公开(公告)号：WO2009129192A1

公开(公告)日：2009-10-22

申请号：PCT/US2009/040393

申请日：2009-04-13

Applicant: APPLE INC. ,  DE CESARE, Joshua ,  DE ATLEY, Dallas, Blake ,  ANDREWS, Jonathan, Jay ,  SMITH, Michael

Inventor： DE CESARE, Joshua ,  DE ATLEY, Dallas, Blake ,  ANDREWS, Jonathan, Jay ,  SMITH, Michael

IPC: G06F21/00

CPC classification number: G06F21/575 ,  G06F21/51 ,  G06F2221/0704

Abstract: A method and apparatus for personalizing a software component to be executed in particular environment are described herein. According to an aspect of the invention, in response to an executable code image representing a software component to be installed in an electronic device, the executable code image is encrypted using an encryption key. The encryption key is then wrapped with a UID that uniquely identifies the electronic device, where the UID is embedded within a secure ROM of the electronic device. The wrapped encryption key and the encrypted executable code image are then encapsulated into a data object to be stored in a storage of the electronic device, such that when the electronic device is subsequently initialized for operation, the executable code image can only be recovered using the UID of the electronic device to retrieve a decryption key in order to decrypt the executable code image.

Abstract translation: 本文描述了用于个性化要在特定环境中执行的软件组件的方法和装置。 根据本发明的一个方面，响应于表示要安装在电子设备中的软件组件的可执行代码图像，使用加密密钥对可执行代码图像进行加密。 加密密钥然后用唯一标识电子设备的UID包裹，其中UID被嵌入在电子设备的安全ROM内。 然后将包裹的加密密钥和加密的可执行代码图像封装到要存储在电子设备的存储器中的数据对象中，使得当电子设备随后被初始化以进行操作时，可以仅使用 用于检索解密密钥以便解密可执行代码图像的电子设备的UID。

公开(公告)号：WO2009124127A1

公开(公告)日：2009-10-08

申请号：PCT/US2009/039162

申请日：2009-04-01

Applicant: APPLE INC. ,  CONROY, David, G. ,  MILLET, Timothy, J. ,  SMITH, Michael, J. ,  DE CESARE, Joshua, P.

Inventor： CONROY, David, G. ,  MILLET, Timothy, J. ,  SMITH, Michael, J. ,  DE CESARE, Joshua, P.

IPC: G06F13/28

CPC classification number: G06F13/28

Abstract: A method and system is disclosed for transforming of data by a DMA controller (202) without first saving the transmitted data on an intermediate medium. The method includes the DMA controller (202) accessing data for transfer between an origination location in the system and a destination location in the system. The accessed data is passed through the DMA controller (202) before being sent to the destination location. While the data is being passed through the DMA controller (202), it is transformed into a modified state. This transformation may include encryption or decryption of the data. The transformation may also include adding error correction bits to the data through an encoding process or decoding previously encoded data. Upon completion of the transformation, the data is sent directly to a prescribed destination location, typically either a memory circuit or an I/O device. Also disclosed is a DMA controller (202) capable of performing the data transformation.

Abstract translation: 公开了一种用于通过DMA控制器（202）转换数据而不首先在中间介质上保存所发送的数据的方法和系统。 该方法包括DMA控制器（202）访问用于在系统中的发起位置和系统中的目的地位置之间传送的数据。 访问的数据在被发送到目的地位置之前通过DMA控制器（202）传送。 当数据通过DMA控制器（202）时，它被转换成修改状态。 该变换可以包括数据的加密或解密。 该变换还可以包括通过编码处理或对先前编码的数据解码来向数据添加纠错位。 完成变换后，数据直接发送到规定的目的地位置，通常是存储器电路或I / O设备。 还公开了能够执行数据变换的DMA控制器（202）。

公开(公告)号：WO2008085449A2

公开(公告)日：2008-07-17

申请号：PCT/US2007/026279

申请日：2007-12-20

Applicant: APPLE INC. ,  SMITH, Michael ,  DE CESARE, Joshua ,  DE ATLEY, Dallas, Blake ,  WRIGHT, John, Andrew

Inventor： SMITH, Michael ,  DE CESARE, Joshua ,  DE ATLEY, Dallas, Blake ,  WRIGHT, John, Andrew

IPC: G06F21/00

CPC classification number: G06F21/57 ,  G06F21/575 ,  G06F2221/2129

Abstract: A method and an apparatus for executing codes embedded inside a device to verify a code image loaded in a memory of the device are described. A code image may be executed after being verified as a trusted code image. The embedded codes may be stored in a secure ROM (read only memory) chip of the device. In one embodiment, the verification of the code image is based on a key stored within the secure ROM chip. The key may be unique to each device. Access to the key may be controlled by the associated secure ROM chip. The device may complete establishing an operating environment subsequent to executing the verified code image.

Abstract translation: 描述了一种用于执行嵌入在设备内以验证加载在设备的存储器中的代码图像的代码的方法和装置。 代码图像可以在被验证为可信代码图像之后执行。 嵌入代码可以存储在设备的安全ROM（只读存储器）芯片中。 在一个实施例中，代码图像的验证基于存储在安全ROM芯片内的密钥。 每个设备的密钥可能是唯一的。 访问密钥可以由相关的安全ROM芯片控制。 该设备可以在执行经验证的代码图像之后完成建立操作环境。

公开(公告)号：WO2008085341A2

公开(公告)日：2008-07-17

申请号：PCT/US2007/025848

申请日：2007-12-18

Applicant: APPLE INC. ,  DE CESARE, Joshua ,  SEMERIA, Bernard ,  SMITH, Michael

Inventor： DE CESARE, Joshua ,  SEMERIA, Bernard ,  SMITH, Michael

IPC: G06F1/32

CPC classification number: G06F1/324 ,  G06F1/3203 ,  G06F1/3237 ,  G06F1/3287 ,  Y02D10/128 ,  Y02D10/171

Abstract: Methods and systems for managing power consumption in data processing systems are described. In one embodiment, a data processing system includes a general purpose processing unit, a graphics processing unit (GPU), at least one peripheral interface controller, at least one bus coupled to the general purpose processing unit, and a power controller coupled to at least the general purpose processing unit and the GPU. The power controller is configured to turn power off for the general purpose processing unit in response to a first state of an instruction queue of the general purpose processing unit and is configured to turn power off for the GPU in response to a second state of an instruction queue of the GPU. The first state and the second state represent an instruction queue having either no instructions or instructions for only future events or actions.

Abstract translation: 描述用于管理数据处理系统中的功耗的方法和系统。 在一个实施例中，数据处理系统包括通用处理单元，图形处理单元（GPU），至少一个外围接口控制器，耦合到通用处理单元的至少一个总线，以及耦合到至少 通用处理单元和GPU。 功率控制器被配置为响应于通用处理单元的指令队列的第一状态而为通用处理单元断电，并且被配置为响应于指令的第二状态而关闭GPU的电源 排队GPU 第一状态和第二状态表示具有对于将来的事件或动作的指令或指令的指令队列。

公开(公告)号：WO2008085449A3

公开(公告)日：2008-10-16

申请号：PCT/US2007026279

申请日：2007-12-20

Applicant: APPLE INC ,  SMITH MICHAEL ,  DE CESARE JOSHUA ,  DE ATLEY DALLAS BLAKE ,  WRIGHT JOHN ANDREW

Inventor： SMITH MICHAEL ,  DE CESARE JOSHUA ,  DE ATLEY DALLAS BLAKE ,  WRIGHT JOHN ANDREW

IPC: G06F21/00 ,  G06F9/24 ,  G06F13/14 ,  H04L9/14

CPC classification number: G06F21/57 ,  G06F21/575 ,  G06F2221/2129

Abstract: A method and an apparatus for executing codes embedded inside a device to verify a code image loaded in a memory of the device are described. A code image may be executed after being verified as a trusted code image. The embedded codes may be stored in a secure ROM (read only memory) chip of the device. In one embodiment, the verification of the code image is based on a key stored within the secure ROM chip. The key may be unique to each device. Access to the key may be controlled by the associated secure ROM chip. The device may complete establishing an operating environment subsequent to executing the verified code image.

Abstract translation: 描述用于执行嵌入在设备内的代码以验证加载在设备的存储器中的代码图像的方法和装置。 可以在验证为可信代码图像之后执行代码图像。 嵌入代码可以存储在设备的安全ROM（只读存储器）芯片中。 在一个实施例中，代码图像的验证基于存储在安全ROM芯片内的密钥。 每个设备的密钥可能是唯一的。 访问密钥可以由相关的安全ROM芯片来控制。 设备可以在执行验证的代码图像之后完成建立操作环境。

公开(公告)号：WO2008085447A2

公开(公告)日：2008-07-17

申请号：PCT/US2007/026277

申请日：2007-12-20

Applicant: APPLE INC. ,  DE ATLEY, Dallas, Blake ,  DE CESARE, Joshua ,  SMITH, Michael ,  REDA, Matthew ,  SEN, Shantonu ,  WRIGHT, John, Andrew

Inventor： DE ATLEY, Dallas, Blake ,  DE CESARE, Joshua ,  SMITH, Michael ,  REDA, Matthew ,  SEN, Shantonu ,  WRIGHT, John, Andrew

IPC: G06F21/00

CPC classification number: H04L9/302 ,  G06F11/1417 ,  G06F21/51 ,  G06F21/572 ,  G06F21/575 ,  G06F21/64 ,  H04L9/14 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L63/06 ,  H04L63/08

Abstract: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.

Abstract translation: 描述了通过通过通信链路验证从主机接收的代码图像来建立操作环境的方法和装置。 代码图像可以通过中央授权服务器进行数字签名。 代码图像的认证可以由嵌入在诸如便携式设备的ROM（只读存储器）的安全存储区域内的指纹基于公开密钥认证过程来确定。 可以向经认证的代码图像分配要存储在便携式设备的存储器中的散列签名。 可以在执行认证代码之后建立便携式设备的操作环境。

公开(公告)号：WO2008085367A1

公开(公告)日：2008-07-17

申请号：PCT/US2007/026006

申请日：2007-12-21

Applicant: APPLE INC. ,  WRIGHT, John, Andrew ,  DE CESARE, Joshua ,  SMITH, Michael ,  DE ATLEY, Dallas, Blake

Inventor： WRIGHT, John, Andrew ,  DE CESARE, Joshua ,  SMITH, Michael ,  DE ATLEY, Dallas, Blake

IPC: G06F21/00

CPC classification number: G06F21/00 ,  G06F21/575

Abstract: A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key.

Abstract translation: 描述了一种用于配置存储在装置的安全存储区域（例如，ROM）中的密钥的方法和装置，包括根据预定条件启用和禁用密钥以执行代码图像之一的设备。 密钥可以唯一标识设备。 代码图像可以从满足预定条件的提供者加载以建立设备的操作环境的至少一个组件。 根据密钥的配置，验证码图像可以是可选的。 未经验证的代码图像的安全执行可能基于禁用该键的配置。

公开(公告)号：WO2009032036A3

公开(公告)日：2009-06-04

申请号：PCT/US2008009008

申请日：2008-07-25

Applicant: APPLE INC ,  DE ATLEY DALLAS BLAKE ,  DE CESARE JOSHUA ,  SMITH MICHAEL ,  HAUCK JERRY ,  BUSH JEFFREY

Inventor： DE ATLEY DALLAS BLAKE ,  DE CESARE JOSHUA ,  SMITH MICHAEL ,  HAUCK JERRY ,  BUSH JEFFREY

IPC: G06F21/00

CPC classification number: G06F21/577 ,  G06F21/575

Abstract: A method and apparatus for executing a first executable code image having a first version number into a memory of a device in an attempt to establish an operating environment of the device are described. The first executable code image retrieves a second version number from the second executable code image after successfully authenticating the second executable code image. If the first version number and the second version number do not satisfy a predetermined relationship, the second executable code image is prevented from being loaded by the first executable code image.

Abstract translation: 描述了用于在设备的存储器中执行具有第一版本号的第一可执行代码图像以试图建立设备的操作环境的方法和装置。 在成功认证第二可执行代码图像之后，第一可执行代码图像从第二可执行代码图像中检索第二版本号。 如果第一版本号和第二版本号不满足预定关系，则防止第二可执行代码图像被第一可执行代码图像加载。

公开(公告)号：WO2008085447A3

公开(公告)日：2008-09-04

申请号：PCT/US2007026277

申请日：2007-12-20

Applicant: APPLE INC ,  DE ATLEY DALLAS BLAKE ,  DE CESARE JOSHUA ,  SMITH MICHAEL ,  REDA MATTHEW ,  SEN SHANTONU ,  WRIGHT JOHN ANDREW

Inventor： DE ATLEY DALLAS BLAKE ,  DE CESARE JOSHUA ,  SMITH MICHAEL ,  REDA MATTHEW ,  SEN SHANTONU ,  WRIGHT JOHN ANDREW

IPC: G06F21/00

CPC classification number: H04L9/302 ,  G06F11/1417 ,  G06F21/51 ,  G06F21/572 ,  G06F21/575 ,  G06F21/64 ,  H04L9/14 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L63/06 ,  H04L63/08

Abstract: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.

Abstract translation: 描述了一种通过验证通过通信链路从主机接收的代码图像来建立操作环境的方法和设备。 代码图像可以通过中央授权服务器进行数字签名。 代码图像的认证可以由嵌入在基于公钥认证过程的便携式设备的ROM（只读存储器）之类的安全存储区域内的指纹来确定。 经认证的代码图像可以被分配散列签名以存储在便携式设备的存储器中。 便携式设备的操作环境可以在执行认证的代码之后建立。

公开(公告)号：WO2011159526A1

公开(公告)日：2011-12-22

申请号：PCT/US2011/039510

申请日：2011-06-07

Applicant: APPLE INC. ,  DE CESARE, Joshua ,  ANDREWS, Jonathan, Jay

Inventor： DE CESARE, Joshua ,  ANDREWS, Jonathan, Jay

IPC: G06F1/32

CPC classification number: G06F1/189 ,  G06F1/3203 ,  G06F1/3296 ,  Y02D10/172

Abstract: A request for a high voltage mode is received and a high voltage timer is started in response to determining that a remaining amount of high voltage credits exceeds a voltage switch threshold value. A switch to the high voltage mode is made in response to the request. A low voltage mode is switched to in response to an indication. The request may be received from an application running on a data processing system. If the indication is that the high voltage timer has expired, a low voltage timer is started in response to switching to low voltage mode. If the high voltage request is still active when the low voltage timer expires, a switch back to high voltage mode occurs and a new high voltage timer is started.

Abstract translation: 响应于确定高电压信号的剩余量超过电压开关阈值，接收高电压模式的请求并且启动高电压定时器。 响应于该请求，进入高电压模式。 响应于指示，低电压模式被切换。 该请求可以从在数据处理系统上运行的应用程序接收。 如果指示高电压定时器已经到期，则响应于切换到低电压模式，启动低电压定时器。 如果低电压定时器超时，高电压请求仍然有效，则会发生切换回高电压模式，并启动新的高压定时器。