公开(公告)号：US20240078343A1

公开(公告)日：2024-03-07

申请号：US18463744

申请日：2023-09-08

Applicant: Apple Inc.

Inventor： Hervé Sibert ,  Eric D. Friedman ,  Erik C. Neuenschwander ,  Jerrold V. Hauck ,  Thomas P. Mensch ,  Julien F. Freudiger ,  Alan W. Yu

IPC: G06F21/64 ,  H04L9/14 ,  H04L9/32

CPC classification number: G06F21/64 ,  H04L9/14 ,  H04L9/3236 ,  H04L9/3263 ,  H04L9/3271

Abstract: Techniques are disclosed relating to application verification. In various embodiments, a computing device includes a secure circuit configured to maintain a plurality of cryptographic keys of the computing device. In such an embodiment, the computing device receives, from an application, a request for an attestation usable to confirm an integrity of the application, instructs the secure circuit to use one of the plurality of cryptographic keys to supply the attestation for the application, and provides the attestation to a remote computing system in communication with the application. In some embodiments, the secure circuit is configured to verify received metadata pertaining to the identity of the application and use the cryptographic key to generate the attestation indicative of the identity of the application.

公开(公告)号：US20240039714A1

公开(公告)日：2024-02-01

申请号：US18447083

申请日：2023-08-09

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L9/40

CPC classification number: H04L9/0861 ,  H04L9/3268 ,  H04L9/006 ,  H04L9/3249 ,  G06F21/32 ,  H04L9/3239 ,  H04L9/14 ,  G06F21/74 ,  H04L9/0877 ,  H04L9/3231 ,  H04L9/3234 ,  G06F21/72 ,  G06F21/78 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/127 ,  G06F13/28

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US11265929B2

公开(公告)日：2022-03-01

申请号：US16090007

申请日：2017-04-14

Applicant: Apple Inc.

Inventor： Jerrold V. Hauck ,  Alejandro J. Marquez ,  Timothy R. Paaske ,  Indranil S. Sen ,  Herve Sibert ,  Yannick L. Sierra ,  Raman S. Thiara

IPC: H04W76/10 ,  H04W64/00 ,  H04W12/06 ,  H04W12/04 ,  H04W12/02 ,  H04L29/06 ,  H04L9/32 ,  H04W4/80

Abstract: A secure ranging system can use a secure processing system to deliver one or more ranging keys to a ranging radio on a device, and the ranging radio can derive locally at the system ranging codes based on the ranging keys. A deterministic random number generator can derive the ranging codes using the ranging key and one or more session parameters, and each device (e.g. a cellular telephone and another device) can independently derive the ranging codes and derive them contemporaneously with their use in ranging operations.

公开(公告)号：US10831484B1

公开(公告)日：2020-11-10

申请号：US16524490

申请日：2019-07-29

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Jeffry E. Gonion ,  Thomas Roche ,  Jerrold V. Hauck

IPC: G06F9/30 ,  G06F21/60 ,  G06F12/14

Abstract: In an embodiment, a processor includes hardware circuitry and/or supports instructions which may be used to detect that a return address or jump address has been modified since it was written to memory. In response to detecting the modification, the processor may be configured to signal an exception or otherwise initiate error handling to prevent execution at the modified address. In an embodiment, the processor may perform a cryptographic sign operation on the return address/jump address before writing the signed return address/jump address to memory and the signature may be verified before the address is used as a return target or jump target. Security of the system may be improved by foiling ROP/JOP attacks.

公开(公告)号：US10708049B2

公开(公告)日：2020-07-07

申请号：US16186426

申请日：2018-11-09

Applicant: Apple Inc.

Inventor： Dallas B. De Atley ,  Jerrold V. Hauck ,  Mitchell D. Adler

IPC: H04L9/08 ,  G06F21/62 ,  G06F21/33 ,  G06F21/44 ,  G06F21/60 ,  H04L29/06 ,  G06F21/00 ,  G06F21/64 ,  H04L9/12

Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.

公开(公告)号：US20200186337A1

公开(公告)日：2020-06-11

申请号：US16730931

申请日：2019-12-30

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  G06F21/78 ,  G06F21/72 ,  G06F21/74 ,  H04L9/14 ,  G06F21/32 ,  H04L9/00

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US10523431B2

公开(公告)日：2019-12-31

申请号：US16133645

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US20190296905A1

公开(公告)日：2019-09-26

申请号：US16436328

申请日：2019-06-10

Applicant: Apple Inc.

Inventor： Kumar Saurav ,  Jerrold V. Hauck ,  Yannick L. Sierra ,  Charles E. Gray ,  Roberto G. Yepez ,  Samuel Gosselin ,  Petr Kostka ,  Wade Benson

IPC: H04L9/08 ,  G06F21/60 ,  G06F21/74

Abstract: A device may include a secure processor and a secure memory coupled to the secure processor. The secure memory may be inaccessible to other device systems. The secure processor may store some keys and/or entropy values in the secure memory and other keys and/or entropy values outside the secure memory. The keys and/or entropy values stored outside the secure memory may be encrypted using information stored inside the secure memory.

公开(公告)号：US10409600B1

公开(公告)日：2019-09-10

申请号：US15202269

申请日：2016-07-05

Applicant: Apple Inc.

Inventor： Yannick L. Sierra ,  Jeffry E. Gonion ,  Thomas Roche ,  Jerrold V. Hauck

IPC: G06F9/30 ,  G06F21/60 ,  G06F12/14

Abstract: In an embodiment, a processor includes hardware circuitry and/or supports instructions which may be used to detect that a return address or jump address has been modified since it was written to memory. In response to detecting the modification, the processor may be configured to signal an exception or otherwise initiate error handling to prevent execution at the modified address. In an embodiment, the processor may perform a cryptographic sign operation on the return address/jump address before writing the signed return address/jump address to memory and the signature may be verified before the to address is used as a return target or jump target. Security of the system may be improved by foiling ROP/JOP attacks.

公开(公告)号：US20170373844A1

公开(公告)日：2017-12-28

申请号：US15173647

申请日：2016-06-04

Applicant: Apple Inc.

Inventor： Libor Sykora ,  Wade Benson ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  G06F21/32 ,  H04L9/32

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. In some embodiments, the secure circuit is configured to generate a public key and a private key for an application, and receive, from the application via an API, a request to perform a cryptographic operation using the private key. The secure circuit is further configured to perform the cryptographic operation in response to the request.