公开(公告)号：US11042664B2

公开(公告)日：2021-06-22

申请号：US16746683

申请日：2020-01-17

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Abhradeep Guha Thakurta ,  Umesh S. Vaishampayan ,  John C. Hurley ,  Keaton F. Mowery ,  Michael Brouwer

IPC: G06F21/62 ,  H04L9/06 ,  H04L9/08 ,  H04L29/06

Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.

公开(公告)号：US10747435B2

公开(公告)日：2020-08-18

申请号：US16250890

申请日：2019-01-17

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: G06F3/06 ,  H04L29/08 ,  H04W4/08 ,  H04L9/32 ,  G06Q90/00 ,  G06Q10/06 ,  G06Q10/10

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

公开(公告)号：US20200257816A1

公开(公告)日：2020-08-13

申请号：US16746683

申请日：2020-01-17

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Abhradeep Guha Thakurta ,  Umesh S. Vaishampayan ,  John C. Hurley ,  Keaton F. Mowery ,  Michael Brouwer

IPC: G06F21/62 ,  H04L9/06 ,  H04L29/06 ,  H04L9/08

Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.

公开(公告)号：US09197700B2

公开(公告)日：2015-11-24

申请号：US13839050

申请日：2013-03-15

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F7/04 ,  H04L9/32 ,  G06F17/30 ,  H04L29/06 ,  H04L29/08 ,  H04L12/18 ,  H04L9/12

CPC classification number: H04L63/061 ,  G06F17/30174 ,  G06F17/30575 ,  H04L9/12 ,  H04L9/3247 ,  H04L12/185 ,  H04L12/44 ,  H04L63/062 ,  H04L63/065 ,  H04L63/068 ,  H04L63/104 ,  H04L67/104 ,  H04L67/1042 ,  H04L67/1095 ,  H04L2209/122 ,  H04W84/18

Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.

Abstract translation: 一些实施例提供了一种非暂时机器可读介质，其存储当设备的至少一个处理单元执行时将存储在设备上的一组密钥链与一组其他设备同步的程序。 设备和其他设备的集合通过对等（P2P）网络彼此通信地耦合。 该程序接收对存储在设备上的一组钥匙串中的钥匙串的修改。 该程序为该组其他设备中的每个设备生成更新请求，以便将存储在设备上的一组密钥链与该组其他设备同步。 该程序通过一组独立的安全通信信道通过P2P网络将该组更新请求发送到其他设备的集合。

公开(公告)号：US11764954B2

公开(公告)日：2023-09-19

申请号：US16730931

申请日：2019-12-30

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L9/40 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

CPC classification number: H04L9/0861 ,  G06F21/32 ,  G06F21/72 ,  G06F21/74 ,  G06F21/78 ,  H04L9/006 ,  H04L9/0877 ,  H04L9/14 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L9/3263 ,  H04L9/3268 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  G06F13/28 ,  G06F13/4063 ,  G06F21/79 ,  H04L2209/12 ,  H04L2209/127 ,  H04L2463/081

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US11250118B2

公开(公告)日：2022-02-15

申请号：US16388831

申请日：2019-04-18

Applicant: Apple Inc.

Inventor： Alexander R. Ledwith ,  Wade Benson ,  Marc J. Krochmal ,  John J. Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra ,  Libor Sykora ,  Jiri Margaritov

IPC: G06F21/34 ,  G06F1/16 ,  H04W12/63

Abstract: In some embodiments, a first device performs ranging operations to allow a user to perform one or more operations on the first device without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account that is authorized to perform operations on the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the operations to be performed on the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the operation is authorized on the first device.

公开(公告)号：US10484172B2

公开(公告)日：2019-11-19

申请号：US15173647

申请日：2016-06-04

Applicant: Apple Inc.

Inventor： Libor Sykora ,  Wade Benson ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L29/06 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. In some embodiments, the secure circuit is configured to generate a public key and a private key for an application, and receive, from the application via an API, a request to perform a cryptographic operation using the private key. The secure circuit is further configured to perform the cryptographic operation in response to the request.

公开(公告)号：US10318154B2

公开(公告)日：2019-06-11

申请号：US14872022

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: H04L9/32 ,  G06F3/06 ,  H04L29/08 ,  H04W4/08 ,  G06Q90/00

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

公开(公告)号：US20160352526A1

公开(公告)日：2016-12-01

申请号：US14872022

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: H04L9/32

CPC classification number: G06F3/0604 ,  G06F3/065 ,  G06F3/0683 ,  G06Q90/00 ,  H04L9/3268 ,  H04L67/1044 ,  H04L67/1095 ,  H04W4/08

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

Abstract translation: 一些实施例提供了一种用于识别不同组的设备的定义的第一设备的方法，每个设备组由设备成为成员所需的一组属性来定义。 该方法监视第一个设备的属性，以确定设备何时符合组中的成员身份。 当第一设备有资格成为设备不是其成员的第一组的成员资格时，该方法向至少一个其他设备发送用于设备的至少一个私钥签名的第一组中的成员身份的应用， 第一组的成员。 当第一设备变得不符合第一设备成员的第二组的成员身份时，该方法从第二组中移除设备并通知作为第二组的成员的其他设备。

公开(公告)号：US20160349999A1

公开(公告)日：2016-12-01

申请号：US14872013

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: G06F3/06

CPC classification number: G06F3/0604 ,  G06F3/065 ,  G06F3/0683 ,  G06Q90/00 ,  H04L9/3268 ,  H04L67/1044 ,  H04L67/1095 ,  H04W4/08

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

Abstract translation: 一些实施例提供了一种用于使第一设备同步一组数据项与第二设备的方法。 该方法接收使存储在第一设备上的数据项集与第二设备同步的请求。 该方法确定存储在属于第二设备参与的至少一个同步子组的第一设备上的同步数据项的子集。 基于至少一个验证子组中的成员资格来定义至少一个同步子组的参与。 第一和第二设备是具有若干不同验证子组的一组相关设备的一部分。 该方法仅使用安全通道仅发送属于第二设备参与到第二设备的至少一个同步子组的同步数据项的子集。