公开(公告)号：US11475106B2

公开(公告)日：2022-10-18

申请号：US16177250

申请日：2018-10-31

Applicant: Apple Inc.

Inventor： Jean-Pierre Ciudad ,  Augustin J. Farrugia ,  David M'Raihi ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Nicholas T. Sullivan

IPC: G06F21/10 ,  G06Q30/06

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.

公开(公告)号：US20160204939A1

公开(公告)日：2016-07-14

申请号：US15074914

申请日：2016-03-18

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC: H04L9/32

CPC classification number: H04L9/32 ,  G06F21/10 ,  G06F21/602

Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.

Abstract translation: 本发明的一些实施例提供了一种用于在各种不同基础下分发内容的内容分发系统。 例如，在一些实施例中，内容分发系统分发受设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 设备无限制的内容是可以在任何设备上播放的内容，没有任何限制。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须认证设备无限制的内容。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制的内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制的内容。 在一些实施例中，接收媒体存储结构的设备将接收到的加密密钥或验证参数插入接收到的媒体存储结构中。 在一些实施例中，该组服务器还提供用于设备无限制内容的加密内容密钥。 这些密钥用于在到达时，首次播放时或在其他时间对内容进行解密。 然而，一些实施例不将这些加密密钥存储在用于设备无限制内容的媒体存储结构中。

公开(公告)号：US20130205137A1

公开(公告)日：2013-08-08

申请号：US13802508

申请日：2013-03-13

Applicant: APPLE INC.

Inventor： Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Jill Surdzial

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/321 ,  H04L9/3218 ,  H04L9/3242 ,  H04L2209/603 ,  H04L2209/80

Abstract: In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host.

Abstract translation: 在数据安全性和系统可靠性和资格认证领域中，本公开是一种用于使用基于零知识的认证技术来验证或认证到主机的设备的方法，系统和装置，其包括诸如HMAC之类的密钥化消息认证码 或密钥密码函数，并且操作在主机和设备之间共享的秘密信息。 这对于安全目的也是有用的，并且还确保诸如计算机外围设备或附件或组件的设备有资格与主机互操作。

公开(公告)号：US08645693B2

公开(公告)日：2014-02-04

申请号：US13802508

申请日：2013-03-13

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Jill Surdzial

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/321 ,  H04L9/3218 ,  H04L9/3242 ,  H04L2209/603 ,  H04L2209/80

Abstract: In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host.

Abstract translation: 在数据安全性和系统可靠性和资格认证领域中，本公开是一种用于使用基于零知识的认证技术来验证或认证到主机的设备的方法，系统和装置，其包括诸如HMAC之类的密钥化消息认证码 或密钥密码函数，并且操作在主机和设备之间共享的秘密信息。 这对于安全目的也是有用的，并且还确保诸如计算机外围设备或附件或组件的设备有资格与主机互操作。

公开(公告)号：US10574458B2

公开(公告)日：2020-02-25

申请号：US15074914

申请日：2016-03-18

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC: G06F21/10 ,  H04L9/32 ,  G06F21/60

Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.