公开(公告)号：US11151235B2

公开(公告)日：2021-10-19

申请号：US16050021

申请日：2018-07-31

Applicant: Apple Inc.

Inventor： Deepti S. Prakash ,  Lucia E. Ballard ,  Jerrold V. Hauck ,  Feng Tang ,  Etai Littwin ,  Pavan Kumar Anasosalu Vasu ,  Gideon Littwin ,  Thorsten Gernoth ,  Lucie Kucerova ,  Petr Kostka ,  Steven P. Hotelling ,  Eitan Hirsh ,  Tal Kaitz ,  Jonathan Pokrass ,  Andrei Kolin ,  Moshe Laifenfeld ,  Matthew C. Waldon ,  Thomas P. Mensch ,  Lynn R. Youngs ,  Christopher G. Zeleznik ,  Michael R. Malone ,  Ziv Hendel ,  Ivan Krstic ,  Anup K. Sharma ,  Kelsey Y. Ho

IPC: G06F21/32 ,  G06K9/00 ,  H04L9/32 ,  H04W12/06 ,  H04L29/06 ,  G06F21/83 ,  H04L9/08

Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.

公开(公告)号：US20210286865A1

公开(公告)日：2021-09-16

申请号：US17182076

申请日：2021-02-22

Applicant: Apple Inc.

Inventor： Deepti S. Prakash ,  Lucia E. Ballard ,  Jerrold V. Hauck ,  Feng Tang ,  Etai Littwin ,  Pavan Kumar Ansosalu Vasu ,  Gideon Littwin ,  Thorsten Gernoth ,  Lucie Kucerova ,  Petr Kostka ,  Steven P. Hotelling ,  Eitan Hirsh ,  Tal Kaitz ,  Jonathan Pokrass ,  Andrei Kolin ,  Moshe Laifenfeld ,  Matthew C. Waldon ,  Thomas P. Mensch ,  Lynn R. Youngs ,  Christopher G. Zeleznik ,  Michael R. Malone ,  Ziv Hendel ,  Ivan Krstic ,  Anup K. Sharma

IPC: G06F21/32 ,  G06K9/00 ,  H04L9/32 ,  H04W12/06 ,  H04L29/06 ,  G06F21/83 ,  H04L9/08

Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.

公开(公告)号：US10999287B2

公开(公告)日：2021-05-04

申请号：US16701005

申请日：2019-12-02

Applicant: Apple Inc.

Inventor： Ivan Krstic ,  James Wilson ,  Eric Daniel Friedman ,  Selvarajan Subramaniam ,  Patrice O. Gautier ,  John Patrick Gates ,  Ramarathnam Santhanagopal ,  Prabhakaran Vaidyanathaswami ,  Sudhakar Mambakkam ,  Raghunandan Pai ,  Karthik Narayanan

IPC: H04L29/06 ,  G06F12/14 ,  G06F21/42 ,  G06F21/45

Abstract: Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.

公开(公告)号：US10824705B2

公开(公告)日：2020-11-03

申请号：US15980694

申请日：2018-05-15

Applicant: Apple Inc.

Inventor： Lucia E. Ballard ,  Jerrold V. Hauck ,  Deepti S. Prakash ,  Jan Cibulka ,  Ivan Krstic

IPC: H04M1/66 ,  G06F21/32 ,  G06F21/78 ,  G06F21/62 ,  H04M1/725 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  G06F21/34 ,  G06Q20/32

Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

公开(公告)号：US10735396B2

公开(公告)日：2020-08-04

申请号：US16167472

申请日：2018-10-22

Applicant: Apple Inc.

Inventor： Ivan Krstic ,  James Wilson ,  Eric Daniel Friedman ,  Selvarajan Subramaniam ,  Patrice O. Gautier ,  John Patrick Gates ,  Ramarathnam Santhanagopal ,  Prabhakaran Vaidyanathaswami ,  Sudhakar Mambakkam ,  Raghunandan Pai ,  Karthik Narayanan

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/31

Abstract: Some embodiments provide an account-access recovery method that receives a request to recover access to an account. The method also assesses recent usage of a device that is associated with the account. The method also, based on the assessment, selects a recovery process from a group of different recovery processes for regaining access to the account. The method also provides the selected recovery process to a party that is requesting the access recovery.

公开(公告)号：US20190158478A1

公开(公告)日：2019-05-23

申请号：US16167472

申请日：2018-10-22

Applicant: Apple Inc.

Inventor： Ivan Krstic ,  James Wilson ,  Eric Daniel Friedman ,  Selvarajan Subramaniam ,  Patrice O. Gautier ,  John Patrick Gates ,  Ramarathnam Santhanagopal ,  Prabhakaran Vaidyanathaswami ,  Sudhakar Mambakkam ,  Raghunandan Pai ,  Karthik Narayanan

IPC: H04L29/06

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F2221/2131 ,  H04L63/105 ,  H04L63/12

Abstract: Some embodiments provide an account-access recovery method that receives a request to recover access to an account. The method also assesses recent usage of a device that is associated with the account. The method also, based on the assessment, selects a recovery process from a group of different recovery processes for regaining access to the account. The method also provides the selected recovery process to a party that is requesting the access recovery.

公开(公告)号：US20180352440A1

公开(公告)日：2018-12-06

申请号：US15980694

申请日：2018-05-15

Applicant: Apple Inc.

Inventor： Lucia E. Ballard ,  Jerrold V. Hauck ,  Deepti S. Prakash ,  Jan Cibulka ,  Ivan Krstic

IPC: H04W12/08 ,  H04W12/06 ,  G06F21/32 ,  H04L9/32 ,  G06F21/78 ,  G06F21/62 ,  H04M1/725

Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

公开(公告)号：US20160359863A1

公开(公告)日：2016-12-08

申请号：US14872027

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Ivan Krstic ,  James Wilson ,  Eric Daniel Friedman ,  Selvarajan Subramaniam ,  Patrice O. Gautier ,  John Patrick Gates ,  Ramarathnam Santhanagopal ,  Prabhakaran Vaidyanathaswami ,  Sudhakar Mambakkam ,  Raghunandan Pai ,  Karthik Narayanan

IPC: H04L29/06 ,  G06F12/14

Abstract: Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.

Abstract translation: 本发明的一些实施例提供了用于恢复对与帐户相关联的服务的访问的程序。 该程序提供登录凭据以登录帐户以接收相关联的服务。 接下来，程序在登录帐户后接收访问连续参数（ACP）。 该程序然后访问该服务并且接收对该服务的后续访问的拒绝。 该程序然后提供ACP代替登录凭证以继续接收该服务。

公开(公告)号：US20160321471A1

公开(公告)日：2016-11-03

申请号：US15060837

申请日：2016-03-04

Applicant: Apple Inc.

Inventor： Ivan Krstic ,  Austin G. Jennings ,  Richard L. Hagy

IPC: G06F21/62 ,  G06F21/10 ,  G06F21/51

CPC classification number: G06F21/6281 ,  G06F21/10 ,  G06F21/51 ,  G06F21/53 ,  G06F21/629 ,  G06F2221/033 ,  G06F2221/0735

Abstract: In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.

公开(公告)号：US12074849B2

公开(公告)日：2024-08-27

申请号：US17353690

申请日：2021-06-21

Applicant: Apple Inc.

Inventor： Ivan Krstic ,  Damien P. Sorresso ,  David P Remahl ,  Elliot C. Liskin ,  Justin S. Hogg ,  Kevin J. Lindeman ,  Lucia E. Ballard ,  Nicholas J. Circosta ,  Richard J. Cooper ,  Ryan A. Williams ,  Steven C. Vittitoe ,  Zachariah J. Riggle ,  Patrick R. Metcalfe ,  Andrew T. Whitehead

IPC: H04L29/06 ,  H04L9/40 ,  H04L51/212

CPC classification number: H04L63/0245 ,  H04L51/212

Abstract: The subject disclosure provides systems and methods for application-specific network data filtering. Application-specific network data filtering may be performed by a sandboxed process prior to providing the network data to an application to which the network data is directed. Any malicious or otherwise potentially harmful data that is included in the network data may be removed by the application-specific network data filter or may be allowed to corrupt the application specific network data filtering operations within the sandbox, thereby preventing the malicious or harmful data from affecting the application or other portions of an electronic device. In one or more implementations, a first process such as an application-specific network data filtering process may request allocation of memory for the first process from second process, such as an application, that is separate from a memory manager of the electronic device.