-
公开(公告)号:US09137261B2
公开(公告)日:2015-09-15
申请号:US13624836
申请日:2012-09-21
Applicant: Apple Inc.
Inventor: Peter Kiehtreiber , Jacques A. Vidrine , Christopher S. Linn , Randy D. Saldinger , Braden J. Thomas
CPC classification number: H04L63/20 , G06F21/51 , H04L63/1433 , H04L63/1441
Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.
Abstract translation: 提供了作为设备的操作系统的一部分的新颖的安全框架。 该框架包括一个安全评估员,该执行者对于在设备上执行的应用程序需要执行的不同操作执行安全策略评估。 这种操作的示例包括安装应用程序,执行应用程序以及应用程序打开内容文件(例如打开文档)。
-
公开(公告)号:US20130145456A1
公开(公告)日:2013-06-06
申请号:US13759030
申请日:2013-02-04
Applicant: Apple Inc.
Inventor: Peter Kiehtreiber
IPC: G06F21/30
Abstract: A code authentication architecture is used to sign code by adding one or more digital signatures to it. The digital signatures identify what authority signed the code, what the code contains, what type of program the code is, or other identifying information. When the signed code is later executed on a computer system, its identity is obtained by accessing encrypted information of the code stored on disk. The architecture then determines whether the identity satisfies at least one requirement imposed on the code for some purpose. If the code has been altered from when it was signed or it fails to satisfy a requirement imposed, the code will not have a valid identity. In addition to verifying the identity of the code, the architecture also validates executing code immediately responsible for managing the code and additional executing code in a chain of hosts responsible for managing one another.
Abstract translation: 代码认证架构用于通过向其添加一个或多个数字签名来对代码进行签名。 数字签名标识了哪些权限签署了代码,代码包含什么,代码是什么类型的程序,还是其他标识信息。 当签名代码稍后在计算机系统上执行时,其身份通过访问存储在磁盘上的代码的加密信息获得。 该体系结构然后确定身份是否满足至少一个强制在代码上的要求。 如果代码已经从签署的时候被更改或者不能满足强制要求,代码将不具有有效的身份。 除了验证代码的身份之外,架构还验证执行代码,它们立即负责管理代码和负责管理彼此的主机链中的附加执行代码。
-
公开(公告)号:US10122759B2
公开(公告)日:2018-11-06
申请号:US14827166
申请日:2015-08-14
Applicant: Apple Inc.
Inventor: Peter Kiehtreiber , Jacques A. Vidrine , Christopher S. Linn , Randy D. Saldinger , Braden J. Thomas
Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.
-
公开(公告)号:US20130205364A1
公开(公告)日:2013-08-08
申请号:US13624836
申请日:2012-09-21
Applicant: Apple Inc.
Inventor: Peter Kiehtreiber , Jacques A. Vidrine , Christopher S. Linn , Randy D. Saldinger , Braden J. Thomas
IPC: G06F21/00
CPC classification number: H04L63/20 , G06F21/51 , H04L63/1433 , H04L63/1441
Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.
-
公开(公告)号:US20130191634A1
公开(公告)日:2013-07-25
申请号:US13729014
申请日:2012-12-27
Applicant: Apple Inc.
Inventor: Jussi-Pekka Mantere, III , Alexander Tony Maluta , John William Scalo , Eugene Ray Tyacke , Bruce Gaya , Michael John Smith , Peter Kiehtreiber , Simon P. Cooper
IPC: G06F21/60
CPC classification number: G06F9/5005 , G06F9/54 , G06F21/44 , G06F21/602 , H04L63/104
Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.
-
Patent Agency Ranking
6.发明申请公开(公告)号:US20160350529A1
公开(公告)日:2016-12-01
申请号:US14726292
申请日:2015-05-29
Applicant: Apple Inc.
Inventor: Gregory I. Kerr , Pierre-Olivier J. Martel , Love Hornquist Astrand , Peter Kiehtreiber , Ivan Krstic
CPC classification number: G06F21/52 , G06F21/51 , G06F21/64 , G06F2221/033
Abstract: According to one embodiment, in response to a request received from an application by a launch module hosted by an operating system and executed by a processor to dynamically load a library, a library validation module hosted by the operating system extracts a first team identifier (ID) from the application, where the first team ID identifies an application provider that provides the application. The library validation module extracts a second team ID from the library, where the second team ID identifies a library provider that provides the library. The first team ID and the second team ID are compared to determine whether the first team ID matches the second team ID. In response to determining that the first team ID matches the second team ID, the launch module launches the library to allow the application communicate with the library; otherwise, the request is denied.
Abstract translation: 根据一个实施例,响应于由操作系统托管并由处理器执行并由处理器执行以动态加载库的从应用程序接收到的请求,由操作系统托管的库验证模块提取第一团队标识符(ID ),其中第一个团队ID标识提供应用程序的应用程序提供程序。 库验证模块从库中提取第二个团队ID,其中第二个团队ID标识提供该库的库提供程序。 比较第一个团队ID和第二个团队ID,以确定第一个团队ID是否与第二个团队ID相匹配。 为了响应确定第一个团队ID与第二个团队ID相匹配,启动模块启动该库以允许应用程序与库通信; 否则,请求被拒绝。
-
公开(公告)号:US20160142441A1
公开(公告)日:2016-05-19
申请号:US14827166
申请日:2015-08-14
Applicant: Apple Inc.
Inventor: Peter Kiehtreiber , Jacques A. Vidrine , Christopher S. Linn , Randy D. Saldinger , Braden J. Thomas
IPC: H04L29/06
CPC classification number: H04L63/20 , G06F21/51 , H04L63/1433 , H04L63/1441
Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.
-
8.发明申请公开(公告)号:US20150347749A1
公开(公告)日:2015-12-03
申请号:US14488126
申请日:2014-09-16
Applicant: Apple Inc.
Inventor: Peter Kiehtreiber , Olivier Gutknecht , Ivan Krstic , Adele Peterson , Samuel M. Weinig , Yongjun Zhang , Ian J. Baird
Abstract: According to one embodiment, in response to an inquiry received from a first application for an extension service associated with a first of a plurality of extension points of an operating system, a list of one or more extensions is identified that have been registered for the first extension point with the operating system, where the first application is executed within a first sandboxed environment. The identified list of extensions is displayed to prompt a user to select one of the extensions to be associated with the first application. In response to a selection of one of the extensions, the selected extension is launched in a second sandboxed environment. The selected extension and the second application were packaged in an application bundle, and when the application bundle was installed, the selected extension and the second application appeared in a registry of the operating system as separate applications.
Abstract translation: 根据一个实施例,响应于从与第一应用程序相关联的用于与操作系统的多个扩展点中的第一个扩展点相关联的扩展服务的查询,识别一个或多个扩展的列表,其已被注册为第一 扩展点与操作系统,第一个应用程序在第一个沙盒环境中执行。 显示已识别的扩展列表,以提示用户选择要与第一个应用程序相关联的其中一个扩展。 响应于选择其中一个扩展,所选扩展名在第二个沙盒环境中启动。 所选的扩展和第二个应用程序被打包在应用程序包中,并且当安装了应用程序包时,所选的扩展和第二个应用程序作为单独的应用程序出现在操作系统的注册表中。
-
公开(公告)号:US20150020077A1
公开(公告)日:2015-01-15
申请号:US14491970
申请日:2014-09-19
Applicant: Apple Inc.
Inventor: Jussi-Pekka Mantere, III , Alexander Tony Maluta , John William Scalo , Eugene Ray Tyacke , Bruce Gaya , Michael John Smith , Peter Kiehtreiber , Simon P. Cooper
CPC classification number: G06F9/5005 , G06F9/54 , G06F21/44 , G06F21/602 , H04L63/104
Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.
Abstract translation: 资源限制与用户标识符相关联。 资源限制代理接收与资源相关的操作系统调用,并向资源代理提供资源请求数据。 资源代理基于资源请求数据和资源限制数据确定资源是否被限制,并且基于该确定生成访问数据。 资源限制代理根据访问数据授予或拒绝系统调用。
-
公开(公告)号:US20130205363A1
公开(公告)日:2013-08-08
申请号:US13624832
申请日:2012-09-21
Applicant: Apple Inc.
Inventor: Peter Kiehtreiber , Jacques A. Vidrine , Christopher S. Linn , Randy D. Saldinger , Braden J. Thomas
IPC: G06F21/00
CPC classification number: H04L63/20 , G06F21/51 , H04L63/1433 , H04L63/1441
Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.
-
-
-
-
-
-
-
-
-
Search Results
22
records
(took 0.021 seconds)
