公开(公告)号：US11354390B2

公开(公告)日：2022-06-07

申请号：US15701400

申请日：2017-09-11

Applicant: Apple Inc.

Inventor： Charles T. Ahn ,  Libor Sykora ,  Gianpaolo Fasoli

IPC: G06F21/32 ,  G06F21/35 ,  H04W12/06 ,  H04W4/80 ,  H04L9/40

Abstract: Techniques are disclosed relating to biometric authentication. In one embodiment, a computing device includes a controller circuit, a camera, and a secure circuit. The controller circuit is coupled to a button and detects when the button has been pressed. The camera captures a set of biometric data of a user. The secure circuit performs an authentication of the user by confirming that a notification identifying the button being pressed was received from the controller circuit and by comparing the set of biometric data with another set of biometric data for an authorized user of the computing device. In some embodiments, the controller circuit is configured to maintain a timestamp indicative of when the button has been pressed and usable by the secure circuit to confirm that the button is pressed within a threshold time period of the authentication being performed.

公开(公告)号：US11205021B2

公开(公告)日：2021-12-21

申请号：US16403259

申请日：2019-05-03

Applicant: Apple Inc.

Inventor： Loukas Kalenderidis ,  Ivan Krstic ,  Brian J. Dawbin ,  Filip Stoklas ,  Carmen A. Bovalino, III ,  Shyam S. Toprani ,  Christopher B. Zimmermann ,  Libor Sykora ,  Arnold S. Liu ,  Lucia E. Ballard

IPC: G06F21/85 ,  G06F1/28 ,  G06F21/32

Abstract: Techniques are disclosed relating to securing an accessory interface on a computing device. In various embodiments, a computing device detects a connection of an accessory device to an accessory interface port and, in response to the detected connection, evaluates a policy defining one or more criteria for restricting unauthorized access to the accessory interface port. Based on the evaluating, the computing device determines whether to disable the accessory interface port to prevent communication with the connected accessory device. In some embodiments, the computing device includes an interconnect coupled between the processor and the accessory interface port, and the interconnect includes a hub circuit configured to facilitate communication between a plurality of devices via the interconnect. In some embodiments, the computing device, in response to determining to disable the accessory interface port, instructs the hub circuit to prevent traffic from being conveyed from the accessory interface port.

公开(公告)号：US10079677B2

公开(公告)日：2018-09-18

申请号：US15173643

申请日：2016-06-04

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14

CPC classification number: H04L9/0861 ,  G06F13/28 ,  G06F13/4063 ,  G06F21/32 ,  G06F21/72 ,  G06F21/74 ,  G06F21/78 ,  G06F21/79 ,  H04L9/006 ,  H04L9/0877 ,  H04L9/14 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L9/3263 ,  H04L9/3268 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  H04L2209/12 ,  H04L2209/127 ,  H04L2463/081

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US20170373843A1

公开(公告)日：2017-12-28

申请号：US15173643

申请日：2016-06-04

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/00 ,  H04L9/14 ,  H04L9/32 ,  G06F21/32

CPC classification number: H04L9/0861 ,  G06F21/32 ,  G06F21/74 ,  H04L9/006 ,  H04L9/0877 ,  H04L9/14 ,  H04L9/3231 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L9/3263 ,  H04L9/3268 ,  H04L2209/12 ,  H04L2209/127

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US11895111B2

公开(公告)日：2024-02-06

申请号：US18153118

申请日：2023-01-11

Applicant: Apple Inc.

Inventor： Dmitry V. Belov ,  Brent A. Fulgham ,  Sudhakar N. Mambakkam ,  Richard J. Mondello ,  Kalyan C. Gopavarapu ,  Edgar Tonatiuh Barragan Corte ,  Libor Sykora

IPC: H04L9/40 ,  H04L41/22 ,  H04L67/02

CPC classification number: H04L63/0861 ,  H04L41/22 ,  H04L63/083 ,  H04L63/20 ,  H04L67/02

Abstract: A method and apparatus of a device that authorizes a device for a service is described. In an exemplary embodiment, the device intercepts a request for a web page from a web browser executing on the device, wherein the request includes an indication associated with an authorization request for the service and the web page provides the service. In addition, the device presents an authorization user interface on the device. The device further performs a local authorization using a set of user credentials entered via the authorization user interface. The device additionally performs a server authorization with a server. Furthermore, the device redirects the web browser to the requested web page, wherein the web browser is authorized for the service provided by the web page.

公开(公告)号：US20240039714A1

公开(公告)日：2024-02-01

申请号：US18447083

申请日：2023-08-09

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L9/40

CPC classification number: H04L9/0861 ,  H04L9/3268 ,  H04L9/006 ,  H04L9/3249 ,  G06F21/32 ,  H04L9/3239 ,  H04L9/14 ,  G06F21/74 ,  H04L9/0877 ,  H04L9/3231 ,  H04L9/3234 ,  G06F21/72 ,  G06F21/78 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/127 ,  G06F13/28

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US20200233984A1

公开(公告)日：2020-07-23

申请号：US16403259

申请日：2019-05-03

Applicant: Apple Inc.

Inventor： Loukas Kalenderidis ,  Ivan Krstic ,  Brian J. Dawbin ,  Filip Stoklas ,  Carmen A. Bovalino, III ,  Shyam S. Toprani ,  Christopher B. Zimmermann ,  Libor Sykora ,  Arnold S. Liu ,  Lucia E. Ballard

IPC: G06F21/85 ,  G06F21/32 ,  G06F1/28

Abstract: Techniques are disclosed relating to securing an accessory interface on a computing device. In various embodiments, a computing device detects a connection of an accessory device to an accessory interface port and, in response to the detected connection, evaluates a policy defining one or more criteria for restricting unauthorized access to the accessory interface port. Based on the evaluating, the computing device determines whether to disable the accessory interface port to prevent communication with the connected accessory device. In some embodiments, the computing device includes an interconnect coupled between the processor and the accessory interface port, and the interconnect includes a hub circuit configured to facilitate communication between a plurality of devices via the interconnect. In some embodiments, the computing device, in response to determining to disable the accessory interface port, instructs the hub circuit to prevent traffic from being conveyed from the accessory interface port.

公开(公告)号：US20200186337A1

公开(公告)日：2020-06-11

申请号：US16730931

申请日：2019-12-30

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  G06F21/78 ,  G06F21/72 ,  G06F21/74 ,  H04L9/14 ,  G06F21/32 ,  H04L9/00

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US10523431B2

公开(公告)日：2019-12-31

申请号：US16133645

申请日：2018-09-17

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  G06F13/28 ,  G06F13/40 ,  G06F21/79

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US20180349585A1

公开(公告)日：2018-12-06

申请号：US15701400

申请日：2017-09-11

Applicant: Apple Inc.

Inventor： Charles T. Ahn ,  Libor Sykora ,  Gianpaolo Fasoli

IPC: G06F21/32 ,  G06F21/35

Abstract: Techniques are disclosed relating to biometric authentication. In one embodiment, a computing device includes a controller circuit, a camera, and a secure circuit. The controller circuit is coupled to a button and detects when the button has been pressed. The camera captures a set of biometric data of a user. The secure circuit performs an authentication of the user by confirming that a notification identifying the button being pressed was received from the controller circuit and by comparing the set of biometric data with another set of biometric data for an authorized user of the computing device. In some embodiments, the controller circuit is configured to maintain a timestamp indicative of when the button has been pressed and usable by the secure circuit to confirm that the button is pressed within a threshold time period of the authentication being performed.