Patents by Inventor Mathieu Ciet

Mathieu Ciet has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11025596
    Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: June 1, 2021
    Assignee: Apple Inc.
    Inventors: Benoit Chevallier-Mames, Thomas Icart, Mathieu Ciet, Oliver J. Hunt, Yannick Sierra, Gokul Thirumalai, Roberto Garcia
  • Patent number: 10868672
    Abstract: A user device can verify a user's identity to a server while protecting user privacy by not sharing any personal data with any other device. To ensure user privacy and to allow multiple independent enrollments, the user device performs an enrollment process in which the user device locally collects and uses biometric data together with a random salt to generate a set of public/private key pairs from which biometric information cannot be extracted. The public keys and the salt, but not the biometric data, are sent to a server to store. To verify user identity, a user device can repeat the collection of biometric data from the user and the generation of public/private key pairs using the salt obtained from the server. If the device can prove to the server its possession of at least a minimum number of correct private keys, the user's identity can be verified.
    Type: Grant
    Filed: September 18, 2019
    Date of Patent: December 15, 2020
    Assignee: Apple Inc.
    Inventors: Augustin J. Farrugia, Ritwik K. Kumar, Gianpaolo Fasoli, Mathieu Ciet, Bruno Kindarji, Eric D. Friedman, Gianluca Barbieri, Lucas O. Winstrom
  • Publication number: 20200302133
    Abstract: A device implementing a system for authenticating an identity document includes at least one processor configured to receive, from a service provider, a request associated with verifying an integrity of an identity document, and capture, responsive to receiving the request, image data of the identity document. The at least one processor is further configured to generate a representation based on the image data, the representation comprising form factor data of the identity document, and compare the representation with a prior representation of the identity document, the prior representation comprising prior form factor data of the identity document. The at least one processor is further configured to provide, to the service provider, a response to the request based on comparing the representation with the prior representation.
    Type: Application
    Filed: February 28, 2020
    Publication date: September 24, 2020
    Inventors: Mathieu CIET, Bruno BENTEO, Michael MOUCHOUS, Augustin J. FARRUGIA
  • Patent number: 10599873
    Abstract: Systems and methods are described for rate-limiting a message-sending client interacting with a message service based on dynamically calculated risk assessments of the probability that the client is, or is not, a sender of a spam messages. The message service sends a proof of work problem to a sending client device with a difficulty level that is related to a risk assessment that the client is a sender of spam messages. The message system limits the rate at which a known or suspected spammer can send messages by giving the known or suspected spammer client harder proof of work problems to solve, while minimizing the burden on normal users of the message system by given them easier proof of work problems to solve that can typically be solved by the client within the time that it takes to type a message.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: March 24, 2020
    Assignee: Apple Inc.
    Inventors: Lucas O. Winstrom, Eric D. Friedman, Ritwik K. Kumar, Jeremy M. Stober, Amol V. Pattekar, Benoit Chevallier-Mames, Julien Lerouge, Gianpaolo Fasoli, Augustin J. Farrugia, Mathieu Ciet
  • Patent number: 10574458
    Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: February 25, 2020
    Assignee: APPLE INC.
    Inventors: Augustin J. Farrugia, Gianpaolo Fasoli, Bertrand Mollinier Toublet, Mathieu Ciet
  • Patent number: 10164772
    Abstract: The disclosed hash and message padding functions are based on the permutation composition problem. To compute a hash of a message using permutation composition based hashing, the message is split into equal size blocks. For each block, a permutation composition value is computed. The block permutation composition values are then combined through composition to generate an overall permutation composition value. The hash of the message is then based on the overall permutation composition value. To pad a message using permutation composition based padding, the message is split into equal size blocks. For each block, a permutation composition value is computed and the permutation composition value is added to the block. The padded blocks are then recombined to generate the padded message.
    Type: Grant
    Filed: May 30, 2014
    Date of Patent: December 25, 2018
    Assignee: Apple Inc.
    Inventors: Mathieu Ciet, Augustin J. Farrugia, Thomas Icart
  • Patent number: 10042989
    Abstract: The embodiments set forth systems and techniques to activate and provide other device services for user devices. An activation manager is configured to activate a user device by receiving an activation request for the device, accepting previously stored and encrypted trusted data for the device, getting current data for the device, determining whether the current data compares with the trusted data, and sending an authorization to activate the device when the current data compares favorably with the trusted data. Data can include a seed component divided into seed segments that are each combined with a unique device identifier using varying cryptographic primitives. Each encrypted seed segment and unique device identifier combination can be dedicated to a different device use or service, and can be used separately for device identification for that use or service.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: August 7, 2018
    Assignee: Apple Inc.
    Inventors: Gianpaolo Fasoli, Augustin J. Farrugia, Mathieu Ciet, Jean-Francois Riendeau
  • Publication number: 20180089465
    Abstract: Systems and methods are described for rate-limiting a message-sending client interacting with a message service based on dynamically calculated risk assessments of the probability that the client is, or is not, a sender of a spam messages. The message service sends a proof of work problem to a sending client device with a difficulty level that is related to a risk assessment that the client is a sender of spam messages. The message system limits the rate at which a known or suspected spammer can send messages by giving the known or suspected spammer client harder proof of work problems to solve, while minimizing the burden on normal users of the message system by given them easier proof of work problems to solve that can typically be solved by the client within the time that it takes to type a message.
    Type: Application
    Filed: September 18, 2017
    Publication date: March 29, 2018
    Inventors: Lucas O. Winstrom, Eric D. Friedman, Ritwik K. Kumar, Jeremy M. Stober, Amol V. Pattekar, Benoit Chevallier-Mames, Julien Lerouge, Gianpaolo Fasoli, Augustin J. Farrugia, Mathieu Ciet
  • Patent number: 9774443
    Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: September 26, 2017
    Assignee: Apple Inc.
    Inventors: Benoit Chevallier-Mames, Bruno Kindarji, Thomas Icart, Augustin J. Farrugia, Mathieu Ciet
  • Patent number: 9716586
    Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: July 25, 2017
    Assignee: Apple Inc.
    Inventors: Benoit Chevallier-Mames, Mathieu Ciet, Thomas Icart, Bruno Kindarji, Augustin J. Farrugia
  • Patent number: 9692592
    Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.
    Type: Grant
    Filed: September 27, 2015
    Date of Patent: June 27, 2017
    Assignee: Apple Inc.
    Inventors: Bruno Kindarji, Benoit Chevallier-Mames, Mathieu Ciet, Augustin J. Farrugia, Thomas Icart
  • Patent number: 9639673
    Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.
    Type: Grant
    Filed: June 17, 2014
    Date of Patent: May 2, 2017
    Assignee: Apple Inc.
    Inventors: Pierre Betouin, Augustin J. Farrugia, Benoit Chevallier-Mames, Bruno Kindarji, C├ędric Tessier, Jean-Baptiste Aviat, Mathieu Ciet, Thomas Icart
  • Patent number: 9565018
    Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).
    Type: Grant
    Filed: May 30, 2014
    Date of Patent: February 7, 2017
    Assignee: APPLE INC.
    Inventors: Augustin J. Farrugia, Benoit Chevallier-Mames, Bruno Kindarji, Mathieu Ciet, Thomas Icart
  • Publication number: 20160357951
    Abstract: The embodiments set forth systems and techniques to activate and provide other device services for user devices. An activation manager is configured to activate a user device by receiving an activation request for the device, accepting previously stored and encrypted trusted data for the device, getting current data for the device, determining whether the current data compares with the trusted data, and sending an authorization to activate the device when the current data compares favorably with the trusted data. Data can include a seed component divided into seed segments that are each combined with a unique device identifier using varying cryptographic primitives. Each encrypted seed segment and unique device identifier combination can be dedicated to a different device use or service, and can be used separately for device identification for that use or service.
    Type: Application
    Filed: September 30, 2015
    Publication date: December 8, 2016
    Inventors: Gianpaolo FASOLI, Augustin J. FARRUGIA, Mathieu CIET, Jean-Francois RIENDEAU
  • Publication number: 20160359618
    Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.
    Type: Application
    Filed: September 27, 2015
    Publication date: December 8, 2016
    Inventors: Bruno Kindarji, Benoit Chevallier-Mames, Mathieu Ciet, Augustin J. Farrugia, Thomas Icart
  • Patent number: 9515818
    Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.
    Type: Grant
    Filed: September 16, 2014
    Date of Patent: December 6, 2016
    Assignee: APPLE INC.
    Inventors: Bruno Kindarji, Mathieu Ciet, Benoit Chevallier-Mames, Thomas Icart, Augustin J. Farrugia
  • Publication number: 20160261405
    Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.
    Type: Application
    Filed: March 4, 2015
    Publication date: September 8, 2016
    Inventors: Benoit Chevallier-Mames, Bruno Kindarji, Thomas Icart, Augustin J. Farrugia, Mathieu Ciet
  • Publication number: 20160211972
    Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.
    Type: Application
    Filed: January 19, 2016
    Publication date: July 21, 2016
    Inventors: Benoit Chevallier-Mames, Mathieu Ciet, Thomas Icart, Bruno Kindarji, Augustin J. Farrugia
  • Publication number: 20160204939
    Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content.
    Type: Application
    Filed: March 18, 2016
    Publication date: July 14, 2016
    Inventors: Augustin J. Farrugia, Gianpaolo Fasoli, Bertrand Mollinier Toublet, Mathieu Ciet
  • Patent number: 9336370
    Abstract: A method and an apparatus that provide rewriting code to dynamically mask program data statically embedded in a first code are described. The program data can be used in multiple instructions in the first code. A code location (e.g. an optimal code location) in the first code can be determined for injecting the rewriting code. The code location may be included in two or more execution paths of first code. Each execution path can have at least one of the instructions using the program data. A second code may be generated based on the first code inserted with the rewriting code at the optimal code location. The second code can include instructions using the program data dynamically masked by the rewriting code. When executed by a processor, the first code and the second code can generate identical results.
    Type: Grant
    Filed: December 6, 2012
    Date of Patent: May 10, 2016
    Assignee: Apple Inc.
    Inventors: Benoit Chevallier-Mames, Daniel F. Reynaud, Jonathan G. McLachlan, Julien Lerouge, Mathieu Ciet, Thomas Icart