公开(公告)号：US20210049251A1

公开(公告)日：2021-02-18

申请号：US17084172

申请日：2020-10-29

Applicant: Apple Inc.

Inventor： Lucia E. Ballard ,  Jerrold V. Hauck ,  Deepti S. Prakash ,  Jan Cibulka ,  Ivan Krstic

IPC: G06F21/32 ,  G06F21/78 ,  G06F21/62 ,  H04M1/725 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  G06F21/34

Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

公开(公告)号：US20200159966A1

公开(公告)日：2020-05-21

申请号：US16683233

申请日：2019-11-13

Applicant: Apple Inc.

Inventor： Hervé Sibert ,  Eric D. Friedman ,  Erik C. Neuenschwander ,  Jerrold V. Hauck ,  Thomas P. Mensch ,  Julien F. Freudiger ,  Alan W. Yu

IPC: G06F21/64 ,  H04L9/14 ,  H04L9/32

Abstract: Techniques are disclosed relating to application verification. In various embodiments, a computing device includes a secure circuit configured to maintain a plurality of cryptographic keys of the computing device. In such an embodiment, the computing device receives, from an application, a request for an attestation usable to confirm an integrity of the application, instructs the secure circuit to use one of the plurality of cryptographic keys to supply the attestation for the application, and provides the attestation to a remote computing system in communication with the application. In some embodiments, the secure circuit is configured to verify received metadata pertaining to the identity of the application and use the cryptographic key to generate the attestation indicative of the identity of the application.

公开(公告)号：US10546293B2

公开(公告)日：2020-01-28

申请号：US14475375

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Jerrold V. Hauck ,  George R. Dicker ,  Jeffrey C. Lee ,  Mitchell D Adler ,  Wade Benson

IPC: G06Q20/38 ,  G06Q20/32

Abstract: A system for provisioning credentials onto an electronic device is provided. The system may include a payment network subsystem, a service provider subsystem, and one or more user devices that can be used to perform mobile transactions at a merchant terminal. The user device may communicate with the service provider subsystem in order to obtained commerce credentials from the payment network subsystem. The user device may include a secure element and a corresponding trusted processor. The trusted processor may generate a random authorization number and inject that number into the secure element. Mobile payments should only be completed if the random authorization number on the secure element matches the random authorization number at the trusted processor. The trusted processor may be configured to efface the previous random authorization number and generate a new random authorization number when detecting a potential change in ownership at the user device.

公开(公告)号：US10536271B1

公开(公告)日：2020-01-14

申请号：US15435229

申请日：2017-02-16

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Conrad Sauerwald ,  Jerrold V. Hauck ,  Timothy R. Paaske ,  Zhimin Chen ,  Andrew R. Whalley

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32 ,  G06F21/70 ,  G06F21/73 ,  G06F21/57

Abstract: Systems and methods are disclosed for generating one or more hardware reference keys (HRK) on a computing device, and for attesting to the validity of the hardware reference keys. An initial hardware reference key can be a silicon attestation key (SIK) generated during manufacture of a computing system, such as a system-on-a-chip. The SIK can comprise an asymmetric key pair based at least in part on an identifier of the processing system type and a unique identifier of the processing system. The SIK can be signed by the computing system and stored thereon. The SIK can be used to generate further HRKs on the computing device that can attest to the processing system type of the computing device and an operating system version that was running when the HRK was generated. The computing device can generate an HRK attestation (HRKA) for each HRK generated on the computing system.

公开(公告)号：US10484172B2

公开(公告)日：2019-11-19

申请号：US15173647

申请日：2016-06-04

Applicant: Apple Inc.

Inventor： Libor Sykora ,  Wade Benson ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L29/06 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. In some embodiments, the secure circuit is configured to generate a public key and a private key for an application, and receive, from the application via an API, a request to perform a cryptographic operation using the private key. The secure circuit is further configured to perform the cryptographic operation in response to the request.

公开(公告)号：US10410568B2

公开(公告)日：2019-09-10

申请号：US15874816

申请日：2018-01-18

Applicant: Apple Inc.

Inventor： Paul S. Drzaic ,  Ross Thompson ,  Guy Cote ,  Christopher P. Tann ,  Jerrold V. Hauck ,  Yifan Zhang ,  Jean-Pierre Guillou ,  Ian C. Hendry ,  Vanessa C. Heppolette ,  Tae-Wook Koh ,  Arthur L. Spence

IPC: G09G3/20 ,  G09G3/00 ,  G06F3/06 ,  G09G3/3208 ,  G06F9/4401 ,  G09G3/32 ,  G06F9/451

Abstract: A data processing system can store a long-term history of pixel luminance values in a secure memory and use those values to create burn-in compensation values that are used to mitigate burn-in effect on a display. The long-term history can be updated over time with new, accumulated pixel luminance values.

公开(公告)号：US10320563B2

公开(公告)日：2019-06-11

申请号：US15274816

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Kumar Saurav ,  Jerrold V. Hauck ,  Yannick L. Sierra ,  Charles E. Gray ,  Robert Yepez ,  Samuel Gosselin ,  Petr Kostka ,  Wade Benson

IPC: H04L9/08 ,  G06F21/60 ,  G06F21/74

Abstract: A device may include a secure processor and a secure memory coupled to the secure processor. The secure memory may be inaccessible to other device systems. The secure processor may store some keys and/or entropy values in the secure memory and other keys and/or entropy values outside the secure memory. The keys and/or entropy values stored outside the secure memory may be encrypted using information stored inside the secure memory.

公开(公告)号：US09864984B2

公开(公告)日：2018-01-09

申请号：US15080130

申请日：2016-03-24

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Gregory B. Novick ,  Jerrold V. Hauck ,  Saket R. Vora ,  Yehonatan Perez

IPC: G06K5/00 ,  G06Q20/32 ,  G06Q20/38 ,  G06Q20/34 ,  G06Q20/40 ,  G06Q20/36

CPC classification number: G06Q20/3227 ,  G06Q20/32 ,  G06Q20/3278 ,  G06Q20/352 ,  G06Q20/353 ,  G06Q20/367 ,  G06Q20/382 ,  G06Q20/4018 ,  G06Q20/4097 ,  G06Q20/40975

Abstract: Methods for operating a portable electronic device to conduct a mobile payment transaction at a merchant terminal are provided. The electronic device may verify that the current user of the device is indeed the authorized owner by requiring the current user to enter a passcode. If the user is able to provide the correct passcode, the device is only partly ready to conduct a mobile payment. In order for the user to fully activate the payment function, the user may have to supply a predetermined payment activation input such as a double button press that notifies the device that the user intends to perform a financial transaction in the immediate future. The device may subsequently activate a payment applet for a predetermined period of time during which the user may hold the device within a field of the merchant terminal to complete a near field communications based mobile payment transaction.

公开(公告)号：US09763081B2

公开(公告)日：2017-09-12

申请号：US14549088

申请日：2014-11-20

Applicant: APPLE INC.

Inventor： Mehdi Ziat ,  Christopher Sharp ,  Kevin P. McLaughlin ,  Li Li ,  Jerrold V. Hauck ,  Yousuf H. Vaid

IPC: H04W4/00 ,  H04W8/22 ,  G06F9/445 ,  G06F9/50

CPC classification number: H04W8/22 ,  G06F9/44505 ,  G06F9/5011

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.

公开(公告)号：US20160352518A1

公开(公告)日：2016-12-01

申请号：US14871498

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Michael D. Ford ,  Jerrold V. Hauck ,  Matthew G. Watson ,  Mitchell D. Adler ,  Dallas B. De Atley ,  James Wilson

IPC: H04L9/08 ,  G06F21/62

CPC classification number: G06F12/1408 ,  G06F11/1448 ,  G06F21/6218 ,  G06F2201/80 ,  G06F2212/1052 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/0897

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices. The method stores the backup data encrypted with a set of data encryption keys. The method also stores the set of data encryption keys encrypted with a master recovery key. The method also stores several copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices. The backup data is only recoverable by accessing a private key of any one of the related devices.

Abstract translation: 一些实施例为一组相关设备中的特定设备提供用于备份在该组相关设备之间同步的数据的方法。 该方法存储用一组数据加密密钥加密的备份数据。 该方法还存储用主恢复密钥加密的一组数据加密密钥。 该方法还存储主恢复密钥数据的几个副本，主恢复密钥数据的每个副本用相关设备中的不同的一个的公钥加密。 备份数据只能通过访问任一相关设备的私钥来恢复。