公开(公告)号：US08949935B2

公开(公告)日：2015-02-03

申请号：US13732056

申请日：2012-12-31

Applicant: Apple Inc.

Inventor： Thomas Alsina ,  Michael K. Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Sean B. Kelly ,  Delfin Jorge Rojas ,  Nicholas T. Sullivan ,  Zhiyuan Zhao

IPC: H04L9/32 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L63/08 ,  H04L29/06 ,  H04L63/0807 ,  H04L63/126

Abstract: In one embodiment, non-transitory computer-readable medium stores instructions for establishing a trusted two-way communications session for account creation for an online store, which include instructions for causing a processor to perform operations comprising retrieving and verifying a signed configuration file from a server, requesting a communication session using the configuration file, receiving a payload of account creation forms from a network client, signing the payload according to the server configuration file, and sending the signed payload containing account creation information to the server. In one embodiment, a computer-implemented method comprises analyzing timestamps for requests for data forms for supplying account creation information for evidence of automated account creation activity and rejecting the request for the locator of the second account creation form if evidence of automated account creation activity is detected. Methods for secure account authentication and asset purchase are also disclosed.

Abstract translation: 在一个实施例中，非暂时性计算机可读介质存储用于建立用于在线商店的帐户创建的可信双向通信会话的指令，其包括用于使处理器执行操作的指令，所述指令包括从以下操作检索和验证签名配置文件： 服务器，使用配置文件请求通信会话，从网络客户端接收帐户创建表单的有效载荷，根据服务器配置文件签名有效载荷，以及将包含帐户创建信息的签名的有效载荷发送到服务器。 在一个实施例中，计算机实现的方法包括分析用于数据表单的请求的时间戳，用于提供用于创建自动化帐户的活动的证据的帐户创建信息，并且如果自动帐户创建活动的证据是拒绝第二帐户创建表单的定位者的请求， 检测到。 还披露了安全帐户认证和资产购买的方法。

公开(公告)号：US20140025521A1

公开(公告)日：2014-01-23

申请号：US13668109

申请日：2012-11-02

Applicant: APPLE INC.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q30/06

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

Abstract translation: 在一个实施例中，唯一的（或准唯一的）标识符可以由应用商店或其他在线商店接收，并且商店可以创建包括从唯一标识符所期望的数据的签名收据。 然后将该签名的收据发送到运行从在线商店获取的应用的设备，并且设备可以通过从签名的收据导出唯一（或准唯一）标识符来验证收据，并将导出的标识符与 存储在设备上的设备标识符或分配给应用供应商的供应商标识符。

公开(公告)号：US20130205137A1

公开(公告)日：2013-08-08

申请号：US13802508

申请日：2013-03-13

Applicant: APPLE INC.

Inventor： Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Jill Surdzial

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/321 ,  H04L9/3218 ,  H04L9/3242 ,  H04L2209/603 ,  H04L2209/80

Abstract: In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host.

Abstract translation: 在数据安全性和系统可靠性和资格认证领域中，本公开是一种用于使用基于零知识的认证技术来验证或认证到主机的设备的方法，系统和装置，其包括诸如HMAC之类的密钥化消息认证码 或密钥密码函数，并且操作在主机和设备之间共享的秘密信息。 这对于安全目的也是有用的，并且还确保诸如计算机外围设备或附件或组件的设备有资格与主机互操作。

公开(公告)号：US20240406010A1

公开(公告)日：2024-12-05

申请号：US18205278

申请日：2023-06-02

Applicant: Apple Inc.

Inventor： Ravi Chotrani ,  Ahmer A. Khan ,  David W. Silver ,  Gianpaolo Fasoli ,  Ka Yang ,  Vishnu Janardhanan

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/40

Abstract: A computing device can generate a set of transaction keys, the computing device configured to present a digital credential to a requesting device. The computing device can generate a request bundle. The request bundle can include the set of transaction keys. The computing device can transmit, to a first server, the request bundle. The first server can be configured to verify the request bundle. The first server can be configured to send the request bundle to a second server with a request for a set of credentials. Each credential of the set of credentials can correspond to a transaction key of the set of transaction keys. Each credential can include data elements and a security object. The data elements for each credential can be the same. The security object for each credential can be different. The computing device can receive, from the first server, the set of credentials. The computing device can store the set of credentials. The computing device can be configured to generate a response based on a particular credential of the set of credentials when a requesting device requests the digital credential.

公开(公告)号：US12033049B2

公开(公告)日：2024-07-09

申请号：US18228645

申请日：2023-07-31

Applicant: Apple Inc.

Inventor： Edouard Godfrey ,  Gianpaolo Fasoli ,  Kuangyu Wang

IPC: G06F18/2415 ,  G06N20/00 ,  G06N20/20

CPC classification number: G06N20/20 ,  G06N20/00

Abstract: The subject technology receives assessment values determined by a first machine learning model deployed on a client electronic device, the assessment values being indicative of classifications of input data and the assessment values being associated with constraint data that comprises a probability distribution of the assessment values with respect to the classifications of the input data. The subject technology applies the assessment values determined by the first machine learning model to a second machine learning model to determine the classifications of the input data. The subject technology determines whether accuracies of the classifications determined by the second machine learning model conform with the probability distribution for corresponding assessment values determined by the first machine learning model. The subject technology retrains the first machine learning model when the accuracies of the classifications determined by the second machine learning model do not conform with the probability distribution.

公开(公告)号：US11715043B2

公开(公告)日：2023-08-01

申请号：US16805625

申请日：2020-02-28

Applicant: Apple Inc.

Inventor： Edouard Godfrey ,  Gianpaolo Fasoli ,  Kuangyu Wang

IPC: G06N20/20 ,  G06N20/00 ,  G06V10/00 ,  G06V10/70

CPC classification number: G06N20/20 ,  G06N20/00

Abstract: The subject technology receives assessment values determined by a first machine learning model deployed on a client electronic device, the assessment values being indicative of classifications of input data and the assessment values being associated with constraint data that comprises a probability distribution of the assessment values with respect to the classifications of the input data. The subject technology applies the assessment values determined by the first machine learning model to a second machine learning model to determine the classifications of the input data. The subject technology determines whether accuracies of the classifications determined by the second machine learning model conform with the probability distribution for corresponding assessment values determined by the first machine learning model. The subject technology retrains the first machine learning model when the accuracies of the classifications determined by the second machine learning model do not conform with the probability distribution.

公开(公告)号：US11526591B1

公开(公告)日：2022-12-13

申请号：US17485098

申请日：2021-09-24

Applicant: Apple Inc.

Inventor： Haya Iris Villanueva Gaviola ,  Antonio A. Allen ,  Mayura D. Deshpande ,  Thomas John Miller ,  Policarpo Bonilla Wood, Jr. ,  Ho Cheung Chung ,  Gianpaolo Fasoli ,  Vinay Ganesh ,  Irene M. Graff ,  Martijn Theo Haring ,  Ahmer A. Khan ,  Franck Farian Rakotomalala ,  Gordon Scott ,  Christopher Sharp ,  David W. Silver ,  Ka Yang

IPC: G06F21/32 ,  G06V40/40 ,  G06V40/50 ,  G06F3/0482

Abstract: The present disclosure generally relates to digital identification credential user interfaces.

公开(公告)号：US10574458B2

公开(公告)日：2020-02-25

申请号：US15074914

申请日：2016-03-18

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC: G06F21/10 ,  H04L9/32 ,  G06F21/60

Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.

公开(公告)号：US20190334925A1

公开(公告)日：2019-10-31

申请号：US16509412

申请日：2019-07-11

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Matthew C. Byington ,  Christopher Sharp ,  Anton K. Diederich ,  Nicholas J. Shearer ,  Roberto G. Yepez ,  Petr Kostka ,  Gianluca Barbieri ,  Abhinav Gupta

IPC: H04L29/06 ,  G06F21/84 ,  G06F21/74

Abstract: A content request communication, e.g., generated using a first processor of a device, can be transmitted to a web server. A response communication including content identifying a first value can be received from the web server. The first processor can facilitate presentation of the content on a first display of the device. A communication can be received at a second processor of the device from a remote server. The communication can include data representing a second value and can be generated at the remote server using information received from the web server. Further, the second processor can produce a secure verification output that can be presented on a separate, second display, representing at least the second value. The presentation on first display can at least partially overlap in time with the presentation on the second display.

公开(公告)号：US10382578B2

公开(公告)日：2019-08-13

申请号：US14871567

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Srinivas Vedula ,  Daniel P. Carter ,  Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Eugene Jivotovski

IPC: H04L29/06 ,  H04L29/08

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.