公开(公告)号：US12079350B2

公开(公告)日：2024-09-03

申请号：US18301860

申请日：2023-04-17

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/32 ,  G06F21/62 ,  G06F21/71 ,  G09C1/00 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32

CPC classification number: G06F21/602 ,  G06F21/6218 ,  G06F21/71 ,  G09C1/00 ,  H04L9/0866 ,  H04L9/0877 ,  H04L9/30 ,  H04L9/3231 ,  G06F21/32 ,  H04L2209/125

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

公开(公告)号：US10349270B2

公开(公告)日：2019-07-09

申请号：US16024370

申请日：2018-06-29

Applicant: Apple Inc.

Inventor： Tyler Hawkins ,  Christopher Wilson ,  Conrad Sauerwald ,  Gregory Novick ,  Neil G. Crane ,  Rudolph Van Der Merwe ,  Samuel Noble ,  Paul William Chinn

IPC: H04W8/26 ,  G06K7/14 ,  H04W4/80 ,  H04W12/04 ,  H04W8/18 ,  H04W8/00

Abstract: A method of establishing communications with a first device is disclosed. The method includes: the first device presenting connection information to a second device; receiving a response from a second device; establishing an association with the second device; transmitting, in response to a determination that the first device and the second device are connected for data, first data to the second device, the first data comprising addressing information for a server; receiving second data from the second device, the second data comprising second information for establishing communications with the first device; and configuring the first device to receive third data from a location remote to the first device using the second information from the second data.

公开(公告)号：US10015668B2

公开(公告)日：2018-07-03

申请号：US15872801

申请日：2018-01-16

Applicant: Apple Inc.

Inventor： Tyler Hawkins ,  Christopher Wilson ,  Conrad Sauerwald ,  Gregory Novick ,  Neil G. Crane ,  Rudolph Van Der Merwe ,  Samuel Noble ,  Paul William Chinn

IPC: H04W8/26 ,  H04W8/18 ,  H04W4/80 ,  G06K7/14 ,  H04W12/04 ,  H04W8/00

CPC classification number: H04W8/265 ,  G06K7/1447 ,  H04W4/80 ,  H04W8/005 ,  H04W8/18 ,  H04W12/0023 ,  H04W12/003 ,  H04W12/04

Abstract: A method of establishing communications with a first device is disclosed. The method includes: the first device presenting connection information to a second device; receiving a response from a second device; establishing an association with the second device; transmitting, in response to a determination that the first device and the second device are connected for data, first data to the second device, the first data comprising addressing information for a server; receiving second data from the second device, the second data comprising second information for establishing communications with the first device; and configuring the first device to receive third data from a location remote to the first device using the second information from the second data.

公开(公告)号：US09558363B2

公开(公告)日：2017-01-31

申请号：US14503244

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Andrew Roger Whalley ,  Wade Benson ,  Conrad Sauerwald

IPC: G06F21/00 ,  G06F21/62

CPC classification number: G06F21/6209 ,  G06F21/6218 ,  G06F21/6245 ,  G06F2221/2111 ,  H04L63/062 ,  H04W12/02 ,  H04W12/04 ,  H04W12/08

Abstract: In some implementations, encrypted data (e.g., application data, keychain data, stored passwords, etc.) stored on a mobile device can be accessed (e.g., decrypted, made available) based on the context of the mobile device. The context can include the current device state (e.g., locked, unlocked, after first unlock, etc.). The context can include the current device settings (e.g., passcode enabled/disabled). The context can include data that has been received by the mobile device (e.g., fingerprint scan, passcode entered, location information, encryption key received, time information).

Abstract translation: 在一些实现中，可以基于移动设备的上下文来访问（例如，解密，使得可用）存储在移动设备上的加密数据（例如，应用数据，钥匙串数据，存储的密码等）。 上下文可以包括当前设备状态（例如，锁定，解锁，在首次解锁之后等等）。 上下文可以包括当前设备设置（例如，启用/禁用密码）。 上下文可以包括已经由移动设备接收的数据（例如，指纹扫描，输入的密码，位置信息，接收的加密密钥，时间信息）。

公开(公告)号：US09419794B2

公开(公告)日：2016-08-16

申请号：US14493458

申请日：2014-09-23

Applicant: Apple Inc.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Michael L. H. Brouwer

IPC: H04L29/06 ,  H04L9/08 ,  G09C1/00 ,  G06F21/72

CPC classification number: H04L9/0861 ,  G06F21/72 ,  G09C1/00 ,  H04L9/0822 ,  H04L9/0897 ,  H04L2209/24

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US20140025521A1

公开(公告)日：2014-01-23

申请号：US13668109

申请日：2012-11-02

Applicant: APPLE INC.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q30/06

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

Abstract translation: 在一个实施例中，唯一的（或准唯一的）标识符可以由应用商店或其他在线商店接收，并且商店可以创建包括从唯一标识符所期望的数据的签名收据。 然后将该签名的收据发送到运行从在线商店获取的应用的设备，并且设备可以通过从签名的收据导出唯一（或准唯一）标识符来验证收据，并将导出的标识符与 存储在设备上的设备标识符或分配给应用供应商的供应商标识符。

公开(公告)号：US11880808B2

公开(公告)日：2024-01-23

申请号：US16659078

申请日：2019-10-21

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q20/00 ,  B63H20/02 ,  B63H20/06

CPC classification number: G06Q20/00 ,  B63H20/02 ,  B63H20/06

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US11601287B2

公开(公告)日：2023-03-07

申请号：US17203560

申请日：2021-03-16

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L9/40 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14 ,  G06F8/654 ,  H04W12/50 ,  H04L67/00 ,  H04W4/80

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US11329827B2

公开(公告)日：2022-05-10

申请号：US15286505

申请日：2016-10-05

Applicant: Apple Inc.

Inventor： Conrad Sauerwald ,  Alexander Ledwith ,  John Iarocci ,  Marc J. Krochmal ,  Wade Benson ,  Gregory Novick ,  Noah Witherspoon

IPC: H04L9/32 ,  H04L9/08 ,  G06F21/32 ,  H04W12/08 ,  H04W12/50 ,  G06F21/44 ,  H04W4/80

Abstract: A method of unlocking a second device using a first device is disclosed. The method can include: the first device pairing with the second device; establishing a trusted relationship with the second device; authenticating the first device using a device key; receiving a secret key from the second device; receiving a user input from an input/output device; and transmitting the received secret key to the second device to unlock the second device in response to receiving the user input, wherein establishing a trusted relationship with the second device comprises using a key generated from a hardware key associated with the first device to authenticate the device key.

公开(公告)号：US10853504B1

公开(公告)日：2020-12-01

申请号：US16691900

申请日：2019-11-22

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/30 ,  G06F21/71 ,  H04L9/32 ,  G09C1/00 ,  H04L9/08 ,  G06F21/32

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.