公开(公告)号：US11176237B2

公开(公告)日：2021-11-16

申请号：US15996413

申请日：2018-06-01

Applicant: Apple Inc.

Inventor： Wade Benson ,  Alexander R. Ledwith ,  Marc J. Krochmal ,  John J. Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra ,  Libor Sykora

IPC: G06F21/34 ,  G06F21/36 ,  H04W4/80 ,  H04W4/02 ,  H04W12/06 ,  H04W12/63 ,  H04W12/082

Abstract: In some embodiments, a first device performs ranging operations to allow a user to access the first device under one of several user accounts without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account under which a user can access (e.g., can log into) the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the user is allowed to access the first device under the first user account. In some embodiments, the substitute interaction occurs while the first device is logged into under a second user account.

公开(公告)号：US11582229B2

公开(公告)日：2023-02-14

申请号：US16888479

申请日：2020-05-29

Applicant: Apple Inc.

Inventor： Dmitry V. Belov ,  Brent A. Fulgham ,  Sudhakar N. Mambakkam ,  Richard J. Mondello ,  Kalyan C. Gopavarapu ,  Edgar Tonatiuh Barragan Corte ,  Libor Sykora

IPC: H04L9/40 ,  H04L41/22 ,  H04L67/02

Abstract: A method and apparatus of a device that authorizes a device for a service is described. In an exemplary embodiment, the device intercepts a request for a web page from a web browser executing on the device, wherein the request includes an indication associated with an authorization request for the service and the web page provides the service. In addition, the device presents an authorization user interface on the device. The device further performs a local authorization using a set of user credentials entered via the authorization user interface. The device additionally performs a server authorization with a server. Furthermore, the device redirects the web browser to the requested web page, wherein the web browser is authorized for the service provided by the web page.

公开(公告)号：US20190013939A1

公开(公告)日：2019-01-10

申请号：US16133645

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  G06F21/32 ,  H04L9/32 ,  H04L9/14 ,  H04L29/06

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US11764954B2

公开(公告)日：2023-09-19

申请号：US16730931

申请日：2019-12-30

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L9/40 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

CPC classification number: H04L9/0861 ,  G06F21/32 ,  G06F21/72 ,  G06F21/74 ,  G06F21/78 ,  H04L9/006 ,  H04L9/0877 ,  H04L9/14 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L9/3263 ,  H04L9/3268 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  G06F13/28 ,  G06F13/4063 ,  G06F21/79 ,  H04L2209/12 ,  H04L2209/127 ,  H04L2463/081

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US20230289787A1

公开(公告)日：2023-09-14

申请号：US18174414

申请日：2023-02-24

Applicant: Apple Inc.

Inventor： Libor Sykora ,  Delfin J. Rojas ,  Paul J. Sholtz ,  Erika Misaki ,  Shiva Krovi ,  Lawrence Aung ,  Julien Lerouge

IPC: G06Q20/38 ,  H04L9/40 ,  H04L9/32 ,  G06Q20/12 ,  G06Q20/40 ,  G06Q20/32 ,  H04W12/069

CPC classification number: G06Q20/3829 ,  H04L63/0861 ,  H04L63/083 ,  H04L9/3268 ,  G06Q20/3825 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/126 ,  G06Q20/12 ,  G06Q20/385 ,  G06Q20/40145 ,  G06Q20/3223 ,  G06Q20/3227 ,  H04W12/069 ,  H04L2209/56 ,  H04L2209/80 ,  G06Q2220/00

Abstract: Techniques are disclosed relating to authentication using public key encryption. In one embodiment, a computing device includes a secure circuit, a processor, and memory. The secure circuit is configured to generate a public key pair usable to authenticate a user of the computing device. The memory has program instructions stored therein that are executable by the processor to cause the computing device to perform operations including authenticating the user with a server system by sending authentication information supplied by the user. The operations further include, in response to the server system verifying the authentication information, receiving a first token usable to register the public key pair with the server system and sending, to the server system, a request to register the public key pair for authenticating the user. In such an embodiment, the request includes the first token and identifies a public key of the public key pair.

公开(公告)号：US11250118B2

公开(公告)日：2022-02-15

申请号：US16388831

申请日：2019-04-18

Applicant: Apple Inc.

Inventor： Alexander R. Ledwith ,  Wade Benson ,  Marc J. Krochmal ,  John J. Iarocci ,  Jerrold V. Hauck ,  Michael Brouwer ,  Mitchell D. Adler ,  Yannick L. Sierra ,  Libor Sykora ,  Jiri Margaritov

IPC: G06F21/34 ,  G06F1/16 ,  H04W12/63

Abstract: In some embodiments, a first device performs ranging operations to allow a user to perform one or more operations on the first device without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account that is authorized to perform operations on the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the operations to be performed on the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the operation is authorized on the first device.

公开(公告)号：US10484172B2

公开(公告)日：2019-11-19

申请号：US15173647

申请日：2016-06-04

Applicant: Apple Inc.

Inventor： Libor Sykora ,  Wade Benson ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L29/06 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. In some embodiments, the secure circuit is configured to generate a public key and a private key for an application, and receive, from the application via an API, a request to perform a cryptographic operation using the private key. The secure circuit is further configured to perform the cryptographic operation in response to the request.

公开(公告)号：US20170357967A1

公开(公告)日：2017-12-14

申请号：US15275281

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Libor Sykora ,  Delfin J. Rojas ,  Paul J. Sholtz ,  Erika Misaki ,  Shiva Krovi ,  Lawrence Aung ,  Julien Lerouge

IPC: G06Q20/38 ,  H04L9/32 ,  H04W12/06 ,  H04L9/30 ,  H04L29/06 ,  H04L9/14 ,  H04W12/04

CPC classification number: G06Q20/3829 ,  G06Q20/12 ,  G06Q20/3223 ,  G06Q20/3227 ,  G06Q20/3825 ,  G06Q20/385 ,  G06Q20/40145 ,  G06Q2220/00 ,  H04L9/3268 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/126 ,  H04L2209/56 ,  H04L2209/80 ,  H04W12/06

Abstract: Techniques are disclosed relating to authentication using public key encryption. In one embodiment, a computing device includes a secure circuit, a processor, and memory. The secure circuit is configured to generate a public key pair usable to authenticate a user of the computing device. The memory has program instructions stored therein that are executable by the processor to cause the computing device to perform operations including authenticating the user with a server system by sending authentication information supplied by the user. The operations further include, in response to the server system verifying the authentication information, receiving a first token usable to register the public key pair with the server system and sending, to the server system, a request to register the public key pair for authenticating the user. In such an embodiment, the request includes the first token and identifies a public key of the public key pair.

公开(公告)号：US11836242B2

公开(公告)日：2023-12-05

申请号：US16840200

申请日：2020-04-03

Applicant: Apple Inc.

Inventor： Irene M. Graff ,  Ahmer A. Khan ,  Christopher Sharp ,  Libor Sykora ,  Lucia E. Ballard ,  Rupamay Saha

IPC: G06F21/45 ,  H04L9/40 ,  H04W12/06

CPC classification number: G06F21/45 ,  H04L63/0861 ,  H04W12/068 ,  G06F2221/2149

Abstract: A device for controlled identity credential release may include at least one processor configured to receive a request to release an identity credential of a user, the identity credential being stored on the device. The at least one processor may be further configured to authenticate the user associated with the identity credential. The at least one processor may be further configured to, responsive to the authentication, provide at least a portion of the identity credential, such as for display and/or to a terminal device over a direct wireless connection. The at least one processor may be further configured to cause the electronic device to enter a locked state and/or to remain in a locked state, responsive to providing the at least the portion of the identity credential.

公开(公告)号：US11593797B2

公开(公告)日：2023-02-28

申请号：US15275281

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Libor Sykora ,  Delfin J. Rojas ,  Paul J. Sholtz ,  Erika Misaki ,  Shiva Krovi ,  Lawrence Aung ,  Julien Lerouge

IPC: H04L9/32 ,  G06Q20/38 ,  H04L9/40 ,  G06Q20/12 ,  G06Q20/40 ,  G06Q20/32 ,  H04W12/069

Abstract: Techniques are disclosed relating to authentication using public key encryption. In one embodiment, a computing device includes a secure circuit, a processor, and memory. The secure circuit is configured to generate a public key pair usable to authenticate a user of the computing device. The memory has program instructions stored therein that are executable by the processor to cause the computing device to perform operations including authenticating the user with a server system by sending authentication information supplied by the user. The operations further include, in response to the server system verifying the authentication information, receiving a first token usable to register the public key pair with the server system and sending, to the server system, a request to register the public key pair for authenticating the user. In such an embodiment, the request includes the first token and identifies a public key of the public key pair.