-
公开(公告)号:US20200233984A1
公开(公告)日:2020-07-23
申请号:US16403259
申请日:2019-05-03
Applicant: Apple Inc.
Inventor: Loukas Kalenderidis , Ivan Krstic , Brian J. Dawbin , Filip Stoklas , Carmen A. Bovalino, III , Shyam S. Toprani , Christopher B. Zimmermann , Libor Sykora , Arnold S. Liu , Lucia E. Ballard
Abstract: Techniques are disclosed relating to securing an accessory interface on a computing device. In various embodiments, a computing device detects a connection of an accessory device to an accessory interface port and, in response to the detected connection, evaluates a policy defining one or more criteria for restricting unauthorized access to the accessory interface port. Based on the evaluating, the computing device determines whether to disable the accessory interface port to prevent communication with the connected accessory device. In some embodiments, the computing device includes an interconnect coupled between the processor and the accessory interface port, and the interconnect includes a hub circuit configured to facilitate communication between a plurality of devices via the interconnect. In some embodiments, the computing device, in response to determining to disable the accessory interface port, instructs the hub circuit to prevent traffic from being conveyed from the accessory interface port.
-
公开(公告)号:US09811393B2
公开(公告)日:2017-11-07
申请号:US14488126
申请日:2014-09-16
Applicant: Apple Inc.
Inventor: Peter Kiehtreiber , Olivier Gutknecht , Ivan Krstic , Adele Peterson , Samuel M. Weinig , Yongjun Zhang , Ian J. Baird
Abstract: According to one embodiment, in response to an inquiry received from a first application for an extension service associated with a first of a plurality of extension points of an operating system, a list of one or more extensions is identified that have been registered for the first extension point with the operating system, where the first application is executed within a first sandboxed environment. The identified list of extensions is displayed to prompt a user to select one of the extensions to be associated with the first application. In response to a selection of one of the extensions, the selected extension is launched in a second sandboxed environment. The selected extension and the second application were packaged in an application bundle, and when the application bundle was installed, the selected extension and the second application appeared in a registry of the operating system as separate applications.
-
公开(公告)号:US09684547B2
公开(公告)日:2017-06-20
申请号:US14488122
申请日:2014-09-16
Applicant: Apple Inc.
Inventor: Ivan Krstic , Damien P. Sorresso , Jason C. Beaver , Sophia Teutschler , Ian J. Baird
Abstract: Techniques for handling security of an application and its extension are described. In one embodiment, an application manager of an operating system running within a data processing system launches an application in a first sandboxed environment based on a first security profile associated with the application. In response to receiving a request from the application for accessing a function of an application extension that is associated with the application, the application manager launches the application extension in a second sandboxed environment based on a second security profile associated with the application extension. The application manager is to individually enforce security and manage resources of the application and the application extension in the first and second sandboxed environments based on the first and second security profiles, respectively. The second security profile specifies resources fewer than the first security profile.
-
公开(公告)号:US20160359837A1
公开(公告)日:2016-12-08
申请号:US14872034
申请日:2015-09-30
Applicant: Apple Inc.
Inventor: Ivan Krstic , James Wilson , Eric Daniel Friedman , Selvarajan Subramaniam , Patrice O. Gautier , John Patrick Gates , Ramarathnam Santhanagopal , Prabhakaran Vaidyanathaswami , Sudhakar Mambakkam , Raghunandan Pai , Karthik Narayanan
CPC classification number: H04L63/102 , G06F12/1408 , G06F21/42 , G06F21/45 , G06F2212/1052 , G06F2221/2131 , H04L63/0807 , H04L63/083 , H04L63/0861
Abstract: Some embodiments of the invention provide a program for recovering access to an account. The program receives an access recovery parameter (ARP) after providing a first credential to log into an account and providing a notification of a second credential necessary for accessing another resource. The program then receives a request to modify the first credential and receives the second credential. Next, after authenticating the second credential, the program uses the ARP to modify the first credential without providing the first credential.
Abstract translation: 本发明的一些实施例提供了一种用于恢复对帐户的访问的程序。 该程序在提供第一个证书以登录帐户并提供访问另一个资源所必需的第二个凭证的通知之后接收访问恢复参数(ARP)。 该程序然后接收修改第一个证书并接收第二个凭证的请求。 接下来,在验证第二凭证之后,程序使用ARP来修改第一凭证而不提供第一凭证。
-
公开(公告)号:US20160125194A1
公开(公告)日:2016-05-05
申请号:US14871212
申请日:2015-09-30
Applicant: Apple Inc.
Inventor: Kevin J. Van Vechten , Damien Pascal Sorresso , Richard L. Hagy , Ivan Krstic
CPC classification number: G06F21/629 , G06F9/44521 , G06F9/468 , G06F9/541 , G06F9/542 , G06F21/52
Abstract: When an application is launched, a framework scanning module scans a plurality of frameworks linked against by the application to generate a list of available services. When the application makes a request of a particular service, a service verification module compares the requested service to the list of available services and if the requested service is found in the list of available services, sends a signal to the application, the signal allowing access to the requested service for the application. Otherwise, access to the requested service is denied.
Abstract translation: 当启动应用程序时,框架扫描模块扫描由应用程序链接的多个框架以生成可用服务的列表。 当应用程序请求特定服务时,服务验证模块将所请求的服务与可用服务的列表进行比较,并且如果在可用服务的列表中找到所请求的服务,则向应用发送信号,允许访问的信号 到应用程序的请求服务。 否则,拒绝对请求的服务的访问。
-
Patent Agency Ranking
公开(公告)号:US20150156210A1
公开(公告)日:2015-06-04
申请号:US14097140
申请日:2013-12-04
Applicant: Apple Inc.
Inventor: Oliver J. Hunt , Ivan Krstic
IPC: H04L29/06
CPC classification number: H04L63/1408 , H04L63/1466 , H04L67/02
Abstract: Methods and apparatus are disclosed for detecting illegitimate or spoofed links on a web page. Illegitimate links can be detected by receiving a web link that includes link text and a link address, generating normalized link text based upon the link text, wherein characters in the link text that are visually similar are represented by a single normalized character identifier in the normalized text, determining whether the normalized link text is in the format of a link address, and determining that the text is safe when the normalized link text is not in the format of a link address. The techniques disclosed herein further involve determining whether the normalized link text matches the link address, determining that the text is safe when the normalized link text matches the link address, and determining that the text is unsafe when the normalized link text does not match the link address.
Abstract translation: 公开了用于检测网页上的非法或欺骗性链接的方法和装置。 可以通过接收包括链接文本和链接地址的网络链接来检测非法链接,基于链接文本生成规范化的链接文本,其中在视觉上相似的链接文本中的字符由归一化的标准化字符标识符 确定标准化链接文本是否是链接地址的格式,并且当标准化链接文本不是链接地址的格式时确定文本是安全的。 本文公开的技术还涉及确定归一化链接文本是否与链接地址匹配,当标准化链接文本与链接地址匹配时确定文本是安全的,并且当标准化链接文本与链接不匹配时确定该文本是不安全的 地址。
-
公开(公告)号:US20140310781A1
公开(公告)日:2014-10-16
申请号:US14273309
申请日:2014-05-08
Applicant: APPLE INC.
Inventor: Philip J. Holland , Ivan Krstic , Pierre-Oliver J. Martel
IPC: H04L29/06 , G06F3/0481
CPC classification number: H04L63/10 , G06F3/048 , G06F3/0481 , G06F9/451 , G06F21/53 , G06F21/6281 , G06F2209/545
Abstract: According to one aspect, a graphics management system receives a first message from a first process for granting one or more rights to a second process for accessing a GUI element owned by the first process. In response, the graphics management system transmits a second message to the second process, the second message offering the one or more rights to the second process. The graphics management system receives a third message from the second process indicating an acceptance of the offer. Thereafter, the graphics management system restricts access of the GUI element by the second process based on the one or more rights accepted by the second process.
Abstract translation: 根据一个方面,图形管理系统从第一进程接收第一消息,用于向用于访问由第一进程所拥有的GUI元素的第二进程授予一个或多个权限。 作为响应,图形管理系统向第二进程发送第二消息,第二消息向第二进程提供一个或多个权限。 图形管理系统从第二进程接收到第三个消息,指示接受该要约。 此后,图形管理系统基于第二处理所接受的一个或多个权限,限制GUI元素的访问。
-
8.发明授权公开(公告)号:US08752070B2
公开(公告)日:2014-06-10
申请号:US13748145
申请日:2013-01-23
Applicant: Apple Inc.
Inventor: Philip J. Holland , Ivan Krstic , Pierre-Oliver J. Martel
IPC: G06F13/00
CPC classification number: H04L63/10 , G06F3/048 , G06F3/0481 , G06F9/451 , G06F21/53 , G06F21/6281 , G06F2209/545
Abstract: According to one aspect, a graphics management system receives a first message from a first process for granting one or more rights to a second process for accessing a GUI element owned by the first process. In response, the graphics management system transmits a second message to the second process, the second message offering the one or more rights to the second process. The graphics management system receives a third message from the second process indicating an acceptance of the offer. Thereafter, the graphics management system restricts access of the GUI element by the second process based on the one or more rights accepted by the second process.
Abstract translation: 根据一个方面,图形管理系统从第一进程接收第一消息,用于向用于访问由第一进程所拥有的GUI元素的第二进程授予一个或多个权限。 作为响应,图形管理系统向第二进程发送第二消息,第二消息向第二进程提供一个或多个权限。 图形管理系统从第二进程接收到第三个消息,指示接受该要约。 此后,图形管理系统基于第二处理所接受的一个或多个权限,限制GUI元素的访问。
-
9.发明申请公开(公告)号:US20130283344A1
公开(公告)日:2013-10-24
申请号:US13922188
申请日:2013-06-19
Applicant: Apple Inc.
Inventor: Ivan Krstic , Austin G. Jennings , Richard L. Hagy
IPC: G06F21/10
CPC classification number: G06F21/6281 , G06F21/10 , G06F21/51 , G06F21/53 , G06F21/629 , G06F2221/033 , G06F2221/0735
Abstract: In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.
Abstract translation: 响应于启动程序的请求,确定在程序执行期间由程序访问的一个或多个应用程序框架的列表。 确定在执行期间表示由程序授权的一个或多个资源的零个或多个授权。 从应用程序框架中的至少一个获得基于程序的权利的一组或多个规则。 所述一个或多个规则的集合指定与所述至少一个应用框架相关联的资源的一个或多个约束。 基于与所述至少一个应用框架相关联的一个或多个规则的集合,为所述程序动态地编译安全简档。 编译的安全简档用于在程序执行期间限制程序访问至少一个应用程序框架的至少一个资源。
-
公开(公告)号:US11522866B2
公开(公告)日:2022-12-06
申请号:US17308027
申请日:2021-05-04
Applicant: Apple Inc.
Inventor: Ivan Krstic , James Wilson , Eric Daniel Friedman , Selvarajan Subramaniam , Patrice O. Gautier , John Patrick Gates , Ramarathnam Santhanagopal , Prabhakaran Vaidyanathaswami , Sudhakar Mambakkam , Raghunandan Pai , Karthik Narayanan
Abstract: Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.
-
-
-
-
-
-
-
-
-
Search Results
57
records
(took 0.042 seconds)
