公开(公告)号：US10747295B1

公开(公告)日：2020-08-18

申请号：US15721411

申请日：2017-09-29

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Josh P. de Cesare

IPC: G06F1/3287 ,  G06F1/26 ,  G06F9/4401 ,  G06F3/06 ,  G06F11/20

Abstract: Techniques are disclosed relating a computer system in a power-down state receiving a communication from a remote computer system and performing a task indicated by the communication. The computer system in a power-down state performs the task without transitioning from the power-down state into a power-up state. Exemplary tasks performed in the power-down state include uploading one or more files to a remote computer system, downloading one or more files from a remote computer system, deleting one or more files from the computer system, accessing input/output devices, disabling the computer system, and performing a memory check on the computer system.

公开(公告)号：US10713351B2

公开(公告)日：2020-07-14

申请号：US16133625

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/00 ,  G06F21/46 ,  G06F21/60 ,  G06F21/44 ,  G06F21/85 ,  H04L9/08

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

公开(公告)号：US10536271B1

公开(公告)日：2020-01-14

申请号：US15435229

申请日：2017-02-16

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Conrad Sauerwald ,  Jerrold V. Hauck ,  Timothy R. Paaske ,  Zhimin Chen ,  Andrew R. Whalley

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32 ,  G06F21/70 ,  G06F21/73 ,  G06F21/57

Abstract: Systems and methods are disclosed for generating one or more hardware reference keys (HRK) on a computing device, and for attesting to the validity of the hardware reference keys. An initial hardware reference key can be a silicon attestation key (SIK) generated during manufacture of a computing system, such as a system-on-a-chip. The SIK can comprise an asymmetric key pair based at least in part on an identifier of the processing system type and a unique identifier of the processing system. The SIK can be signed by the computing system and stored thereon. The SIK can be used to generate further HRKs on the computing device that can attest to the processing system type of the computing device and an operating system version that was running when the HRK was generated. The computing device can generate an HRK attestation (HRKA) for each HRK generated on the computing system.

公开(公告)号：US20190114433A1

公开(公告)日：2019-04-18

申请号：US16206092

申请日：2018-11-30

Applicant: Apple Inc.

Inventor： Joshua P. de Cesare ,  Timothy R. Paaske ,  Xeno S. Kovah ,  Nikolaj Schlej ,  Jeffrey R. Wilcox ,  Hardik K. Doshi ,  Kevin H. Alderfer ,  Corey T. Kallenberg

IPC: G06F21/57 ,  G06F21/62 ,  G06F9/4401 ,  G06F21/79

Abstract: A method and apparatus for protecting boot variables is disclosed. A computer system includes a main processor and an auxiliary processor. The auxiliary processor is associated with a non-volatile memory that stores variables associated with boot code that is also stored thereon. The main processor may send a request to the auxiliary processor to alter one of the variables stored in the non-volatile memory. Responsive to receiving the request, the auxiliary processor may execute a security policy to determine if the main processor meets the criteria for altering the variable. If the auxiliary processor determines that the main processor meets the criteria, it may grant permission to alter the variable.

公开(公告)号：US20190102558A1

公开(公告)日：2019-04-04

申请号：US16205838

申请日：2018-11-30

Applicant: Apple Inc.

Inventor： Joshua P. de Cesare ,  Timothy R. Paaske ,  Xeno S. Kovah ,  Nikolaj Schlej ,  Jeffrey R. Wilcox ,  Ezekiel T. Runyon ,  Hardik K. Doshi ,  Kevin H. Alderfer ,  Corey T. Kallenberg

IPC: G06F21/57 ,  G06F9/4401

Abstract: A method and apparatus for performing a secure boot of a computer system is disclosed. A computer system according to the disclosure includes an auxiliary processor and a main processor. The boot process includes initially booting the auxiliary processor. The auxiliary processor is associated with a non-volatile memory storing boot code for the main processor. The auxiliary processor may perform a verification of the boot code. Subsequent to verifying the boot code, the main processor may be released from a reset state. Once the main processor is no longer in the reset state, the boot code may be provided thereto. Thereafter, the boot procedure may continue with the main processor executing the boot code.

公开(公告)号：US09959124B1

公开(公告)日：2018-05-01

申请号：US14498428

申请日：2014-09-26

Applicant: Apple Inc.

Inventor： Gilbert H. Herbeck ,  Manu Gulati ,  Erik P. Machnicki ,  Timothy R. Paaske

IPC: G06F1/32 ,  G06F9/44

CPC classification number: G06F9/4401 ,  G06F1/3287 ,  G06F9/4411 ,  G06F9/4418

Abstract: In an embodiment, a system includes a functional unit that remains powered when the remainder of the system is powered off. The functional unit may, in response to a transition from a first power state to a second power state, retrieve configuration information from a read-only memory. In some embodiments, may be configured to store at least a portion of the configured information in a secure portion of a memory included in the functional unit and then lock the secure portion of the memory. The functional unit may then complete the transition to the second power state.

公开(公告)号：US09747435B2

公开(公告)日：2017-08-29

申请号：US14696581

申请日：2015-04-27

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/00 ,  G06F21/46 ,  G06F21/60

CPC classification number: G06F21/46 ,  G06F21/44 ,  G06F21/602 ,  G06F21/606 ,  G06F21/85 ,  G06F2221/2137 ,  H04L9/088

Abstract: An apparatus, a method, and a system are presented in which the apparatus may include a security circuit, a processor, and an interface controller. The security circuit may be configured to generate a keyword. The processor may be configured to determine one or more policies to be applied to usage of the keyword, and to generate a policy value. The policy value may include one or more data bits indicative of the determined one or more policies. The interface controller may be configured to generate a message including the keyword and the policy value. The interface controller may also be configured to send the message.

公开(公告)号：US09262362B2

公开(公告)日：2016-02-16

申请号：US14041818

申请日：2013-09-30

Applicant: Apple Inc.

Inventor： Shu-Yi Yu ,  Timothy R. Paaske

IPC: G06F3/00 ,  G06F5/00 ,  G06F13/40 ,  G06F9/38

CPC classification number: G06F13/4068 ,  G06F9/3869 ,  G06F13/4217 ,  G06F2213/0038

Abstract: A system is disclosed that may compensate for bus timing that may vary over operating conditions of a bus. The system may include a communication bus, a first functional unit configured to transmit data via the communication bus, and a second functional unit configured to receive data via the bus. The first functional unit may transmit a first value via the communication bus to the second functional unit. The first functional unit may be further configured to assert a data valid signal responsive to a determination that a first time period has elapsed since the transmission of the first data value. The second functional unit may be configured to receive the first data value and sample the first data value dependent upon the data valid signal.

Abstract translation: 公开了可以补偿可能随总线的操作条件而变化的总线时序的系统。 该系统可以包括通信总线，被配置为经由通信总线发送数据的第一功能单元和被配置为经由总线接收数据的第二功能单元。 第一功能单元可以经由通信总线向第二功能单元发送第一值。 第一功能单元还可以被配置为响应于从发送第一数据值开始经过第一时间段的确定来断言数据有效信号。 第二功能单元可以被配置为接收第一数据值并且取决于数据有效信号对第一数据值进行采样。

公开(公告)号：US09047471B2

公开(公告)日：2015-06-02

申请号：US13626585

申请日：2012-09-25

Applicant: Apple Inc.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Timothy R. Paaske ,  Michael J. Smith

IPC: G06F9/24 ,  G06F1/24 ,  G06F15/177 ,  G06F7/04 ,  H04N7/16 ,  G06F21/57 ,  G06F21/74 ,  G06F21/76 ,  G06F21/00 ,  G06F9/44 ,  G06F12/14 ,  G06F9/445 ,  G06F15/167

CPC classification number: G06F21/575 ,  G06F1/24 ,  G06F9/24 ,  G06F9/4401 ,  G06F9/44505 ,  G06F12/14 ,  G06F15/167 ,  G06F21/00 ,  G06F21/572 ,  G06F21/60 ,  G06F21/74 ,  G06F21/76 ,  G06F21/81

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US20150095535A1

公开(公告)日：2015-04-02

申请号：US14041818

申请日：2013-09-30

Applicant: Apple Inc.

Inventor： Shu-Yi Yu ,  Timothy R. Paaske

IPC: G06F13/40

CPC classification number: G06F13/4068 ,  G06F9/3869 ,  G06F13/4217 ,  G06F2213/0038

Abstract: A system is disclosed that may compensate for bus timing that may vary over operating conditions of a bus. The system may include a communication bus, a first functional unit configured to transmit data via the communication bus, and a second functional unit configured to receive data via the bus. The first functional unit may transmit a first value via the communication bus to the second functional unit. The first functional unit may be further configured to assert a data valid signal responsive to a determination that a first time period has elapsed since the transmission of the first data value. The second functional unit may be configured to receive the first data value and sample the first data value dependent upon the data valid signal.

Abstract translation: 公开了可以补偿可能随总线的操作条件而变化的总线时序的系统。 该系统可以包括通信总线，被配置为经由通信总线发送数据的第一功能单元和被配置为经由总线接收数据的第二功能单元。 第一功能单元可以经由通信总线向第二功能单元发送第一值。 第一功能单元还可以被配置为响应于从发送第一数据值开始经过第一时间段的确定来断言数据有效信号。 第二功能单元可以被配置为接收第一数据值并且取决于数据有效信号对第一数据值进行采样。