Patents by Inventor Wade Benson

Wade Benson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12641435
    Abstract: The subject technology provides a framework for a trusted device to modify a security state of a target device (e.g., not fully unlocking the target device by activating biometric authentication at the target device) based on a secure ranging operation. The subject technology enables the trusted device to establish a secure and authenticated connection with the target device that is used to activate biometric authentication at the target device. The biometric authentication may fully unlock the target device. The trusted device may be able to activate the biometric authentication at the target device when the trusted device is in an unlocked state, or even when the trusted device is in a locked state so long as less than a threshold amount of time has passed since the trusted device was last unlocked.
    Type: Grant
    Filed: November 14, 2023
    Date of Patent: May 26, 2026
    Assignee: Apple Inc.
    Inventors: Benjamin A. Werner, Wade Benson, Rachel E. Miller, Brian G. Kilberg
  • Publication number: 20260142824
    Abstract: Embodiments described herein provided techniques to enable peripherals configured to provide secure functionality. A secure circuit on a peripheral device can be paired with a secure circuit on a host device outside of a factory environment without compromising security by verifying silicon keys that are embedded within the secure circuit during manufacturing.
    Type: Application
    Filed: December 5, 2025
    Publication date: May 21, 2026
    Applicant: Apple Inc.
    Inventors: Kyle C. Brogle, Wade Benson, Sean P. Devlin, Lucie Kucerova, Thomas P. Mensch, Yannick L. Sierra, Tomislav Suchan
  • Publication number: 20260080089
    Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.
    Type: Application
    Filed: September 22, 2025
    Publication date: March 19, 2026
    Inventors: Eric B. Tamura, Wade Benson, John Garvey
  • Patent number: 12494913
    Abstract: Embodiments described herein provided techniques to enable peripherals configured to provide secure functionality. A secure circuit on a peripheral device can be paired with a secure circuit on a host device outside of a factory environment without compromising security by verifying silicon keys that are embedded within the secure circuit during manufacturing.
    Type: Grant
    Filed: March 16, 2022
    Date of Patent: December 9, 2025
    Assignee: Apple Inc.
    Inventors: Kyle C. Brogle, Wade Benson, Sean P. Devlin, Lucie Kucerova, Thomas P. Mensch, Yannick L. Sierra, Tomislav Suchan
  • Publication number: 20250350467
    Abstract: Techniques are disclosed relating to load balancing across server systems that communicate using end-to-end encryption. In various embodiments, a load balancer receives a first request from a client device to access one of a plurality of server systems providing a resource and communicating using end-to-end encryption. The load balancer provides, to the client device, a first set of public-key attestations for a first subset of the plurality of server systems. A given one of the public-key attestations includes a public key of one of the first subset of server systems. The load balancer receives, from the client device, a second request to use the resource, the second request being encrypted using the attested-to public keys of the first subset of server systems. The load balancer distributes the second request to, at least, one of the first subset of server systems.
    Type: Application
    Filed: May 8, 2025
    Publication date: November 13, 2025
    Inventors: Ivan Krstic, Anthony J. Chivetta, Alexander Balducci, Catherine Yun, Christian Priebe, Cory Benfield, Daniel E. Loffgren, David C. Zech, Jeremy C. Andrus, Jose A. Lozano Hinojosa, Navin N. Pai, Robert M. Lacroix, Thomas P. Devanneaux, Thomas F. Pauly, Vasanth Swaminathan, Venkata Madan Kameswar Vellamcheti, Wade Benson, Yash Gupta
  • Publication number: 20250350445
    Abstract: Techniques are disclosed relating to improving user privacy when accessing a resource. In various embodiments, a server system provides a resource accessible to a plurality of client devices using end-to-end encryption. The server system provides a signed attestation that includes a public key of the server system, the attestation attesting to the public key and to a set of system properties of the server system that are immutable while the resource is accessible. The server system receives a request from one of the client devices to access the resource, the request including encrypted using the attested-to public key of the server system. In some embodiments, the server system publishes information about the immutable system properties to a transparency log stored in a transparency server accessible to the client device when verifying the signed attestation.
    Type: Application
    Filed: May 8, 2025
    Publication date: November 13, 2025
    Inventors: Ivan Krstic, Anthony J. Chivetta, Alexander Balducci, Catherine Yun, Christian Priebe, Cory Benfield, Daniel E. Loffgren, David C. Zech, Jeremy C. Andrus, Jose A. Lozano Hinojosa, Navin N. Pai, Robert M. Lacroix, Thomas P. Devanneaux, Thomas F. Pauly, Vasanth Swaminathan, Venkata Madan Kameswar Vellamcheti, Wade Benson, Yash Gupta
  • Publication number: 20250348337
    Abstract: The present disclosure generally relates to accessing content. Some techniques are for remote access while locked in accordance with some embodiments. Other techniques are for selectively ceasing display of a user interface in accordance with some embodiments. Other techniques are for remote authentication in accordance with some embodiments. Other techniques are for re-validating secrets in accordance with some embodiments. Other techniques are for selectively allowing continued access in accordance with some embodiments. Other techniques are for interacting between devices in accordance with some embodiments.
    Type: Application
    Filed: April 28, 2025
    Publication date: November 13, 2025
    Inventors: John O. LOUCH, Benjamin E. NIELSEN, Brittany D. PAINE, Cindy M. BARRETT, Alejandro A. RODRIGUEZ, Leandro I. CANDIOTTO, Jeffrey J. KLARFELD, Libor SYKORA, Nicholas J. CIRCOSTA, Shannon SHIH, Todd R. FERNANDEZ, Wade BENSON, Neil N. DESAI, Anthony R. GRIFFIN, Jacques A. VIDRINE
  • Publication number: 20250350455
    Abstract: Techniques are disclosed relating to improving user privacy using machine learning (ML) models. In various embodiments, a device processes a query using a locally stored large language model (LLM) operable to use supplemental data provided by one of a plurality of assisting server systems. The device verifies a set of public-key attestations, each attesting to a public key of a respective one of the assisting server systems. The device sends, based on the verifying, a request for the supplemental data to the assisting server systems. The request includes intermediary data produced by the processing and is encrypted using the attested-to public keys. The device processes the received supplemental data using the LLM to produce a result of the query. In some embodiments, the device encrypts the intermediary data with a symmetric key and encrypts a respective instance of the symmetric key with each of the attested-to public keys.
    Type: Application
    Filed: May 8, 2025
    Publication date: November 13, 2025
    Inventors: Ivan Krstic, Anthony J. Chivetta, Alexander Balducci, Catherine Yun, Christian Priebe, Cory Benfield, Daniel E. Loffgren, David C. Zech, Jeremy C. Andrus, Jose A. Lozano Hinojosa, Navin N. Pai, Robert M. Lacroix, Thomas P. Devanneaux, Thomas F. Pauly, Vasanth Swaminathan, Venkata Madan Kameswar Vellamcheti, Wade Benson, Yash Gupta
  • Patent number: 12450380
    Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.
    Type: Grant
    Filed: September 25, 2023
    Date of Patent: October 21, 2025
    Assignee: Apple Inc.
    Inventors: Eric B. Tamura, Wade Benson, John Garvey
  • Patent number: 12314408
    Abstract: Techniques are disclosed relating to securely storing data in a computing system. In some embodiments, a computing system performs a boot sequence that includes generating ephemeral key data and preventing the generated ephemeral key data from being stored in a non-volatile storage including persisting the generated ephemeral key data in the volatile storage. The boot sequence further includes creating, in the non-volatile storage, an ephemeral data volume and encrypting the ephemeral data volume by using the ephemeral key data persisted in the volatile storage.
    Type: Grant
    Filed: June 3, 2022
    Date of Patent: May 27, 2025
    Assignee: Apple Inc.
    Inventors: Wade Benson, Anthony J. Chivetta, D. J. Capelis
  • Patent number: 12294655
    Abstract: A method of unlocking a second device using a first device is disclosed. The method can include: the first device pairing with the second device; establishing a trusted relationship with the second device; authenticating the first device using a device key; receiving a secret key from the second device; receiving a user input from an input/output device; and transmitting the received secret key to the second device to unlock the second device in response to receiving the user input, wherein establishing a trusted relationship with the second device comprises using a key generated from a hardware key associated with the first device to authenticate the device key.
    Type: Grant
    Filed: November 7, 2022
    Date of Patent: May 6, 2025
    Assignee: Apple Inc.
    Inventors: Conrad Sauerwald, Alexander Ledwith, John Iarocci, Marc J. Krochmal, Wade Benson, Gregory Novick, Noah Witherspoon
  • Publication number: 20250094602
    Abstract: Techniques are disclosed relating to cryptographic key exchanges. In some embodiments, a computing device includes a cryptographic circuit coupled to a secure memory inaccessible to a processor of the computing device. Program instructions executing on the computing device can request performance of a key exchange to establish a shared secret with another device. The cryptographic circuit is configured to perform the key exchange including deriving the shared secret using private key material maintained in the secure memory. In some embodiments, the key exchange includes verifying a key authorization data structure issued by a key authority including a first public key of a first participant authority and a second public key of a second participant authority. In response to the verifying being successful, the exchange uses a public key pair attested to by the first participant authority as belonging to a member in the first device group.
    Type: Application
    Filed: December 15, 2023
    Publication date: March 20, 2025
    Inventors: Thomas P. Mensch, Elad Efrat, David Tamagno, Armaiti Ardeshiricham, Wade Benson, Yannick L. Sierra
  • Publication number: 20250097018
    Abstract: Techniques are disclosed relating to cryptographic key exchanges. In some embodiments, a first device belonging to a first device group receives a request to perform a key exchange to establish a shared secret with a second device belonging to a second device group. The first device verifies a key authorization data structure issued by a key authority, the key authorization data structure including a first public key of a first participant authority authorized to identify members of the first device group and a second public key of a second participant authority authorized to identify members of the second device group. In response to the verifying being successful, the first device performs the requested exchange using a public key pair attested to by the first participant authority as belonging to a member in the first device group.
    Type: Application
    Filed: December 15, 2023
    Publication date: March 20, 2025
    Inventors: Thomas P. Mensch, Elad Efrat, David Tamagno, Armaiti Ardeshiricham, Wade Benson, Yannick L. Sierra
  • Publication number: 20240406735
    Abstract: The subject technology provides a framework for a trusted device to modify a security state of a target device (e.g., not fully unlocking the target device by activating biometric authentication at the target device) based on a secure ranging operation. The subject technology enables the trusted device to establish a secure and authenticated connection with the target device that is used to activate biometric authentication at the target device. The biometric authentication may fully unlock the target device. The trusted device may be able to activate the biometric authentication at the target device when the trusted device is in an unlocked state, or even when the trusted device is in a locked state so long as less than a threshold amount of time has passed since the trusted device was last unlocked.
    Type: Application
    Filed: November 14, 2023
    Publication date: December 5, 2024
    Inventors: Benjamin A. WERNER, Wade BENSON, Rachel E. MILLER, Brian G. KILBERG
  • Patent number: 12113784
    Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.
    Type: Grant
    Filed: February 9, 2023
    Date of Patent: October 8, 2024
    Assignee: Apple Inc.
    Inventors: Wade Benson, Marc J. Krochmal, Alexander R. Ledwith, John Iarocci, Jerrold V. Hauck, Michael Brouwer, Mitchell D. Adler, Yannick L Sierra
  • Patent number: 12008087
    Abstract: Techniques are disclosed relating to maintaining device security associated with reduced power modes. In some embodiments, a computing device receives a request to place the computing device in a reduced power mode in which a first memory of the computing device is powered off. Based on the request, the computing device offloads a memory page from the first memory to a second memory such that the offloading includes encrypting the memory page. Based on a request to resume from the reduced power mode, the computing device restores the memory page from the second memory to the first memory such that the restoring includes decrypting the encrypted memory page. After initiating the restoring, the computing device presents a user authentication prompt asking for a user credential.
    Type: Grant
    Filed: October 19, 2021
    Date of Patent: June 11, 2024
    Assignee: Apple Inc.
    Inventors: Alan M. Dunn, Anish C. Trivedi, Ronnie G. Misra, Wade Benson, Anand Dalal
  • Publication number: 20240160766
    Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.
    Type: Application
    Filed: September 25, 2023
    Publication date: May 16, 2024
    Inventors: Eric B. Tamura, Wade Benson, John Garvey
  • Publication number: 20240039714
    Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.
    Type: Application
    Filed: August 9, 2023
    Publication date: February 1, 2024
    Inventors: Wade Benson, Libor Sykora, Vratislav Kuzela, Michael Brouwer, Andrew R. Whalley, Jerrold V. Hauck, David Finkelstein, Thomas Mensch
  • Patent number: 11822664
    Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.
    Type: Grant
    Filed: November 6, 2020
    Date of Patent: November 21, 2023
    Assignee: Apple Inc.
    Inventors: Xeno S. Kovah, Nikolaj Schlej, Thomas P. Mensch, Wade Benson, Jerrold V. Hauck, Josh P. de Cesare, Austin G. Jennings, John J. Dong, Robert C. Graham, Jacques Fortier
  • Patent number: 11809584
    Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.
    Type: Grant
    Filed: December 2, 2021
    Date of Patent: November 7, 2023
    Assignee: Apple Inc.
    Inventors: Eric B. Tamura, Wade Benson, John Garvey