公开(公告)号：US20170185794A1

公开(公告)日：2017-06-29

申请号：US15400765

申请日：2017-01-06

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Jason D. Gosnell ,  Jerrold V. Hauck ,  Muralidhar S. Vempaty ,  Dallas B. De Atley

IPC: G06F21/62 ,  H04L9/32 ,  G06F21/60 ,  H04L29/06

CPC classification number: G06F21/6218 ,  G06F21/57 ,  G06F21/572 ,  G06F21/577 ,  G06F21/602 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/083 ,  H04L63/0876

Abstract: In various embodiments, methods, devices and systems for securely generating, sealing, and restoring factory-generated calibration and provisioning data for an electronic device are described, in which calibration and provisioning data for an electronic device are generated in a distributed manner and stored on a storage system. The calibration data can be retrieved from the storage system during device assembly and finalized calibration and provisioning data for each electronic device can be stored to the storage system. In one embodiment, a sealing server, to attest to the authenticity of the factory generated data, seals the finalized calibration data. In one embodiment, an electronic device can access a data store containing the factory-generated data and can update or restore calibration or provisioning data for the device from the data store.

公开(公告)号：US09215097B2

公开(公告)日：2015-12-15

申请号：US13657737

申请日：2012-10-22

Applicant: APPLE INC.

Inventor： Jerrold V. Hauck ,  Colin Whitby-Strevens

IPC: H04J1/00 ,  H04L12/64 ,  H04L1/00 ,  H04L12/40

CPC classification number: H04L12/6418 ,  H04L1/0002 ,  H04L12/40052 ,  H04L12/40071

Abstract: A data communications system is disclosed having at least one Legacy cloud coupled to at least one Beta cloud. The system further having at least one BOSS node and at least one border node. A method for ensuring compatibility is disclosed comprising determining when the BOSS node is idle, determining whether the last packet transmitted by any border node was an Alpha format packet if the BOSS node is idle, and unlocking the Legacy cloud if the last packet transmitted by the border node was not an Alpha format packet.

Abstract translation: 公开了一种数据通信系统，其具有耦合到至少一个Beta云的至少一个Legacy云。 该系统还具有至少一个BOSS节点和至少一个边界节点。 公开了一种用于确保兼容性的方法，包括确定BOSS节点何时空闲，如果BOSS节点空闲，则确定由任何边界节点发送的最后一个分组是否是Alpha格式分组，如果由 边界节点不是Alpha格式数据包。

公开(公告)号：US20150348022A1

公开(公告)日：2015-12-03

申请号：US14475375

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Jerrold V. Hauck ,  George R. Dicker ,  Jeffrey C. Lee ,  Mitchell D. Adler ,  Wade Benson

IPC: G06Q20/38 ,  G06Q20/40 ,  G06Q20/32

CPC classification number: G06Q20/385 ,  G06Q20/3226 ,  G06Q20/354 ,  G06Q20/3829

Abstract: A system for provisioning credentials onto an electronic device is provided. The system may include a payment network subsystem, a service provider subsystem, and one or more user devices that can be used to perform mobile transactions at a merchant terminal. The user device may communicate with the service provider subsystem in order to obtained commerce credentials from the payment network subsystem. The user device may include a secure element and a corresponding trusted processor. The trusted processor may generate a random authorization number and inject that number into the secure element. Mobile payments should only be completed if the random authorization number on the secure element matches the random authorization number at the trusted processor. The trusted processor may be configured to efface the previous random authorization number and generate a new random authorization number when detecting a potential change in ownership at the user device.

Abstract translation: 提供了一种用于将凭证提供到电子设备上的系统。 系统可以包括支付网络子系统，服务提供商子系统以及可以用于在商家终端执行移动交易的一个或多个用户设备。 用户设备可以与服务提供商子系统通信，以便从支付网络子系统获得商业凭证。 用户设备可以包括安全元件和相应的可信处理器。 可信处理器可以生成随机授权号，并将该号码注入到安全元件中。 仅当安全元素上的随机授权号码与可信处理器上的随机授权号码匹配时，才应完成移动支付。 信任处理器可以被配置为在检测用户设备的所有权的潜在变化时消除先前的随机授权号码并生成新的随机授权号码。

公开(公告)号：US09098714B2

公开(公告)日：2015-08-04

申请号：US14085951

申请日：2013-11-21

Applicant: Apple Inc.

Inventor： Christopher B. Sharp ,  Yousuf H. Vaid ,  Li Li ,  Jerrold V. Hauck ,  Arun G. Mathias ,  Xiangying Yang ,  Kevin P. McLaughlin

IPC: H04L29/06 ,  G06F21/60 ,  H04W12/08

CPC classification number: G06F21/604 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20 ,  H04W12/08

Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.

Abstract translation: 描述了基于策略的框架。 该基于策略的框架可以用于指定逻辑实体执行与位于电子设备中的安全元件内的访问控制元素（例如电子订户身份模块）相关联的操作的特权。 注意，对于与相同或不同的访问控制元素相关联的不同操作，不同的逻辑实体可以具有不同的权限。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的凭证的类型，使得不同类型的凭证可以用于不同的操作和/或由不同的逻辑实体使用。 此外，基于策略的框架可以指定在认证期间由逻辑实体使用的安全协议和安全级别，使得不同的安全协议和安全级别可以用于不同的操作和/或不同的逻辑实体。

公开(公告)号：US20150178723A1

公开(公告)日：2015-06-25

申请号：US14475292

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Joakim Linde ,  Christopher Sharp ,  Jerrold V. Hauck

IPC: G06Q20/38 ,  H04L29/06 ,  G06Q20/32

Abstract: Systems, methods, and computer-readable media for managing credentials are provided. In one example embodiment, an electronic device may include a secure element with a security domain element stored on the secure element. The electronic device may also include a processor component that may be configured to, inter alia, permanently terminate the functionality of the security domain element, after the functionality has been permanently terminated, communicatively couple the electronic device to a trusted service manager, and transmit data to the communicatively coupled trusted service manager that may be usable by the trusted service manager to determine that the functionality has been permanently terminated. Additional embodiments are also provided.

Abstract translation: 提供了用于管理凭证的系统，方法和计算机可读介质。 在一个示例实施例中，电子设备可以包括具有存储在安全元件上的安全域元素的安全元件。 电子设备还可以包括处理器组件，其可以被配置为在功能已经被永久地终止之后永久地终止安全域元件的功能，通信地将电子设备耦合到可信服务管理器，并且发送数据 涉及由可信服务管理器可用以确定功能已被永久终止的通信耦合的可信服务管理器。 还提供了另外的实施例。

公开(公告)号：US20240185245A1

公开(公告)日：2024-06-06

申请号：US18487723

申请日：2023-10-16

Applicant: Apple Inc.

Inventor： Herve Sibert ,  Oren M. Elrad ,  Jerrold V. Hauck ,  Onur E. Tackin ,  Zachary A. Rosen ,  Matthias Lerch

IPC: G06Q20/40 ,  G06F21/31 ,  G06F21/32 ,  G06Q20/20 ,  G06Q20/32 ,  G06Q20/38 ,  H04L9/32 ,  H04W12/06 ,  H04W12/065

CPC classification number: G06Q20/40145 ,  G06F21/31 ,  G06F21/32 ,  G06Q20/204 ,  G06Q20/3278 ,  G06Q20/382 ,  G06Q20/4014 ,  H04L9/3231 ,  H04W12/065 ,  H04W12/068

Abstract: Techniques are disclosed relating to secure data storage. In various embodiments, a mobile device includes a wireless interface, a secure element, and a secure circuit. The secure element is configured to store confidential information associated with a plurality of users and to receive a request to communicate the confidential information associated with a particular one of the plurality of users. The secure element is further configured to communicate, via the wireless interface, the confidential information associated with the particular user in response to an authentication of the particular user. The secure circuit is configured to perform the authentication of the particular user. In some embodiments, the mobile device also includes a biosensor configured to collect biometric information from a user of the mobile device. In such an embodiment, the secure circuit is configured to store biometric information collected from the plurality of users by the biosensor.

公开(公告)号：US11790119B2

公开(公告)日：2023-10-17

申请号：US16683233

申请日：2019-11-13

Applicant: Apple Inc.

Inventor： Hervé Sibert ,  Eric D. Friedman ,  Erik C. Neuenschwander ,  Jerrold V. Hauck ,  Thomas P. Mensch ,  Julien F. Freudiger ,  Alan W. Yu

IPC: G06F21/64 ,  H04L9/14 ,  H04L9/32

CPC classification number: G06F21/64 ,  H04L9/14 ,  H04L9/3236 ,  H04L9/3263 ,  H04L9/3271

Abstract: Techniques are disclosed relating to application verification. In various embodiments, a computing device includes a secure circuit configured to maintain a plurality of cryptographic keys of the computing device. In such an embodiment, the computing device receives, from an application, a request for an attestation usable to confirm an integrity of the application, instructs the secure circuit to use one of the plurality of cryptographic keys to supply the attestation for the application, and provides the attestation to a remote computing system in communication with the application. In some embodiments, the secure circuit is configured to verify received metadata pertaining to the identity of the application and use the cryptographic key to generate the attestation indicative of the identity of the application.

公开(公告)号：US11601287B2

公开(公告)日：2023-03-07

申请号：US17203560

申请日：2021-03-16

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L9/40 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14 ,  G06F8/654 ,  H04W12/50 ,  H04L67/00 ,  H04W4/80

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US11582215B2

公开(公告)日：2023-02-14

申请号：US15275203

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: G06F7/04 ,  G06F17/30 ,  H04L9/40 ,  H04W12/041 ,  H04W12/086 ,  H04W12/0431 ,  G06F9/445 ,  H04W12/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US11178124B2

公开(公告)日：2021-11-16

申请号：US14475308

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Jerrold V. Hauck

IPC: H04L9/00 ,  H04L29/06

Abstract: Systems, methods, and computer-readable media for securely pairing a secure element and a processor of an electronic device are provided. In one example embodiment, a method, at an electronic device, includes, inter alia, deriving a key using a processor of the electronic device, sharing the derived key with a commercial entity subsystem, and receiving the shared key from the commercial entity subsystem at a secure element of the electronic device, where the received key may be leveraged for enabling a secure communication channel between the processor and the secure element. Additional embodiments are also provided.