公开(公告)号：US20250119273A1

公开(公告)日：2025-04-10

申请号：US18907189

申请日：2024-10-04

Applicant: Apple Inc.

Inventor： Jonathan L. Choukroun ,  Elliot S. Briggs ,  Marcos Caceres ,  Simon J. Gornall ,  Michael J. Hashe ,  Graham S. Orndorff ,  Andrew M. Pace ,  Yannick L. Sierra ,  Catherine Yun

IPC: H04L9/08 ,  G06F9/54 ,  H04L9/30

Abstract: Techniques are disclosed relating to improving key management on devices. In various embodiments, a device receives, from a browser via a key-management API supported by the device, a request for a browser session to receive access to a cryptographic key managed by the device. The key-management API of the device determines whether to grant the browser session access to the cryptographic key based on verification of a signed attestation from a server corresponding to the browser session and using metadata stored about the cryptographic key. Based on the determination, the device provides access to the cryptographic key via the key-management API. In some embodiments, providing access to the cryptographic key includes performing a requested cryptographic operation using the cryptographic key and without providing the cryptographic key to the browser. In some embodiments, the cryptographic key is managed by an operating system, a secure element, or another application of the device.