Apple Files Tablet Computer Patent for Handwriting & Forms
Apple's Fanatical Design Team Racks up Big Wins for Notebooks & More

Apple Reveals New iPhone Security Patents

SECURITY ICON - Copy

On November 12, 2009 the US Patent & Trademark Office published two patent applications from Apple that reveal yet another chapter in iPhone security. Apple's patent generally relates to authentication and more specifically relates to a system and method of providing authentication based on a weighted average principal. Apple's iPhone security includes protection of digital content from theft or corruption and also addresses the preservation of system availability. In many communication systems, the weakest link in security is not the encrypted data but rather cryptographic key management and handling. Unauthorized users may gain access to sensitive data when key management is not performed securely. During Apple's WWDC 2009, Phil Schiller stated that businesses had asked for hardware encryption and that all iPhone 3G-S models would now incorporate Apple's new security features. These patents mark the fourth and fifth such iPhone related security patents since September and demonstrate Apple's commitment to the enterprise market. Apple's patent shrouds their technology under what is known in the industry as the "black box" approach.

 

Background

 

Authentication is often used in conjunction with cryptography. Cryptography is the traditional method of protecting data. Cryptography protects communications between two mutually trusting parties from thievery or hackers by attack on the data in transit. Encryption is the process of obscuring information in a systematic way, using an algorithm. Decryption is process of removing the protection and retrieving the original data. Encryption and decryption use a key, which is the shared secret that both parties must have. To ensure data integrity, only the authorized parties should hold the secret key.

 

In many communication systems, the weakest link in security is not the encrypted data but rather cryptographic key management and handling. Unauthorized users may gain access to sensitive data when key management is not performed securely.

 

Many processes for authenticating an entity have been proposed. Typically, a sender sends a message and both the sender and receiver use the message and a shared secret key to generate a signature. If the signatures are the same, the entity is accepted as authentic in a symmetric encryption scheme. If an asymmetric scheme is used, the system verifies the signature is valid since only the originator of the signature should be able to create that signature.

 

A system can be compromised when patterns in the signature can be detected and used to surmise and exploit the authentication process. Attacking such encryption schemes requires the collection of a set of the input and the output. Typically, encryption schemes are used to authenticate by encrypting a value. If both the sender and receiver generate the same value, authentication is achieved.

 

What is needed in the art, however, is an improved authentication process that is less susceptible to hacking. This is what Apple's patent addresses.

 

Old & new authentication system methods


Apple's patent FIG. 2 illustrates a prior art approach using a message authentication code; Patent FIG. 3 illustrates basic example processing and communication between an entities A and B.

 

Apple's patent refers to an approach in which a particular embodiment involves processing as viewed by an entity A or an entity B separately – as a black box approach.

 

The depth of this patent could only be truly appreciated by engineers in this particular field or professionals involved with advanced math. To investigate this patent further, see patent application 20090279696. It should be noted that patent links have a short shelf life. Therefore make sure that the patent that is associated with this link actually directs you to the patent number above. If it doesn't, then simply feed the individual patent number 20090279696 into this search engine. The secondary and related security patent published today is application 20090279689 which carries the same inventors as noted below.

 

Apple credits Mathieu Ciet (Paris, France) Augustin Farrugia, Jean-Francois Riendeau and Nicholas Sullivan as the inventors of this patent. 

 

Other Related Patents

 

Apple Wins Crucial iPhone Cryptography Patent

Apple Wins Crucial iPhone Encryption & WebObjects Patents

New iPhone Patents Cover Enhanced Audio & Software Verification System

 

Notice: Patently Apple presents only a brief summary of patents with associated graphic(s) for journalistic news purposes as each such patent application and/or grant is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application and/or grant should be read in its entirety for further details. For additional information on any patent reviewed here today, To read this report in another major language, use Yahoo! Babel Fish

 

Comments

The comments to this entry are closed.