computing device performs a verification of the second certificate and, responsive to the verification being successful, interacts with the offline accessory device. In some embodiments, prior to providing the first certificate, the computing device determines an ordering in which the first and second certificates are to be exchanged by the first computing device and the offline accessory device, and the first certificate is provided to the offline accessory device in accordance with the determined ordering.

公开(公告)号：US20240037274A1

公开(公告)日：2024-02-01

申请号：US18377478

申请日：2023-10-06

Applicant: Apple Inc.

Inventor： Pablo Antonio Gonzalez Cervantes ,  Mohan Singh Randhava ,  Jorge F. Pozas Trevino ,  Samuel A. Mussell ,  Isaac Pinol Catadau ,  Steven A. Myers ,  Dongsheng Zhang ,  Suhail Ahmad ,  Zhengjun Jiang ,  Yannick L. Sierra ,  Amir H. Jadidi

IPC: G06F21/62 ,  G16H10/60 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/6245 ,  G16H10/60 ,  H04L9/0825 ,  H04L9/0866 ,  H04L9/14

Abstract: Techniques for storing health data can include a multi-node data structure. A data node, a category node, and an institution node of a multi-node data structure can be generated in accordance with a configuration file. The data node can include health data and can be identified by a first unique data identifier and encrypted using a first cryptographic key. The category node can include the first unique data identifier and the first cryptographic key. The category node can be identified by a second unique data identifier and encrypted using a second cryptographic key. The institution node can include the second unique data identifier and the second cryptographic key. The institution node can be identified by a third unique data identifier and encrypted using a third cryptographic key. The data node, the category node, and the institution node can be shared with a service provider.

公开(公告)号：US20250150814A1

公开(公告)日：2025-05-08

申请号：US18928762

申请日：2024-10-28

Applicant: Apple Inc.

Inventor： Jarkko L. Kneckt ,  Leonid Epstein ,  Steven A. Myers ,  Yong Liu ,  Charles F. Dominguez ,  Elliot S. Briggs ,  Nisan Reuven ,  Yong Ho Seok ,  Yoel Boger

IPC: H04W12/037 ,  H04W12/043 ,  H04W12/10

Abstract: Methods, systems and apparatuses for performing a encryption and/or protection of MAC headers and/or control frames are described. A wireless device can determine a randomized MAC address and offset to obfuscate MAC headers and/or control frames, e.g., which can change at different times/intervals. The wireless device can determine an encryption block pattern, which can be based on an encryption key and/or nonce. The wireless device can encrypt the MAC header and/or control frame. Similarly, a receiving device can receive an encrypted MAC header and/or control frame and decrypt it according to corresponding techniques.

公开(公告)号：US20230093749A1

公开(公告)日：2023-03-23

申请号：US17932979

申请日：2022-09-16

Applicant: Apple Inc.

Inventor： Steven A. Myers ,  Sean P. Devlin

IPC: H04L9/40

Abstract: Techniques are disclosed relating to resuming a communication session. In some embodiments, a first computing device stores a session resumption token that includes metadata usable to resume a communication session. The first computing device provides a request to resume the communication session with a second computing device and receives, from the second computing device, an output of a verifiable random function (VRF) associated with the request. In response to the request, the first computing device performs a verification of the output and determines, based on the verification, whether to provide the session resumption token to the second computing device.

公开(公告)号：US12079370B2

公开(公告)日：2024-09-03

申请号：US18377478

申请日：2023-10-06

Applicant: Apple Inc.

Inventor： Pablo Antonio Gonzalez Cervantes ,  Mohan Singh Randhava ,  Jorge F. Pozas Trevino ,  Samuel A. Mussell ,  Isaac Pinol Catadau ,  Steven A. Myers ,  Dongsheng Zhang ,  Suhail Ahmad ,  Zhengjun Jiang ,  Yannick L. Sierra ,  Amir H. Jadidi

IPC: G06F21/62 ,  G16H10/60 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/6245 ,  G16H10/60 ,  H04L9/0825 ,  H04L9/0866 ,  H04L9/14

Abstract: Techniques for storing health data can include a multi-node data structure. A data node, a category node, and an institution node of a multi-node data structure can be generated in accordance with a configuration file. The data node can include health data and can be identified by a first unique data identifier and encrypted using a first cryptographic key. The category node can include the first unique data identifier and the first cryptographic key. The category node can be identified by a second unique data identifier and encrypted using a second cryptographic key. The institution node can include the second unique data identifier and the second cryptographic key. The institution node can be identified by a third unique data identifier and encrypted using a third cryptographic key. The data node, the category node, and the institution node can be shared with a service provider.

公开(公告)号：US20230396416A1

公开(公告)日：2023-12-07

申请号：US18328691

申请日：2023-06-02

Applicant: Apple Inc.

Inventor： Steven A. Myers ,  Mariappan Rengarajan ,  Benjamin W. Brown ,  Meenakshi Arasu ,  Aniwat Arromratana ,  Nithin Koram ,  Ramarathnam Santhanagopal

IPC: H04L9/08 ,  H04L9/30

CPC classification number: H04L9/0833 ,  H04L9/30

Abstract: Techniques are provided to create and manage groups of users. A group can be treated as a single entity. For privacy of a user, user keys can be translated to group keys, which are then used to access resources. The user can prove membership in the group via their keys (e.g., using a diversified public key), and then get the group keys in response, e.g., after verification to a group server using a diversified user key.

公开(公告)号：US20220391534A1

公开(公告)日：2022-12-08

申请号：US17659079

申请日：2022-04-13

Applicant: Apple Inc.

Inventor： Mohan S. Randhava ,  Steven A. Myers ,  Jorge F. Pozas Trevino ,  Pablo Antonio Gonzalez Cervantes ,  Yannick L. Sierra

IPC: G06F21/62 ,  G16H10/60

Abstract: A server system implemented by a service provider may store health data of a user according to a multi-node data structure. The server system may generate transaction records based on requests to access the health data. Responsive to requests for the transaction records, the server system may query a database that includes the health data and generate a data package based on the querying. The data package may be sent to a requesting system. The data package may be usable by the requesting system to identify which patient profiles were accessed by which physicians.

公开(公告)号：US11321095B2

公开(公告)日：2022-05-03

申请号：US16663621

申请日：2019-10-25

Applicant: Apple Inc.

Inventor： Steven A. Myers ,  Jeffry E. Gonion ,  Yannick L. Sierra ,  Thomas Icart

IPC: G06F9/32 ,  G06F9/34 ,  G06F21/52 ,  G06F21/60 ,  G06F9/38 ,  G06F9/455 ,  G06F9/30 ,  G06F21/62

Abstract: Techniques are disclosed relating to protecting branch prediction information. In various embodiments, an integrated circuit includes branch prediction logic having a table that maintains a plurality of entries storing encrypted target address information for branch instructions. The branch prediction logic is configured to receive machine context information for a branch instruction having a target address being predicted by the branch prediction logic, the machine context information including a program counter associated with the branch instruction. The branch prediction logic is configured to use the machine context information to decrypt encrypted target address information stored in one of the plurality of entries identified based on the program counter. In some embodiments, the branch prediction logic decrypts the encrypted target address information by performing a cipher to encrypt the machine context information and performing a Boolean exclusive-OR operation of the encrypted machine context information and the encrypted target address information.

公开(公告)号：US20250119411A1

公开(公告)日：2025-04-10

申请号：US18909442

申请日：2024-10-08

Applicant: Apple Inc.

Inventor： Catherine Yun ,  Elliot S. Briggs ,  Simon J. Gornall ,  Michael J. Hashe ,  Steven A. Myers ,  Andrew M. Pace ,  Yannick L. Sierra ,  Phillip T. Tao

IPC: H04L9/40 ,  H04L9/14 ,  H04L9/32

Abstract: Techniques are disclosed relating to improving secure message communication. In various embodiments, a message delivery server receives a request to deliver an encrypted message from a sender to a recipient. The encrypted message obfuscates the identity of the sender such that the message delivery server is unable to determine the identity of the sender. The message delivery server determines whether to deliver the encrypted message based on a signed attestation received with the request and, based on the determining, delivers the encrypted message to the recipient. In some embodiments, the determining includes verifying the signed attestation using a verification key provide by the sender. In some embodiments, the encrypted message is an email, a text message, a push notification, or a video or audio call request.

公开(公告)号：US20220393885A1

公开(公告)日：2022-12-08

申请号：US17805335

申请日：2022-06-03

Applicant: Apple Inc.

Inventor： Steven A. Myers ,  Kyle C. Brogle ,  Sean P. Devlin ,  Edwin W. Foo ,  John T. Perry

IPC: H04L9/32 ,  H04L9/08

Abstract: Techniques are disclosed relating to securely authenticating communicating devices. In various embodiments, a computing device receives, via a network connection with a network, a first certificate for a first public key pair of the computing device. The computing device provides the first certificate to an offline accessory device and receives a second certificate for a second public key pair maintained by the offline accessory device. The computing device performs a verification of the second certificate and, responsive to the verification being successful, interacts with the offline accessory device. In some embodiments, prior to providing the first certificate, the computing device determines an ordering in which the first and second certificates are to be exchanged by the first computing device and the offline accessory device, and the first certificate is provided to the offline accessory device in accordance with the determined ordering.