公开(公告)号：US11855834B2

公开(公告)日：2023-12-26

申请号：US17007322

申请日：2020-08-31

Applicant: Apple Inc.

Inventor： Sushant U. Chavan ,  Thomas F. Pauly

IPC: H04L41/0654 ,  H04W4/80 ,  H04L41/0893 ,  H04W84/12

CPC classification number: H04L41/0654 ,  H04L41/0893 ,  H04W4/80 ,  H04W84/12

Abstract: An electronic device includes a traffic redirect module that creates a traffic sink interface that enables data to be sent to it, without generating an error if an underlying physical link does not exist. To send data over a physical link, a processor of the electronic device creates a network interface to connect to another electronic device using a transport connection over the physical link. If the physical link disconnects, then the processor removes the network interface, and the traffic redirect module redirects data to be sent to the other electronic device to use the traffic sink interface, without indicating that the physical link has disconnected. When the physical link reconnects, or a new physical link to the other electronic device is established, the processor creates a new network interface to connect to the other electronic device using the transport connection over the reconnected or new physical link.

公开(公告)号：US09762625B2

公开(公告)日：2017-09-12

申请号：US14289308

申请日：2014-05-28

Applicant: APPLE INC.

Inventor： Thomas F. Pauly

IPC: G06F15/177 ,  H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L65/1069 ,  H04L61/1511 ,  H04L61/2514 ,  H04L63/0272 ,  H04L63/168 ,  H04L67/02 ,  H04L69/16

Abstract: A method, client device and non-transitory computer readable storage medium for connecting to a virtual private network (VPN). A request to connect to a destination identified by a hostname is received from an application executed on the client device and a domain name system (DNS) lookup functionality is performed on the hostname, the DNS lookup functionality returning an address. It is then determined whether the returned address is a redirected address, whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, or whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful. If any of the returned address is a redirected address, the HTTPS probe fails or the returned address matches the cached route and the TCP connection establishment is unsuccessful, the client device is connected to the VPN.

公开(公告)号：US20160344688A1

公开(公告)日：2016-11-24

申请号：US14719889

申请日：2015-05-22

Applicant: Apple Inc.

Inventor： Prabhakar Lakhera ,  Vincent Lubet ,  David Schinazi ,  Thomas F. Pauly

IPC: H04L29/12

CPC classification number: H04L61/251 ,  H04L61/1511 ,  H04L67/02 ,  H04W80/045

Abstract: Techniques are disclosed relating to communicating, via IPv6-only networks, with devices on IPv4 networks. In some embodiments, a mobile device stores program instructions executable to: generate a request to access a network server that specifies an IPv4 literal, query a DNS server using a reserved name to determine an IPv6 prefix, synthesize an IPv6 address using the prefix and the IPv4 literal, create a transport layer connection to the network server using the synthesized IPv6 address, and transmit multiple packets using the connection, without re-translating the IPv4 literal for the packets. These per-connection translation techniques may reduce power consumption and/or processing time relative to per-packet translation, in some embodiments.

Abstract translation: 公开了关于通过仅IPv6网络与IPv4网络上的设备进行通信的技术。 在一些实施例中，移动设备存储可执行以执行以下操作的程序指令：生成访问指定IPv4文字的网络服务器的请求，使用保留名称查询DNS服务器以确定IPv6前缀，使用前缀合成IPv6地址， IPv4文字，使用合成的IPv6地址创建到网络服务器的传输层连接，并使用连接传输多个数据包，而不需要重新翻译数据包的IPv4文字。 在一些实施例中，这些每连接翻译技术可以减少相对于每个分组转换的功耗和/或处理时间。

公开(公告)号：US09432363B2

公开(公告)日：2016-08-30

申请号：US14502786

申请日：2014-09-30

Applicant: APPLE INC.

Inventor： Najeeb M. Abdulrahiman ,  Thomas F. Pauly ,  Vikram B. Yerrabommanahalli

IPC: H04M1/66 ,  H04M1/68 ,  H04M3/16 ,  H04L29/06 ,  H04W12/06

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/0884 ,  H04L63/0892 ,  H04W76/10 ,  H04W84/12

Abstract: Described are methods that allow credentials of a first client station to authenticate a second client station. An exemplary method includes associating a first client station with a second client station, the first client station including credential information, the associating authorizing the second client station to use the credential information, transmitting, by the second client station, an association request to a network, the network utilizing the credential information to authorize a connection, the second client station configured to perform a proxy functionality for requests received from the network to be forwarded to the first client station and responses received from the first client station to be forwarded to the network, determining, by the network, whether the credential information received from the second client station is authenticated and establishing a connection between the second client station and the network using the credential information of the first client station.

Abstract translation: 描述了允许第一客户端的凭证来验证第二客户端的方法。 一种示例性方法包括将第一客户端站与第二客户站相关联，第一客户端站包括凭证信息，关联授权第二客户端站使用凭证信息，由第二客户站向网络发送关联请求 ，所述网络利用所述凭证信息来授权连接，所述第二客户端站被配置为执行从所述网络接收到的请求被转发到所述第一客户端的请求的代理功能，以及从所述第一客户站接收的要被转发到所述网络的响应 由所述网络确定从所述第二客户端站接收到的所述凭证信息是否被认证，并且使用所述第一客户站的凭证信息来建立所述第二客户端站与所述网络之间的连接。

公开(公告)号：US20240097972A1

公开(公告)日：2024-03-21

申请号：US18526946

申请日：2023-12-01

Applicant: Apple Inc.

Inventor： Sushant U. Chavan ,  Thomas F. Pauly

IPC: H04L41/0654 ,  H04L41/0893 ,  H04W4/80

CPC classification number: H04L41/0654 ,  H04L41/0893 ,  H04W4/80 ,  H04W84/12

Abstract: An electronic device includes a traffic redirect module that creates a traffic sink interface that enables data to be sent to it, without generating an error if an underlying physical link does not exist. To send data over a physical link, a processor of the electronic device creates a network interface to connect to another electronic device using a transport connection over the physical link. If the physical link disconnects, then the processor removes the network interface, and the traffic redirect module redirects data to be sent to the other electronic device to use the traffic sink interface, without indicating that the physical link has disconnected. When the physical link reconnects, or a new physical link to the other electronic device is established, the processor creates a new network interface to connect to the other electronic device using the transport connection over the reconnected or new physical link.

公开(公告)号：US20230217279A1

公开(公告)日：2023-07-06

申请号：US17901764

申请日：2022-09-01

Applicant: APPLE INC.

Inventor： Henri S. Berger ,  Gencer Cili ,  Geoffrey R. Hall ,  Franco Travostino ,  Muthukumaran Dhanapal ,  Sunny R. Dubey ,  Pradeep S. Sharma ,  Raghuveer Mallikarjunan ,  Ajay Singh ,  Ozgur Ekici ,  Rajesh Ambati ,  Arun G. Mathias ,  Ajoy K. Singh ,  Thomas F. Pauly

IPC: H04W24/08

CPC classification number: H04W24/08 ,  H04W92/10

Abstract: A system and method for selecting a network interface for a communication device having at least two radio physical interface, to improve communications by the communication device. A configuration of the communication device is determined, where a first radio physical interface is designated as a primary interface and active, and a second radio physical interface as idle. A networking subsystem of the operating system executes a state machine configured to monitor network conditions and associated performance parameters of the at least two radio physical interfaces, to automatically outrank the second radio physical interface over the first radio physical interface as the primary interface.

公开(公告)号：US20210377176A1

公开(公告)日：2021-12-02

申请号：US17007326

申请日：2020-08-31

Applicant: Apple Inc.

Inventor： Sushant U. Chavan ,  Delziel J. Fernandes ,  Thomas F. Pauly

IPC: H04L12/859 ,  H04L12/851 ,  H04L12/865 ,  H04L29/06

Abstract: An electronic device includes a sequence generator module that generates a sequence in a predetermined order based on a traffic class of data to be sent. The sequence is written into a portion of a sequence header of an outgoing data packet that corresponds to the traffic class. A traffic class identifier is also written into a header of the packet that indicates the traffic class of the data. The electronic device sends the packet to another electronic device over one of multiple channels of multiple priorities. The other electronic device determines the traffic class of the data based on the traffic class identifier, extracts the sequence from the portion of the sequence header that corresponds to the traffic class, and compares the sequence to a previously extracted sequence of a previously received packet of the same traffic class to determine whether a replay attack has occurred.

公开(公告)号：US10904751B2

公开(公告)日：2021-01-26

申请号：US15220614

申请日：2016-07-27

Applicant: APPLE INC.

Inventor： Najeeb M. Abdulrahiman ,  Thomas F. Pauly ,  Vikram B. Yerrabommanahalli

IPC: H04W12/00 ,  H04W12/06 ,  H04L29/06 ,  H04W76/10 ,  H04W84/12

Abstract: Described are methods that allow credentials of a first client station to authenticate a second client station. An exemplary method includes associating a first client station with a second client station, the first client station including credential information, the associating authorizing the second client station to use the credential information, transmitting, by the second client station, an association request to a network, the network utilizing the credential information to authorize a connection, the second client station configured to perform a proxy functionality for requests received from the network to be forwarded to the first client station and responses received from the first client station to be forwarded to the network, determining, by the network, whether the credential information received from the second client station is authenticated and establishing a connection between the second client station and the network using the credential information of the first client station.

公开(公告)号：US10547649B2

公开(公告)日：2020-01-28

申请号：US15699006

申请日：2017-09-08

Applicant: APPLE INC.

Inventor： Thomas F. Pauly

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

Abstract: A method, client device and non-transitory computer readable storage medium for connecting to a virtual private network (VPN). A request to connect to a destination identified by a hostname is received from an application executed on the client device and a domain name system (DNS) lookup functionality is performed on the hostname, the DNS lookup functionality returning an address. It is then determined whether the returned address is a redirected address, whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, or whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful. If any of the returned address is a redirected address, the HTTPS probe fails or the returned address matches the cached route and the TCP connection establishment is unsuccessful, the client device is connected to the VPN.

公开(公告)号：US20160337853A1

公开(公告)日：2016-11-17

申请号：US15220614

申请日：2016-07-27

Applicant: APPLE INC.

Inventor： Najeeb M. ABDULRAHIMAN ,  Thomas F. Pauly ,  Vikram B. Yerrabommanahalli

IPC: H04W12/06 ,  H04W76/02 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/0884 ,  H04L63/0892 ,  H04W12/003 ,  H04W76/10 ,  H04W84/12

Abstract: Described are methods that allow credentials of a first client station to authenticate a second client station. An exemplary method includes associating a first client station with a second client station, the first client station including credential information, the associating authorizing the second client station to use the credential information, transmitting, by the second client station, an association request to a network, the network utilizing the credential information to authorize a connection, the second client station configured to perform a proxy functionality for requests received from the network to be forwarded to the first client station and responses received from the first client station to be forwarded to the network, determining, by the network, whether the credential information received from the second client station is authenticated and establishing a connection between the second client station and the network using the credential information of the first client station.