公开(公告)号：US09043887B2

公开(公告)日：2015-05-26

申请号：US13731935

申请日：2012-12-31

Applicant: Apple Inc.

Inventor： Jonathan G. McLachlan ,  Augustin J. Farrugia ,  Nicholas T. Sullivan

IPC: G06F17/00 ,  H04L29/06

CPC classification number: G06Q20/4014 ,  G06F21/31 ,  G06F2221/2101 ,  G06F2221/2103 ,  H04L63/08

Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.

Abstract translation: 描述用于对与在线商店相关联的帐户执行辅助认证的认证挑战系统。 在一个实施例中，认证挑战系统包括问题生成引擎，其可以基于与在线商店的用户帐户相关联的活动而导出一系列问题; 网络接口，其可以传送由问题生成引擎导出的一系列一个或多个问题以将用户认证到在线商店; 置信引擎，其可以确定成功验证所需的置信水平，并且可以计算用户身份的置信度得分; 以及质量引擎，其可以基于对在线商店的多个帐户的问答指标的分析来调整问题生成引擎和置信引擎。 在线商店可以包括诸如音乐，电影，书籍或电子计算设备的应用的数字媒体。

公开(公告)号：US11475106B2

公开(公告)日：2022-10-18

申请号：US16177250

申请日：2018-10-31

Applicant: Apple Inc.

Inventor： Jean-Pierre Ciudad ,  Augustin J. Farrugia ,  David M'Raihi ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Nicholas T. Sullivan

IPC: G06F21/10 ,  G06Q30/06

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.

公开(公告)号：US09069656B2

公开(公告)日：2015-06-30

申请号：US13631851

申请日：2012-09-28

Applicant: Apple Inc.

Inventor： Jonathan G. McLachlan ,  Julien Lerouge ,  Nicholas T. Sullivan

IPC: G06F12/00 ,  G06F12/02 ,  G06F21/14 ,  G06F21/54 ,  G06F21/79 ,  G06F9/45

CPC classification number: G06F12/023 ,  G06F8/41 ,  G06F21/14 ,  G06F21/54 ,  G06F21/79 ,  G06F2212/1052 ,  G06F2221/2107

Abstract: In one embodiment, a system wide static global stack pool in a contiguous range of random access memory is generated, a block of memory in the system global pool is assigned to a thread of a running process, and the thread stores local variable information in static global stack pool, such that the local variable is hidden from a stack frame back-trace. In one embodiment, a dynamically allocated data structure in system heap memory is generated, the data structure is locked to ensure atomic access, a block of memory in the data structure is assigned to a thread of a process, the data structure is unlocked, and the thread stores local variable information in static global stack pool, such that the local variable is hidden from a stack frame back-trace.

Abstract translation: 在一个实施例中，生成在随机访问存储器的连续范围内的系统范围的静态全局堆栈池，系统全局池中的存储器块被分配给运行进程的线程，并且线程将局部变量信息存储在静态 全局堆栈池，使局部变量从堆栈框架的后跟踪中隐藏。 在一个实施例中，生成系统堆存储器中的动态分配的数据结构，数据结构被锁定以确保原子访问，数据结构中的存储器块被分配给进程的线程，数据结构被解锁，以及 该线程将局部变量信息存储在静态全局堆栈池中，从而使局部变量从堆栈帧后跟中隐藏起来。

公开(公告)号：US08949935B2

公开(公告)日：2015-02-03

申请号：US13732056

申请日：2012-12-31

Applicant: Apple Inc.

Inventor： Thomas Alsina ,  Michael K. Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Sean B. Kelly ,  Delfin Jorge Rojas ,  Nicholas T. Sullivan ,  Zhiyuan Zhao

IPC: H04L9/32 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L63/08 ,  H04L29/06 ,  H04L63/0807 ,  H04L63/126

Abstract: In one embodiment, non-transitory computer-readable medium stores instructions for establishing a trusted two-way communications session for account creation for an online store, which include instructions for causing a processor to perform operations comprising retrieving and verifying a signed configuration file from a server, requesting a communication session using the configuration file, receiving a payload of account creation forms from a network client, signing the payload according to the server configuration file, and sending the signed payload containing account creation information to the server. In one embodiment, a computer-implemented method comprises analyzing timestamps for requests for data forms for supplying account creation information for evidence of automated account creation activity and rejecting the request for the locator of the second account creation form if evidence of automated account creation activity is detected. Methods for secure account authentication and asset purchase are also disclosed.

Abstract translation: 在一个实施例中，非暂时性计算机可读介质存储用于建立用于在线商店的帐户创建的可信双向通信会话的指令，其包括用于使处理器执行操作的指令，所述指令包括从以下操作检索和验证签名配置文件： 服务器，使用配置文件请求通信会话，从网络客户端接收帐户创建表单的有效载荷，根据服务器配置文件签名有效载荷，以及将包含帐户创建信息的签名的有效载荷发送到服务器。 在一个实施例中，计算机实现的方法包括分析用于数据表单的请求的时间戳，用于提供用于创建自动化帐户的活动的证据的帐户创建信息，并且如果自动帐户创建活动的证据是拒绝第二帐户创建表单的定位者的请求， 检测到。 还披露了安全帐户认证和资产购买的方法。

公开(公告)号：US20140095812A1

公开(公告)日：2014-04-03

申请号：US13631851

申请日：2012-09-28

Applicant: APPLE INC.

Inventor： Jonathan G. McLachan ,  Julien Lerouge ,  Nicholas T. Sullivan

IPC: G06F12/00 ,  G06F12/02

CPC classification number: G06F12/023 ,  G06F8/41 ,  G06F21/14 ,  G06F21/54 ,  G06F21/79 ,  G06F2212/1052 ,  G06F2221/2107

Abstract: In one embodiment, a system wide static global stack pool in a contiguous range of random access memory is generated, a block of memory in the system global pool is assigned to a thread of a running process, and the thread stores local variable information in static global stack pool, such that the local variable is hidden from a stack frame back-trace. In one embodiment, a dynamically allocated data structure in system heap memory is generated, the data structure is locked to ensure atomic access, a block of memory in the data structure is assigned to a thread of a process, the data structure is unlocked, and the thread stores local variable information in static global stack pool, such that the local variable is hidden from a stack frame back-trace.

Abstract translation: 在一个实施例中，生成在随机访问存储器的连续范围内的系统范围的静态全局堆栈池，系统全局池中的存储器块被分配给运行进程的线程，并且线程将局部变量信息存储在静态 全局堆栈池，使局部变量从堆栈框架的后跟踪中隐藏。 在一个实施例中，生成系统堆存储器中的动态分配的数据结构，数据结构被锁定以确保原子访问，数据结构中的存储器块被分配给进程的线程，数据结构被解锁，以及 该线程将局部变量信息存储在静态全局堆栈池中，从而使局部变量从堆栈帧后跟中隐藏起来。

公开(公告)号：US20150220926A1

公开(公告)日：2015-08-06

申请号：US14685429

申请日：2015-04-13

Applicant: Apple Inc.

Inventor： Jonathan G. McLachlan ,  Augustin J. Farrugia ,  Nicholas T. Sullivan

IPC: G06Q20/40

CPC classification number: G06Q20/4014 ,  G06F21/31 ,  G06F2221/2101 ,  G06F2221/2103 ,  H04L63/08

Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.

Abstract translation: 描述用于对与在线商店相关联的帐户执行辅助认证的认证挑战系统。 在一个实施例中，认证挑战系统包括问题生成引擎，其可以基于与在线商店的用户帐户相关联的活动而导出一系列问题; 网络接口，其可以传送由问题生成引擎导出的一系列一个或多个问题以将用户认证到在线商店; 置信引擎，其可以确定成功验证所需的置信水平，并且可以计算用户身份的置信度得分; 以及质量引擎，其可以基于对在线商店的多个帐户的问答指标的分析来调整问题生成引擎和置信引擎。 在线商店可以包括诸如音乐，电影，书籍或电子计算设备的应用的数字媒体。

公开(公告)号：US20140189829A1

公开(公告)日：2014-07-03

申请号：US13731935

申请日：2012-12-31

Applicant: APPLE INC.

Inventor： Jonathan G. McLachlan ,  Augustin J. Farrugia ,  Nicholas T. Sullivan

IPC: H04L29/06

CPC classification number: G06Q20/4014 ,  G06F21/31 ,  G06F2221/2101 ,  G06F2221/2103 ,  H04L63/08

Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.

Abstract translation: 描述用于对与在线商店相关联的帐户执行辅助认证的认证挑战系统。 在一个实施例中，认证挑战系统包括问题生成引擎，其可以基于与在线商店的用户帐户相关联的活动而导出一系列问题; 网络接口，其可以传送由问题生成引擎导出的一系列一个或多个问题以将用户认证到在线商店; 置信引擎，其可以确定成功验证所需的置信水平，并且可以计算用户身份的置信度得分; 以及质量引擎，其可以基于对在线商店的多个帐户的问答指标的分析来调整问题生成引擎和置信引擎。 在线商店可以包括诸如音乐，电影，书籍或电子计算设备的应用的数字媒体。

公开(公告)号：US20140082695A1

公开(公告)日：2014-03-20

申请号：US13732056

申请日：2012-12-31

Applicant: APPLE INC.

Inventor： Thomas Alsina ,  Michael K. Chu ,  Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Sean B. Kelly ,  Delfin Jorge Rojas ,  Nicholas T. Sullivan ,  Zhiyuan Zhao

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L29/06 ,  H04L63/0807 ,  H04L63/126

Abstract: In one embodiment, non-transitory computer-readable medium stores instructions for establishing a trusted two-way communications session for account creation for an online store, which include instructions for causing a processor to perform operations comprising retrieving and verifying a signed configuration file from a server, requesting a communication session using the configuration file, receiving a payload of account creation forms from a network client, signing the payload according to the server configuration file, and sending the signed payload containing account creation information to the server. In one embodiment, a computer-implemented method comprises analyzing timestamps for requests for data forms for supplying account creation information for evidence of automated account creation activity and rejecting the request for the locator of the second account creation form if evidence of automated account creation activity is detected. Methods for secure account authentication and asset purchase are also disclosed.

Abstract translation: 在一个实施例中，非暂时性计算机可读介质存储用于建立用于在线商店的帐户创建的可信双向通信会话的指令，其包括用于使处理器执行操作的指令，所述指令包括从以下操作检索和验证签名配置文件： 服务器，使用配置文件请求通信会话，从网络客户端接收帐户创建表单的有效载荷，根据服务器配置文件签名有效载荷，以及将包含帐户创建信息的签名的有效载荷发送到服务器。 在一个实施例中，计算机实现的方法包括分析用于数据表单的请求的时间戳，用于提供用于创建自动化帐户的活动的证据的帐户创建信息，并且如果自动帐户创建活动的证据是拒绝第二帐户创建表单的定位者的请求， 检测到。 还披露了安全帐户认证和资产购买的方法。

公开(公告)号：US09530133B2

公开(公告)日：2016-12-27

申请号：US14685429

申请日：2015-04-13

Applicant: Apple Inc.

Inventor： Jonathan G. McLachlan ,  Augustin J. Farrugia ,  Nicholas T. Sullivan

IPC: G06F21/31 ,  G06Q20/40 ,  H04L29/06

CPC classification number: G06Q20/4014 ,  G06F21/31 ,  G06F2221/2101 ,  G06F2221/2103 ,  H04L63/08

Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.