公开(公告)号：US11777936B2

公开(公告)日：2023-10-03

申请号：US17251140

申请日：2019-06-07

Applicant: Apple Inc.

Inventor： Florian Galdo ,  Stephanie R. Martin ,  Yannick L. Sierra ,  Ivan Krstic ,  Christopher A. Volkert ,  Najeeb M. Abdulrahiman ,  Matthias Lerch ,  Onur E. Tackin ,  Kyle C. Brogle

IPC: H04L9/40 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32 ,  H04W12/03 ,  G06Q20/38 ,  H04W4/12

CPC classification number: H04L63/10 ,  G06F21/335 ,  H04L9/0894 ,  H04L9/3213 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/0823 ,  G06Q20/3825 ,  G06Q20/3829 ,  G06Q2220/00 ,  G06Q2240/00 ,  H04L2209/84 ,  H04W4/12 ,  H04W12/03

Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.

公开(公告)号：US11468162B2

公开(公告)日：2022-10-11

申请号：US16677500

申请日：2019-11-07

Applicant: Apple Inc.

Inventor： Conrad A. Shultz ,  Richard J. Mondello ,  Reza Abbasian ,  Ivan Krstic ,  Darin Adler ,  Charilaos Papadopoulos ,  Maureen Grace Daum ,  Guillaume Borios ,  Patrick Robert Burns ,  Alexander David Sanciangco ,  Brent Michael Ledvina ,  Chelsea Elizabeth Pugh ,  Kyle Brogle ,  Marc J. Krochmal ,  Jacob Klapper ,  Paul Russell Knight ,  Connor David Graham ,  Shengkai Wu ,  I-Ting Liu ,  Steven Jon Falkenburg

IPC: G06F21/46 ,  G06F3/0482 ,  G06F3/04886 ,  G06F21/31

Abstract: In accordance with some embodiments, the method includes: detecting, via the one or more input devices, a request to display information for password protected accounts; and, in response to detecting the request, concurrently displaying, on the display device: a representation of a first password protected account that is associated with a credential having one or more security issues, wherein the representation of the first password protected account is visually associated with an alert indicator indicating the one or more security issues associated with the credential of the first password protected account; and a representation of a second password protected account that is associated with a credential having one or more security issues, wherein the representation of the second password protected account is visually associated with an alert indicator indicating the one or more security issues associated with the credential of the second password protected account.

公开(公告)号：US11100242B2

公开(公告)日：2021-08-24

申请号：US14292705

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Ivan Krstic ,  Pierre-Olivier J. Martel ,  Austin G. Jennings

IPC: G06F21/62 ,  G06F21/44

Abstract: Techniques for access control of a data processing system are described. In one embodiment, in response to a request from an application for accessing a resource of a data processing system, it is determined a first class of resources the requested resource belongs. A second class of resources the application is entitled to access is determined based on a resource entitlement encoded within the application and authorized by a predetermined authority. The application is allowed to access the resource if the first class and the second class of resources are matched. The application is denied from accessing the resource if the first class and the second class are not matched, regardless an operating privilege level of the application.

公开(公告)号：US20210250355A1

公开(公告)日：2021-08-12

申请号：US17251140

申请日：2019-06-07

Applicant: Apple Inc.

Inventor： Florian Galdo ,  Stephanie R. Martin ,  Yannick L. Sierra ,  Ivan Krstic ,  Christopher A. Volkert ,  Najeeb M. Abdulrahiman ,  Matthias Lerch ,  Onur E. Tackin ,  Kyle C. Brogle

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33 ,  H04L9/08

Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.

公开(公告)号：US11055438B2

公开(公告)日：2021-07-06

申请号：US15060837

申请日：2016-03-04

Applicant: Apple Inc.

Inventor： Ivan Krstic ,  Austin G. Jennings ,  Richard L. Hagy

IPC: G06F9/46 ,  G06F21/62 ,  G06F21/51 ,  G06F21/53 ,  G06F21/10

Abstract: In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.

公开(公告)号：US10929515B2

公开(公告)日：2021-02-23

申请号：US16049933

申请日：2018-07-31

Applicant: Apple Inc.

Inventor： Deepti S. Prakash ,  Lucia E. Ballard ,  Jerrold V. Hauck ,  Feng Tang ,  Etai Littwin ,  Pavan Kumar Ansosalu Vasu ,  Gideon Littwin ,  Thorsten Gernoth ,  Lucie Kucerova ,  Petr Kostka ,  Steven P. Hotelling ,  Eitan Hirsh ,  Tal Kaitz ,  Jonathan Pokrass ,  Andrei Kolin ,  Moshe Laifenfeld ,  Matthew C. Waldon ,  Thomas P. Mensch ,  Lynn R. Youngs ,  Christopher G. Zeleznik ,  Michael R. Malone ,  Ziv Hendel ,  Ivan Krstic ,  Anup K. Sharma

IPC: G06F21/00 ,  G06F21/32 ,  G06K9/00 ,  H04L9/32 ,  H04W12/06 ,  H04L29/06 ,  G06F21/83 ,  H04L9/08

Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.

公开(公告)号：US20190236254A1

公开(公告)日：2019-08-01

申请号：US16371860

申请日：2019-04-01

Applicant: Apple Inc.

Inventor： Lucia E. Ballard ,  Jerrold V. Hauck ,  Deepti S. Prakash ,  Jan Cibulka ,  Ivan Krstic

IPC: G06F21/32 ,  G06F21/34

CPC classification number: G06F21/32 ,  G06F21/34 ,  G06F21/6218 ,  G06F21/78 ,  G06F2221/2149 ,  G06F2221/2153 ,  G06Q20/3227 ,  H04L9/3226 ,  H04L9/3231 ,  H04L29/06809 ,  H04L63/0861 ,  H04L63/102 ,  H04L63/105 ,  H04L2463/082 ,  H04M1/72577 ,  H04W12/06 ,  H04W12/08

Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

公开(公告)号：US20190044723A1

公开(公告)日：2019-02-07

申请号：US16049933

申请日：2018-07-31

Applicant: Apple Inc.

Inventor： Deepti S. Prakash ,  Lucia E. Ballard ,  Jerrold V. Hauck ,  Feng Tang ,  Etai Littwin ,  Pavan Kumar Ansosalu Vasu ,  Gideon Littwin ,  Thorsten Gernoth ,  Lucie Kucerova ,  Petr Kostka ,  Steven P. Hotelling ,  Eitan Hirsh ,  Tal Kaitz ,  Jonathan Pokrass ,  Andrei Kolin ,  Moshe Laifenfeld ,  Matthew C. Waldon ,  Thomas P. Mensch ,  Lynn R. Youngs ,  Christopher G. Zeleznik ,  Michael R. Malone ,  Ziv Hendel ,  Ivan Krstic ,  Anup K. Sharma

IPC: H04L9/32 ,  G06F21/32 ,  H04L9/08 ,  G06K9/00

Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.

公开(公告)号：US10019598B2

公开(公告)日：2018-07-10

申请号：US14871212

申请日：2015-09-30

Applicant: Apple Inc.

Inventor： Kevin J. Van Vechten ,  Damien Pascal Sorresso ,  Richard L. Hagy ,  Ivan Krstic

IPC: G06F21/52 ,  G06F21/62 ,  G06F9/46 ,  G06F9/445 ,  G06F9/54

CPC classification number: G06F21/629 ,  G06F9/44521 ,  G06F9/468 ,  G06F9/541 ,  G06F9/542 ,  G06F21/52

Abstract: When an application is launched, a framework scanning module scans a plurality of frameworks linked against by the application to generate a list of available services. When the application makes a request of a particular service, a service verification module compares the requested service to the list of available services and if the requested service is found in the list of available services, sends a signal to the application, the signal allowing access to the requested service for the application. Otherwise, access to the requested service is denied.

公开(公告)号：US09602520B2

公开(公告)日：2017-03-21

申请号：US14932877

申请日：2015-11-04

Applicant: Apple Inc.

Inventor： Oliver J. Hunt ,  Ivan Krstic

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1408 ,  H04L63/1466 ,  H04L67/02

Abstract: Methods and apparatus are disclosed for detecting illegitimate or spoofed links on a web page. Illegitimate links can be detected by receiving a web link that includes link text and a link address, generating normalized link text based upon the link text, wherein characters in the link text that are visually similar are represented by a single normalized character identifier in the normalized text, determining whether the normalized link text is in the format of a link address, and determining that the text is safe when the normalized link text is not in the format of a link address. The techniques disclosed herein further involve determining whether the normalized link text matches the link address, determining that the text is safe when the normalized link text matches the link address, and determining that the text is unsafe when the normalized link text does not match the link address.