公开(公告)号：US10586260B2

公开(公告)日：2020-03-10

申请号：US13668109

申请日：2012-11-02

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q30/06

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US09774443B2

公开(公告)日：2017-09-26

申请号：US14639026

申请日：2015-03-04

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Bruno Kindarji ,  Thomas Icart ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L9/06 ,  H04L9/00

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/046 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/60

Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.

公开(公告)号：US09639673B2

公开(公告)日：2017-05-02

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

公开(公告)号：US20160211972A1

公开(公告)日：2016-07-21

申请号：US15000223

申请日：2016-01-19

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/06

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US09374616B2

公开(公告)日：2016-06-21

申请号：US14224010

申请日：2014-03-24

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Jeffrey Robbin ,  Hiro Mitsuji ,  Mihailo Despotovic ,  Colin Meldrum

IPC: H04N7/167 ,  H04N21/4408 ,  H04N7/16 ,  H04N7/173 ,  H04N21/254 ,  H04N21/266 ,  H04N21/472 ,  H04N21/61 ,  H04N21/437 ,  H04N21/4405 ,  G06F21/00 ,  G06F21/10 ,  G06F21/62

CPC classification number: H04N21/26613 ,  G06F21/10 ,  G06F21/62 ,  G06F21/6209 ,  H04N7/165 ,  H04N7/17318 ,  H04N21/2541 ,  H04N21/437 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/47202 ,  H04N21/6125 ,  H04N21/6175

Abstract: A video on demand system in the context of the Internet, for video rentals. A user accesses an on-line store to rent a video program or movie. The rental is for a limited time (such as 30 days) and within that thirty days, the video program or movie can only be viewed for a 24 hour time window. The time limits are enforced by the on-line store which maintains a database of each rental transaction and allows supply of the needed keys for decrypting the (encrypted) video or movie only if within the time limits.

Abstract translation: 视频点播系统在互联网的背景下，用于视频租赁。 用户访问在线商店租用视频节目或电影。 出租时间有限（如30天），而在三十天内，视频节目或电影只能在24小时的时间内观看。 时间限制由维护每个租赁交易的数据库的在线商店实施，并且仅在时限内允许提供用于解密（加密的）视频或电影的所需密钥。

公开(公告)号：US09264222B2

公开(公告)日：2016-02-16

申请号：US14015523

申请日：2013-08-30

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/30 ,  H04L9/06

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US20150347996A1

公开(公告)日：2015-12-03

申请号：US14722019

申请日：2015-05-26

Applicant: Apple Inc.

Inventor： Thomas Alsina ,  Augustin J. Farrugia ,  Edward T. Schmidt ,  Gianpaolo Fasoli ,  Sean B. Kelly

IPC: G06Q20/12 ,  G06F21/10 ,  G06Q20/40 ,  G06Q20/22 ,  H04L29/08 ,  H04L29/06

CPC classification number: G06Q20/1235 ,  G06F21/10 ,  G06F2221/0717 ,  G06F2221/0771 ,  G06F2221/0777 ,  G06Q10/063114 ,  G06Q20/29 ,  G06Q20/405 ,  H04L67/306 ,  H04L67/42

Abstract: One or more user accounts can be linked together to form a group of linked user accounts to access content items assigned to the other user accounts in the group of linked user accounts. Prior to completing a purchase for a content item, a requesting user can be alerted that a member of the group of linked user accounts has access to the content item. Content items assigned to a member of a group of linked user accounts can be downloaded by one or more other members of the group of linked user accounts along with a Digital Rights Management (DRM) key that enables use of the content item. The DRM key can represent the group relationship between the downloading user account and the content owner's user account to which the content item is assigned.

Abstract translation: 一个或多个用户帐户可以链接在一起以形成一组链接的用户帐户，以访问分配给链接的用户帐户组中的其他用户帐户的内容项。 在完成对内容项目的购买之前，请求用户可以被警告该链接的用户帐户组的成员可以访问该内容项目。 分配给一组链接的用户帐户的成员的内容项可以被连接的用户帐户组的一个或多个其他成员以及能够使用内容项的数字版权管理（DRM）密钥一起下载。 DRM密钥可以表示下载用户帐户与分配内容项目的内容所有者的用户帐户之间的组关系。

公开(公告)号：US09128722B2

公开(公告)日：2015-09-08

申请号：US13851581

申请日：2013-03-27

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Mathieu Ciet ,  Augustin J. Farrugia

IPC: G06F9/44 ,  G06F9/45 ,  G06F21/14

CPC classification number: G06F8/33 ,  G06F8/423 ,  G06F21/14

Abstract: Disclosed herein are systems, computer-implemented methods, and non-transitory computer-readable storage media for obfuscating code, such as instructions and data structures. Also disclosed are non-transitory computer-readable media containing obfuscated code. In one aspect, a preprocessing tool (i.e. before compilation) identifies in a source program code a routine for replacement. The tool can be a software program running on a computer or an embedded device. The tool then selects a function equivalent to the identified routine from a pool of functions to replace the identified routine. A compiler can then compile computer instructions based on the source program code utilizing the selected function in place of the identified routine. In another aspect, the tool replaces data structures with fertilized data structures. These approaches can be applied to various portions of source program code based on various factors. A software developer can flexibly configure how and where to fertilize the source code.

Abstract translation: 这里公开的是系统，计算机实现的方法和用于模糊代码的非暂时计算机可读存储介质，诸如指令和数据结构。 还公开了包含混淆代码的非暂时性计算机可读介质。 在一个方面，预处理工具（即，在编译之前）在源程序代码中标识用于替换的例程。 该工具可以是在计算机或嵌入式设备上运行的软件程序。 然后，该工具从一个函数库中选择一个等同于识别的例程的功能来替换识别的例程。 然后，编译器可以使用所选择的功能代替所识别的例程来编译基于源程序代码的计算机指令。 另一方面，该工具用受精数据结构取代数据结构。 这些方法可以基于各种因素应用于源程序代码的各个部分。 软件开发人员可以灵活地配置如何以及在何处施肥源代码。

公开(公告)号：US09043887B2

公开(公告)日：2015-05-26

申请号：US13731935

申请日：2012-12-31

Applicant: Apple Inc.

Inventor： Jonathan G. McLachlan ,  Augustin J. Farrugia ,  Nicholas T. Sullivan

IPC: G06F17/00 ,  H04L29/06

CPC classification number: G06Q20/4014 ,  G06F21/31 ,  G06F2221/2101 ,  G06F2221/2103 ,  H04L63/08

Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.

Abstract translation: 描述用于对与在线商店相关联的帐户执行辅助认证的认证挑战系统。 在一个实施例中，认证挑战系统包括问题生成引擎，其可以基于与在线商店的用户帐户相关联的活动而导出一系列问题; 网络接口，其可以传送由问题生成引擎导出的一系列一个或多个问题以将用户认证到在线商店; 置信引擎，其可以确定成功验证所需的置信水平，并且可以计算用户身份的置信度得分; 以及质量引擎，其可以基于对在线商店的多个帐户的问答指标的分析来调整问题生成引擎和置信引擎。 在线商店可以包括诸如音乐，电影，书籍或电子计算设备的应用的数字媒体。

公开(公告)号：US11956323B2

公开(公告)日：2024-04-09

申请号：US17228603

申请日：2021-04-12

Applicant: Apple Inc.

Inventor： Srinivas Vedula ,  Daniel P. Carter ,  Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Eugene Jivotovski

IPC: H04L9/40 ,  H04L9/32 ,  H04L65/60 ,  H04L67/306 ,  H04L67/146

CPC classification number: H04L67/306 ,  H04L9/3213 ,  H04L63/10 ,  H04L65/60 ,  H04L63/108 ,  H04L67/146

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.