公开(公告)号：US20240406162A1

公开(公告)日：2024-12-05

申请号：US18205244

申请日：2023-06-02

Applicant: Apple Inc.

Inventor： Ravi Chotrani ,  Ahmer A. Khan ,  David W. Silver ,  Gianpaolo Fasoli ,  Ka Yang ,  Vishnu Janardhanan

IPC: H04L9/40 ,  H04L67/306

Abstract: A computing device can receive a request from a requesting device for one or more data elements associated with a digital credential. The computing device can store the digital credential which includes a set of data elements and a security object. The computing device can determine a subset of the data elements based at least in part on the request. The computing device can generate the response, wherein the response includes the subset of the data elements and the security object. The computing device can transmit the response to the requesting device.

公开(公告)号：US12095907B2

公开(公告)日：2024-09-17

申请号：US17835421

申请日：2022-06-08

Applicant: Apple Inc.

Inventor： Vishnu Pillai Janardhanan Pillai ,  Rantao Chen ,  Gianpaolo Fasoli ,  Frederic Jacobs ,  Rupamay Saha ,  Yannick L. Sierra ,  Dian Wen ,  Ka Yang

IPC: H04L9/08 ,  G06Q20/38 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/085 ,  G06Q20/3829 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/0823

Abstract: Embodiments described herein provide cryptographic techniques to enable a recipient of a signed message containing encrypted data to verify that the signer of the message and the encryptor of the encrypted data are the same party, or at the least, have joint possession of a common set of secret cryptographic material. These techniques can be used to harden an online payment system against interception and resigning of encrypted payment information.

公开(公告)号：US11880808B2

公开(公告)日：2024-01-23

申请号：US16659078

申请日：2019-10-21

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: G06Q20/00 ,  B63H20/02 ,  B63H20/06

CPC classification number: G06Q20/00 ,  B63H20/02 ,  B63H20/06

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US11877157B2

公开(公告)日：2024-01-16

申请号：US17398723

申请日：2021-08-10

Applicant: Apple Inc.

Inventor： Haya Iris Villanueva Gaviola ,  Gianpaolo Fasoli ,  Vinay Ganesh ,  Irene M. Graff ,  Martijn Theo Haring ,  Ahmer A. Khan ,  Franck Farian Rakotomalala ,  Gordon Y. Scott ,  Ho Cheung Chung ,  Antonio Allen ,  Mayura Dhananjaya Deshpande ,  Thomas John Miller ,  Christopher Sharp ,  David W. Silver ,  Policarpo B. Wood ,  Ka Yang

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/69 ,  H04W4/80 ,  H04W12/037 ,  H04W12/47 ,  H04W12/02 ,  H04L29/00 ,  G06Q50/26

CPC classification number: H04W12/69 ,  H04W4/80 ,  H04W12/02 ,  H04W12/037 ,  H04W12/47 ,  G06Q50/265

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

公开(公告)号：US11475106B2

公开(公告)日：2022-10-18

申请号：US16177250

申请日：2018-10-31

Applicant: Apple Inc.

Inventor： Jean-Pierre Ciudad ,  Augustin J. Farrugia ,  David M'Raihi ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Nicholas T. Sullivan

IPC: G06F21/10 ,  G06Q30/06

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.

公开(公告)号：US10979529B2

公开(公告)日：2021-04-13

申请号：US16539512

申请日：2019-08-13

Applicant: Apple Inc.

Inventor： Srinivas Vedula ,  Daniel P. Carter ,  Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Eugene Jivotovski

IPC: H04L29/06 ,  H04L29/08

Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.

公开(公告)号：US20200047865A1

公开(公告)日：2020-02-13

申请号：US16659078

申请日：2019-10-21

Applicant: Apple Inc.

Inventor： Thomas Matthieu Alsina ,  Scott T. Boyd ,  Michael Kuohao Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Patrice O. Gautier ,  Sean B. Kelly ,  Payam Mirrashidi ,  Pedraum Pardehpoosh ,  Conrad Sauerwald ,  Kenneth W. Scott ,  Rajit Shinh ,  Braden Jacob Thomas ,  Andrew R. Whalley

IPC: B63H20/06 ,  B63H20/12 ,  B63H20/02

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

公开(公告)号：US20180365390A1

公开(公告)日：2018-12-20

申请号：US16012388

申请日：2018-06-19

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Apoorva Govind ,  Augustin J. Farrugia ,  Raffi T. Khatchadourian

IPC: G06F21/10 ,  H04L29/06 ,  G06F17/30 ,  H04W4/60 ,  H04N21/254 ,  H04N21/6334

CPC classification number: G06F21/10 ,  G06F16/2228 ,  G06F2221/0717 ,  H04L63/061 ,  H04L63/104 ,  H04L2463/101 ,  H04N21/2541 ,  H04N21/63345 ,  H04W4/60

Abstract: User accounts can be linked together to form a group of linked user accounts that can access content items assigned to the other user accounts in the group. A user can download content items assigned to their user account, as well as shared content items assigned to one of the other user accounts in the group of linked user accounts. Use of shared content items can be restricted to client devices running specified versions of an operating system. The key ID tagged to a shared content item can be altered such that the key ID no longer correctly identifies the corresponding DRM key that enables use of the shared content item. Client devices authorized to use shared content items can be configured to recognize that a content item is a shared content item and generate the original key ID form the altered key ID.

公开(公告)号：US10042989B2

公开(公告)日：2018-08-07

申请号：US14872112

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Mathieu Ciet ,  Jean-Francois Riendeau

IPC: H04L29/06 ,  G06F21/30 ,  G06F21/44 ,  H04L9/32

Abstract: The embodiments set forth systems and techniques to activate and provide other device services for user devices. An activation manager is configured to activate a user device by receiving an activation request for the device, accepting previously stored and encrypted trusted data for the device, getting current data for the device, determining whether the current data compares with the trusted data, and sending an authorization to activate the device when the current data compares favorably with the trusted data. Data can include a seed component divided into seed segments that are each combined with a unique device identifier using varying cryptographic primitives. Each encrypted seed segment and unique device identifier combination can be dedicated to a different device use or service, and can be used separately for device identification for that use or service.

公开(公告)号：US20170221055A1

公开(公告)日：2017-08-03

申请号：US15275122

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Karl Anders Carlsson ,  Anton K. Diederich ,  Christopher Sharp ,  Gianpaolo Fasoli ,  Maciej Stachowiak ,  Matthew C. Byington ,  Nicholas J. Shearer ,  Samuel M. Weinig

IPC: G06Q20/38 ,  G06Q20/32 ,  H04L29/06

CPC classification number: G06Q20/3821 ,  G06Q20/12 ,  G06Q20/3227 ,  G06Q20/3278 ,  G06Q20/40 ,  G06Q2220/00 ,  H04L63/10

Abstract: Systems, methods, and computer-readable media for validating online access to secure device functionality are provided that may use shared secrets between different subsystems and limited use validation data.