公开(公告)号：WO2021262600A1

公开(公告)日：2021-12-30

申请号：PCT/US2021/038259

申请日：2021-06-21

申请人： APPLE INC.

发明人： KRSTIC, Ivan ,  SORRESSO, Damien P. ,  REMAHL, David P. ,  LISKIN, Elliot C. ,  HOGG, Justin S. ,  LINDEMAN, Kevin J. ,  BALLARD, Lucia E. ,  CIRCOSTA, Nicholas J. ,  COOPER, Richard J. ,  WILLIAMS, Ryan A. ,  VITTITOE, Steven C. ,  RIGGLE, Zachariah J. ,  WHITEHEAD, Andrew T. ,  METCALFE, Patrick R.

IPC分类号： G06F21/53 ,  G06F21/56 ,  H04L12/58 ,  H04L29/06 ,  G06F9/455 ,  G06F12/14 ,  G06F21/79 ,  G06F2009/45583 ,  G06F21/566 ,  G06F2212/1052 ,  H04L51/12 ,  H04L63/0227 ,  H04L63/0245 ,  H04L63/0428 ,  H04L63/1416 ,  H04L63/1466

摘要： The subject disclosure provides systems and methods for application-specific network data filtering. Application-specific network data filtering may be performed by a sandboxed process prior to providing the network data to an application to which the network data is directed. Any malicious or otherwise potentially harmful data that is included in the network data may be removed by the application-specific network data filter or may be allowed to corrupt the application specific network data filtering operations within the sandbox, thereby preventing the malicious or harmful data from affecting the application or other portions of an electronic device. In one or more implementations, a first process such as an application-specific network data filtering process may request allocation of memory for the first process from second process, such as an application, that is separate from a memory manager of the electronic device.

公开(公告)号：WO2012166316A1

公开(公告)日：2012-12-06

申请号：PCT/US2012/037400

申请日：2012-05-10

申请人： APPLE INC. ,  KRSTIC, Ivan ,  MARTEL, Pierre-Olivier, J.

发明人： KRSTIC, Ivan ,  MARTEL, Pierre-Olivier, J.

IPC分类号： G06F21/00

CPC分类号： G06F21/53

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for preserving references in sandboxes. A system implementing the method receives a document for use in a sandbox environment and passes the document to a parser, via a coordinator. The parser finds references in the document to other resources and outputs a list of references. The system passes the list of references to a verifier that verifies each reference and outputs a list of verified references. The system passes the list of verified references to the sandboxed application which extends the sandbox to include the resources on the list of verified references. In one embodiment, the system preserves references in sandboxes without the use a coordinator.

摘要翻译： 本文公开了用于保存砂箱中的参考的系统，方法和非暂时的计算机可读存储介质。 实现该方法的系统接收用于沙盒环境中的文档，并通过协调器将文档传递给解析器。 解析器将文档中的引用找到其他资源，并输出引用列表。 系统将引用列表传递给验证者，该验证者验证每个引用，并输出已验证引用的列表。 系统将经过验证的引用列表传递给沙盒应用程序，该应用程序将沙箱扩展到包含已验证引用列表中的资源。 在一个实施例中，系统在沙盒中保留引用而不使用协调器。

公开(公告)号：WO2019027503A1

公开(公告)日：2019-02-07

申请号：PCT/US2018/015498

申请日：2018-01-26

申请人： APPLE INC.

发明人： BALLARD, Lucia E. ,  HAUCK, Jerrold V. ,  PRAKASH, Deepti Sunder ,  TANG, Feng ,  LITTWIN, Etai ,  VASU, Pavan Kumar Anasosalu ,  LITTWIN, Gideon ,  GERNOTH, Thorsten ,  KUCEROVA, Lucie ,  KOSTKA, Petr ,  HOTELLING, Steve ,  HIRSH, Eitan ,  KAITZ, Tal ,  POKRASS, Jonathan ,  KOLIN, Andrei ,  LAIFENFELD, Moshe ,  WALDON, Matthew C. ,  MENSCH, Thomas P. ,  YOUNGS, Lynn ,  ZELEZNIK, Chris ,  MALONE, Michael ,  HENDEL, Ziv ,  KRSTIC, Ivan ,  SHARMA, Anup K.

IPC分类号： G06K9/20 ,  G06K9/00

摘要： Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.

公开(公告)号：WO2016200838A1

公开(公告)日：2016-12-15

申请号：PCT/US2016/036266

申请日：2016-06-07

申请人： APPLE INC.

发明人： KRSTIC, Ivan ,  WILSON, James ,  FRIEDMAN, Eric Daniel ,  SUBRAMANIAM, Selvarajan ,  GAUTIER, Patrice O. ,  GATES, John Patrick ,  SANTHANAGOPAL, Ramarathnam ,  VAIDYANATHASWAMI, Prabhakaran ,  MAMBAKKAM, Sudhakar ,  PAI, Raghunandan ,  NARAYANAN, Karthik

IPC分类号： H04L29/06

CPC分类号： H04L63/102 ,  G06F12/1408 ,  G06F21/42 ,  G06F21/45 ,  G06F2212/1052 ,  G06F2221/2131 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/0861

摘要： Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.

摘要翻译： 本发明的一些实施例提供了用于恢复对与帐户相关联的服务的访问的程序。 该程序提供登录凭据以登录帐户以接收相关联的服务。 接下来，程序在登录帐户后接收访问连续参数（ACP）。 该程序然后访问该服务并且接收对该服务的后续访问的拒绝。 该程序然后提供ACP代替登录凭证以继续接收该服务。

公开(公告)号：WO2019241047A1

公开(公告)日：2019-12-19

申请号：PCT/US2019/035937

申请日：2019-06-07

申请人： APPLE INC.

发明人： GALDO, Florian ,  MARTIN, Stephanie R. ,  SIERRA, Yannick L. ,  KRSTIC, Ivan ,  VOLKERT, Christopher A. ,  ABDULRAHIMAN, Najeeb M. ,  LERCH, Matthias ,  TACKIN, Onur E. ,  BROGLE, Kyle C.

IPC分类号： H04L29/06 ,  G06F21/33 ,  H04L9/32 ,  H04W12/08 ,  H04W4/40 ,  H04W12/04 ,  B60R25/24 ,  G07C9/00 ,  B60R25/20

摘要： Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.

公开(公告)号：WO2018226263A1

公开(公告)日：2018-12-13

申请号：PCT/US2018/015503

申请日：2018-01-26

申请人： APPLE INC.

发明人： BALLARD, Lucia, E. ,  HAUCK, Jerrold, V. ,  PRAKASH, Deepti, Sunder ,  CIBULKA, Jan ,  KRSTIC, Ivan

IPC分类号： G06F21/32 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06

摘要： The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant "who owns this device?" By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

公开(公告)号：WO2015183456A1

公开(公告)日：2015-12-03

申请号：PCT/US2015/028203

申请日：2015-04-29

申请人： APPLE INC.

发明人： KIEHTREIBER, Peter ,  GUTKNECHT, Olivier ,  KRSTIC, Ivan ,  PETERSON, Adele ,  WEINING, Samuel M. ,  ZHANG, Yongjun ,  BAIRD, Ian J.

IPC分类号： G06F9/445 ,  G06F21/53

CPC分类号： G06F9/44526 ,  G06F21/53

摘要： According to one embodiment, in response to an inquiry received from a first application for an extension service associated with a first of a plurality of extension points of an operating system, a list of one or more extensions is identified that have been registered for the first extension point with the operating system, where the first application is executed within a first sandboxed environment. The identified list of extensions is displayed to prompt a user to select one of the extensions to be associated with the first application. In response to a selection of one of the extensions, the selected extension is launched in a second sandboxed environment. The selected extension and the second application were packaged in an application bundle, and when the application bundle was installed, the selected extension and the second application appeared in a registry of the operating system as separate applications.

摘要翻译： 根据一个实施例，响应于从与第一应用程序相关联的用于与操作系统的多个扩展点中的第一个扩展点相关联的扩展服务的查询，识别一个或多个扩展的列表，其已被注册为第一 扩展点与操作系统，第一个应用程序在第一个沙盒环境中执行。 显示已识别的扩展列表，以提示用户选择要与第一个应用程序相关联的其中一个扩展。 响应于选择其中一个扩展，所选扩展名在第二个沙盒环境中启动。 所选的扩展和第二个应用程序被打包在应用程序包中，并且当安装了应用程序包时，所选的扩展和第二个应用程序作为单独的应用程序出现在操作系统的注册表中。

公开(公告)号：WO2019236204A1

公开(公告)日：2019-12-12

申请号：PCT/US2019/028636

申请日：2019-04-23

申请人： APPLE INC.

发明人： SCHULTZ, Conrad A. ,  MONDELLO, Richard J. ,  ABBASIAN, Reza ,  KRSTIC, Ivan ,  ADLER, Darin ,  PAPADOPOULOS, Charilaos ,  DAUM, Maureen Grace ,  BORIOS, Guillaume ,  BURNS, Patrick Robert ,  SANCIANGCO, Alex David ,  LEDVINA, Brent Michael ,  PUGH, Chelsea Elizabeth ,  BROGLE, Kyle ,  KROCHMAL, Marc ,  KLAPPER, Jacob ,  KNIGHT, Paul Russell ,  GRAHAM, Connor David ,  WU, Shengkai ,  LIU, I-Ting ,  FALKENBURG, Steven Jon

IPC分类号： G06F21/30 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  G06F3/048 ,  G06F21/45

摘要： In one embodiment, when a new-password field is detected, the field is, without additional user input, automatically populated with a device-generated strong password. Affordances for accepting or declining use of the password are displayed. In one embodiment, when a one-time use code is received via text or e-mail and a corresponding field is displayed, the code is presented as a suggested word for insertion via an insertion affordance. In one embodiment, a first device (e.g., a phone) receives an indication that a second device (e.g., a media player) is in need of authentication credentials. In response, the first device initiates a process for sharing the authentication credentials. In one embodiment, in response to a verbal request, password information is displayed by an electronic device. For example, "Show me my banking password" causes display of the relevant authentication credentials.

公开(公告)号：WO2013109508A1

公开(公告)日：2013-07-25

申请号：PCT/US2013/021486

申请日：2013-01-14

申请人： APPLE INC.

发明人： KRSTIC, Ivan ,  ASTRAND, Love Hornquist

IPC分类号： G06F21/53 ,  G06F17/30

CPC分类号： G06F21/53 ,  G06F17/30082 ,  G06F17/30887 ,  G06F2221/034 ,  H04L63/08 ,  H04L63/10

摘要： Methods, systems, and machine-readable storage medium are described wherein, in one embodiment, identifiers, such as bookmarks, are used to allow access to files or folders in a sandboxed environment. One or more applications are restricted by an access control system, which can be, for example, a trusted software component of an operating system. In one embodiment, the bookmarks or other identifiers allow an application to have access to a file even if the file is renamed or moved by a user while the application has been terminated. In one embodiment, a resource manager, or other trusted access control system, can interact with an application to allow for the use of bookmarks in an environment in which a sandbox application controls access to the files such that each application must make a request to the sandbox application in order to obtain access to a particular file or folder.

摘要翻译： 描述了方法，系统和机器可读存储介质，其中在一个实施例中，诸如书签的标识符被用于允许访问沙盒环境中的文件或文件夹。 访问控制系统限制一个或多个应用程序，访问控制系统可以是例如操作系统的可信软件组件。 在一个实施例中，书签或其它标识符允许应用程序访问文件，即使在应用程序已被终止时，用户重命名或移动该文件。 在一个实施例中，资源管理器或其他受信任的访问控制系统可以与应用程序交互以允许在沙盒应用程序控制对文件的访问的环境中使用书签，使得每个应用程序必须向 沙箱应用程序，以获取访问特定的文件或文件夹。

公开(公告)号：WO2012097231A3

公开(公告)日：2012-07-19

申请号：PCT/US2012/021215

申请日：2012-01-13

申请人： APPLE INC. ,  KRSTIC, Ivan ,  EVEN, Joel

发明人： KRSTIC, Ivan ,  EVEN, Joel

IPC分类号： G06F21/00

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for booting a computing device having an encrypted storage medium using full disk encryption, referred to as tamper-resistant boot. The system retrieves a kernel cache and a kernel cache digest from an unencrypted storage medium and verifies the authenticity of the kernel cache based on the credentials and the kernel cache digest. Initiation and execution of the operating system is performed if the kernel cache is authentic. In one embodiment, the system verifies the authenticity of a request to disable tamper-resistant booting by utilizing a password verifier and a password proof.