公开(公告)号：US20250119273A1

公开(公告)日：2025-04-10

申请号：US18907189

申请日：2024-10-04

Applicant: Apple Inc.

Inventor： Jonathan L. Choukroun ,  Elliot S. Briggs ,  Marcos Caceres ,  Simon J. Gornall ,  Michael J. Hashe ,  Graham S. Orndorff ,  Andrew M. Pace ,  Yannick L. Sierra ,  Catherine Yun

IPC: H04L9/08 ,  G06F9/54 ,  H04L9/30

Abstract: Techniques are disclosed relating to improving key management on devices. In various embodiments, a device receives, from a browser via a key-management API supported by the device, a request for a browser session to receive access to a cryptographic key managed by the device. The key-management API of the device determines whether to grant the browser session access to the cryptographic key based on verification of a signed attestation from a server corresponding to the browser session and using metadata stored about the cryptographic key. Based on the determination, the device provides access to the cryptographic key via the key-management API. In some embodiments, providing access to the cryptographic key includes performing a requested cryptographic operation using the cryptographic key and without providing the cryptographic key to the browser. In some embodiments, the cryptographic key is managed by an operating system, a secure element, or another application of the device.

公开(公告)号：US20250119411A1

公开(公告)日：2025-04-10

申请号：US18909442

申请日：2024-10-08

Applicant: Apple Inc.

Inventor： Catherine Yun ,  Elliot S. Briggs ,  Simon J. Gornall ,  Michael J. Hashe ,  Steven A. Myers ,  Andrew M. Pace ,  Yannick L. Sierra ,  Phillip T. Tao

IPC: H04L9/40 ,  H04L9/14 ,  H04L9/32

Abstract: Techniques are disclosed relating to improving secure message communication. In various embodiments, a message delivery server receives a request to deliver an encrypted message from a sender to a recipient. The encrypted message obfuscates the identity of the sender such that the message delivery server is unable to determine the identity of the sender. The message delivery server determines whether to deliver the encrypted message based on a signed attestation received with the request and, based on the determining, delivers the encrypted message to the recipient. In some embodiments, the determining includes verifying the signed attestation using a verification key provide by the sender. In some embodiments, the encrypted message is an email, a text message, a push notification, or a video or audio call request.