公开(公告)号：US20150089259A1

公开(公告)日：2015-03-26

申请号：US14032335

申请日：2013-09-20

Applicant: Apple Inc.

Inventor： David S. Warren ,  Inna Levit ,  Timothy R. Paaske

IPC: G06F1/32 ,  G06F1/08

CPC classification number: G06F1/3296 ,  G06F1/06 ,  G06F1/08 ,  G06F1/3206 ,  G06F1/3237 ,  G06F1/325 ,  G06F13/4022 ,  G06F13/4282 ,  Y02D10/128 ,  Y02D10/151 ,  Y02D50/20

Abstract: Embodiments of an apparatus and method are disclosed that may allow for managing power of a computing system. The apparatus may include a clock generation circuit, a bus interface unit, and a control circuit. The clock generation circuit may be configured to generate multiple clock signals. Each clock signal may provide a timing reference to different functional blocks within a device coupled to the communication bus. The bus interface unit may be configured to receive messages from the device via the communication bus. The messages may include a latency value and a request to activate a low power mode. The control circuit may be configured to deactivate one or more of the multiple clock signals dependent upon the latency value and multiple threshold values.

Abstract translation: 公开了可以允许管理计算系统的功率的装置和方法的实施例。 该装置可以包括时钟发生电路，总线接口单元和控制电路。 时钟发生电路可以被配置为产生多个时钟信号。 每个时钟信号可以提供与耦合到通信总线的设备内的不同功能块的定时参考。 总线接口单元可以被配置为经由通信总线从设备接收消息。 消息可以包括延迟值和激活低功率模式的请求。 控制电路可以被配置为取决于等待时间值和多个阈值的多个时钟信号中的一个或多个。

公开(公告)号：US20240330432A1

公开(公告)日：2024-10-03

申请号：US18593243

申请日：2024-03-01

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/46 ,  G06F21/44 ,  G06F21/60 ,  G06F21/85 ,  H04L9/08

CPC classification number: G06F21/46 ,  G06F21/44 ,  G06F21/602 ,  G06F21/606 ,  G06F21/85 ,  H04L9/088 ,  G06F2221/2137

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

公开(公告)号：US12089178B2

公开(公告)日：2024-09-10

申请号：US18482069

申请日：2023-10-06

Applicant: Apple Inc.

Inventor： Jerrold V. Hauck ,  Alejandro J. Marquez ,  Timothy R. Paaske ,  Indranil S. Sen ,  Herve Sibert ,  Yannick L Sierra ,  Raman S. Thiara

IPC: H04W64/00 ,  H04L9/32 ,  H04L9/40 ,  H04W12/02 ,  H04W12/03 ,  H04W12/033 ,  H04W12/04 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04W12/0471 ,  H04W12/06 ,  H04W12/062 ,  H04W12/065 ,  H04W12/069 ,  H04W12/63 ,  H04W76/10 ,  H04W4/80 ,  H04W12/33 ,  H04W12/47

CPC classification number: H04W64/00 ,  H04L9/3273 ,  H04L63/061 ,  H04L63/0869 ,  H04W12/02 ,  H04W12/03 ,  H04W12/033 ,  H04W12/04 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/0433 ,  H04W12/0471 ,  H04W12/06 ,  H04W12/062 ,  H04W12/065 ,  H04W12/069 ,  H04W12/63 ,  H04W76/10 ,  H04L63/0492 ,  H04W4/80 ,  H04W12/33 ,  H04W12/47

Abstract: A secure ranging system can use a secure processing system to deliver one or more ranging keys to a ranging radio on a device, and the ranging radio can derive locally at the system ranging codes based on the ranging keys. A deterministic random number generator can derive the ranging codes using the ranging key and one or more session parameters, and each device (e.g. a cellular telephone and another device) can independently derive the ranging codes and derive them contemporaneously with their use in ranging operations.

公开(公告)号：US20200342091A1

公开(公告)日：2020-10-29

申请号：US16927934

申请日：2020-07-13

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Weihua Mao ,  Shu-Yi Yu

IPC: G06F21/46 ,  G06F21/60 ,  G06F21/44 ,  G06F21/85 ,  H04L9/08

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

公开(公告)号：US20200081785A1

公开(公告)日：2020-03-12

申请号：US16129726

申请日：2018-09-12

Applicant: Apple Inc.

Inventor： Zhimin Chen ,  Timothy R. Paaske ,  Yannick L. Sierra ,  Anish C. Trivedi

IPC: G06F11/14 ,  G06F11/30 ,  G06F11/34

Abstract: A method for verifying program flow during execution of a software program in a computer system is disclosed. Program code of the software program includes multiple program instructions and checkpoint data structures, where a given checkpoint data structure is associated with a given program instruction and is linked to at least one other checkpoint data structure. A fault monitor circuit may receive a particular checkpoint data structure and compare the particular checkpoint data structure to a previously received checkpoint data structure that is associated with another program instruction. Based on results of the comparison, the software fault monitor circuit may signal a program flow error.

公开(公告)号：US10521596B1

公开(公告)日：2019-12-31

申请号：US16138670

申请日：2018-09-21

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/62

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

公开(公告)号：US10243990B1

公开(公告)日：2019-03-26

申请号：US15275044

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Zhimin Chen ,  Timothy R. Paaske ,  Gilbert H. Herbeck

IPC: G06F21/64 ,  H04L29/06 ,  G06F21/60

Abstract: A system and method for detecting replay attacks on secure data are disclosed. A system on a chip (SOC) includes a security processor. Blocks of data corresponding to sensitive information are stored in off-chip memory. The security processor uses an integrity data structure, such as an integrity tree, for the blocks. The intermediate nodes of the integrity tree use nonces which have been generated independent of any value within a corresponding block. By using only the nonces to generate tags in the root at the top layer stored in on-chip memory and the nodes of the intermediate layers stored in off-chip memory, an amount of storage used is reduced for supporting the integrity tree. When the security processor detects events which create access requests for one or more blocks, the security processor uses the integrity tree to verify a replay attack has not occurred and corrupted data.

公开(公告)号：US20180349609A1

公开(公告)日：2018-12-06

申请号：US15721502

申请日：2017-09-29

Applicant: Apple Inc.

Inventor： Joshua P. de Cesare ,  Timothy R. Paaske ,  Xeno S. Kovah ,  Nikolaj Schlej ,  Jeffrey R. Wilcox ,  Hardik K. Doshi ,  Kevin H. Alderfer ,  Corey T. Kallenberg

IPC: G06F21/57 ,  G06F9/44 ,  G06F21/79

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F21/73 ,  G06F21/79

Abstract: A method and apparatus for protecting boot variables is disclosed. A computer system includes a main processor and an auxiliary processor. The auxiliary processor includes a non-volatile memory that stores variables associated with boot code that is also stored thereon. The main processor may send a request to the auxiliary processor to alter one of the variables stored in the non-volatile memory. Responsive to receiving the request, the auxiliary processor may execute a security policy to determine if the main processor meets the criteria for altering the variable. If the auxiliary processor determines that the main processor meets the criteria, it may grant permission to alter the variable.

公开(公告)号：US10114956B1

公开(公告)日：2018-10-30

申请号：US15860314

申请日：2018-01-02

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/60 ,  G06F21/62

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

公开(公告)号：US09547778B1

公开(公告)日：2017-01-17

申请号：US14498820

申请日：2014-09-26

Applicant: Apple Inc.

Inventor： Timothy R. Paaske ,  Mitchell D. Adler ,  Conrad Sauerwald ,  Fabrice L. Gautier ,  Shu-Yi Yu

IPC: G06F21/00 ,  G06F21/71 ,  G06F21/32 ,  H04L9/30

CPC classification number: G06F21/602 ,  G06F21/32 ,  G06F21/6218 ,  G06F21/71 ,  G09C1/00 ,  H04L9/0866 ,  H04L9/0877 ,  H04L9/30 ,  H04L9/3231 ,  H04L2209/125

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

Abstract translation: 在一个实施例中，提供一种系统，其中私钥是以硬件管理的，并且对于软件是不可见的。 该系统可以为公开密钥生成，数字签名生成，加密/解密以及大量随机素数生成提供硬件支持，而不会向软件揭示私有密钥。 因此，私钥比基于软件的版本更安全。 在一个实施例中，可以访问专用密钥的私有密钥和硬件可以集成到与集成电路（例如芯片上的系统（SOC））相同的半导体衬底上。 私钥在集成电路之外可能不可用，因此，恶意的第三方在尝试获取私钥时面临着很大障碍。