公开(公告)号：US10891369B2

公开(公告)日：2021-01-12

申请号：US16664714

申请日：2019-10-25

Applicant: Apple Inc.

Inventor： Bernard J. Semeria ,  Devon S. Andrade ,  Jeremy C. Andrus ,  Ahmed Bougacha ,  Peter Cooper ,  Jacques Fortier ,  Louis G. Gerbarg ,  James H. Grosbach ,  Robert J. McCall ,  Daniel A. Steffen ,  Justin R. Unger

IPC: G06F21/44 ,  H04L9/32 ,  G06F15/78

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

公开(公告)号：US20200081847A1

公开(公告)日：2020-03-12

申请号：US16564502

申请日：2019-09-09

Applicant: Apple Inc.

Inventor： Julien Oster ,  Thomas G. Holland ,  Bernard J. Semeria ,  Jason A. Harmening ,  Pierre-Olivier J. Martel ,  Gregory D. Hughes ,  P. Love Hornquist Astrand ,  Jacques Fortier ,  Ryan P. Nielson ,  Simon P. Cooper

IPC: G06F12/1009 ,  G06F21/62 ,  G06F9/455

Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.

公开(公告)号：US20250094564A1

公开(公告)日：2025-03-20

申请号：US18790765

申请日：2024-07-31

Applicant: Apple Inc.

Inventor： Peter A. Lisherness ,  Assaf Menachem ,  Assaf Metuki ,  Benjamin Biron ,  D J Capelis ,  Husam Khashiboun ,  Jacques Fortier

IPC: G06F21/53 ,  G06F21/62

Abstract: Techniques are disclosed relating to securing hardware accelerators used by a computing device. In some embodiments, a computing device includes a sensor and sensor processor circuitry coupled to the sensor. The sensor processor circuitry is configured to process sensor data received from a sensor of the computing device. In response to a first indication that a first consumer is trustworthy, the sensor processor circuitry is configured to provide a first data set of the processed sensor data to the first consumer. In response to a second indication that a second consumer is untrustworthy, the sensor processor circuitry is configured to negotiate one or more conditions in which the second consumer is permitted to receive a second data set of the processed sensor data.

公开(公告)号：US11822664B2

公开(公告)日：2023-11-21

申请号：US17092030

申请日：2020-11-06

Applicant: Apple Inc.

Inventor： Xeno S. Kovah ,  Nikolaj Schlej ,  Thomas P. Mensch ,  Wade Benson ,  Jerrold V. Hauck ,  Josh P. de Cesare ,  Austin G. Jennings ,  John J. Dong ,  Robert C. Graham ,  Jacques Fortier

IPC: G06F21/57 ,  G06F21/72 ,  H04L9/32 ,  H04L9/08 ,  H04L9/40 ,  G06F21/73 ,  G06F9/4401

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F21/72 ,  G06F21/73 ,  H04L9/0897 ,  H04L9/3226 ,  H04L9/3236 ,  H04L9/3268 ,  H04L63/123 ,  G06F2221/034

Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.

公开(公告)号：US20220027452A1

公开(公告)日：2022-01-27

申请号：US17497826

申请日：2021-10-08

Applicant: Apple Inc.

Inventor： Bernard J. Semeria ,  Devon S. Andrade ,  Jeremy C. Andrus ,  Ahmed Bougacha ,  Peter Cooper ,  Jacques Fortier ,  Louis G. Gerbarg ,  James H. Grosbach ,  Robert J. McCall ,  Daniel A. Steffen ,  Justin R. Unger

IPC: G06F21/44 ,  H04L9/32 ,  G06F15/78 ,  G06F21/54 ,  G06F21/78 ,  H04L29/06 ,  H04L9/08 ,  G06F12/109 ,  G06F21/56 ,  G06F21/12

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

公开(公告)号：US11144631B2

公开(公告)日：2021-10-12

申请号：US16539356

申请日：2019-08-13

Applicant: Apple Inc.

Inventor： Bernard J. Semeria ,  Devon S. Andrade ,  Jeremy C. Andrus ,  Ahmed Bougacha ,  Peter Cooper ,  Jacques Fortier ,  Louis G. Gerbarg ,  James H. Grosbach ,  Robert J. McCall ,  Daniel A. Steffen ,  Justin R. Unger

IPC: G06F21/44 ,  G06F15/78 ,  G06F9/32 ,  H04L9/32 ,  G06F21/54 ,  G06F21/78 ,  H04L29/06 ,  H04L9/08 ,  G06F12/109 ,  G06F21/56 ,  G06F21/12

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

公开(公告)号：US11093601B2

公开(公告)日：2021-08-17

申请号：US16664719

申请日：2019-10-25

Applicant: Apple Inc.

Inventor： Bernard J. Semeria ,  Devon S. Andrade ,  Jeremy C. Andrus ,  Ahmed Bougacha ,  Peter Cooper ,  Jacques Fortier ,  Louis G. Gerbarg ,  James H. Grosbach ,  Robert J. McCall ,  Daniel A. Steffen ,  Justin R. Unger

IPC: G06F21/44 ,  H04L9/32 ,  G06F15/78

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.