公开(公告)号：US11630903B1

公开(公告)日：2023-04-18

申请号：US17081276

申请日：2020-10-27

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/62 ,  G09C1/00 ,  H04L9/32 ,  H04L9/08 ,  H04L9/30 ,  G06F21/71 ,  G06F21/32

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

公开(公告)号：US11528129B2

公开(公告)日：2022-12-13

申请号：US15996390

申请日：2018-06-01

Applicant: Apple Inc.

Inventor： Per Love Hornquist Astrand ,  Benjamin I. Williamson ,  Keaton F. Mowery ,  Mitchell D. Adler ,  Michelle A. Auricchio ,  Luke T. Hiesterman

IPC: H04L29/08 ,  H04L9/08 ,  H04L67/104 ,  H04L9/30 ,  H04W12/06 ,  H04L9/40 ,  H04W56/00 ,  H04L67/1095 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the subject technology provide a novel system for synchronizing content items among a group of peer devices. The content synchronizing system of some embodiments includes the group of peer devices and a set of one or more synchronizing servers communicatively connected with the peer devices through one or more networks. In some embodiments, the synchronizing system uses a star architecture, in which each peer device offloads its synchronization operations to the synchronizing server set. Without establishing a peer-to-peer communication with any other peer device, the particular peer device in these embodiments supplies an encrypted content item set along with the N−1 encryptions of a content key used to encrypt the content item set to the synchronizing server set so that this server set can distribute the encrypted content item set and an encrypted content key to each of the N−1 peer devices.

公开(公告)号：US11444766B2

公开(公告)日：2022-09-13

申请号：US16293541

申请日：2019-03-05

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Mitchell D. Adler

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/40 ,  H04L9/32 ,  H04L9/14 ,  H04W12/08

Abstract: Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.

公开(公告)号：US11250118B2

公开(公告)日：2022-02-15

申请号：US16388831

申请日：2019-04-18

Applicant: Apple Inc.

Inventor： Alexander R. Ledwith ,  Wade Benson ,  Marc J. Krochmal ,  John J. Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra ,  Libor Sykora ,  Jiri Margaritov

IPC: G06F21/34 ,  G06F1/16 ,  H04W12/63

Abstract: In some embodiments, a first device performs ranging operations to allow a user to perform one or more operations on the first device without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account that is authorized to perform operations on the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the operations to be performed on the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the operation is authorized on the first device.

公开(公告)号：US11063748B2

公开(公告)日：2021-07-13

申请号：US15996403

申请日：2018-06-01

Applicant: Apple Inc.

Inventor： Per Love Hornquist Astrand ,  Benjamin I. Williamson ,  Keaton F. Mowery ,  Mitchell D. Adler ,  Michelle A. Auricchio ,  Luke T. Hiesterman

IPC: H04L9/08 ,  H04L29/08 ,  H04L9/30 ,  H04W12/06 ,  H04L29/06 ,  H04W56/00 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the subject technology provide a novel system for synchronizing content items among a group of peer devices. The content synchronizing system of some embodiments includes the group of peer devices and a set of one or more synchronizing servers communicatively connected with the peer devices through one or more networks. In some embodiments, the synchronizing system uses a star architecture, in which each peer device offloads its synchronization operations to the synchronizing server set. Without establishing a peer-to-peer communication with any other peer device, the particular peer device in these embodiments supplies an encrypted content item set along with the N−1 encryptions of a content key used to encrypt the content item set to the synchronizing server set so that this server set can distribute the encrypted content item set and an encrypted content key to each of the N−1 peer devices.

公开(公告)号：US10419422B2

公开(公告)日：2019-09-17

申请号：US14871782

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Mitchell D. Adler

IPC: H04L29/06 ,  H04L9/32

Abstract: Some embodiments provide a method for a first device for joining a group of related devices. The method receives input of a password for authorization with a centralized entity. The method receives input of a code generated by a second device already established in the group of related devices. The method uses the password and the code to (i) join the group of related devices in order to synchronize user data with the devices in the group of related devices and (ii) authorize the first device with the centralized entity as a valid device for a particular account with the centralized entity.

公开(公告)号：US10318154B2

公开(公告)日：2019-06-11

申请号：US14872022

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: H04L9/32 ,  G06F3/06 ,  H04L29/08 ,  H04W4/08 ,  G06Q90/00

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

公开(公告)号：US20170359717A1

公开(公告)日：2017-12-14

申请号：US15275231

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Yannick L. Sierra ,  Ganesha A.G. Batta ,  Michael Giles ,  Akshay M. Srivatsa ,  Craig P. Dooley ,  Sriram Hariharan ,  Robert D. Watson

IPC: H04W12/04 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04W12/04 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/14 ,  H04L63/0435 ,  H04L63/061 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/02

Abstract: Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.

公开(公告)号：US20160352526A1

公开(公告)日：2016-12-01

申请号：US14872022

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: H04L9/32

CPC classification number: G06F3/0604 ,  G06F3/065 ,  G06F3/0683 ,  G06Q90/00 ,  H04L9/3268 ,  H04L67/1044 ,  H04L67/1095 ,  H04W4/08

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

Abstract translation: 一些实施例提供了一种用于识别不同组的设备的定义的第一设备的方法，每个设备组由设备成为成员所需的一组属性来定义。 该方法监视第一个设备的属性，以确定设备何时符合组中的成员身份。 当第一设备有资格成为设备不是其成员的第一组的成员资格时，该方法向至少一个其他设备发送用于设备的至少一个私钥签名的第一组中的成员身份的应用， 第一组的成员。 当第一设备变得不符合第一设备成员的第二组的成员身份时，该方法从第二组中移除设备并通知作为第二组的成员的其他设备。

公开(公告)号：US20160352518A1

公开(公告)日：2016-12-01

申请号：US14871498

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: H04L9/08 ,  G06F21/62

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices. The method stores the backup data encrypted with a set of data encryption keys. The method also stores the set of data encryption keys encrypted with a master recovery key. The method also stores several copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices. The backup data is only recoverable by accessing a private key of any one of the related devices.

Abstract translation: 一些实施例为一组相关设备中的特定设备提供用于备份在该组相关设备之间同步的数据的方法。 该方法存储用一组数据加密密钥加密的备份数据。 该方法还存储用主恢复密钥加密的一组数据加密密钥。 该方法还存储主恢复密钥数据的几个副本，主恢复密钥数据的每个副本用相关设备中的不同的一个的公钥加密。 备份数据只能通过访问任一相关设备的私钥来恢复。