Patents by Inventor Wade Benson
Wade Benson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12641435Abstract: The subject technology provides a framework for a trusted device to modify a security state of a target device (e.g., not fully unlocking the target device by activating biometric authentication at the target device) based on a secure ranging operation. The subject technology enables the trusted device to establish a secure and authenticated connection with the target device that is used to activate biometric authentication at the target device. The biometric authentication may fully unlock the target device. The trusted device may be able to activate the biometric authentication at the target device when the trusted device is in an unlocked state, or even when the trusted device is in a locked state so long as less than a threshold amount of time has passed since the trusted device was last unlocked.Type: GrantFiled: November 14, 2023Date of Patent: May 26, 2026Assignee: Apple Inc.Inventors: Benjamin A. Werner, Wade Benson, Rachel E. Miller, Brian G. Kilberg
-
Publication number: 20260142824Abstract: Embodiments described herein provided techniques to enable peripherals configured to provide secure functionality. A secure circuit on a peripheral device can be paired with a secure circuit on a host device outside of a factory environment without compromising security by verifying silicon keys that are embedded within the secure circuit during manufacturing.Type: ApplicationFiled: December 5, 2025Publication date: May 21, 2026Applicant: Apple Inc.Inventors: Kyle C. Brogle, Wade Benson, Sean P. Devlin, Lucie Kucerova, Thomas P. Mensch, Yannick L. Sierra, Tomislav Suchan
-
Publication number: 20260080089Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.Type: ApplicationFiled: September 22, 2025Publication date: March 19, 2026Inventors: Eric B. Tamura, Wade Benson, John Garvey
-
Patent number: 12494913Abstract: Embodiments described herein provided techniques to enable peripherals configured to provide secure functionality. A secure circuit on a peripheral device can be paired with a secure circuit on a host device outside of a factory environment without compromising security by verifying silicon keys that are embedded within the secure circuit during manufacturing.Type: GrantFiled: March 16, 2022Date of Patent: December 9, 2025Assignee: Apple Inc.Inventors: Kyle C. Brogle, Wade Benson, Sean P. Devlin, Lucie Kucerova, Thomas P. Mensch, Yannick L. Sierra, Tomislav Suchan
-
Publication number: 20250350467Abstract: Techniques are disclosed relating to load balancing across server systems that communicate using end-to-end encryption. In various embodiments, a load balancer receives a first request from a client device to access one of a plurality of server systems providing a resource and communicating using end-to-end encryption. The load balancer provides, to the client device, a first set of public-key attestations for a first subset of the plurality of server systems. A given one of the public-key attestations includes a public key of one of the first subset of server systems. The load balancer receives, from the client device, a second request to use the resource, the second request being encrypted using the attested-to public keys of the first subset of server systems. The load balancer distributes the second request to, at least, one of the first subset of server systems.Type: ApplicationFiled: May 8, 2025Publication date: November 13, 2025Inventors: Ivan Krstic, Anthony J. Chivetta, Alexander Balducci, Catherine Yun, Christian Priebe, Cory Benfield, Daniel E. Loffgren, David C. Zech, Jeremy C. Andrus, Jose A. Lozano Hinojosa, Navin N. Pai, Robert M. Lacroix, Thomas P. Devanneaux, Thomas F. Pauly, Vasanth Swaminathan, Venkata Madan Kameswar Vellamcheti, Wade Benson, Yash Gupta
-
Publication number: 20250350445Abstract: Techniques are disclosed relating to improving user privacy when accessing a resource. In various embodiments, a server system provides a resource accessible to a plurality of client devices using end-to-end encryption. The server system provides a signed attestation that includes a public key of the server system, the attestation attesting to the public key and to a set of system properties of the server system that are immutable while the resource is accessible. The server system receives a request from one of the client devices to access the resource, the request including encrypted using the attested-to public key of the server system. In some embodiments, the server system publishes information about the immutable system properties to a transparency log stored in a transparency server accessible to the client device when verifying the signed attestation.Type: ApplicationFiled: May 8, 2025Publication date: November 13, 2025Inventors: Ivan Krstic, Anthony J. Chivetta, Alexander Balducci, Catherine Yun, Christian Priebe, Cory Benfield, Daniel E. Loffgren, David C. Zech, Jeremy C. Andrus, Jose A. Lozano Hinojosa, Navin N. Pai, Robert M. Lacroix, Thomas P. Devanneaux, Thomas F. Pauly, Vasanth Swaminathan, Venkata Madan Kameswar Vellamcheti, Wade Benson, Yash Gupta
-
Publication number: 20250348337Abstract: The present disclosure generally relates to accessing content. Some techniques are for remote access while locked in accordance with some embodiments. Other techniques are for selectively ceasing display of a user interface in accordance with some embodiments. Other techniques are for remote authentication in accordance with some embodiments. Other techniques are for re-validating secrets in accordance with some embodiments. Other techniques are for selectively allowing continued access in accordance with some embodiments. Other techniques are for interacting between devices in accordance with some embodiments.Type: ApplicationFiled: April 28, 2025Publication date: November 13, 2025Inventors: John O. LOUCH, Benjamin E. NIELSEN, Brittany D. PAINE, Cindy M. BARRETT, Alejandro A. RODRIGUEZ, Leandro I. CANDIOTTO, Jeffrey J. KLARFELD, Libor SYKORA, Nicholas J. CIRCOSTA, Shannon SHIH, Todd R. FERNANDEZ, Wade BENSON, Neil N. DESAI, Anthony R. GRIFFIN, Jacques A. VIDRINE
-
Publication number: 20250350455Abstract: Techniques are disclosed relating to improving user privacy using machine learning (ML) models. In various embodiments, a device processes a query using a locally stored large language model (LLM) operable to use supplemental data provided by one of a plurality of assisting server systems. The device verifies a set of public-key attestations, each attesting to a public key of a respective one of the assisting server systems. The device sends, based on the verifying, a request for the supplemental data to the assisting server systems. The request includes intermediary data produced by the processing and is encrypted using the attested-to public keys. The device processes the received supplemental data using the LLM to produce a result of the query. In some embodiments, the device encrypts the intermediary data with a symmetric key and encrypts a respective instance of the symmetric key with each of the attested-to public keys.Type: ApplicationFiled: May 8, 2025Publication date: November 13, 2025Inventors: Ivan Krstic, Anthony J. Chivetta, Alexander Balducci, Catherine Yun, Christian Priebe, Cory Benfield, Daniel E. Loffgren, David C. Zech, Jeremy C. Andrus, Jose A. Lozano Hinojosa, Navin N. Pai, Robert M. Lacroix, Thomas P. Devanneaux, Thomas F. Pauly, Vasanth Swaminathan, Venkata Madan Kameswar Vellamcheti, Wade Benson, Yash Gupta
-
Patent number: 12450380Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.Type: GrantFiled: September 25, 2023Date of Patent: October 21, 2025Assignee: Apple Inc.Inventors: Eric B. Tamura, Wade Benson, John Garvey
-
Patent number: 12314408Abstract: Techniques are disclosed relating to securely storing data in a computing system. In some embodiments, a computing system performs a boot sequence that includes generating ephemeral key data and preventing the generated ephemeral key data from being stored in a non-volatile storage including persisting the generated ephemeral key data in the volatile storage. The boot sequence further includes creating, in the non-volatile storage, an ephemeral data volume and encrypting the ephemeral data volume by using the ephemeral key data persisted in the volatile storage.Type: GrantFiled: June 3, 2022Date of Patent: May 27, 2025Assignee: Apple Inc.Inventors: Wade Benson, Anthony J. Chivetta, D. J. Capelis
-
Patent number: 12294655Abstract: A method of unlocking a second device using a first device is disclosed. The method can include: the first device pairing with the second device; establishing a trusted relationship with the second device; authenticating the first device using a device key; receiving a secret key from the second device; receiving a user input from an input/output device; and transmitting the received secret key to the second device to unlock the second device in response to receiving the user input, wherein establishing a trusted relationship with the second device comprises using a key generated from a hardware key associated with the first device to authenticate the device key.Type: GrantFiled: November 7, 2022Date of Patent: May 6, 2025Assignee: Apple Inc.Inventors: Conrad Sauerwald, Alexander Ledwith, John Iarocci, Marc J. Krochmal, Wade Benson, Gregory Novick, Noah Witherspoon
-
Publication number: 20250094602Abstract: Techniques are disclosed relating to cryptographic key exchanges. In some embodiments, a computing device includes a cryptographic circuit coupled to a secure memory inaccessible to a processor of the computing device. Program instructions executing on the computing device can request performance of a key exchange to establish a shared secret with another device. The cryptographic circuit is configured to perform the key exchange including deriving the shared secret using private key material maintained in the secure memory. In some embodiments, the key exchange includes verifying a key authorization data structure issued by a key authority including a first public key of a first participant authority and a second public key of a second participant authority. In response to the verifying being successful, the exchange uses a public key pair attested to by the first participant authority as belonging to a member in the first device group.Type: ApplicationFiled: December 15, 2023Publication date: March 20, 2025Inventors: Thomas P. Mensch, Elad Efrat, David Tamagno, Armaiti Ardeshiricham, Wade Benson, Yannick L. Sierra
-
Publication number: 20250097018Abstract: Techniques are disclosed relating to cryptographic key exchanges. In some embodiments, a first device belonging to a first device group receives a request to perform a key exchange to establish a shared secret with a second device belonging to a second device group. The first device verifies a key authorization data structure issued by a key authority, the key authorization data structure including a first public key of a first participant authority authorized to identify members of the first device group and a second public key of a second participant authority authorized to identify members of the second device group. In response to the verifying being successful, the first device performs the requested exchange using a public key pair attested to by the first participant authority as belonging to a member in the first device group.Type: ApplicationFiled: December 15, 2023Publication date: March 20, 2025Inventors: Thomas P. Mensch, Elad Efrat, David Tamagno, Armaiti Ardeshiricham, Wade Benson, Yannick L. Sierra
-
Publication number: 20240406735Abstract: The subject technology provides a framework for a trusted device to modify a security state of a target device (e.g., not fully unlocking the target device by activating biometric authentication at the target device) based on a secure ranging operation. The subject technology enables the trusted device to establish a secure and authenticated connection with the target device that is used to activate biometric authentication at the target device. The biometric authentication may fully unlock the target device. The trusted device may be able to activate the biometric authentication at the target device when the trusted device is in an unlocked state, or even when the trusted device is in a locked state so long as less than a threshold amount of time has passed since the trusted device was last unlocked.Type: ApplicationFiled: November 14, 2023Publication date: December 5, 2024Inventors: Benjamin A. WERNER, Wade BENSON, Rachel E. MILLER, Brian G. KILBERG
-
Patent number: 12113784Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.Type: GrantFiled: February 9, 2023Date of Patent: October 8, 2024Assignee: Apple Inc.Inventors: Wade Benson, Marc J. Krochmal, Alexander R. Ledwith, John Iarocci, Jerrold V. Hauck, Michael Brouwer, Mitchell D. Adler, Yannick L Sierra
-
Patent number: 12008087Abstract: Techniques are disclosed relating to maintaining device security associated with reduced power modes. In some embodiments, a computing device receives a request to place the computing device in a reduced power mode in which a first memory of the computing device is powered off. Based on the request, the computing device offloads a memory page from the first memory to a second memory such that the offloading includes encrypting the memory page. Based on a request to resume from the reduced power mode, the computing device restores the memory page from the second memory to the first memory such that the restoring includes decrypting the encrypted memory page. After initiating the restoring, the computing device presents a user authentication prompt asking for a user credential.Type: GrantFiled: October 19, 2021Date of Patent: June 11, 2024Assignee: Apple Inc.Inventors: Alan M. Dunn, Anish C. Trivedi, Ronnie G. Misra, Wade Benson, Anand Dalal
-
Publication number: 20240160766Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.Type: ApplicationFiled: September 25, 2023Publication date: May 16, 2024Inventors: Eric B. Tamura, Wade Benson, John Garvey
-
Publication number: 20240039714Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.Type: ApplicationFiled: August 9, 2023Publication date: February 1, 2024Inventors: Wade Benson, Libor Sykora, Vratislav Kuzela, Michael Brouwer, Andrew R. Whalley, Jerrold V. Hauck, David Finkelstein, Thomas Mensch
-
Patent number: 11822664Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.Type: GrantFiled: November 6, 2020Date of Patent: November 21, 2023Assignee: Apple Inc.Inventors: Xeno S. Kovah, Nikolaj Schlej, Thomas P. Mensch, Wade Benson, Jerrold V. Hauck, Josh P. de Cesare, Austin G. Jennings, John J. Dong, Robert C. Graham, Jacques Fortier
-
Patent number: 11809584Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.Type: GrantFiled: December 2, 2021Date of Patent: November 7, 2023Assignee: Apple Inc.Inventors: Eric B. Tamura, Wade Benson, John Garvey