公开(公告)号：US11025596B1

公开(公告)日：2021-06-01

申请号：US15907468

申请日：2018-02-28

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Thomas Icart ,  Mathieu Ciet ,  Oliver J. Hunt ,  Yannick Sierra ,  Gokul Thirumalai ,  Roberto Garcia

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04W12/04 ,  H04L29/08 ,  H04L12/58

Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.

公开(公告)号：US20200235929A1

公开(公告)日：2020-07-23

申请号：US16528532

申请日：2019-07-31

Applicant: Apple Inc.

Inventor： Frederic Jacobs ,  Thomas Icart ,  Yannick L. Sierra

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32 ,  H04L9/06 ,  H04W4/70

Abstract: One embodiment provides for an electronic device, comprising a network interface, a memory coupled with the network interface, at least one application processor coupled with the memory, the at least one processor to execute instructions stored in the memory, and a secure processor including a cryptographic engine, wherein the cryptographic engine is to generate a sealed encrypted message to be transmitted via the network interface, the sealed encrypted message encrypted on behalf of the at least one application processor and includes a signature to enable integrity verification of the sealed encrypted message, the signature generated based on an identity key of the electronic device and data including ciphertext of the encrypted message and a public key of a recipient of the sealed encrypted message.

公开(公告)号：US09336370B2

公开(公告)日：2016-05-10

申请号：US13707444

申请日：2012-12-06

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Daniel F. Reynaud ,  Jonathan G. McLachlan ,  Julien Lerouge ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/00 ,  G06F21/14 ,  G06F9/44

CPC classification number: G06F21/14 ,  G06F8/30

Abstract: A method and an apparatus that provide rewriting code to dynamically mask program data statically embedded in a first code are described. The program data can be used in multiple instructions in the first code. A code location (e.g. an optimal code location) in the first code can be determined for injecting the rewriting code. The code location may be included in two or more execution paths of first code. Each execution path can have at least one of the instructions using the program data. A second code may be generated based on the first code inserted with the rewriting code at the optimal code location. The second code can include instructions using the program data dynamically masked by the rewriting code. When executed by a processor, the first code and the second code can generate identical results.

Abstract translation: 描述提供重写代码来动态地屏蔽静态嵌入在第一代码中的程序数据的方法和装置。 程序数据可以在第一个代码中的多个指令中使用。 可以确定第一代码中的代码位置（例如，最佳代码位置）用于注入重写代码。 代码位置可以被包括在第一代码的两个或多个执行路径中。 每个执行路径可以具有使用程序数据的指令中的至少一个。 可以基于在最佳代码位置插入重写代码的第一代码来生成第二代码。 第二代码可以包括使用由重写代码动态屏蔽的程序数据的指令。 当由处理器执行时，第一代码和第二代码可以产生相同的结果。

公开(公告)号：US08918768B2

公开(公告)日：2014-12-23

申请号：US13707437

申请日：2012-12-06

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: G06F9/44 ,  G06F9/45

CPC classification number: G06F21/14

Abstract: A method and an apparatus for receiving a first source code having a code block to update the first source code with multiple copies of the code block to protect against correlation attacks are described. The code block can perform one or more operations for execution based on the first source code. The operations can be performed via a random one of the copies of the code block. A second source code based on the updated first source code can be generated to be executed by a processor to produce an identical result as the first source code.

Abstract translation: 描述了一种用于接收具有代码块的第一源代码的方法和装置，用于更新具有代码块的多个副本的第一源代码以防止相关攻击。 代码块可以执行一个或多个基于第一源代码执行的操作。 可以通过代码块的副本中的随机的一个执行操作。 可以生成基于更新的第一源代码的第二源代码以由处理器执行以产生与第一源代码相同的结果。

公开(公告)号：US20140348323A1

公开(公告)日：2014-11-27

申请号：US13902723

申请日：2013-05-24

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/28

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/16

Abstract: Various embodiments of a computer-implemented method of information security using block cipher column rotations are described. The cipher state column rotations provide resistance to white box side channel memory correlation attacks designed to reverse-engineer a symmetric cipher key associated with the information security system. The column rotation operations can be performed on the cipher state of a block cipher, and then removed from the result, to provide obfuscation of the data when in memory, while not impacting the resulting output of the cipher or decipher operation. The method additionally includes performing a first rotation of an iteration specific cipher subkey according to the first rotation index, performing an iteration of the block cipher operations on the cipher state matrix, and rotating the columns of the cipher state matrix according to an inverse of the first rotation index.

Abstract translation: 描述使用块密码器列旋转的计算机实现的信息安全方法的各种实施例。 密码状态列旋转提供对白箱侧通道存储器相关性攻击的抵抗，其设计用于逆向设计与信息安全系统相关联的对称密码密钥。 可以对块密码的密码状态执行列旋转操作，然后从结果中移除，以在存储器中提供数据的混淆，同时不影响所得到的密码或解密操作的输出。 该方法另外包括根据第一旋转指标执行迭代特定密码子密钥的第一次旋转，对密码状态矩阵执行块密码操作的迭代，并且根据密码状态矩阵的倒数旋转密码状态矩阵的列 第一次旋转指数。

公开(公告)号：US20140301546A1

公开(公告)日：2014-10-09

申请号：US14015523

申请日：2013-08-30

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/30

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US11995446B2

公开(公告)日：2024-05-28

申请号：US17661696

申请日：2022-05-02

Applicant: Apple Inc.

Inventor： Steven A. Myers ,  Jeffry E. Gonion ,  Yannick L. Sierra ,  Thomas Icart

IPC: G06F9/38 ,  G06F9/30 ,  G06F9/455 ,  G06F21/60 ,  G06F21/52 ,  G06F21/62

CPC classification number: G06F9/3844 ,  G06F9/30029 ,  G06F9/45558 ,  G06F21/602 ,  G06F21/52 ,  G06F21/6209

Abstract: Techniques are disclosed relating to protecting branch prediction information. In various embodiments, an integrated circuit includes branch prediction logic having a table that maintains a plurality of entries storing encrypted target address information for branch instructions. The branch prediction logic is configured to receive machine context information for a branch instruction having a target address being predicted by the branch prediction logic, the machine context information including a program counter associated with the branch instruction. The branch prediction logic is configured to use the machine context information to decrypt encrypted target address information stored in one of the plurality of entries identified based on the program counter. In some embodiments, the branch prediction logic decrypts the encrypted target address information by performing a cipher to encrypt the machine context information and performing a Boolean exclusive-OR operation of the encrypted machine context information and the encrypted target address information.

公开(公告)号：US20220326957A1

公开(公告)日：2022-10-13

申请号：US17661696

申请日：2022-05-02

Applicant: Apple Inc.

Inventor： Steven A. Myers ,  Jeffry E. Gonion ,  Yannick L. Sierra ,  Thomas Icart

IPC: G06F9/38 ,  G06F9/30 ,  G06F9/455 ,  G06F21/60

Abstract: Techniques are disclosed relating to protecting branch prediction information. In various embodiments, an integrated circuit includes branch prediction logic having a table that maintains a plurality of entries storing encrypted target address information for branch instructions. The branch prediction logic is configured to receive machine context information for a branch instruction having a target address being predicted by the branch prediction logic, the machine context information including a program counter associated with the branch instruction. The branch prediction logic is configured to use the machine context information to decrypt encrypted target address information stored in one of the plurality of entries identified based on the program counter. In some embodiments, the branch prediction logic decrypts the encrypted target address information by performing a cipher to encrypt the machine context information and performing a Boolean exclusive-OR operation of the encrypted machine context information and the encrypted target address information.

公开(公告)号：US11177955B2

公开(公告)日：2021-11-16

申请号：US16528532

申请日：2019-07-31

Applicant: Apple Inc.

Inventor： Frederic Jacobs ,  Thomas Icart ,  Yannick L. Sierra

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32 ,  H04L9/06 ,  H04W4/70

Abstract: One embodiment provides for an electronic device, comprising a network interface, a memory coupled with the network interface, at least one application processor coupled with the memory, the at least one processor to execute instructions stored in the memory, and a secure processor including a cryptographic engine, wherein the cryptographic engine is to generate a sealed encrypted message to be transmitted via the network interface, the sealed encrypted message encrypted on behalf of the at least one application processor and includes a signature to enable integrity verification of the sealed encrypted message, the signature generated based on an identity key of the electronic device and data including ciphertext of the encrypted message and a public key of a recipient of the sealed encrypted message.

公开(公告)号：US09565018B2

公开(公告)日：2017-02-07

申请号：US14291591

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/00 ,  H04L9/06 ,  G09C1/00

CPC classification number: H04L9/0631 ,  G06F9/30007 ,  G09C1/00 ,  H04L2209/16 ,  H04L2209/603 ,  H04L2209/76

Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).

Abstract translation: 一些实施例提供了用于执行AES加密操作的改进方法。 该方法应用查询表操作，其中包含嵌入在查找表中的多个操作。 嵌入式操作包括将AES状态置换几个字节的置换操作，将下一轮的保护应用于AES状态的乘法运算，用于隐藏乘法运算的仿射函数和反向仿射函数以及用于去除的逆置换操作 前一轮的保护。 一些实施例提供了用于有效执行这种受保护的AES操作的优化方法。 该方法在软件处理（例如，CPU的处理，根据软件指令执行）和硬件处理（例如通过加密ASIC的处理）之间交替进行AES处理。