公开(公告)号：US11861350B2

公开(公告)日：2024-01-02

申请号：US17495699

申请日：2021-10-06

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Bailey E. Basile ,  Venkat V. Memula ,  Thomas P. Mensch ,  Robert M. Marini ,  David P. Remahl ,  Kelsey J. Skillman ,  Edward E. Thomas

IPC: G06F8/65 ,  H04L9/40 ,  G06F21/60

CPC classification number: G06F8/65 ,  G06F21/602 ,  H04L63/08

Abstract: Embodiments described herein provide a system and method for secure delivery of assets to a trusted device. Multiple levels of verification are implemented to enable components of a software update and asset delivery system to verify other components within the system. Furthermore, updates are provided only to client devices that are authorized to receive such updates. In one embodiment, the specific assets provided to a client device during a software update can be tailored to the client device, such that individual client devices can receive updated versions of software asset at a faster or slower rate than mass market devices. For example, developer or beta tester devices can receive pre-release assets, while enterprise devices can receive updates at a slower rate relative to mass market devices.

公开(公告)号：US10153900B2

公开(公告)日：2018-12-11

申请号：US15730487

申请日：2017-10-11

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L9/08 ,  G06F21/62 ,  G06F21/00 ,  H04L29/06 ,  G06F21/33 ,  G06F21/44 ,  G06F21/60 ,  G06F21/64

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US20180034632A1

公开(公告)日：2018-02-01

申请号：US15730487

申请日：2017-10-11

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L9/08 ,  G06F21/00 ,  G06F21/33 ,  G06F21/62 ,  G06F21/60 ,  G06F21/44 ,  H04L29/06 ,  G06F21/64

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US09842062B2

公开(公告)日：2017-12-12

申请号：US14871484

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: G06F21/62 ,  G06F12/14 ,  G06F11/14 ,  H04L9/08 ,  H04L9/00

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the devices. The method receives a command to create a backup for a subset of data synchronized between a subset of the devices, which is a subset of all data synchronized between the devices. The method identifies the subset of synchronization data from the set of all synchronization data. The subset of synchronization data is tagged as pertaining to a particular set of criteria for synchronization between only the subset of devices. The method stores a backup of the subset of synchronization data in a backup storage encrypted in such a way that requires a recovery key associated with any one of the devices in the subset of devices to access the backup while preventing access to the backup with recovery keys of any of the other devices.

公开(公告)号：US20170048066A1

公开(公告)日：2017-02-16

申请号：US15268471

申请日：2016-09-16

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

Abstract translation: 一种通过使用一组服务器将第一设备的机密信息项恢复到第二设备的方法。 该方法生成公钥和私钥对，并在生成公钥和私钥时将私钥与服务器的可执行代码的哈希值相关联。 该方法在用用户特定的密钥和公钥加密的安全对象中接收加密的机密信息项。 当第二设备提供与加密安全对象的密钥相同的用户特定密钥时，该方法仅向第二设备提供机密信息，并且在访问私钥以解密时提供服务器的可执行代码的散列 安全对象匹配在生成私钥时在服务器上运行的可执行代码的散列。

公开(公告)号：US09542558B2

公开(公告)日：2017-01-10

申请号：US14207361

申请日：2014-03-12

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Jason D. Gosnell ,  Jerrold V. Hauck ,  Muralidhar S. Vempaty ,  Dallas B. De Atley

IPC: G06F21/57 ,  G06F21/60 ,  H04L29/06

CPC classification number: G06F21/6218 ,  G06F21/57 ,  G06F21/572 ,  G06F21/577 ,  G06F21/602 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/083 ,  H04L63/0876

Abstract: In various embodiments, methods, devices and systems for securely generating, sealing, and restoring factory-generated calibration and provisioning data for an electronic device are described, in which calibration and provisioning data for an electronic device are generated in a distributed manner and stored on a storage system. The calibration data can be retrieved from the storage system during device assembly and finalized calibration and provisioning data for each electronic device can be stored to the storage system. In one embodiment, a sealing server, to attest to the authenticity of the factory-generated data, seals the finalized calibration data. In one embodiment, an electronic device can access a data store containing the factory-generated data and can update or restore calibration or provisioning data for the device from the data store.

Abstract translation: 在各种实施例中，描述了用于安全地生成，密封和恢复用于电子设备的工厂生成的校准和供应数据的方法，设备和系统，其中电子设备的校准和供应数据以分布式方式生成并存储在 一个存储系统。 可以在设备组装期间从存储系统检索校准数据，并且最终校准和每个电子设备的供应数据可被存储到存储系统中。 在一个实施例中，密封服务器用于证明工厂生成的数据的真实性，以密封最终的校准数据。 在一个实施例中，电子设备可以访问包含工厂生成的数据的数据存储器，并且可以从数据存储器更新或恢复设备的校准或供应数据。

公开(公告)号：US09197700B2

公开(公告)日：2015-11-24

申请号：US13839050

申请日：2013-03-15

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F7/04 ,  H04L9/32 ,  G06F17/30 ,  H04L29/06 ,  H04L29/08 ,  H04L12/18 ,  H04L9/12

CPC classification number: H04L63/061 ,  G06F17/30174 ,  G06F17/30575 ,  H04L9/12 ,  H04L9/3247 ,  H04L12/185 ,  H04L12/44 ,  H04L63/062 ,  H04L63/065 ,  H04L63/068 ,  H04L63/104 ,  H04L67/104 ,  H04L67/1042 ,  H04L67/1095 ,  H04L2209/122 ,  H04W84/18

Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.

Abstract translation: 一些实施例提供了一种非暂时机器可读介质，其存储当设备的至少一个处理单元执行时将存储在设备上的一组密钥链与一组其他设备同步的程序。 设备和其他设备的集合通过对等（P2P）网络彼此通信地耦合。 该程序接收对存储在设备上的一组钥匙串中的钥匙串的修改。 该程序为该组其他设备中的每个设备生成更新请求，以便将存储在设备上的一组密钥链与该组其他设备同步。 该程序通过一组独立的安全通信信道通过P2P网络将该组更新请求发送到其他设备的集合。

公开(公告)号：US20150261966A1

公开(公告)日：2015-09-17

申请号：US14207361

申请日：2014-03-12

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Jason D. Gosnell ,  Jerrold V. Hauck ,  Muralidhar S. Vempaty ,  Dallas B. De Atley

IPC: G06F21/60 ,  H04L29/06

CPC classification number: G06F21/6218 ,  G06F21/57 ,  G06F21/572 ,  G06F21/577 ,  G06F21/602 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/083 ,  H04L63/0876

Abstract: In various embodiments, methods, devices and systems for securely generating, sealing, and restoring factory-generated calibration and provisioning data for an electronic device are described, in which calibration and provisioning data for an electronic device are generated in a distributed manner and stored on a storage system. The calibration data can be retrieved from the storage system during device assembly and finalized calibration and provisioning data for each electronic device can be stored to the storage system. In one embodiment, a sealing server, to attest to the authenticity of the factory-generated data, seals the finalized calibration data. In one embodiment, an electronic device can access a data store containing the factory-generated data and can update or restore calibration or provisioning data for the device from the data store.

Abstract translation: 在各种实施例中，描述了用于安全地生成，密封和恢复用于电子设备的工厂生成的校准和供应数据的方法，设备和系统，其中电子设备的校准和供应数据以分布式方式生成并存储在 一个存储系统。 可以在设备组装期间从存储系统检索校准数据，并且最终校准和每个电子设备的供应数据可被存储到存储系统中。 在一个实施例中，密封服务器用于证明工厂生成的数据的真实性，以密封最终的校准数据。 在一个实施例中，电子设备可以访问包含工厂生成的数据的数据存储器，并且可以从数据存储器更新或恢复设备的校准或供应数据。

公开(公告)号：US20150073998A1

公开(公告)日：2015-03-12

申请号：US14022104

申请日：2013-09-09

Applicant: Apple Inc.

Inventor： Thomas Alsina ,  Dallas B. De Atley ,  Augustin J. Farrugia ,  Byron B. Han ,  Sean B. Kelly ,  Craig A. Marciniak ,  Maxim Khutornenko ,  Raymond N. Walsh

IPC: G06Q20/40 ,  G06Q20/36 ,  G06Q20/04 ,  G06Q20/38 ,  G06Q30/06

CPC classification number: G06Q30/0609 ,  G06F21/32 ,  G06Q20/04 ,  G06Q20/12 ,  G06Q20/32 ,  G06Q20/322 ,  G06Q20/3674 ,  G06Q20/3821 ,  G06Q20/40145 ,  H04L63/083 ,  H04L63/0861

Abstract: An online store can transmit an online account token to an electronic device or to a biometric sensing device after a user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store. The user can then make one or more purchases after the online store receives the countersigned online account token.

Abstract translation: 在用户成功输入他或她的帐户密码之后，在线商店可以将在线帐户令牌传送到电子设备或生物测定传感设备。 当一个或多个生物测定图像与参考生物图像匹配并且帐户密码与存储在电子设备中或生物测定传感设备中的用户标识符数据匹配时，电子设备或生物特征感测设备可以对准在线帐户令牌。 然后可以将签署的在线帐户令牌发送到在线商店。 然后，用户可以在网上商店收到签署的在线帐户令牌之后进行一次或多次购买。

公开(公告)号：US20140093084A1

公开(公告)日：2014-04-03

申请号：US13767847

申请日：2013-02-14

Applicant: APPLE INC.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L9/08

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

Abstract translation: 一种通过使用一组服务器将第一设备的机密信息项恢复到第二设备的方法。 该方法生成公钥和私钥对，并在生成公钥和私钥时将私钥与服务器的可执行代码的哈希值相关联。 该方法在用用户特定的密钥和公钥加密的安全对象中接收加密的机密信息项。 当第二设备提供与加密安全对象的密钥相同的用户特定密钥时，该方法仅向第二设备提供机密信息，并且在访问私钥以解密时提供服务器的可执行代码的散列 安全对象匹配在生成私钥时在服务器上运行的可执行代码的散列。