公开(公告)号：US20190013939A1

公开(公告)日：2019-01-10

申请号：US16133645

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  G06F21/32 ,  H04L9/32 ,  H04L9/14 ,  H04L29/06

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US20180352440A1

公开(公告)日：2018-12-06

申请号：US15980694

申请日：2018-05-15

Applicant: Apple Inc.

Inventor： Lucia E. Ballard ,  Jerrold V. Hauck ,  Deepti S. Prakash ,  Jan Cibulka ,  Ivan Krstic

IPC: H04W12/08 ,  H04W12/06 ,  G06F21/32 ,  H04L9/32 ,  G06F21/78 ,  G06F21/62 ,  H04M1/725

Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

公开(公告)号：US20180089691A1

公开(公告)日：2018-03-29

申请号：US15709925

申请日：2017-09-20

Applicant: Apple Inc.

Inventor： Herve Sibert ,  Oren M. Elrad ,  Jerrold V. Hauck ,  Onur E. Tackin ,  Zachary A. Rosen ,  Matthias Lerch

IPC: G06Q20/40 ,  G06Q20/20 ,  G06Q20/38 ,  G06Q20/32 ,  H04L9/32

CPC classification number: G06Q20/40145 ,  G06F21/31 ,  G06F21/32 ,  G06Q20/204 ,  G06Q20/32 ,  G06Q20/3278 ,  G06Q20/382 ,  G06Q20/4014 ,  H04L9/3231 ,  H04W12/06

Abstract: Techniques are disclosed relating to secure data storage. In various embodiments, a mobile device includes a wireless interface, a secure element, and a secure circuit. The secure element is configured to store confidential information associated with a plurality of users and to receive a request to communicate the confidential information associated with a particular one of the plurality of users. The secure element is further configured to communicate, via the wireless interface, the confidential information associated with the particular user in response to an authentication of the particular user. The secure circuit is configured to perform the authentication of the particular user. In some embodiments, the mobile device also includes a biosensor configured to collect biometric information from a user of the mobile device. In such an embodiment, the secure circuit is configured to store biometric information collected from the plurality of users by the biosensor.

公开(公告)号：US09904629B2

公开(公告)日：2018-02-27

申请号：US14871498

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: H04L9/08 ,  G06F12/14 ,  G06F11/14 ,  G06F21/62 ,  H04L9/00

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices. The method stores the backup data encrypted with a set of data encryption keys. The method also stores the set of data encryption keys encrypted with a master recovery key. The method also stores several copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices. The backup data is only recoverable by accessing a private key of any one of the related devices.

公开(公告)号：US20170201380A1

公开(公告)日：2017-07-13

申请号：US15274836

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig A. Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04W76/02 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04L9/06 ,  H04L9/30

CPC classification number: H04L9/3252 ,  G06F8/654 ,  H04L9/0643 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3066 ,  H04L63/061 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/0869 ,  H04L67/34 ,  H04L2209/80 ,  H04W4/80 ,  H04W12/003 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US20160344710A1

公开(公告)日：2016-11-24

申请号：US14475308

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Jerrold V. Hauck

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L63/0492

Abstract: Systems, methods, and computer-readable media for securely pairing a secure element and a processor of an electronic device are provided. In one example embodiment, a method, at an electronic device, includes, inter cilia, deriving a key using a processor of the electronic device, sharing the derived key with a commercial entity subsystem, and receiving the shared key from the commercial entity subsystem at a secure element of the electronic device, where the received key may be leveraged for enabling a secure communication channel between the processor and the secure element. Additional embodiments are also provided.

Abstract translation: 提供了用于安全地配对电子设备的安全元件和处理器的系统，方法和计算机可读介质。 在一个示例实施例中，一种在电子设备处的方法包括使用电子设备的处理器导出密钥，使用商业实体子系统共享导出的密钥，以及从商业实体子系统接收共享密钥 电子设备的安全元件，其中可以利用所接收的密钥来实现处理器和安全元件之间的安全通信信道。 还提供了另外的实施例。

公开(公告)号：US09460313B2

公开(公告)日：2016-10-04

申请号：US14792572

申请日：2015-07-06

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: G06F21/62 ,  H04L9/08 ,  G06F21/64 ,  G06F21/00 ,  H04L29/06 ,  G06F21/33 ,  G06F21/44 ,  G06F21/60

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US20160004884A1

公开(公告)日：2016-01-07

申请号：US14792572

申请日：2015-07-06

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: G06F21/64 ,  H04L9/08

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

Abstract translation: 一种通过使用一组服务器将第一设备的机密信息项恢复到第二设备的方法。 该方法生成公钥和私钥对，并在生成公钥和私钥时将私钥与服务器的可执行代码的哈希值相关联。 该方法在用用户特定的密钥和公钥加密的安全对象中接收加密的机密信息项。 当第二设备提供与加密安全对象的密钥相同的用户特定密钥时，该方法仅向第二设备提供机密信息，并且在访问私钥以解密时提供服务器的可执行代码的散列 安全对象匹配在生成私钥时在服务器上运行的可执行代码的散列。

公开(公告)号：US09106411B2

公开(公告)日：2015-08-11

申请号：US13767847

申请日：2013-02-14

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: G06F21/62 ,  H04L9/08 ,  G06F21/00 ,  H04L29/06 ,  G06F17/40

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

Abstract translation: 一种通过使用一组服务器将第一设备的机密信息项恢复到第二设备的方法。 该方法生成公钥和私钥对，并在生成公钥和私钥时将私钥与服务器的可执行代码的哈希值相关联。 该方法在用用户专用密钥和公开密钥加密的安全对象中接收加密的机密信息项。 当第二设备提供与加密安全对象的密钥相同的用户特定密钥时，该方法仅向第二设备提供机密信息，并且在访问私钥以解密时提供服务器的可执行代码的散列 安全对象匹配在生成私钥时在服务器上运行的可执行代码的散列。

公开(公告)号：US09026680B2

公开(公告)日：2015-05-05

申请号：US13625798

申请日：2012-09-24

Applicant: Apple Inc.

Inventor： Jerrold V. Hauck

IPC: G06F15/16 ,  H04J3/06 ,  H04N21/4363

CPC classification number: H04J3/0697 ,  H04N21/43632

Abstract: A communication function between ports on a node that does not require a common time base to be distributed across the network is disclosed. A data stream received over a first port is placed on an interface between nodes using the time base of the first port; a second port samples the data stream on the interface and timestamps it using the time base of the second port. The data stream is timestamped by the second port and packetized before transmitted to the second node to another bridge or device. Alternatively, the first port extracts a time stamp from the data stream and calculates an offset using a cycle timer value from the bus connected to the first port. The offset is added to the cycle timer value on the bus connected to the second port and used to timestamp the data stream.

Abstract translation: 公开了不需要通过网络分布的公共时基的节点上的端口之间的通信功能。 通过第一端口接收的数据流被放置在使用第一端口的时基的节点之间的接口上; 第二个端口使用接口的数据流进行采样，并使用第二个端口的时基对其进行时间戳。 数据流由第二个端口加时间戳，并在发送到另一个网桥或设备之前进行分组。 或者，第一端口从数据流中提取时间戳，并且使用来自连接到第一端口的总线的周期定时器值来计算偏移量。 偏移被添加到连接到第二个端口的总线上的周期定时器值，并用于对数据流进行时间戳。