-
公开(公告)号:US10574458B2
公开(公告)日:2020-02-25
申请号:US15074914
申请日:2016-03-18
Applicant: Apple Inc.
Inventor: Augustin J. Farrugia , Gianpaolo Fasoli , Bertrand Mollinier Toublet , Mathieu Ciet
Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.
-
公开(公告)号:US10382578B2
公开(公告)日:2019-08-13
申请号:US14871567
申请日:2015-09-30
Applicant: Apple Inc.
Inventor: Srinivas Vedula , Daniel P. Carter , Gianpaolo Fasoli , Augustin J. Farrugia , Eugene Jivotovski
Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.
-
公开(公告)号:US10164772B2
公开(公告)日:2018-12-25
申请号:US14291581
申请日:2014-05-30
Applicant: Apple Inc.
Inventor: Mathieu Ciet , Augustin J. Farrugia , Thomas Icart
IPC: H04L9/06
Abstract: The disclosed hash and message padding functions are based on the permutation composition problem. To compute a hash of a message using permutation composition based hashing, the message is split into equal size blocks. For each block, a permutation composition value is computed. The block permutation composition values are then combined through composition to generate an overall permutation composition value. The hash of the message is then based on the overall permutation composition value. To pad a message using permutation composition based padding, the message is split into equal size blocks. For each block, a permutation composition value is computed and the permutation composition value is added to the block. The padded blocks are then recombined to generate the padded message.
-
44.发明授权公开(公告)号:US09716586B2
公开(公告)日:2017-07-25
申请号:US15000223
申请日:2016-01-19
Applicant: Apple Inc.
Inventor: Benoit Chevallier-Mames , Mathieu Ciet , Thomas Icart , Bruno Kindarji , Augustin J. Farrugia
CPC classification number: H04L9/0637 , H04L9/0631 , H04L9/30 , H04L2209/24
Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.
-
公开(公告)号:US09692592B2
公开(公告)日:2017-06-27
申请号:US14866997
申请日:2015-09-27
Applicant: Apple Inc.
Inventor: Bruno Kindarji , Benoit Chevallier-Mames , Mathieu Ciet , Augustin J. Farrugia , Thomas Icart
CPC classification number: H04L9/0618 , H04L9/0631 , H04L9/14 , H04L63/1466 , H04L2209/16 , H04L2209/24 , H04L2209/34
Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.
-
Patent Agency Ranking
公开(公告)号:US20160119133A1
公开(公告)日:2016-04-28
申请号:US14291581
申请日:2014-05-30
Applicant: Apple Inc.
Inventor: Mathieu Ciet , Augustin J. Farrugia , Thomas Icart
IPC: H04L9/06
CPC classification number: H04L9/0643 , H04L2209/20
Abstract: The disclosed hash and message padding functions are based on the permutation composition problem. To compute a hash of a message using permutation composition based hashing, the message is split into equal size blocks. For each block, a permutation composition value is computed. The block permutation composition values are then combined through composition to generate an overall permutation composition value. The hash of the message is then based on the overall permutation composition value. To pad a message using permutation composition based padding, the message is split into equal size blocks. For each block, a permutation composition value is computed and the permutation composition value is added to the block. The padded blocks are then recombined to generate the padded message.
Abstract translation: 所公开的散列和消息填充功能基于置换组合问题。 为了使用基于散列组合的散列来计算消息的散列,消息被分割成相等大小的块。 对于每个块,计算置换组合值。 然后通过组合将块置换组合值组合以产生整体置换组合值。 然后,消息的散列基于整体排列组合值。 为了使用基于置换组合的填充来填充消息,消息被分割成相等的大小块。 对于每个块,计算置换组合值,并将置换组合值添加到块。 然后将填充的块重新组合以产生填充消息。
-
公开(公告)号:US20160080143A1
公开(公告)日:2016-03-17
申请号:US14487872
申请日:2014-09-16
Applicant: Apple Inc.
Inventor: Bruno Kindarji , Mathieu Ciet , Benoit Chevallier-Mames , Thomas Icart , Augustin J. Farrugia
CPC classification number: H04L9/0618 , H04L9/0637 , H04L2209/04 , H04L2209/043 , H04L2209/16 , H04L2209/24
Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.
Abstract translation: 一些实施例提供了一种用于执行包括多个轮次的块密码操作的方法。 该方法接收包含几个块的消息。 该方法选择一组块。 该集合具有特定数量的块。 该方法对所选择的块集合应用加密操作。 在集合中的第一块的特定轮次的加密操作在对于集合中的第二块的特定轮次之后的轮次之后执行,而在第一块之前的不同的特定轮次在比不同的前一轮之前执行 特别是第二块。 在一些实施例中,用于第一块的至少两个轮次一个接一个地执行,而对于该组中的任何其他块,没有任何中间轮。
-
公开(公告)号:US09143317B2
公开(公告)日:2015-09-22
申请号:US13902723
申请日:2013-05-24
Applicant: Apple Inc.
Inventor: Benoit Chevallier-Mames , Mathieu Ciet , Thomas Icart , Bruno Kindarji , Augustin J. Farrugia
CPC classification number: H04L9/0631 , H04L9/002 , H04L2209/16
Abstract: Various embodiments of a computer-implemented method of information security using block cipher column rotations are described. The cipher state column rotations provide resistance to white box side channel memory correlation attacks designed to reverse-engineer a symmetric cipher key associated with the information security system. The column rotation operations can be performed on the cipher state of a block cipher, and then removed from the result, to provide obfuscation of the data when in memory, while not impacting the resulting output of the cipher or decipher operation. The method additionally includes performing a first rotation of an iteration specific cipher subkey according to the first rotation index, performing an iteration of the block cipher operations on the cipher state matrix, and rotating the columns of the cipher state matrix according to an inverse of the first rotation index.
Abstract translation: 描述使用块密码器列旋转的计算机实现的信息安全方法的各种实施例。 密码状态列旋转提供对白箱侧通道存储器相关性攻击的抵抗,其设计用于逆向设计与信息安全系统相关联的对称密码密钥。 可以对块密码的密码状态执行列旋转操作,然后从结果中移除,以在存储器中提供数据的混淆,同时不影响所得到的密码或解密操作的输出。 该方法另外包括根据第一旋转指标执行迭代特定密码子密钥的第一次旋转,对密码状态矩阵执行块密码操作的迭代,并且根据密码状态矩阵的倒数旋转密码状态矩阵的列 第一次旋转指数。
-
公开(公告)号:US20150220926A1
公开(公告)日:2015-08-06
申请号:US14685429
申请日:2015-04-13
Applicant: Apple Inc.
Inventor: Jonathan G. McLachlan , Augustin J. Farrugia , Nicholas T. Sullivan
IPC: G06Q20/40
CPC classification number: G06Q20/4014 , G06F21/31 , G06F2221/2101 , G06F2221/2103 , H04L63/08
Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.
Abstract translation: 描述用于对与在线商店相关联的帐户执行辅助认证的认证挑战系统。 在一个实施例中,认证挑战系统包括问题生成引擎,其可以基于与在线商店的用户帐户相关联的活动而导出一系列问题; 网络接口,其可以传送由问题生成引擎导出的一系列一个或多个问题以将用户认证到在线商店; 置信引擎,其可以确定成功验证所需的置信水平,并且可以计算用户身份的置信度得分; 以及质量引擎,其可以基于对在线商店的多个帐户的问答指标的分析来调整问题生成引擎和置信引擎。 在线商店可以包括诸如音乐,电影,书籍或电子计算设备的应用的数字媒体。
-
公开(公告)号:US08886947B2
公开(公告)日:2014-11-11
申请号:US13723097
申请日:2012-12-20
Applicant: Apple Inc.
Inventor: Augustin J. Farrugia , Melanie Riendeau
CPC classification number: G06F21/64
Abstract: Some embodiments of the invention provide a method of verifying the integrity of digital content. At a source of the digital content, the method generates a signature for the digital content by applying a hashing function to a particular portion of the digital content, where the particular portion is less than the entire digital content. The method supplies the signature and the digital content to a device. At the device, the method applies the hashing function to the particular portion of the digital content in order to verify the supplied signature, and thereby verifies the integrity of the supplied digital content.
Abstract translation: 本发明的一些实施例提供了一种验证数字内容的完整性的方法。 在数字内容的源头上,该方法通过对数字内容的特定部分应用散列函数来生成数字内容的签名,其中特定部分小于整个数字内容。 该方法将签名和数字内容提供给设备。 在该设备中,该方法将哈希函数应用于数字内容的特定部分,以验证所提供的签名,从而验证所提供的数字内容的完整性。
-
-
-
-
-
-
-
-
-
Search Results
67
records
(took 0.023 seconds)
