-
41.发明申请公开(公告)号:US20160350529A1
公开(公告)日:2016-12-01
申请号:US14726292
申请日:2015-05-29
Applicant: Apple Inc.
Inventor: Gregory I. Kerr , Pierre-Olivier J. Martel , Love Hornquist Astrand , Peter Kiehtreiber , Ivan Krstic
CPC classification number: G06F21/52 , G06F21/51 , G06F21/64 , G06F2221/033
Abstract: According to one embodiment, in response to a request received from an application by a launch module hosted by an operating system and executed by a processor to dynamically load a library, a library validation module hosted by the operating system extracts a first team identifier (ID) from the application, where the first team ID identifies an application provider that provides the application. The library validation module extracts a second team ID from the library, where the second team ID identifies a library provider that provides the library. The first team ID and the second team ID are compared to determine whether the first team ID matches the second team ID. In response to determining that the first team ID matches the second team ID, the launch module launches the library to allow the application communicate with the library; otherwise, the request is denied.
Abstract translation: 根据一个实施例,响应于由操作系统托管并由处理器执行并由处理器执行以动态加载库的从应用程序接收到的请求,由操作系统托管的库验证模块提取第一团队标识符(ID ),其中第一个团队ID标识提供应用程序的应用程序提供程序。 库验证模块从库中提取第二个团队ID,其中第二个团队ID标识提供该库的库提供程序。 比较第一个团队ID和第二个团队ID,以确定第一个团队ID是否与第二个团队ID相匹配。 为了响应确定第一个团队ID与第二个团队ID相匹配,启动模块启动该库以允许应用程序与库通信; 否则,请求被拒绝。
-
42.发明申请公开(公告)号:US20150347749A1
公开(公告)日:2015-12-03
申请号:US14488126
申请日:2014-09-16
Applicant: Apple Inc.
Inventor: Peter Kiehtreiber , Olivier Gutknecht , Ivan Krstic , Adele Peterson , Samuel M. Weinig , Yongjun Zhang , Ian J. Baird
Abstract: According to one embodiment, in response to an inquiry received from a first application for an extension service associated with a first of a plurality of extension points of an operating system, a list of one or more extensions is identified that have been registered for the first extension point with the operating system, where the first application is executed within a first sandboxed environment. The identified list of extensions is displayed to prompt a user to select one of the extensions to be associated with the first application. In response to a selection of one of the extensions, the selected extension is launched in a second sandboxed environment. The selected extension and the second application were packaged in an application bundle, and when the application bundle was installed, the selected extension and the second application appeared in a registry of the operating system as separate applications.
Abstract translation: 根据一个实施例,响应于从与第一应用程序相关联的用于与操作系统的多个扩展点中的第一个扩展点相关联的扩展服务的查询,识别一个或多个扩展的列表,其已被注册为第一 扩展点与操作系统,第一个应用程序在第一个沙盒环境中执行。 显示已识别的扩展列表,以提示用户选择要与第一个应用程序相关联的其中一个扩展。 响应于选择其中一个扩展,所选扩展名在第二个沙盒环境中启动。 所选的扩展和第二个应用程序被打包在应用程序包中,并且当安装了应用程序包时,所选的扩展和第二个应用程序作为单独的应用程序出现在操作系统的注册表中。
-
公开(公告)号:US20150199510A1
公开(公告)日:2015-07-16
申请号:US14605085
申请日:2015-01-26
Applicant: Apple Inc.
Inventor: Ivan Krstic , Love Hörnquist Astrand
CPC classification number: G06F21/53 , G06F17/30082 , G06F17/30887 , G06F2221/034 , H04L63/08 , H04L63/10
Abstract: Methods, systems, and machine-readable storage medium are described wherein, in one embodiment, identifiers, such as bookmarks, are used to allow access to files or folders in a sandboxed environment. One or more applications are restricted by an access control system, which can be, for example, a trusted software component of an operating system. In one embodiment, the bookmarks or other identifiers allow an application to have access to a file even if the file is renamed or moved by a user while the application has been terminated. In one embodiment, a resource manager, or other trusted access control system, can interact with an application to allow for the use of bookmarks in an environment in which a sandbox application controls access to the files such that each application must make a request to the sandbox application in order to obtain access to a particular file or folder.
Abstract translation: 描述了方法,系统和机器可读存储介质,其中在一个实施例中,诸如书签的标识符被用于允许访问沙盒环境中的文件或文件夹。 访问控制系统限制一个或多个应用程序,访问控制系统可以是例如操作系统的可信软件组件。 在一个实施例中,书签或其他标识符允许应用程序访问文件,即使在应用程序已被终止时,用户重命名或移动该文件。 在一个实施例中,资源管理器或其他受信任的访问控制系统可以与应用程序交互以允许在沙盒应用程序控制对文件的访问的环境中使用书签,使得每个应用程序必须向 沙箱应用程序,以获取访问特定的文件或文件夹。
-
公开(公告)号:US11537699B2
公开(公告)日:2022-12-27
申请号:US17084172
申请日:2020-10-29
Applicant: Apple Inc.
Inventor: Lucia E. Ballard , Jerrold V. Hauck , Deepti S. Prakash , Jan Cibulka , Ivan Krstic
IPC: H04M1/66 , G06F21/32 , G06F21/78 , G06F21/62 , H04L9/32 , H04L9/40 , H04M1/72463 , H04W12/06 , H04W12/084 , G06F21/34 , G06Q20/32
Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.
-
公开(公告)号:US11205021B2
公开(公告)日:2021-12-21
申请号:US16403259
申请日:2019-05-03
Applicant: Apple Inc.
Inventor: Loukas Kalenderidis , Ivan Krstic , Brian J. Dawbin , Filip Stoklas , Carmen A. Bovalino, III , Shyam S. Toprani , Christopher B. Zimmermann , Libor Sykora , Arnold S. Liu , Lucia E. Ballard
Abstract: Techniques are disclosed relating to securing an accessory interface on a computing device. In various embodiments, a computing device detects a connection of an accessory device to an accessory interface port and, in response to the detected connection, evaluates a policy defining one or more criteria for restricting unauthorized access to the accessory interface port. Based on the evaluating, the computing device determines whether to disable the accessory interface port to prevent communication with the connected accessory device. In some embodiments, the computing device includes an interconnect coupled between the processor and the accessory interface port, and the interconnect includes a hub circuit configured to facilitate communication between a plurality of devices via the interconnect. In some embodiments, the computing device, in response to determining to disable the accessory interface port, instructs the hub circuit to prevent traffic from being conveyed from the accessory interface port.
-
Patent Agency Ranking
46.发明授权公开(公告)号:US11120123B2
公开(公告)日:2021-09-14
申请号:US16427152
申请日:2019-05-30
Applicant: Apple Inc.
Inventor: Conrad A. Shultz , Richard J. Mondello , Reza Abbasian , Ivan Krstic , Darin Adler , Charilaos Papadopoulos , Maureen Grace Daum , Guillaume Borios , Patrick Robert Burns , Alexander David Sanciangco , Brent Michael Ledvina , Chelsea Elizabeth Pugh , Kyle Brogle , Marc J. Krochmal , Jacob Klapper , Paul Russell Knight , Connor David Graham , Shengkai Wu , I-Ting Liu , Steven Jon Falkenburg
IPC: G06F21/46 , G06F3/0482 , G06F3/0488 , G06F21/31
Abstract: In accordance with some embodiments, a method is performed at an electronic device with a display device and one or more input devices. The method includes displaying, via the display device, a user interface that includes a new-password field. The method includes detecting, via the one or more input devices, a user input that corresponds to selection of the new-password field. In response to detecting the user input that corresponds to selection of the new-password field, the method includes displaying, on the display device, a representation of a new automatically-generated password in the new-password field and displaying, on the display device, an affordance to accept the new automatically-generated password and an affordance to decline to use the new automatically-generated password.
-
公开(公告)号:US10303885B2
公开(公告)日:2019-05-28
申请号:US15275000
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Gregory D. Hughes , Ivan Krstic , Oliver J. Hunt
Abstract: Methods and systems for securely executing untrusted software are described. In one embodiment, two virtual memory mappings are used (one readable/writeable-RW and the other readable/executable-RX). In one embodiment, compiled software is used at run time through pointers to the RX virtual memory space and a compiler causes the storage of the compiled software in the RW virtual memory space through the use of an executable function (e.g. a memory copy like function) stored in an executable only memory region.
-
公开(公告)号:US20190042718A1
公开(公告)日:2019-02-07
申请号:US16050021
申请日:2018-07-31
Applicant: Apple Inc.
Inventor: Deepti S. Prakash , Lucia E. Ballard , Jerrold V. Hauck , Feng Tang , Etai Littwin , Pavan Kumar Ansosalu Vasu , Gideon Littwin , Thorsten Gernoth , Lucie Kucerova , Petr Kostka , Steven P. Hotelling , Eitan Hirsh , Tal Kaitz , Jonathan Pokrass , Andrei Kolin , Moshe Laifenfeld , Matthew C. Waldon , Thomas P. Mensch , Lynn R. Youngs , Christopher G. Zeleznik , Michael R. Malone , Ziv Hendel , Ivan Krstic , Anup K. Sharma , Kelsey Y. Ho
Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.
-
公开(公告)号:US10110583B1
公开(公告)日:2018-10-23
申请号:US15230446
申请日:2016-08-07
Applicant: Apple Inc.
Inventor: Ivan Krstic , James Wilson , Eric Daniel Friedman , Selvarajan Subramaniam , Patrice O. Gautier , John Patrick Gates , Ramarathnam Santhanagopal , Prabhakaran Vaidyanathaswami , Sudhakar Mambakkam , Raghunandan Pai , Karthik Narayanan
Abstract: Some embodiments provide an account-access recovery method that receives a request to recover access to an account. The method also assesses recent usage of a device that is associated with the account. The method also, based on the assessment, selects a recovery process from a group of different recovery processes for regaining access to the account. The method also provides the selected recovery process to a party that is requesting the access recovery.
-
公开(公告)号:US10063557B2
公开(公告)日:2018-08-28
申请号:US14872034
申请日:2015-09-30
Applicant: Apple Inc.
Inventor: Ivan Krstic , James Wilson , Eric Daniel Friedman , Selvarajan Subramaniam , Patrice O. Gautier , John Patrick Gates , Ramarathnam Santhanagopal , Prabhakaran Vaidyanathaswami , Sudhakar Mambakkam , Raghunandan Pai , Karthik Narayanan
CPC classification number: H04L63/102 , G06F12/1408 , G06F21/42 , G06F21/45 , G06F2212/1052 , G06F2221/2131 , H04L63/0807 , H04L63/083 , H04L63/0861
Abstract: Some embodiments of the invention provide a program for recovering access to an account. The program receives an access recovery parameter (ARP) after providing a first credential to log into an account and providing a notification of a second credential necessary for accessing another resource. The program then receives a request to modify the first credential and receives the second credential. Next, after authenticating the second credential, the program uses the ARP to modify the first credential without providing the first credential.
-
-
-
-
-
-
-
-
-
Search Results
57
records
(took 0.02 seconds)
