With the encryption issue being a high priority with Apple fighting their cases with the FBI regarding the San Bernardino terrorist's iPhone and one owned by a drug dealer in New York, Apple vowed to go deeper down the encryption rabbit hole. Today, the U.S. Patent and Trademark Office published a patent application from Apple that reveals one of Apple's latest patent-pending encryption methods and more particularly, the present invention relates to automatically updating a password for one or more computing devices based on a previous password update. The embodiments incorporate a variety of encryption and key generation methods in order to safely transmit password updates between local computing devices. Specifically, the embodiments set forth methods and apparatus for generating and storing breadcrumbs that allow for decrypting a current password of a computing device using a new password.
Apple notes that Cyber security has become an increasing concern among device manufacturers as consumers have become accustomed to using various computing devices in almost every facet of their lives. Consumers regularly entrust their valuable personal information to a variety of devices and networks under the presumption that the device manufacturers and network hosts share the interests of the consumers. This presumption is often based on the security measures provided to consumers while performing functions on the device or participating in network activities. Such functions and activities can include registering for various accounts, saving personal information, logging into websites, making payments over the internet, and other network-based exchanges. Often times, a user can be required to provide a username and password before using a particular device or web-service. Over time, a password may expire because of a protocol put in a place by a particular service provider, or a user may choose to change their passwords at a desired frequency. Although coming up with a new password can be a relatively simple task, updating passwords can become complicated when a user owns multiple devices and each device requires a password.
The trend toward consumers owning multiple computing devices has increased the amount of security risks a user may face, but has also provoked a variety of techniques for synchronizing information between devices for management of user data. However, such synchronization techniques can require user data to traverse wireless networks and servers thereby subjecting the user data to potential theft. If a server containing user data is undermined by an attacker and the user data is misappropriated, the attacker may be able to unlock multiple devices that a user owns if the user data contains passwords for those devices. This scenario can be difficult to avoid when the synchronization techniques are being performed by server hosts or by device manufacturers who are often given privileges to access passwords for devices. Additionally, the entity performing the synchronization may be torn between providing more security for user data and supplying an easier method for synchronizing passwords between devices. By limiting the availability of password synchronization between devices, a user may be frustrated by the tedious task of updating each device with a new password. Additionally, because each device may be associated with multiple accounts, it may be even more arduous for a user to resolve issues related to password synchronization between accounts if a network host or device manufacturer is not providing such services.
Apple's invention describes various embodiments that relate to encryption methods and apparatus for a computing device. In some embodiments, a method for updating a password is set forth. The method can include steps of, at a computing device, receiving a new password at the computing device. The new password can be different than a current password for a user account accessible at the computing device. The method can further include a step of decrypting, using the new password, an encrypted key and deriving the current password from the encrypted key.
Apple's patent FIG. 4 noted above illustrates a method #400 for creating a breadcrumb according to embodiments discussed herein. A breadcrumb is a quantity of data or information that includes at least a key and a password. The key can be a random key, a pseudo-random key, a password-based key generated from a key derivation function, or any other suitable key generated from an algorithm or cryptography method. The password can be a password for a computing device, web service, internet site, software application, or any other computer-related password. The password can be of any suitable length for a particular application, and the password can be padded to a fixed length in order to conceal the length of the password. For example, a password of 4 bytes can be padded to a length of 256 bytes in order to hide the true length of the password. In some embodiments, the breadcrumb can be salted, which refers to the addition of randomly generated data into the breadcrumb, key, and/or password in order to provide extra security when multiple breadcrumbs are stored on a particular device.
The breadcrumb can be generated according to the method 400 of FIG. 4.
Apple's invention under patent application 20160119312 is one that could only be truly appreciated by those in the industry or security enthusiasts. To review the invention in greater detail, click here.
Patently Apple presents a detailed summary of patent applications with associated graphics for journalistic news purposes as each such patent application is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application should be read in its entirety for full and accurate details. About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Comments are reviewed daily from 5am to 6pm MST and sporadically over the weekend.