公开(公告)号：US10042989B2

公开(公告)日：2018-08-07

申请号：US14872112

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Mathieu Ciet ,  Jean-Francois Riendeau

IPC: H04L29/06 ,  G06F21/30 ,  G06F21/44 ,  H04L9/32

Abstract: The embodiments set forth systems and techniques to activate and provide other device services for user devices. An activation manager is configured to activate a user device by receiving an activation request for the device, accepting previously stored and encrypted trusted data for the device, getting current data for the device, determining whether the current data compares with the trusted data, and sending an authorization to activate the device when the current data compares favorably with the trusted data. Data can include a seed component divided into seed segments that are each combined with a unique device identifier using varying cryptographic primitives. Each encrypted seed segment and unique device identifier combination can be dedicated to a different device use or service, and can be used separately for device identification for that use or service.

公开(公告)号：US09565018B2

公开(公告)日：2017-02-07

申请号：US14291591

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/00 ,  H04L9/06 ,  G09C1/00

CPC classification number: H04L9/0631 ,  G06F9/30007 ,  G09C1/00 ,  H04L2209/16 ,  H04L2209/603 ,  H04L2209/76

Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).

Abstract translation: 一些实施例提供了用于执行AES加密操作的改进方法。 该方法应用查询表操作，其中包含嵌入在查找表中的多个操作。 嵌入式操作包括将AES状态置换几个字节的置换操作，将下一轮的保护应用于AES状态的乘法运算，用于隐藏乘法运算的仿射函数和反向仿射函数以及用于去除的逆置换操作 前一轮的保护。 一些实施例提供了用于有效执行这种受保护的AES操作的优化方法。 该方法在软件处理（例如，CPU的处理，根据软件指令执行）和硬件处理（例如通过加密ASIC的处理）之间交替进行AES处理。

公开(公告)号：US09515818B2

公开(公告)日：2016-12-06

申请号：US14487872

申请日：2014-09-16

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Mathieu Ciet ,  Benoit Chevallier-Mames ,  Thomas Icart ,  Augustin J. Farrugia

IPC: H04L9/00 ,  H04L9/28 ,  H04L9/06 ,  H04L9/08 ,  G06F11/00 ,  G06F12/14

CPC classification number: H04L9/0618 ,  H04L9/0637 ,  H04L2209/04 ,  H04L2209/043 ,  H04L2209/16 ,  H04L2209/24

Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.

Abstract translation: 一些实施例提供了一种用于执行包括多个轮次的块密码操作的方法。 该方法接收包含几个块的消息。 该方法选择一组块。 该集合具有特定数量的块。 该方法对所选择的块集合应用加密操作。 在集合中的第一块的特定轮次的加密操作在对于集合中的第二块的特定轮次之后的轮次之后执行，而在第一块之前的不同的特定轮次在比不同的前一轮之前执行 特别是第二块。 在一些实施例中，用于第一块的至少两个轮次一个接一个地执行，而对于该组中的任何其他块，没有任何中间轮。

公开(公告)号：US20160204939A1

公开(公告)日：2016-07-14

申请号：US15074914

申请日：2016-03-18

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC: H04L9/32

CPC classification number: H04L9/32 ,  G06F21/10 ,  G06F21/602

Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.

Abstract translation: 本发明的一些实施例提供了一种用于在各种不同基础下分发内容的内容分发系统。 例如，在一些实施例中，内容分发系统分发受设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 设备无限制的内容是可以在任何设备上播放的内容，没有任何限制。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须认证设备无限制的内容。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制的内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制的内容。 在一些实施例中，接收媒体存储结构的设备将接收到的加密密钥或验证参数插入接收到的媒体存储结构中。 在一些实施例中，该组服务器还提供用于设备无限制内容的加密内容密钥。 这些密钥用于在到达时，首次播放时或在其他时间对内容进行解密。 然而，一些实施例不将这些加密密钥存储在用于设备无限制内容的媒体存储结构中。

公开(公告)号：US20150363580A1

公开(公告)日：2015-12-17

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14 ,  G06F9/45

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

Abstract translation: 伪造的加密层混淆技术可以用来诱骗攻击者在攻击者通常忽略的代码段上花费逆向工程的努力。 为此，混淆技术可以识别可能对攻击者感兴趣的代码段，并将其伪装成较高的值段。 这可以通过将代码的较低值部分转换为包括已知存在于较高值的代码部分中的代码模式，常量或其他特性来实现，例如加密例程。 为了转换代码部分，混淆技术可以使用一个或多个程序修改，包括控制流修改，常数值调整以模拟公知的加密标量，缓冲区扩展，伪特征表插入，类似调试的信息插入，导出函数代码 生成链接和/或加密算法特定指令插入。

公开(公告)号：US20150349951A1

公开(公告)日：2015-12-03

申请号：US14291591

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Mathieu Ciet ,  Thomas Icart

IPC: H04L9/06

CPC classification number: H04L9/0631 ,  G06F9/30007 ,  G09C1/00 ,  H04L2209/16 ,  H04L2209/603 ,  H04L2209/76

Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).

Abstract translation: 一些实施例提供了用于执行AES加密操作的改进方法。 该方法应用查询表操作，其中包含嵌入在查找表中的多个操作。 嵌入式操作包括将AES状态置换几个字节的置换操作，将下一轮的保护应用于AES状态的乘法运算，用于隐藏乘法运算的仿射函数和反向仿射函数以及用于去除的逆置换操作 前一轮的保护。 一些实施例提供了用于有效执行这种受保护的AES操作的优化方法。 该方法在软件处理（例如，CPU的处理，根据软件指令执行）和硬件处理（例如通过加密ASIC的处理）之间交替进行AES处理。

公开(公告)号：US20140165030A1

公开(公告)日：2014-06-12

申请号：US13707437

申请日：2012-12-06

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: G06F9/44

CPC classification number: G06F21/14

Abstract: A method and an apparatus for receiving a first source code having a code block to update the first source code with multiple copies of the code block to protect against correlation attacks are described. The code block can perform one or more operations for execution based on the first source code. The operations can be performed via a random one of the copies of the code block. A second source code based on the updated first source code can be generated to be executed by a processor to produce an identical result as the first source code.

Abstract translation: 描述了一种用于接收具有代码块的第一源代码的方法和装置，用于更新具有代码块的多个副本的第一源代码以防止相关攻击。 代码块可以执行一个或多个基于第一源代码执行的操作。 可以通过代码块的副本中的随机的一个执行操作。 可以生成基于更新的第一源代码的第二源代码以由处理器执行以产生与第一源代码相同的结果。

公开(公告)号：US11025596B1

公开(公告)日：2021-06-01

申请号：US15907468

申请日：2018-02-28

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Thomas Icart ,  Mathieu Ciet ,  Oliver J. Hunt ,  Yannick Sierra ,  Gokul Thirumalai ,  Roberto Garcia

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04W12/04 ,  H04L29/08 ,  H04L12/58

Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.

公开(公告)号：US20180089465A1

公开(公告)日：2018-03-29

申请号：US15707847

申请日：2017-09-18

Applicant: Apple Inc.

Inventor： Lucas O. Winstrom ,  Eric D. Friedman ,  Ritwik K. Kumar ,  Jeremy M. Stober ,  Amol V. Pattekar ,  Benoit Chevallier-Mames ,  Julien Lerouge ,  Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: G06F21/64 ,  G06Q10/10 ,  H04L9/32 ,  H04L12/58 ,  H04L29/06

CPC classification number: G06F21/64 ,  G06F21/55 ,  G06Q10/107 ,  H04L9/3247 ,  H04L51/12 ,  H04L51/22 ,  H04L63/1441 ,  H04L2463/144

Abstract: Systems and methods are described for rate-limiting a message-sending client interacting with a message service based on dynamically calculated risk assessments of the probability that the client is, or is not, a sender of a spam messages. The message service sends a proof of work problem to a sending client device with a difficulty level that is related to a risk assessment that the client is a sender of spam messages. The message system limits the rate at which a known or suspected spammer can send messages by giving the known or suspected spammer client harder proof of work problems to solve, while minimizing the burden on normal users of the message system by given them easier proof of work problems to solve that can typically be solved by the client within the time that it takes to type a message.

公开(公告)号：US09336370B2

公开(公告)日：2016-05-10

申请号：US13707444

申请日：2012-12-06

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Daniel F. Reynaud ,  Jonathan G. McLachlan ,  Julien Lerouge ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/00 ,  G06F21/14 ,  G06F9/44

CPC classification number: G06F21/14 ,  G06F8/30

Abstract: A method and an apparatus that provide rewriting code to dynamically mask program data statically embedded in a first code are described. The program data can be used in multiple instructions in the first code. A code location (e.g. an optimal code location) in the first code can be determined for injecting the rewriting code. The code location may be included in two or more execution paths of first code. Each execution path can have at least one of the instructions using the program data. A second code may be generated based on the first code inserted with the rewriting code at the optimal code location. The second code can include instructions using the program data dynamically masked by the rewriting code. When executed by a processor, the first code and the second code can generate identical results.

Abstract translation: 描述提供重写代码来动态地屏蔽静态嵌入在第一代码中的程序数据的方法和装置。 程序数据可以在第一个代码中的多个指令中使用。 可以确定第一代码中的代码位置（例如，最佳代码位置）用于注入重写代码。 代码位置可以被包括在第一代码的两个或多个执行路径中。 每个执行路径可以具有使用程序数据的指令中的至少一个。 可以基于在最佳代码位置插入重写代码的第一代码来生成第二代码。 第二代码可以包括使用由重写代码动态屏蔽的程序数据的指令。 当由处理器执行时，第一代码和第二代码可以产生相同的结果。