Patents by Inventor Yannick L. Sierra
Yannick L. Sierra has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10079880Abstract: A method of identifying invalid participants in a synchronization group. The method generates a device synchronization group identifier (DSGI) for a first device from a device-specific key of the first device. The method joins the first device in the synchronization group by using the DSGI of the first device. Prior to the joining of the first device, the synchronization group stores a set of DSGIs of a set of devices that have joined the synchronization group. The method determines that a particular DSGI stored in the synchronization group is the same as the DSGI of the first device. The method identifies the particular DSGI stored in the synchronization group as a DSGI of an invalid participant of the synchronization group.Type: GrantFiled: September 30, 2015Date of Patent: September 18, 2018Assignee: APPLE INC.Inventors: Richard F. Murphy, Yannick L. Sierra, Andrew R. Whalley
-
Publication number: 20180091298Abstract: A device may include a secure processor and a secure memory coupled to the secure processor. The secure memory may be inaccessible to other device systems. The secure processor may store some keys and/or entropy values in the secure memory and other keys and/or entropy values outside the secure memory. The keys and/or entropy values stored outside the secure memory may be encrypted using information stored inside the secure memory.Type: ApplicationFiled: September 23, 2016Publication date: March 29, 2018Applicant: Apple Inc.Inventors: Kumar SAURAV, Jerrold V. HAUCK, Yannick L. SIERRA, Charles E. GRAY, Roberto G. YEPEZ, Samuel GOSSELIN, Petr KOSTKA
-
Publication number: 20170359169Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.Type: ApplicationFiled: April 26, 2017Publication date: December 14, 2017Inventors: Wade Benson, Marc J. Krochmal, Alexander R. Ledwith, John Iarocci, Jerrold V. Hauck, Michael Brouwer, Mitchell D. Adler, Yannick L. Sierra
-
Publication number: 20170357820Abstract: The system described may implement a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations of the system may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES. Accordingly, the system provides an efficient mechanism for implementing differential privacy.Type: ApplicationFiled: September 23, 2016Publication date: December 14, 2017Inventors: Yannick L. Sierra, Abhradeep Guha Thakurta, Umesh S. Vaishampayan, John C. Hurley, Keaton F. Mowery, Michael Brower
-
Publication number: 20170357830Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.Type: ApplicationFiled: September 23, 2016Publication date: December 14, 2017Inventors: Wade Benson, Conrad Sauerwald, Mitchell D. Adler, Michael Brouwer, Timothee Geoghegan, Andrew R. Whalley, David P. Finkelstein, Yannick L. Sierra
-
Publication number: 20170357523Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.Type: ApplicationFiled: September 23, 2016Publication date: December 14, 2017Inventors: Wade Benson, Marc J. Krochmal, Alexander R. Ledwith, John Iarocci, Jerrold V. Hauck, Michael Brouwer, Mitchell D. Adler, Yannick L. Sierra
-
Publication number: 20170359318Abstract: Some embodiments provide a method for providing public keys for encrypting data. The method receives (i) a first request from a first source for a public key associated with a particular user and (ii) a second request from a second source for the public key associated with the particular user. In response to the first request, the method distributes a first public key for the particular user to the first source. In response to the second request, the method distributes a second, different public key for the particular user to the second source. Data encrypted with the first public key and data encrypted with the second public key are decrypted by a device of the particular user with a same private key.Type: ApplicationFiled: September 23, 2016Publication date: December 14, 2017Inventors: Lei Wei, Yannick L. Sierra, Per Love Hornquist Astrand
-
Publication number: 20170359717Abstract: Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.Type: ApplicationFiled: September 23, 2016Publication date: December 14, 2017Inventors: Mitchell D. Adler, Yannick L. Sierra, Ganesha A.G. Batta, Michael Giles, Akshay M. Srivatsa, Craig P. Dooley, Sriram Hariharan, Robert D. Watson
-
Publication number: 20170357822Abstract: Some embodiments provide a method for providing public keys for encrypting data. The method receives (i) a first request from a first source for a public key associated with a particular user and (ii) a second request from a second source for the public key associated with the particular user. In response to the first request, the method distributes a first public key for the particular user to the first source. In response to the second request, the method distributes a second, different public key for the particular user to the second source. Data encrypted with the first public key and data encrypted with the second public key are decrypted by a device of the particular user with a same private key.Type: ApplicationFiled: June 11, 2017Publication date: December 14, 2017Inventors: Lei Wei, Yannick L. Sierra, Per Love Hornquist Astrand
-
Patent number: 9763153Abstract: A user equipment (UE) may camp on a network following a SIM bootup. Specifically, the UE may determine that a SIM implementation module of the UE includes a first SIM application (e.g., USIM) associated with a first cellular radio access technology (RAT) (e.g., LTE) and a second SIM application (e.g., CSIM) associated with a second cellular RAT (e.g., CDMA). The UE may then initialize the first SIM application and the second SIM application. The UE may determine whether the network is configured to support both voice and data communications using the first cellular RAT. If so, the UE may initiate camping on the network with the first cellular RAT in response to determining that the first SIM application is ready, but before the second SIM application is ready. If not, the UE may wait until both the first and second SIM applications are ready before initiating camping on the network.Type: GrantFiled: June 2, 2015Date of Patent: September 12, 2017Assignee: Apple Inc.Inventors: Prashant H. Vashi, Vikram B. Yerrabommenahalli, Abhishek Sen, Bharath Narasimha Rao, Yannick L. Sierra
-
Patent number: 9563765Abstract: In order to simplify and reduce the cost of an electronic device, the size of a first non-volatile memory associated with an integrated circuit is significantly reduced. Instead of using the first non-volatile memory, a second non-volatile memory associated with a processor in the electronic device is used to store an embedded operating system of the integrated circuit, as well as associated data and a configuration of the integrated circuit. To reduce the security risks associated with using this remote second non-volatile memory, the first non-volatile memory may store authorization information and anti-replay information. During a secure boot of the integrated circuit, the authorization information is used to verify that the embedded operating system, the data and the configuration are authorized. In addition, the anti-replay information is used to determine that the embedded operating system, the data and the configuration are different than previously received versions of these items.Type: GrantFiled: February 26, 2015Date of Patent: February 7, 2017Assignee: Apple Inc.Inventors: Samuel D. Post, Onur E. Tackin, Yannick L. Sierra, Peng Liu
-
Publication number: 20170012959Abstract: Some embodiments provide a method for a first device for joining a group of related devices. The method receives input of a password for authorization with a centralized entity. The method receives input of a code generated by a second device already established in the group of related devices. The method uses the password and the code to (i) join the group of related devices in order to synchronize user data with the devices in the group of related devices and (ii) authorize the first device with the centralized entity as a valid device for a particular account with the centralized entity.Type: ApplicationFiled: September 30, 2015Publication date: January 12, 2017Inventors: Yannick L. Sierra, Mitchell D. Adler
-
Publication number: 20170012974Abstract: Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.Type: ApplicationFiled: September 22, 2016Publication date: January 12, 2017Inventors: Yannick L. Sierra, Mitchell D. Adler
-
Patent number: 9544758Abstract: This disclosure relates to caching SIM files at a baseband processor to reduce cellular bootup time. According to one embodiment, a wireless device may read SIM files from a SIM and store a local copy of each file in a cache of the baseband processor of the wireless device. SIM identification information for the SIM from which the cached files were read may be associated with the cache. Indicator information usable for comparing file versions may also be generated and stored in the cache for each file. Upon a subsequent SIM initialization, the wireless device may read SIM files from the cache instead of from the initialized SIM if the cached version is identical to the SIM version, which may be determined based at least in part on the SIM identification information and the indicator information for such files.Type: GrantFiled: September 30, 2014Date of Patent: January 10, 2017Assignee: Apple Inc.Inventors: Abhishek Sen, Bharath Narasimha Rao, Prashant H. Vashi, Vikram B. Yerrabommanahalli, Yannick L. Sierra
-
Publication number: 20160360456Abstract: A user equipment (UE) may camp on a network following a SIM bootup. Specifically, the UE may determine that a SIM implementation module of the UE includes a first SIM application (e.g., USIM) associated with a first cellular radio access technology (RAT) (e.g., LTE) and a second SIM application (e.g., CSIM) associated with a second cellular RAT (e.g., CDMA). The UE may then initialize the first SIM application and the second SIM application. The UE may determine whether the network is configured to support both voice and data communications using the first cellular RAT. If so, the UE may initiate camping on the network with the first cellular RAT in response to determining that the first SIM application is ready, but before the second SIM application is ready. If not, the UE may wait until both the first and second SIM applications are ready before initiating camping on the network.Type: ApplicationFiled: June 2, 2015Publication date: December 8, 2016Inventors: Prashant H. Vashi, Vikram B. Yerrabommenahalli, Abhishek Sen, Bharath Narasimha Rao, Yannick L. Sierra
-
Publication number: 20160359965Abstract: A method of identifying invalid participants in a synchronization group. The method generates a device synchronization group identifier (DSGI) for a first device from a device-specific key of the first device. The method joins the first device in the synchronization group by using the DSGI of the first device. Prior to the joining of the first device, the synchronization group stores a set of DSGIs of a set of devices that have joined the synchronization group. The method determines that a particular DSGI stored in the synchronization group is the same as the DSGI of the first device. The method identifies the particular DSGI stored in the synchronization group as a DSGI of an invalid participant of the synchronization group.Type: ApplicationFiled: September 30, 2015Publication date: December 8, 2016Inventors: Richard F. Murphy, Yannick L. Sierra, Andrew R. Whalley
-
Publication number: 20160232343Abstract: In order to simplify and reduce the cost of an electronic device, the size of a first non-volatile memory associated with an integrated circuit is significantly reduced. Instead of using the first non-volatile memory, a second non-volatile memory associated with a processor in the electronic device is used to store an embedded operating system of the integrated circuit, as well as associated data and a configuration of the integrated circuit. To reduce the security risks associated with using this remote second non-volatile memory, the first non-volatile memory may store authorization information and anti-replay information. During a secure boot of the integrated circuit, the authorization information is used to verify that the embedded operating system, the data and the configuration are authorized. In addition, the anti-replay information is used to determine that the embedded operating system, the data and the configuration are different than previously received versions of these items.Type: ApplicationFiled: February 26, 2015Publication date: August 11, 2016Applicant: APPLE INC.Inventors: Samuel D. Post, Onur E. Tackin, Yannick L. Sierra, Peng Liu
-
Publication number: 20150133196Abstract: This disclosure relates to caching SIM files at a baseband processor to reduce cellular bootup time. According to one embodiment, a wireless device may read SIM files from a SIM and store a local copy of each file in a cache of the baseband processor of the wireless device. SIM identification information for the SIM from which the cached files were read may be associated with the cache. Indicator information usable for comparing file versions may also be generated and stored in the cache for each file. Upon a subsequent SIM initialization, the wireless device may read SIM files from the cache instead of from the initialized SIM if the cached version is identical to the SIM version, which may be determined based at least in part on the SIM identification information and the indicator information for such files.Type: ApplicationFiled: September 30, 2014Publication date: May 14, 2015Inventors: Abhishek Sen, Bharath Narasimha Rao, Prashant H. Vashi, Vikram B. Yerrabommanahalli, Yannick L. Sierra