公开(公告)号：US12113784B2

公开(公告)日：2024-10-08

申请号：US18107982

申请日：2023-02-09

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L Sierra

IPC: H04L9/08 ,  G06F9/445 ,  H04L9/14 ,  H04L9/32 ,  H04L9/40 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/06 ,  H04W12/086

CPC classification number: H04L63/08 ,  G06F9/44505 ,  H04L9/0822 ,  H04L9/085 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3226 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/083 ,  H04L63/107 ,  H04L63/108 ,  H04L63/1466 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/06 ,  H04W12/086 ,  H04L2209/80

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US11868455B2

公开(公告)日：2024-01-09

申请号：US17182076

申请日：2021-02-22

Applicant: Apple Inc.

Inventor： Deepti S. Prakash ,  Lucia E. Ballard ,  Jerrold V. Hauck ,  Feng Tang ,  Etai Littwin ,  Pavan Kumar Anasosalu Vasu ,  Gideon Littwin ,  Thorsten Gernoth ,  Lucie Kucerova ,  Petr Kostka ,  Steven P. Hotelling ,  Eitan Hirsh ,  Tal Kaitz ,  Jonathan Pokrass ,  Andrei Kolin ,  Moshe Laifenfeld ,  Matthew C. Waldon ,  Thomas P. Mensch ,  Lynn R. Youngs ,  Christopher G. Zeleznik ,  Michael R. Malone ,  Ziv Hendel ,  Ivan Krstic ,  Anup K. Sharma

IPC: G06F21/32 ,  H04L9/32 ,  H04W12/06 ,  H04L9/40 ,  G06F21/83 ,  G06V40/40 ,  G06V40/16 ,  H04L9/08

CPC classification number: G06F21/32 ,  G06F21/83 ,  G06V40/166 ,  G06V40/172 ,  G06V40/40 ,  H04L9/085 ,  H04L9/0844 ,  H04L9/3228 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3247 ,  H04L63/0861 ,  H04W12/06

Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.

公开(公告)号：US11818681B2

公开(公告)日：2023-11-14

申请号：US17582785

申请日：2022-01-24

Applicant: Apple Inc.

Inventor： Jerrold V. Hauck ,  Alejandro J. Marquez ,  Timothy R. Paaske ,  Indranil S. Sen ,  Herve Sibert ,  Yannick L. Sierra ,  Raman S. Thiara

IPC: H04W64/00 ,  H04W12/03 ,  H04W12/033 ,  H04W12/041 ,  H04W12/062 ,  H04W12/63 ,  H04W12/065 ,  H04W12/069 ,  H04W12/0431 ,  H04W12/0433 ,  H04W12/0471 ,  H04W76/10 ,  H04L9/32 ,  H04L9/40 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/47 ,  H04W12/33 ,  H04W4/80

CPC classification number: H04W64/00 ,  H04L9/3273 ,  H04L63/061 ,  H04L63/0869 ,  H04W12/02 ,  H04W12/03 ,  H04W12/033 ,  H04W12/04 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04W12/0471 ,  H04W12/06 ,  H04W12/062 ,  H04W12/065 ,  H04W12/069 ,  H04W12/63 ,  H04W76/10 ,  H04L63/0492 ,  H04W4/80 ,  H04W12/33 ,  H04W12/47

Abstract: A secure ranging system can use a secure processing system to deliver one or more ranging keys to a ranging radio on a device, and the ranging radio can derive locally at the system ranging codes based on the ranging keys. A deterministic random number generator can derive the ranging codes using the ranging key and one or more session parameters, and each device (e.g. a cellular telephone and another device) can independently derive the ranging codes and derive them contemporaneously with their use in ranging operations.

公开(公告)号：US11438322B2

公开(公告)日：2022-09-06

申请号：US16264478

申请日：2019-01-31

Applicant: Apple Inc.

Inventor： Wade Benson ,  Marc J. Krochmal ,  Alexander R. Ledwith ,  John Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra

IPC: G06F7/04 ,  G06F17/30 ,  H04L9/40 ,  H04W12/041 ,  H04W12/086 ,  H04W12/0431 ,  G06F9/445 ,  H04W12/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

公开(公告)号：US20220027519A1

公开(公告)日：2022-01-27

申请号：US16936150

申请日：2020-07-22

Applicant: Apple Inc.

Inventor： Mukesh Kataria ,  Jerrold V. Hauck

IPC: G06F21/71 ,  H04L9/32 ,  H04L29/06 ,  G01R31/3177 ,  G01R31/317

Abstract: An apparatus includes one or more functional circuits, a debug circuit configured to implement one or more debug features for the one or more functional circuits, and a validation circuit. The validation circuit is configured to receive a request to access debug features, and to send an identification value corresponding to the apparatus. The validation circuit is further configured to receive a certificate generated by a server computer system, the certificate including encoded debug permissions, and to decode the debug permissions using the identification value. Using the decoded debug permissions, the validation circuit is further configured to enable one or more of the debug features.

公开(公告)号：US11228421B1

公开(公告)日：2022-01-18

申请号：US15884263

申请日：2018-01-30

Applicant: Apple Inc.

Inventor： Arthur Mesh ,  Jerrold V. Hauck ,  Pierre-Olivier J. Martel ,  Wade Benson ,  Oren M. Elrad

IPC: G06F21/00 ,  H04L9/00 ,  H04L9/08 ,  G06F21/31 ,  G06F21/56

Abstract: Secure secrets can be used, in one embodiment, to generate a master key. In one embodiment, a first secret value, generated and stored in a first secure element, can be used with a user's credential (e.g., a user's passcode) to generate, through a first key derivation function, a second secret value. A master key can then be generated through a second key derivation function based on the second secret value and a derived or stored secret such as a device's unique identifier.

公开(公告)号：US20210397716A1

公开(公告)日：2021-12-23

申请号：US17092030

申请日：2020-11-06

Applicant: Apple Inc.

Inventor： Xeno S. Kovah ,  Nikolaj Schlej ,  Thomas P. Mensch ,  Wade Benson ,  Jerrold V. Hauck ,  Josh P. de Cesare ,  Austin G. Jennings ,  John J. Dong ,  Robert C. Graham ,  Jacques Fortier

IPC: G06F21/57 ,  G06F21/72 ,  H04L9/32 ,  G06F9/4401 ,  H04L9/08 ,  H04L29/06 ,  G06F21/73

Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.

公开(公告)号：US11176237B2

公开(公告)日：2021-11-16

申请号：US15996413

申请日：2018-06-01

Applicant: Apple Inc.

Inventor： Wade Benson ,  Alexander R. Ledwith ,  Marc J. Krochmal ,  John J. Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra ,  Libor Sykora

IPC: G06F21/34 ,  G06F21/36 ,  H04W4/80 ,  H04W4/02 ,  H04W12/06 ,  H04W12/63 ,  H04W12/082

Abstract: In some embodiments, a first device performs ranging operations to allow a user to access the first device under one of several user accounts without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account under which a user can access (e.g., can log into) the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the user is allowed to access the first device under the first user account. In some embodiments, the substitute interaction occurs while the first device is logged into under a second user account.

公开(公告)号：US11074582B2

公开(公告)日：2021-07-27

申请号：US15709925

申请日：2017-09-20

Applicant: Apple Inc.

Inventor： Herve Sibert ,  Oren M. Elrad ,  Jerrold V. Hauck ,  Onur E. Tackin ,  Zachary A. Rosen ,  Matthias Lerch

IPC: G06Q20/14 ,  G06Q20/10 ,  G06Q20/40 ,  G06Q20/38 ,  G06F16/182 ,  G06Q20/32 ,  G06Q20/20 ,  G06F21/32 ,  G06F21/31 ,  H04W12/065 ,  H04W12/06 ,  H04L9/32

Abstract: Techniques are disclosed relating to secure data storage. In various embodiments, a mobile device includes a wireless interface, a secure element, and a secure circuit. The secure element is configured to store confidential information associated with a plurality of users and to receive a request to communicate the confidential information associated with a particular one of the plurality of users. The secure element is further configured to communicate, via the wireless interface, the confidential information associated with the particular user in response to an authentication of the particular user. The secure circuit is configured to perform the authentication of the particular user. In some embodiments, the mobile device also includes a biosensor configured to collect biometric information from a user of the mobile device. In such an embodiment, the secure circuit is configured to store biometric information collected from the plurality of users by the biosensor.

公开(公告)号：US10929515B2

公开(公告)日：2021-02-23

申请号：US16049933

申请日：2018-07-31

Applicant: Apple Inc.

Inventor： Deepti S. Prakash ,  Lucia E. Ballard ,  Jerrold V. Hauck ,  Feng Tang ,  Etai Littwin ,  Pavan Kumar Ansosalu Vasu ,  Gideon Littwin ,  Thorsten Gernoth ,  Lucie Kucerova ,  Petr Kostka ,  Steven P. Hotelling ,  Eitan Hirsh ,  Tal Kaitz ,  Jonathan Pokrass ,  Andrei Kolin ,  Moshe Laifenfeld ,  Matthew C. Waldon ,  Thomas P. Mensch ,  Lynn R. Youngs ,  Christopher G. Zeleznik ,  Michael R. Malone ,  Ziv Hendel ,  Ivan Krstic ,  Anup K. Sharma

IPC: G06F21/00 ,  G06F21/32 ,  G06K9/00 ,  H04L9/32 ,  H04W12/06 ,  H04L29/06 ,  G06F21/83 ,  H04L9/08

Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.