公开(公告)号：US11514157B2

公开(公告)日：2022-11-29

申请号：US16853608

申请日：2020-04-20

Applicant: Apple Inc.

Inventor： Andrew S. Terry ,  Kelly B. Yancey ,  Pierre-Olivier J. Martel ,  Richard L. Hagy ,  Timothy P. Hannon ,  Alastair K. Fettes

IPC: G06F21/53 ,  G06F21/00 ,  G06F16/18 ,  G06F21/62

Abstract: Some embodiments provide a method for a device having multiple users. The method identifies a process installed on the device that requires an isolated storage in a file system of the device. For each of a set of the users of the electronic device, the method assigns at least one container for use by the process within a user-specific section of the file system. The containers assigned to the process in a section of the file system specific to a particular user are only accessible by the process when the particular user is logged into the device. The method assigns at least one container for use by the process within a non-user-specific section of the file system. The containers assigned to the process within the non-user-specific section of the file system are accessible by the process irrespective of which user is logged into the device.

公开(公告)号：US20170199883A1

公开(公告)日：2017-07-13

申请号：US15273665

申请日：2016-09-22

Applicant: Apple Inc.

Inventor： Andrew S. Terry ,  Kelly B. Yancey ,  Pierre-Olivier J. Martel ,  Richard L. Hagy ,  Timothy P. Hannon ,  Alastair K. Fettes

IPC: G06F17/30

CPC classification number: G06F21/53 ,  G06F21/00

Abstract: Some embodiments provide a method for a device having multiple users. The method identifies a process installed on the device that requires an isolated storage in a file system of the device. For each of a set of the users of the electronic device, the method assigns at least one container for use by the process within a user-specific section of the file system. The containers assigned to the process in a section of the file system specific to a particular user are only accessible by the process when the particular user is logged into the device. The method assigns at least one container for use by the process within a non-user-specific section of the file system. The containers assigned to the process within the non-user-specific section of the file system are accessible by the process irrespective of which user is logged into the device.

公开(公告)号：US11675919B2

公开(公告)日：2023-06-13

申请号：US16683238

申请日：2019-11-13

Applicant: Apple Inc.

Inventor： Ananthakrishna Ramesh ,  Andrew S. Terry ,  Wade Benson ,  Jeremy C. Andrus

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/44 ,  H04L9/08

CPC classification number: G06F21/6218 ,  G06F21/44 ,  H04L9/0866

Abstract: Techniques are disclosed relating to securely storing data at a computing device that is managed by an external entity. In some embodiments, a computing device maintains a first file system volume having data that is accessible to a user of the computing device and that is not managed by an entity external to the computing device. The computing device receives, from the entity external, a first request to configure the computing device to store data that is accessible to the user and managed by the external entity. In response to the first request, the computing device creates a second distinct file system volume to store the data managed by the external entity. In response to a second request from the external entity, the computing device subsequently removes the second file system volume.

公开(公告)号：US20200380149A1

公开(公告)日：2020-12-03

申请号：US16683238

申请日：2019-11-13

Applicant: Apple Inc.

Inventor： Ananthakrishna Ramesh ,  Andrew S. Terry ,  Wade Benson ,  Jeremy C. Andrus

IPC: G06F21/62 ,  H04L9/08 ,  G06F21/44

Abstract: Techniques are disclosed relating to securely storing data at a computing device that is managed by an external entity. In some embodiments, a computing device maintains a first file system volume having data that is accessible to a user of the computing device and that is not managed by an entity external to the computing device. The computing device receives, from the entity external, a first request to configure the computing device to store data that is accessible to the user and managed by the external entity. In response to the first request, the computing device creates a second distinct file system volume to store the data managed by the external entity. In response to a second request from the external entity, the computing device subsequently removes the second file system volume.