公开(公告)号：US11438322B2

公开(公告)日：2022-09-06

申请号：US16264478

申请日：2019-01-31

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: G06F7/04 ,  G06F17/30 ,  H04L9/40 ,  H04W12/041 ,  H04W12/086 ,  H04W12/0431 ,  G06F9/445 ,  H04W12/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US11176237B2

公开(公告)日：2021-11-16

申请号：US15996413

申请日：2018-06-01

Applicant: Apple Inc.

Inventor： Wade Benson ,  Alexander R. Ledwith ,  Marc J. Krochmal ,  John J. Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra ,  Libor Sykora

IPC: G06F21/34 ,  G06F21/36 ,  H04W4/80 ,  H04W4/02 ,  H04W12/06 ,  H04W12/63 ,  H04W12/082

Abstract: In some embodiments, a first device performs ranging operations to allow a user to access the first device under one of several user accounts without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account under which a user can access (e.g., can log into) the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the user is allowed to access the first device under the first user account. In some embodiments, the substitute interaction occurs while the first device is logged into under a second user account.

公开(公告)号：US11025412B2

公开(公告)日：2021-06-01

申请号：US15996387

申请日：2018-06-01

Applicant: Apple Inc.

Inventor： Per Love Hornquist Astrand ,  Benjamin I. Williamson ,  Keaton F. Mowery ,  Mitchell D. Adler ,  Michelle A. Auricchio ,  Luke T. Hiesterman

IPC: H04L29/06 ,  H04L9/08 ,  H04L29/08 ,  H04L9/30 ,  H04W12/06 ,  H04W56/00 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the subject technology provide a novel system for synchronizing content items among a group of peer devices. The content synchronizing system of some embodiments includes the group of peer devices and a set of one or more synchronizing servers communicatively connected with the peer devices through one or more networks. In some embodiments, the synchronizing system uses a star architecture, in which each peer device offloads its synchronization operations to the synchronizing server set. Without establishing a peer-to-peer communication with any other peer device, the particular peer device in these embodiments supplies an encrypted content item set along with the N−1 encryptions of a content key used to encrypt the content item set to the synchronizing server set so that this server set can distribute the encrypted content item set and an encrypted content key to each of the N−1 peer devices.

公开(公告)号：US10747435B2

公开(公告)日：2020-08-18

申请号：US16250890

申请日：2019-01-17

Applicant: Apple Inc.

Inventor： Mitchell D. Adler ,  Michael Brouwer ,  Andrew R. Whalley ,  John C. Hurley ,  Richard F. Murphy ,  David P. Finkelstein

IPC: G06F3/06 ,  H04L29/08 ,  H04W4/08 ,  H04L9/32 ,  G06Q90/00 ,  G06Q10/06 ,  G06Q10/10

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

公开(公告)号：US10153900B2

公开(公告)日：2018-12-11

申请号：US15730487

申请日：2017-10-11

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L9/08 ,  G06F21/62 ,  G06F21/00 ,  H04L29/06 ,  G06F21/33 ,  G06F21/44 ,  G06F21/60 ,  G06F21/64

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US20180034632A1

公开(公告)日：2018-02-01

申请号：US15730487

申请日：2017-10-11

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L9/08 ,  G06F21/00 ,  G06F21/33 ,  G06F21/62 ,  G06F21/60 ,  G06F21/44 ,  H04L29/06 ,  G06F21/64

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US20170357797A1

公开(公告)日：2017-12-14

申请号：US15671012

申请日：2017-08-07

Applicant: Apple Inc.

Inventor： Jonathan J. Rubinstein ,  Anthony M. Fadell ,  Jesse Lee Dorogusker ,  Mitchell D. Adler ,  John Wesley Archibald

IPC: G06F21/44 ,  G06F21/60

CPC classification number: G06F21/44 ,  G06F21/445 ,  G06F21/602 ,  G06F2221/2129

Abstract: Improved techniques to control utilization of accessory devices with electronic devices are disclosed. The improved techniques can use cryptographic approaches to authenticate electronic devices, namely, electronic devices that interconnect and communicate with one another. One aspect pertains to techniques for authenticating an electronic device, such as an accessory device. Another aspect pertains to provisioning software features (e.g., functions) by or for an electronic device (e.g., a host device). Different electronic devices can, for example, be provisioned differently depending on different degrees or levels of authentication, or depending on manufacturer or product basis. Still another aspect pertains to using an accessory (or adapter) to convert a peripheral device (e.g., USB device) into a host device (e.g., USB host). The improved techniques are particularly well suited for electronic devices, such as media devices, that can receive accessory devices. One example of a media device is a media player, such as a hand-held media player (e.g., music player), that can present (e.g., play) media items (or media assets).

公开(公告)号：US09842062B2

公开(公告)日：2017-12-12

申请号：US14871484

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: G06F21/62 ,  G06F12/14 ,  G06F11/14 ,  H04L9/08 ,  H04L9/00

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the devices. The method receives a command to create a backup for a subset of data synchronized between a subset of the devices, which is a subset of all data synchronized between the devices. The method identifies the subset of synchronization data from the set of all synchronization data. The subset of synchronization data is tagged as pertaining to a particular set of criteria for synchronization between only the subset of devices. The method stores a backup of the subset of synchronization data in a backup storage encrypted in such a way that requires a recovery key associated with any one of the devices in the subset of devices to access the backup while preventing access to the backup with recovery keys of any of the other devices.

公开(公告)号：US20170048066A1

公开(公告)日：2017-02-16

申请号：US15268471

申请日：2016-09-16

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

Abstract translation: 一种通过使用一组服务器将第一设备的机密信息项恢复到第二设备的方法。 该方法生成公钥和私钥对，并在生成公钥和私钥时将私钥与服务器的可执行代码的哈希值相关联。 该方法在用用户特定的密钥和公钥加密的安全对象中接收加密的机密信息项。 当第二设备提供与加密安全对象的密钥相同的用户特定密钥时，该方法仅向第二设备提供机密信息，并且在访问私钥以解密时提供服务器的可执行代码的散列 安全对象匹配在生成私钥时在服务器上运行的可执行代码的散列。

公开(公告)号：US20170013066A1

公开(公告)日：2017-01-12

申请号：US15269723

申请日：2016-09-19

Applicant: Apple Inc.

Inventor： Shyam S. Toprani ,  Paul Holden ,  Emily Clark Schubert ,  Thomas Alsina ,  Scott Forstall ,  Lawrence G. Bolton ,  Nitin Ganatra ,  Mitchell D. Adler ,  Jesse Lee Dorogusker

IPC: H04L29/08 ,  G06F9/445 ,  H04L29/06

CPC classification number: H04L67/141 ,  G06F9/445 ,  H04L65/1003

Abstract: An application can be launched in response to a launch request from an accessory. For example, the mobile computing device can determine whether it is in a state that allows launching of an application and/or can determine whether the application or application type requested in the launch command is available for launching. In response to the request, and if the mobile computing device is capable, the mobile computing device can launch the application. The mobile computing device can also send a positive acknowledgment message to the accessory indicating that the application may be launched. An open communication session message may also be sent to the accessory. In response thereto the accessory can open a communication session and interoperate with the application.

Abstract translation: 应用程序可以响应来自附件的启动请求而启动。 例如，移动计算设备可以确定它是否处于允许启动应用的状态和/或可以确定在启动命令中请求的应用或应用类型是否可用于启动。 响应于该请求，并且如果移动计算设备是能够的，则移动计算设备可以启动该应用。 移动计算设备还可以向附件发送肯定确认消息，指示应用可以被启动。 开放通信会话消息也可以被发送到附件。 响应于此，附件可以打开通信会话并与应用程序互操作。