公开(公告)号：US11676188B2

公开(公告)日：2023-06-13

申请号：US17031603

申请日：2020-09-24

Applicant: Apple Inc.

Inventor： Thomas Alsina ,  Dallas B. De Atley ,  Augustin J. Farrugia ,  Byron B. Han ,  Sean B. Kelly ,  Craig A. Marciniak ,  Maxim Khutornenko ,  Raymond N. Walsh

IPC: G06Q30/06 ,  G06F21/32 ,  G06Q20/04 ,  G06Q20/12 ,  G06Q20/32 ,  G06Q20/36 ,  G06Q20/38 ,  G06Q20/40 ,  H04L9/40 ,  G06Q30/0601

CPC classification number: G06Q30/0609 ,  G06F21/32 ,  G06Q20/04 ,  G06Q20/12 ,  G06Q20/32 ,  G06Q20/322 ,  G06Q20/3674 ,  G06Q20/3821 ,  G06Q20/40145 ,  H04L63/083 ,  H04L63/0861

Abstract: An online store can transmit an online account token to an electronic device or to a biometric sensing device after a user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store. The user can then make one or more purchases after the online store receives the countersigned online account token.

公开(公告)号：US20210125248A1

公开(公告)日：2021-04-29

申请号：US17031603

申请日：2020-09-24

Applicant: Apple Inc.

Inventor： Thomas Alsina ,  Dallas B. De Atley ,  Augustin J. Farrugia ,  Byron B. Han ,  Sean B. Kelly ,  Craig A. Marciniak ,  Maxim Khutornenko ,  Raymond N. Walsh

IPC: G06Q30/06 ,  G06Q20/32 ,  G06Q20/12 ,  G06F21/32 ,  G06Q20/04 ,  G06Q20/36 ,  G06Q20/38 ,  G06Q20/40 ,  H04L29/06

Abstract: An online store can transmit an online account token to an electronic device or to a biometric sensing device after a user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store. The user can then make one or more purchases after the online store receives the countersigned online account token.

公开(公告)号：US20160352518A1

公开(公告)日：2016-12-01

申请号：US14871498

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: H04L9/08 ,  G06F21/62

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices. The method stores the backup data encrypted with a set of data encryption keys. The method also stores the set of data encryption keys encrypted with a master recovery key. The method also stores several copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices. The backup data is only recoverable by accessing a private key of any one of the related devices.

Abstract translation: 一些实施例为一组相关设备中的特定设备提供用于备份在该组相关设备之间同步的数据的方法。 该方法存储用一组数据加密密钥加密的备份数据。 该方法还存储用主恢复密钥加密的一组数据加密密钥。 该方法还存储主恢复密钥数据的几个副本，主恢复密钥数据的每个副本用相关设备中的不同的一个的公钥加密。 备份数据只能通过访问任一相关设备的私钥来恢复。

公开(公告)号：US11023587B2

公开(公告)日：2021-06-01

申请号：US16147712

申请日：2018-09-29

Applicant: Apple Inc.

Inventor： Julien Oster ,  Eric S. Harmon ,  Mitchell K. Allison ,  Pierre-Olivier J. Martel ,  Damien P. Sorresso ,  Dallas B. De Atley ,  Ryan P. Nielsen

IPC: G06F9/00 ,  G06F15/177 ,  G06F21/57 ,  G06F12/14 ,  G06F12/0875

Abstract: In an embodiment, a system supports an external trust cache. That is, the trust cache is separate from the kernel image on the non-volatile storage in the system. During boot, the boot code may read the trust cache from the storage and write it to the working memory of the system (e.g. the Random Access Memory (RAM) forming the memory system in the system). The boot code may also validate the kernel image and write it to the memory system. The boot code may program a region register in the processor to define a region in the working memory that encompasses the kernel image and the trust cache, to protect the region from modification/tampering.

公开(公告)号：US10708049B2

公开(公告)日：2020-07-07

申请号：US16186426

申请日：2018-11-09

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L9/08 ,  G06F21/62 ,  G06F21/33 ,  G06F21/44 ,  G06F21/60 ,  H04L29/06 ,  G06F21/00 ,  G06F21/64 ,  H04L9/12

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US09825762B2

公开(公告)日：2017-11-21

申请号：US15268471

申请日：2016-09-16

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L29/12 ,  G06F21/62 ,  H04L9/08 ,  G06F21/00 ,  H04L29/06 ,  G06F21/33 ,  G06F21/44 ,  G06F21/60 ,  G06F21/64

CPC classification number: H04L9/0894 ,  G06F21/00 ,  G06F21/33 ,  G06F21/445 ,  G06F21/606 ,  G06F21/6245 ,  G06F21/64 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/062 ,  H04L63/08 ,  H04L63/101

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US09684801B2

公开(公告)日：2017-06-20

申请号：US14827532

申请日：2015-08-17

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/60 ,  H04L29/08 ,  H04L9/08 ,  G06F17/30

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that provides data protection for a device when synchronizing a set of keychains stored on the device with a set of other devices. The program receives keychain data for synchronizing the set of keychains stored on the device with the set of other devices. The keychain data is specified as belonging to a protection domain. The program determines whether a set of conditions defined for the protection domain is satisfied. When the set of conditions is determined as satisfied, the program allows access to the keychain data in order to process the keychain data and synchronize the set of keychains stored on the device with the set of other devices.

公开(公告)号：US20170011234A1

公开(公告)日：2017-01-12

申请号：US15274733

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: G06F21/62 ,  G06F17/30 ,  H04L29/08

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.

Abstract translation: 一些实施例提供了将存储在设备上的钥匙串与一组其他设备同步的程序。 钥匙扣包括一套钥匙扣项目。 程序接收（1）用于更新存储在设备上的钥匙串的钥匙串项的列表，以及（2）表示钥匙串项目列表中指定的钥匙串项的数据。 对于钥匙串项列表中的每个钥匙串项，程序使用代表钥匙串项的数据来更新存储在设备上的钥匙串。

公开(公告)号：US20160350238A1

公开(公告)日：2016-12-01

申请号：US14871484

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: G06F12/14 ,  G06F11/14

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the devices. The method receives a command to create a backup for a subset of data synchronized between a subset of the devices, which is a subset of all data synchronized between the devices. The method identifies the subset of synchronization data from the set of all synchronization data. The subset of synchronization data is tagged as pertaining to a particular set of criteria for synchronization between only the subset of devices. The method stores a backup of the subset of synchronization data in a backup storage encrypted in such a way that requires a recovery key associated with any one of the devices in the subset of devices to access the backup while preventing access to the backup with recovery keys of any of the other devices.

Abstract translation: 一些实施例为一组相关设备中的特定设备提供用于备份在设备之间同步的数据的方法。 该方法接收命令以创建在设备子集之间同步的数据子集的备份，这是设备之间同步的所有数据的子集。 该方法从所有同步数据的集合中识别同步数据的子集。 同步数据的子集被标记为仅在设备子集之间进行同步的特定标准集合。 所述方法将备份所述同步数据的子集存储在备份存储器中，所述备份存储器以需要与所述设备子集中的所述设备中的任一个相关联的恢复密钥加密的方式来访问所述备份，同时防止使用恢复密钥访问所述备份 的任何其他设备。

公开(公告)号：US20160308674A1

公开(公告)日：2016-10-20

申请号：US14827532

申请日：2015-08-17

Applicant: Apple Inc.

Inventor： Michael Brouwer ,  Dallas B. De Atley ,  Mitchell D. Adler

IPC: H04L9/08 ,  H04L29/06 ,  H04L29/08

CPC classification number: G06F21/6263 ,  G06F17/30581 ,  G06F21/606 ,  G06F21/62 ,  H04L9/0816 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/10 ,  H04L63/166 ,  H04L63/20 ,  H04L67/104 ,  H04L67/1095 ,  H04L67/1097 ,  H04L2209/24

Abstract: Some embodiments provide a program that provides data protection for a device when synchronizing a set of keychains stored on the device with a set of other devices. The program receives keychain data for synchronizing the set of keychains stored on the device with the set of other devices. The keychain data is specified as belonging to a protection domain. The program determines whether a set of conditions defined for the protection domain is satisfied. When the set of conditions is determined as satisfied, the program allows access to the keychain data in order to process the keychain data and synchronize the set of keychains stored on the device with the set of other devices.

Abstract translation: 一些实施例提供了一种在将设备上存储的一组钥匙串与一组其他设备同步时为设备提供数据保护的程序。 该程序接收用于使存储在设备上的一组密钥串与其他设备的集合同步的钥匙串数据。 钥匙串数据被指定为属于保护域。 该程序确定是否满足为保护域定义的一组条件。 当满足条件集合时，程序允许访问钥匙串数据，以便处理钥匙串数据并使存储在设备上的一组密钥串与其他设备的集合同步。