公开(公告)号：US09135431B2

公开(公告)日：2015-09-15

申请号：US13951763

申请日：2013-07-26

Applicant: Apple Inc.

Inventor： Shu-Yi Yu ,  Timothy R. Paaske

IPC: G06F1/12 ,  G06F21/50 ,  G06F1/08 ,  G06F21/55

CPC classification number: G06F21/50 ,  G06F1/04 ,  G06F21/558 ,  G06F21/755

Abstract: A system for monitoring a clock input signal including a reference clock to be monitored, a flip-flop, a plurality of delay logic blocks, a sampling unit, and a comparison unit. The reference clock may have an expected maximum frequency. The flip-flop may be configured to generate a corresponding clock signal at a reduced frequency compared to the reference clock. The plurality of delay logic blocks may be configured to receive the reduced frequency clock signal and delay the signal for various amounts of time, each less than an expected period of the reference clock. The sampling unit may be configured to sample the signals output from the plurality of delay logic blocks. The comparison unit may be configured to receive the outputs of the flip-flop and the sampling unit and use these outputs to determine if the reference clock is running at an acceptable frequency compared to the expected frequency.

Abstract translation: 一种用于监视包括要监视的参考时钟，触发器，多个延迟逻辑块，采样单元和比较单元的时钟输入信号的系统。 参考时钟可能具有预期的最大频率。 触发器可以被配置为以与参考时钟相比降低的频率产生对应的时钟信号。 多个延迟逻辑块可以被配置为接收降频时钟信号并将信号延迟各种时间量，每个时间量小于参考时钟的期望周期。 采样单元可以被配置为对从多个延迟逻辑块输出的信号进行采样。 比较单元可以被配置为接收触发器和采样单元的输出，并且使用这些输出来确定参考时钟是否以与预期频率相比在可接受的频率下运行。

公开(公告)号：US10853504B1

公开(公告)日：2020-12-01

申请号：US16691900

申请日：2019-11-22

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/30 ,  G06F21/71 ,  H04L9/32 ,  G09C1/00 ,  H04L9/08 ,  G06F21/32

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

公开(公告)号：US20190018952A1

公开(公告)日：2019-01-17

申请号：US16133625

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/46 ,  G06F21/85 ,  G06F21/60 ,  H04L9/08 ,  G06F21/44

CPC classification number: G06F21/46 ,  G06F21/44 ,  G06F21/602 ,  G06F21/606 ,  G06F21/85 ,  G06F2221/2137 ,  H04L9/088

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

公开(公告)号：US10078749B2

公开(公告)日：2018-09-18

申请号：US15678502

申请日：2017-08-16

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/00 ,  G06F21/46 ,  G06F21/85 ,  G06F21/60 ,  H04L9/08 ,  G06F21/44

CPC classification number: G06F21/46 ,  G06F21/44 ,  G06F21/602 ,  G06F21/606 ,  G06F21/85 ,  G06F2221/2137 ,  H04L9/088

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

公开(公告)号：US20170364676A1

公开(公告)日：2017-12-21

申请号：US15678502

申请日：2017-08-16

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/46 ,  G06F21/60 ,  G06F21/44 ,  H04L9/08 ,  G06F21/85

CPC classification number: G06F21/46 ,  G06F21/44 ,  G06F21/602 ,  G06F21/606 ,  G06F21/85 ,  G06F2221/2137 ,  H04L9/088

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

公开(公告)号：US09778950B2

公开(公告)日：2017-10-03

申请号：US14532630

申请日：2014-11-04

Applicant: Apple Inc.

Inventor： Shu-Yi Yu

IPC: G06F1/32 ,  G06F9/48 ,  G06F13/24

CPC classification number: G06F9/4825 ,  G06F13/24

Abstract: Techniques are disclosed relating to processor power control and interrupts. In one embodiment, an apparatus includes a processor configured to assert an indicator that the processor is suspending execution of instructions until the processor receives an interrupt. In this embodiment, the apparatus includes power circuitry configured to alter the power provided to the processor based on the indicator. In this embodiment, the apparatus includes throttling circuitry configured to, in response to receiving a request from the power circuitry to alter the power provided to the processor, block the request until the end of a particular time interval subsequent to receipt of the request or de-assertion of the indicator. In some embodiments, the particular time interval corresponds to latency between the processor receiving an interrupt and de-asserting the indicator.

公开(公告)号：US20150033061A1

公开(公告)日：2015-01-29

申请号：US13951763

申请日：2013-07-26

Applicant: Apple Inc.

Inventor： Shu-Yi Yu ,  Timothy R. Paaske

IPC: G06F21/50 ,  G06F1/08

CPC classification number: G06F21/50 ,  G06F1/04 ,  G06F21/558 ,  G06F21/755

Abstract: A system for monitoring a clock input signal including a reference clock to be monitored, a flip-flop, a plurality of delay logic blocks, a sampling unit, and a comparison unit. The reference clock may have an expected maximum frequency. The flip-flop may be configured to generate a corresponding clock signal at a reduced frequency compared to the reference clock. The plurality of delay logic blocks may be configured to receive the reduced frequency clock signal and delay the signal for various amounts of time, each less than an expected period of the reference clock. The sampling unit may be configured to sample the signals output from the plurality of delay logic blocks. The comparison unit may be configured to receive the outputs of the flip-flop and the sampling unit and use these outputs to determine if the reference clock is running at an acceptable frequency compared to the expected frequency.

Abstract translation: 一种用于监视包括要监视的参考时钟，触发器，多个延迟逻辑块，采样单元和比较单元的时钟输入信号的系统。 参考时钟可能具有预期的最大频率。 触发器可以被配置为以与参考时钟相比降低的频率产生对应的时钟信号。 多个延迟逻辑块可以被配置为接收降频时钟信号并将信号延迟各种时间量，每个时间量小于参考时钟的期望周期。 采样单元可以被配置为对从多个延迟逻辑块输出的信号进行采样。 比较单元可以被配置为接收触发器和采样单元的输出，并且使用这些输出来确定参考时钟是否以与期望频率相比在可接受的频率下运行。

公开(公告)号：US08832465B2

公开(公告)日：2014-09-09

申请号：US13626566

申请日：2012-09-25

Applicant: Apple Inc.

Inventor： Manu Gulati ,  Michael J. Smith ,  Shu-Yi Yu

IPC: G06F11/30 ,  G06F12/14

CPC classification number: G06F21/72 ,  G06F21/575

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US20140223049A1

公开(公告)日：2014-08-07

申请号：US13760795

申请日：2013-02-06

Applicant: APPLE INC.

Inventor： Deniz Balkan ,  Gurjeet S. Saund ,  Shu-Yi Yu

IPC: G06F13/42

CPC classification number: G06F13/4027 ,  G06F11/0766 ,  G06F11/0772

Abstract: Embodiments of a bridge circuit and system are disclosed that may allow for converting transactions from one communication protocol to another. The bridge circuit may be coupled to a first bus employing a first communication protocol, and a second bus employing a second communication protocol. The bridge circuit may be configured to convert transactions from the first communication protocol to the second communication protocol, and convert transaction from the second communication protocol to the first communication protocol. In one embodiment, the bridge circuit may be further configured to flag transactions that cannot be converted from the second communication protocol to the first communication protocol. In a further embodiment, an error circuit coupled to the bridge circuit may be configured to detect flagged transactions.

Abstract translation: 公开了桥接电路和系统的实施例，其可以允许将事务从一个通信协议转换到另一个通信协议。 桥接电路可以耦合到采用第一通信协议的第一总线，以及采用第二通信协议的第二总线。 桥接电路可以被配置为将事务从第一通信协议转换为第二通信协议，并将事务从第二通信协议转换为第一通信协议。 在一个实施例中，桥接电路可以被进一步配置为标记不能从第二通信协议转换到第一通信协议的事务。 在另一个实施例中，耦合到桥接电路的错误电路可以被配置为检测标记的事务。

公开(公告)号：US20250053667A1

公开(公告)日：2025-02-13

申请号：US18774305

申请日：2024-07-16

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/32 ,  G06F21/62 ,  G06F21/71 ,  G09C1/00 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.