公开(公告)号：US20170201380A1

公开(公告)日：2017-07-13

申请号：US15274836

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig A. Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04W76/02 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04L9/06 ,  H04L9/30

CPC classification number: H04L9/3252 ,  G06F8/654 ,  H04L9/0643 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3066 ,  H04L63/061 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/0869 ,  H04L67/34 ,  H04L2209/80 ,  H04W4/80 ,  H04W12/003 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US11595366B2

公开(公告)日：2023-02-28

申请号：US16329714

申请日：2017-09-08

Applicant: Apple Inc.

Inventor： Tristan F. Schaap

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/32

Abstract: Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network. The secure circuit is configured to store information that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the first key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.

公开(公告)号：US20200153625A1

公开(公告)日：2020-05-14

申请号：US16614346

申请日：2018-04-30

Applicant: Apple Inc.

Inventor： Tristan F. Schaap

IPC: H04L9/08 ,  G06F1/12 ,  H04L9/14

Abstract: Techniques are disclosed securely communicating traffic over a network. In some embodiments, an apparatus includes a first circuit having a local clock configured to maintain a local time value. The first circuit is configured to determine a synchronized time value based on the local time value, the synchronized time value being an expected time value of a reference clock. The first circuit is further configured to generate a first encryption key by calculating a key derivation function based on the synchronized time value and encrypt a portion of a packet using the first encryption key, the portion of the packet being to be communicated to a second circuit. In some embodiments, the apparatus further includes a first network node coupled to the first circuit and configured to communicate the packet to a second network node coupled to the second circuit and to include the synchronized time value in the packet.

公开(公告)号：US20190207915A1

公开(公告)日：2019-07-04

申请号：US16329714

申请日：2017-09-08

Applicant: Apple Inc.

Inventor： Tristan F. Schaap

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L63/0442 ,  H04L9/0877 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/068 ,  H04L63/126 ,  H04L2209/127

Abstract: Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network. The secure circuit is configured to store information that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the first key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.

公开(公告)号：US20190026501A1

公开(公告)日：2019-01-24

申请号：US16128396

申请日：2018-09-11

Applicant: Apple Inc.

Inventor： Pierre-Olivier J. Martel ,  Jeffrey R. Wilcox ,  Ian P. Shaeffer ,  Andrew D. Myrick ,  Robert W. Hill ,  Tristan F. Schaap

IPC: G06F21/76 ,  G06F21/32

Abstract: Techniques are disclosed in which a secure circuit controls a gating circuit to enable or disable other circuitry of a device (e.g., one or more input sensors). For example, the gating circuit may be a power gating circuit and the secure circuit may be configured to disable power to an input sensor in certain situations. As another example, the gating circuit may be a clock gating circuit and the secure circuit may be configured to disable the clock to an input sensor. As yet another example, the gating circuit may be configured to gate a control bus and the secure circuit may be configured to disable control signals to an input sensor. In some embodiments, hardware resources included in or controlled by the secure circuit are not accessible by other elements of the device, other than by sending requests to a predetermined set of memory locations (e.g., a secure mailbox).

公开(公告)号：US20180349649A1

公开(公告)日：2018-12-06

申请号：US15720736

申请日：2017-09-29

Applicant: Apple Inc.

Inventor： Pierre-Olivier J. Martel ,  Jeffrey R. Wilcox ,  Ian P. Shaeffer ,  Andrew D. Myrick ,  Robert W. Hill ,  Tristan F. Schaap

IPC: G06F21/76 ,  G06F21/74 ,  G06F21/81

CPC classification number: G06F21/71 ,  G06F1/3237 ,  G06F1/3287 ,  G06F21/57 ,  G06F21/62 ,  G06F2221/2111 ,  G06F2221/2141 ,  G06F2221/2151 ,  H01L23/57 ,  H04L63/0861 ,  H04L63/107 ,  H04L63/108

Abstract: Techniques are disclosed in which a secure circuit controls a gating circuit to enable or disable other circuity of a device (e.g., one or more input sensors). For example, the gating circuit may be a power gating circuit and the secure circuit may be configured to disable power to an input sensor in certain situations. As another example, the gating circuit may be a clock gating circuit and the secure circuit may be configured to disable the clock to an input sensor. As yet another example, the gating circuit may be configured to gate a control bus and the secure circuit may be configured to disable control signals to an input sensor. In some embodiments, hardware resources included in or controlled by the secure circuit are not accessible by other elements of the device, other than by sending requests to a predetermined set of memory locations (e.g., a secure mailbox).

公开(公告)号：US20230275879A1

公开(公告)日：2023-08-31

申请号：US18175204

申请日：2023-02-27

Applicant: Apple Inc.

Inventor： Tristan F. Schaap

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L63/0442 ,  H04L9/0877 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/068 ,  H04L63/126 ,  H04L2209/127

Abstract: Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network The secure circuit is configured to store infomation that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the fast key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.

公开(公告)号：US11539518B2

公开(公告)日：2022-12-27

申请号：US16614346

申请日：2018-04-30

Applicant: Apple Inc.

Inventor： Tristan F. Schaap

IPC: H04L9/08 ,  G06F1/12 ,  H04L9/14

Abstract: Techniques are disclosed securely communicating traffic over a network. In some embodiments, an apparatus includes a first circuit having a local clock configured to maintain a local time value. The first circuit is configured to determine a synchronized time value based on the local time value, the synchronized time value being an expected time value of a reference clock. The first circuit is further configured to generate a first encryption key by calculating a key derivation function based on the synchronized time value and encrypt a portion of a packet using the first encryption key, the portion of the packet being to be communicated to a second circuit. In some embodiments, the apparatus further includes a first network node coupled to the first circuit and configured to communicate the packet to a second network node coupled to the second circuit and to include the synchronized time value in the packet.

公开(公告)号：US20210281426A1

公开(公告)日：2021-09-09

申请号：US17203560

申请日：2021-03-16

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14 ,  G06F8/654 ,  H04W12/50

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US10951419B2

公开(公告)日：2021-03-16

申请号：US16537391

申请日：2019-08-09

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14 ,  G06F8/654 ,  H04W12/00 ,  H04L29/08 ,  H04W4/80

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.