公开(公告)号：US11151235B2

公开(公告)日：2021-10-19

申请号：US16050021

申请日：2018-07-31

Applicant: Apple Inc.

Inventor： Deepti S. Prakash ,  Lucia E. Ballard ,  Jerrold V. Hauck ,  Feng Tang ,  Etai Littwin ,  Pavan Kumar Anasosalu Vasu ,  Gideon Littwin ,  Thorsten Gernoth ,  Lucie Kucerova ,  Petr Kostka ,  Steven P. Hotelling ,  Eitan Hirsh ,  Tal Kaitz ,  Jonathan Pokrass ,  Andrei Kolin ,  Moshe Laifenfeld ,  Matthew C. Waldon ,  Thomas P. Mensch ,  Lynn R. Youngs ,  Christopher G. Zeleznik ,  Michael R. Malone ,  Ziv Hendel ,  Ivan Krstic ,  Anup K. Sharma ,  Kelsey Y. Ho

IPC: G06F21/32 ,  G06K9/00 ,  H04L9/32 ,  H04W12/06 ,  H04L29/06 ,  G06F21/83 ,  H04L9/08

Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.

公开(公告)号：US20210286865A1

公开(公告)日：2021-09-16

申请号：US17182076

申请日：2021-02-22

Applicant: Apple Inc.

Inventor： Deepti S. Prakash ,  Lucia E. Ballard ,  Jerrold V. Hauck ,  Feng Tang ,  Etai Littwin ,  Pavan Kumar Ansosalu Vasu ,  Gideon Littwin ,  Thorsten Gernoth ,  Lucie Kucerova ,  Petr Kostka ,  Steven P. Hotelling ,  Eitan Hirsh ,  Tal Kaitz ,  Jonathan Pokrass ,  Andrei Kolin ,  Moshe Laifenfeld ,  Matthew C. Waldon ,  Thomas P. Mensch ,  Lynn R. Youngs ,  Christopher G. Zeleznik ,  Michael R. Malone ,  Ziv Hendel ,  Ivan Krstic ,  Anup K. Sharma

IPC: G06F21/32 ,  G06K9/00 ,  H04L9/32 ,  H04W12/06 ,  H04L29/06 ,  G06F21/83 ,  H04L9/08

Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.

公开(公告)号：US11025418B2

公开(公告)日：2021-06-01

申请号：US16436328

申请日：2019-06-10

Applicant: Apple Inc.

Inventor： Kumar Saurav ,  Jerrold V. Hauck ,  Yannick L. Sierra ,  Charles E. Gray ,  Roberto G. Yepez ,  Samuel Gosselin ,  Petr Kostka ,  Wade Benson

IPC: H04L9/08 ,  G06F21/60 ,  G06F21/74

Abstract: A device may include a secure processor and a secure memory coupled to the secure processor. The secure memory may be inaccessible to other device systems. The secure processor may store some keys and/or entropy values in the secure memory and other keys and/or entropy values outside the secure memory. The keys and/or entropy values stored outside the secure memory may be encrypted using information stored inside the secure memory.

公开(公告)号：US10824705B2

公开(公告)日：2020-11-03

申请号：US15980694

申请日：2018-05-15

Applicant: Apple Inc.

Inventor： Lucia E. Ballard ,  Jerrold V. Hauck ,  Deepti S. Prakash ,  Jan Cibulka ,  Ivan Krstic

IPC: H04M1/66 ,  G06F21/32 ,  G06F21/78 ,  G06F21/62 ,  H04M1/725 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W12/08 ,  G06F21/34 ,  G06Q20/32

Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

公开(公告)号：US20200213133A1

公开(公告)日：2020-07-02

申请号：US16537391

申请日：2019-08-09

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14 ,  G06F8/654 ,  H04W12/00

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US10552830B2

公开(公告)日：2020-02-04

申请号：US14475292

申请日：2014-09-02

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Joakim Linde ,  Christopher Sharp ,  Jerrold V. Hauck

IPC: G06Q20/32 ,  G06Q20/38 ,  H04W12/08 ,  H04W12/00

Abstract: Systems, methods, and computer-readable media for managing credentials are provided. In one example embodiment, an electronic device may include a secure element with a security domain element stored on the secure element. The electronic device may also include a processor component that may be configured to, inter alia, permanently terminate the functionality of the security domain element, after the functionality has been permanently terminated, communicatively couple the electronic device to a trusted service manager, and transmit data to the communicatively coupled trusted service manager that may be usable by the trusted service manager to determine that the functionality has been permanently terminated. Additional embodiments are also provided.

公开(公告)号：US20190251546A1

公开(公告)日：2019-08-15

申请号：US16394452

申请日：2019-04-25

Applicant: Apple Inc.

Inventor： Ahmer A. Khan ,  Gregory B. Novick ,  Jerrold V. Hauck ,  Saket R. Vora ,  Yehonatan Perez

IPC: G06Q20/32 ,  G06Q20/34 ,  G06Q20/40 ,  G06Q20/38 ,  G06Q20/36

CPC classification number: G06Q20/3227 ,  G06Q20/32 ,  G06Q20/3278 ,  G06Q20/352 ,  G06Q20/353 ,  G06Q20/367 ,  G06Q20/382 ,  G06Q20/4018 ,  G06Q20/4097 ,  G06Q20/40975

Abstract: Methods for operating a portable electronic device to conduct a mobile payment transaction at a merchant terminal are provided. The electronic device may verify that the current user of the device is indeed the authorized owner by requiring the current user to enter a passcode. If the user is able to provide the correct passcode, the device is only partly ready to conduct a mobile payment. In order for the user to fully activate the payment function, the user may have to supply a predetermined payment activation input such as a double button press that notifies the device that the user intends to perform a financial transaction in the immediate future. The device may subsequently activate a payment applet for a predetermined period of time during which the user may hold the device within a field of the merchant terminal to complete a near field communications based mobile payment transaction.

公开(公告)号：US10382210B2

公开(公告)日：2019-08-13

申请号：US15274836

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Tristan F. Schaap ,  Conrad Sauerwald ,  Craig A. Marciniak ,  Jerrold V. Hauck ,  Zachary F. Papilion ,  Jeffrey Lee

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04W12/04 ,  H04W12/06 ,  H04W76/14 ,  G06F8/654 ,  H04L29/08 ,  H04W4/80

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

公开(公告)号：US10372932B2

公开(公告)日：2019-08-06

申请号：US15400765

申请日：2017-01-06

Applicant: Apple Inc.

Inventor： Thomas P. Mensch ,  Jason D. Gosnell ,  Jerrold V. Hauck ,  Muralidhar S. Vempaty ,  Dallas B. De Atley

IPC: G06F21/57 ,  G06F21/62 ,  G06F21/60 ,  H04L9/32 ,  H04L29/06

Abstract: In various embodiments, methods, devices and systems for securely generating, sealing, and restoring factory-generated calibration and provisioning data for an electronic device are described, in which calibration and provisioning data for an electronic device are generated in a distributed manner and stored on a storage system. The calibration data can be retrieved from the storage system during device assembly and finalized calibration and provisioning data for each electronic device can be stored to the storage system. In one embodiment, a sealing server, to attest to the authenticity of the factory generated data, seals the finalized calibration data. In one embodiment, an electronic device can access a data store containing the factory-generated data and can update or restore calibration or provisioning data for the device from the data store.

公开(公告)号：US10251054B2

公开(公告)日：2019-04-02

申请号：US15698950

申请日：2017-09-08

Applicant: APPLE INC.

Inventor： Mehdi Ziat ,  Christopher Sharp ,  Kevin P. McLaughlin ,  Li Li ,  Jerrold V. Hauck ,  Yousuf H. Vaid

IPC: H04W4/00 ,  H04W8/22 ,  G06F9/445 ,  G06F9/50

Abstract: Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification to the PCF when it is determined the PCF package is valid.