Data protection for keychain syncing

US 9,684,801 B2
Filed: 08/17/2015
Issued: 06/20/2017
Est. Priority Date: 01/18/2013
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable medium storing a program which when executed by at least one processing unit of a device provides data protection for the device when synchronizing a keychain stored on the device with keychains stored in a set of other devices, the program comprising sets of instructions for:

receiving keychain data for synchronizing the keychain stored on the device with the keychains stored in the set of other devices, the keychain data specified as belonging to a protection domain, the protection domain defining a set of conditions in order for the received keychain data to become accessible to the device, the set of conditions comprising the device being in a locked state after having been in an unlocked state at least once since a last time the device has been booted;

allowing, when the device is in the locked state after having been in the unlocked state at least once since the last time the device has been booted, access to the received keychain data to process the received keychain data and to synchronize the keychain stored on the device with the keychains stored in the set of other devices; and

preventing, when the device is in the locked state without having been in the unlocked state at least once since the last time the device has been booted, access to the received keychain data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a program that provides data protection for a device when synchronizing a set of keychains stored on the device with a set of other devices. The program receives keychain data for synchronizing the set of keychains stored on the device with the set of other devices. The keychain data is specified as belonging to a protection domain. The program determines whether a set of conditions defined for the protection domain is satisfied. When the set of conditions is determined as satisfied, the program allows access to the keychain data in order to process the keychain data and synchronize the set of keychains stored on the device with the set of other devices.

93 Citations

20 Claims

1. A non-transitory machine-readable medium storing a program which when executed by at least one processing unit of a device provides data protection for the device when synchronizing a keychain stored on the device with keychains stored in a set of other devices, the program comprising sets of instructions for:
- receiving keychain data for synchronizing the keychain stored on the device with the keychains stored in the set of other devices, the keychain data specified as belonging to a protection domain, the protection domain defining a set of conditions in order for the received keychain data to become accessible to the device, the set of conditions comprising the device being in a locked state after having been in an unlocked state at least once since a last time the device has been booted;
  
  allowing, when the device is in the locked state after having been in the unlocked state at least once since the last time the device has been booted, access to the received keychain data to process the received keychain data and to synchronize the keychain stored on the device with the keychains stored in the set of other devices; and
  
  preventing, when the device is in the locked state without having been in the unlocked state at least once since the last time the device has been booted, access to the received keychain data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory machine-readable medium of claim 1, wherein the keychain data is received in an encrypted format, wherein the set of instructions for allowing access to the received keychain data comprises a set of instructions for allowing access to a decryption key for decrypting the keychain data and decrypting the keychain data with the decryption key.
  - 3. The non-transitory machine-readable medium of claim 2, wherein the decryption key is a private key of a public and private key pair belonging to and generated by the device, wherein the received keychain data is encrypted in the encrypted format with a public key of the public and private key pair.
  - 4. The non-transitory machine-readable medium of claim 1, wherein the protection domain is pre-defined and provided as part of an operating system operating on the device.
  - 5. The non-transitory machine-readable medium of claim 1, wherein the keychain data comprises a list of keychain items to update and a set of data that represents the keychain items specified in the list of keychain items to update.
  - 6. The non-transitory machine-readable medium of claim 1, wherein the set of instructions for preventing access to the received keychain data comprises a set of instructions for returning the keychain data to a processing queue for later processing.
  - 7. The non-transitory machine-readable medium of claim 1, wherein the keychain data comprises one or more of passwords, private keys, certificates, and secure notes.

8. A method of providing data protection for a device when synchronizing a keychain stored on the device with keychains stored in a set of other devices, the method comprising:
- receiving keychain data for synchronizing the keychain stored on the device with the keychains stored in the set of other devices, the keychain data specified as belonging to a protection domain, the protection domain defining a set of conditions in order for the received keychain data to become accessible to the device, the set of conditions comprising the device being in a locked state after having been in an unlocked state at least once since a last time the device has been booted;
  
  allowing, when the device is in the locked state after having been in the unlocked state at least once since the last time the device has been booted, access to the received keychain data to process the received keychain data and to synchronize the keychain stored on the device with the keychains stored in the set of other devices; and
  
  preventing, when the device is in the locked state without having been in the unlocked state at least once since the last time the device has been booted, access to the received keychain data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the keychain data is received in an encrypted format, wherein allowing access to the received keychain data comprises allowing access to a decryption key for decrypting the keychain data and decrypting the keychain data with the decryption key.
  - 10. The method of claim 9, wherein the decryption key is a private key of a public and private key pair belonging to and generated by the device, wherein the received keychain data is encrypted in the encrypted format with a public key of the public and private key pair.
  - 11. The method of claim 8, wherein the protection domain is pre-defined and provided as part of an operating system operating on the device.
  - 12. The method of claim 8, wherein the keychain data comprises a list of keychain items to update and a set of data that represents the keychain items specified in the list of keychain items to update.
  - 13. The method of claim 8, wherein preventing access to the received keychain data comprises returning the keychain data to a processing queue for later processing.
  - 14. The method of claim 8, wherein the keychain data comprises one or more of passwords, private keys, certificates, and secure notes.

15. A device comprising:
- a set of processors; and
  
  a non-transitory machine-readable medium storing a program which when executed by at least one of the set of processors of the device provides data protection for the device when synchronizing a keychain stored on the device with keychains stored in a set of other devices, the program comprising sets of instructions for;
  
  receiving keychain data for synchronizing the keychain stored on the device with the keychains stored in the set of other devices, the keychain data specified as belonging to a protection domain, the protection domain defining a set of conditions in order for the received keychain data to become accessible to the device, the set of conditions comprising the device being in a locked state after having been in an unlocked state at least once since a last time the device has been booted;
  
  allowing, when the device is in the locked state after having been in the unlocked state at least once since the last time the device has been booted, access to the received keychain data to process the received keychain data and to synchronize the keychain stored on the device with the keychains stored in the set of other devices; and
  
  preventing, when the device is in the locked state without having been in the unlocked state at least once since the last time the device has been booted, access to the received keychain data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The device of claim 15, wherein the keychain data is received in an encrypted format, wherein the set of instructions for allowing access to the received keychain data comprises a set of instructions for allowing access to a decryption key for decrypting the keychain data and decrypting the keychain data with the decryption key.
  - 17. The device of claim 16, wherein the decryption key is a private key of a public and private key pair belonging to and generated by the device, wherein the received keychain data is encrypted in the encrypted format with a public key of the public and private key pair.
  - 18. The device of claim 15, wherein the protection domain is pre-defined and provided as part of an operating system operating on the device.
  - 19. The device of claim 15, wherein the keychain data comprises a list of keychain items to update and a set of data that represents the keychain items specified in the list of keychain items to update.
  - 20. The device of claim 15, wherein the keychain data comprises one or more of passwords, private keys, certificates, and secure notes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
De Atley, Dallas B., Adler, Mitchell D., Brouwer, Michael
Primary Examiner(s)
DOAN, TRANG T

Application Number

US14/827,532
Publication Number

US 20160308674A1
Time in Patent Office

673 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/275   Synchronous replication

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6263   during internet communicati...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/10   for controlling access to d...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1095   Replication or mirroring of...

H04L 67/1097   for distributed storage of ...

H04L 9/0816   Key establishment, i.e. cry...

Data protection for keychain syncing

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Data protection for keychain syncing

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others