公开(公告)号：US20190013939A1

公开(公告)日：2019-01-10

申请号：US16133645

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  G06F21/32 ,  H04L9/32 ,  H04L9/14 ,  H04L29/06

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US20170201550A1

公开(公告)日：2017-07-13

申请号：US15274880

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Wade Benson ,  David M. O'Rourke ,  Michael D. Santos ,  Gopi K. Rangaswamy ,  Selvarajan Subramaniam ,  Timothy P. Hannon ,  Pierre-Olivier Martel ,  Raghu Pai ,  Andrew R. Whalley ,  Michael Brouwer

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  G06F21/41

Abstract: Techniques are disclosed relating to accessing credential information on multiple devices. In one embodiment, a computer system is disclosed that includes one or processors and memory having program instructions stored therein that are executable by the one or more processors to cause the computer system to perform operations. The operations include storing registration information identifying a plurality of devices as being registered to an organization and receiving, over a network from a first device, a request for credential information of a first of a plurality of users associated with the organization. The operations further include authenticating the first request, including verifying that the first device is being used by the first user and determining, based on the registration information, whether the first device is one of the plurality of devices. The operations include granting or denying the first request for the credential information based on the authenticating.

公开(公告)号：US20150347770A1

公开(公告)日：2015-12-03

申请号：US14503244

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Andrew Roger Whalley ,  Wade Benson ,  Conrad Sauerwald

IPC: G06F21/62

CPC classification number: G06F21/6209 ,  G06F21/6218 ,  G06F21/6245 ,  G06F2221/2111 ,  H04L63/062 ,  H04W12/02 ,  H04W12/04 ,  H04W12/08

Abstract: In some implementations, encrypted data (e.g., application data, keychain data, stored passwords, etc.) stored on a mobile device can be accessed (e.g., decrypted, made available) based on the context of the mobile device. The context can include the current device state (e.g., locked, unlocked, after first unlock, etc.). The context can include the current device settings (e.g., passcode enabled/disabled). The context can include data that has been received by the mobile device (e.g., fingerprint scan, passcode entered, location information, encryption key received, time information).

Abstract translation: 在一些实现中，可以基于移动设备的上下文来访问（例如，解密，使得可用）存储在移动设备上的加密数据（例如，应用数据，钥匙串数据，存储的密码等）。 上下文可以包括当前设备状态（例如，锁定，解锁，在首次解锁之后等等）。 上下文可以包括当前设备设置（例如，启用/禁用密码）。 上下文可以包括已经由移动设备接收的数据（例如，指纹扫描，输入的密码，位置信息，接收的加密密钥，时间信息）。