Apple wants to beef up Messages’ security options for sharing data. The company has filed for a patent (number 20210359842) for “guaranteed encryptor authenticity.”
About the patent filing
The patent filing relied to data processing systems. More specifically, it involves a system and associated methods to enable guaranteed encryptor authenticity to enable verification of the identity of the encryptor of encrypted data.
Apple says that a valid digital signature, where the prerequisites are satisfied, provides a strong indication that the received message was created by a known sender and has not been altered in transit. However, while digital signature algorithms can be used to verify that the message was created by a known sender and wasn’t altered, signature verification doesn’t provide a guarantee that the encryptor of the cyphertext and the generator of the signature are the same party, only that the signature and encryption were performed validly according to the agreed-upon encryption and signature schemes.
Apple wants to change this.
Summary of the patent filing
Here’s Apple’s abstract off the patent filing: “Embodiments described herein provide cryptographic techniques to enable a recipient of a signed message containing encrypted data to verify that the signer of the message and the encryptor of the encrypted data are the same party, or at the least, have joint possession of a common set of secret cryptographic material. These techniques can be used to harden an online payment system against interception and resigning of encrypted payment information.”
