Three new patents at the US Patent & Trademark Office show that Apple is working on ways to offer better content and file protection.
Patent number 20110252233 is for a system and method for backing up and restoring files encrypted with file-level content protection. The patent describes systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket.
The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata. The inventors are Dallas De Atley, Gordon Freedman, Thomas Brogan Duffy Jr., Kenneth Buffalo McNeil and David Rahardja.
Patent number 201100252234 involves a system and method for file-level data protection. The invention offers systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain.
The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data. The inventors are Dallas De Atley, Gordon Freedman, Thomas Brogan Duffy Jr., John Andrew Wright, Vrajesh Rajesh Bhavsar, Lucia Elana Ballard, Michael Lambertus Hubertus Brouwer, Conrad Saueerwald, Mitchell David Adler, Eric Brandon Tamura, David Rahardja and Carsten Guenther.
Patent number 201100252243 is for a system and method for content protection based on a combination of a user pin and a device specific identifier. The invention offers systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key.
Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Additionally, a method of generating a cryptographic key based on a user-entered password and a device-specific identifier secret utilizing an encryption algorithm is disclosed. The inventors are Michael Lambertus Hubertus Brouwer and Mitchell David Adler.
— Dennis Sellers