Patents by Inventor Conrad Sauerwald

Conrad Sauerwald has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11329827
    Abstract: A method of unlocking a second device using a first device is disclosed. The method can include: the first device pairing with the second device; establishing a trusted relationship with the second device; authenticating the first device using a device key; receiving a secret key from the second device; receiving a user input from an input/output device; and transmitting the received secret key to the second device to unlock the second device in response to receiving the user input, wherein establishing a trusted relationship with the second device comprises using a key generated from a hardware key associated with the first device to authenticate the device key.
    Type: Grant
    Filed: October 5, 2016
    Date of Patent: May 10, 2022
    Assignee: Apple Inc.
    Inventors: Conrad Sauerwald, Alexander Ledwith, John Iarocci, Marc J. Krochmal, Wade Benson, Gregory Novick, Noah Witherspoon
  • Publication number: 20210281426
    Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.
    Type: Application
    Filed: March 16, 2021
    Publication date: September 9, 2021
    Inventors: Tristan F. Schaap, Conrad Sauerwald, Craig Marciniak, Jerrold V. Hauck, Zachary F. Papilion, Jeffrey Lee
  • Patent number: 10951419
    Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.
    Type: Grant
    Filed: August 9, 2019
    Date of Patent: March 16, 2021
    Assignee: Apple Inc.
    Inventors: Tristan F. Schaap, Conrad Sauerwald, Craig Marciniak, Jerrold V. Hauck, Zachary F. Papilion, Jeffrey Lee
  • Patent number: 10853504
    Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
    Type: Grant
    Filed: November 22, 2019
    Date of Patent: December 1, 2020
    Assignee: Apple Inc.
    Inventors: Timothy R. Paaske, Mitchell D. Adler, Conrad Sauerwald, Fabrice L. Gautier, Shu-Yi Yu
  • Publication number: 20200213133
    Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.
    Type: Application
    Filed: August 9, 2019
    Publication date: July 2, 2020
    Inventors: Tristan F. Schaap, Conrad Sauerwald, Craig Marciniak, Jerrold V. Hauck, Zachary F. Papilion, Jeffrey Lee
  • Patent number: 10586260
    Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.
    Type: Grant
    Filed: November 2, 2012
    Date of Patent: March 10, 2020
    Assignee: Apple Inc.
    Inventors: Thomas Matthieu Alsina, Scott T. Boyd, Michael Kuohao Chu, Augustin J. Farrugia, Gianpaolo Fasoli, Patrice O. Gautier, Sean B. Kelly, Payam Mirrashidi, Pedraum Pardehpoosh, Conrad Sauerwald, Kenneth W. Scott, Rajit Shinh, Braden Jacob Thomas, Andrew R. Whalley
  • Publication number: 20200047865
    Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.
    Type: Application
    Filed: October 21, 2019
    Publication date: February 13, 2020
    Inventors: Thomas Matthieu Alsina, Scott T. Boyd, Michael Kuohao Chu, Augustin J. Farrugia, Gianpaolo Fasoli, Patrice O. Gautier, Sean B. Kelly, Payam Mirrashidi, Pedraum Pardehpoosh, Conrad Sauerwald, Kenneth W. Scott, Rajit Shinh, Braden Jacob Thomas, Andrew R. Whalley
  • Patent number: 10536271
    Abstract: Systems and methods are disclosed for generating one or more hardware reference keys (HRK) on a computing device, and for attesting to the validity of the hardware reference keys. An initial hardware reference key can be a silicon attestation key (SIK) generated during manufacture of a computing system, such as a system-on-a-chip. The SIK can comprise an asymmetric key pair based at least in part on an identifier of the processing system type and a unique identifier of the processing system. The SIK can be signed by the computing system and stored thereon. The SIK can be used to generate further HRKs on the computing device that can attest to the processing system type of the computing device and an operating system version that was running when the HRK was generated. The computing device can generate an HRK attestation (HRKA) for each HRK generated on the computing system.
    Type: Grant
    Filed: February 16, 2017
    Date of Patent: January 14, 2020
    Assignee: Apple Inc.
    Inventors: Thomas P. Mensch, Conrad Sauerwald, Jerrold V. Hauck, Timothy R. Paaske, Zhimin Chen, Andrew R. Whalley
  • Patent number: 10521596
    Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: December 31, 2019
    Assignee: Apple Inc.
    Inventors: Timothy R. Paaske, Mitchell D. Adler, Conrad Sauerwald, Fabrice L. Gautier, Shu-Yi Yu
  • Patent number: 10423804
    Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: September 24, 2019
    Assignee: Apple Inc.
    Inventors: Wade Benson, Conrad Sauerwald, Mitchell D. Adler, Michael Brouwer, Timothee Geoghegan, Andrew R. Whalley, David P. Finkelstein, Yannick L. Sierra
  • Patent number: 10382210
    Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: August 13, 2019
    Assignee: Apple Inc.
    Inventors: Tristan F. Schaap, Conrad Sauerwald, Craig A. Marciniak, Jerrold V. Hauck, Zachary F. Papilion, Jeffrey Lee
  • Patent number: 10349270
    Abstract: A method of establishing communications with a first device is disclosed. The method includes: the first device presenting connection information to a second device; receiving a response from a second device; establishing an association with the second device; transmitting, in response to a determination that the first device and the second device are connected for data, first data to the second device, the first data comprising addressing information for a server; receiving second data from the second device, the second data comprising second information for establishing communications with the first device; and configuring the first device to receive third data from a location remote to the first device using the second information from the second data.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: July 9, 2019
    Assignee: Apple Inc.
    Inventors: Tyler Hawkins, Christopher Wilson, Conrad Sauerwald, Gregory Novick, Neil G. Crane, Rudolph Van Der Merwe, Samuel Noble, Paul William Chinn
  • Publication number: 20190037393
    Abstract: A method of establishing communications with a first device is disclosed. The method includes: the first device presenting connection information to a second device; receiving a response from a second device; establishing an association with the second device; transmitting, in response to a determination that the first device and the second device are connected for data, first data to the second device, the first data comprising addressing information for a server; receiving second data from the second device, the second data comprising second information for establishing communications with the first device; and configuring the first device to receive third data from a location remote to the first device using the second information from the second data.
    Type: Application
    Filed: June 29, 2018
    Publication date: January 31, 2019
    Inventors: Tyler HAWKINS, Christopher WILSON, Conrad SAUERWALD, Gregory NOVICK, Neil G. CRANE, Rudolph VAN DER MERWE, Samuel NOBLE, Paul William CHINN
  • Patent number: 10114956
    Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
    Type: Grant
    Filed: January 2, 2018
    Date of Patent: October 30, 2018
    Assignee: Apple Inc.
    Inventors: Timothy R. Paaske, Mitchell D. Adler, Conrad Sauerwald, Fabrice L. Gautier, Shu-Yi Yu
  • Patent number: 10015668
    Abstract: A method of establishing communications with a first device is disclosed. The method includes: the first device presenting connection information to a second device; receiving a response from a second device; establishing an association with the second device; transmitting, in response to a determination that the first device and the second device are connected for data, first data to the second device, the first data comprising addressing information for a server; receiving second data from the second device, the second data comprising second information for establishing communications with the first device; and configuring the first device to receive third data from a location remote to the first device using the second information from the second data.
    Type: Grant
    Filed: January 16, 2018
    Date of Patent: July 3, 2018
    Assignee: Apple Inc.
    Inventors: Tyler Hawkins, Christopher Wilson, Conrad Sauerwald, Gregory Novick, Neil G. Crane, Rudolph Van Der Merwe, Samuel Noble, Paul William Chinn
  • Publication number: 20180146366
    Abstract: A method of establishing communications with a first device is disclosed. The method includes: the first device presenting connection information to a second device; receiving a response from a second device; establishing an association with the second device; transmitting, in response to a determination that the first device and the second device are connected for data, first data to the second device, the first data comprising addressing information for a server; receiving second data from the second device, the second data comprising second information for establishing communications with the first device; and configuring the first device to receive third data from a location remote to the first device using the second information from the second data.
    Type: Application
    Filed: January 16, 2018
    Publication date: May 24, 2018
    Inventors: Tyler HAWKINS, Christopher WILSON, Conrad SAUERWALD, Gregory NOVICK, Neil G. CRANE, Rudolph VAN DER MERWE, Samuel NOBLE, Paul William CHINN
  • Patent number: 9900767
    Abstract: A method of establishing communications with a first device is disclosed. The method includes: the first device presenting connection information to a second device; receiving a response from a second device; establishing an association with the second device; transmitting, in response to a determination that the first device and the second device are connected for data, first data to the second device, the first data comprising addressing information for a server; receiving second data from the second device, the second data comprising second information for establishing communications with the first device; and configuring the first device to receive third data from a location remote to the first device using the second information from the second data.
    Type: Grant
    Filed: May 18, 2017
    Date of Patent: February 20, 2018
    Assignee: Apple Inc.
    Inventors: Tyler Hawkins, Christopher Wilson, Conrad Sauerwald, Gregory Novick, Neil G. Crane, Rudolph Van Der Merwe, Samuel Noble, Paul William Chinn
  • Patent number: 9892267
    Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: February 13, 2018
    Assignee: Apple Inc.
    Inventors: Timothy R. Paaske, Mitchell D. Adler, Conrad Sauerwald, Fabrice L. Gautier, Shu-Yi Yu
  • Publication number: 20170357830
    Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.
    Type: Application
    Filed: September 23, 2016
    Publication date: December 14, 2017
    Inventors: Wade Benson, Conrad Sauerwald, Mitchell D. Adler, Michael Brouwer, Timothee Geoghegan, Andrew R. Whalley, David P. Finkelstein, Yannick L. Sierra
  • Patent number: 9813389
    Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.
    Type: Grant
    Filed: July 22, 2016
    Date of Patent: November 7, 2017
    Assignee: Apple Inc.
    Inventors: Conrad Sauerwald, Vrajesh Rajesh Bhavsar, Kenneth Buffalo McNeil, Thomas Brogan Duffy, Jr., Michael Lambertus Hubertus Brouwer, Matthew John Byom, Mitchell David Adler, Eric Brandon Tamura