-
公开(公告)号:WO2018226262A1
公开(公告)日:2018-12-13
申请号:PCT/US2018/015485
申请日:2018-01-26
Applicant: APPLE INC.
Inventor: COTE, Guy , DRZAIC, Paul S. , DUNN, Alan M. , GUILLOU, Jean-Pierre , HAUCK, Jerrold V. , HENDRY, Ian C. , HEPPOLETTE, Vanessa C. , KOH, Tae-Wook , LINDBERG, Lars M. , MACHALEK, Adam J. , SAZEGARI, Ali , SPENCE, Arthur L. , TANN, Christopher P. , THOMPSON, Ross , ZHANG, Yifan
IPC: G09G3/32
Abstract: A data processing system can store a long-term history of pixel luminance values in a secure memory and use those values to create burn-in compensation values that are used to mitigate burn-in effect on a display. The long-term history can be updated over time with new, accumulated pixel luminance values.
-
公开(公告)号:WO2018057997A3
公开(公告)日:2018-03-29
申请号:PCT/US2017/053107
申请日:2017-09-22
Applicant: APPLE INC.
Inventor: SIBERT, Herve , ELRAD, Oren M. , HAUCK, Jerrold V. , TACKIN, Onur E. , ROSEN, Zachary A. , LERCH, Matthias
Abstract: Techniques are disclosed relating to secure data storage. In various embodiments, a mobile device includes a wireless interface, a secure element, and a secure circuit. The secure element is configured to store confidential information associated with a plurality of users and to receive a request to communicate the confidential information associated with a particular one of the plurality of users. The secure element is further configured to communicate, via the wireless interface, the confidential information associated with the particular user in response to an authentication of the particular user. The secure circuit is configured to perform the authentication of the particular user. In some embodiments, the mobile device also includes a biosensor configured to collect biometric information from a user of the mobile device. In such an embodiment, the secure circuit is configured to store biometric information collected from the plurality of users by the biosensor.
Abstract translation: 公开了涉及安全数据存储的技术。 在各种实施例中,移动设备包括无线接口,安全元件和安全电路。 安全元件被配置为存储与多个用户相关联的机密信息并且接收传送与多个用户中的特定一个用户相关联的机密信息的请求。 安全元件还被配置为响应于特定用户的认证,经由无线接口传送与特定用户相关联的机密信息。 安全电路被配置为执行特定用户的认证。 在一些实施例中,移动设备还包括被配置成从移动设备的用户收集生物测定信息的生物传感器。 在这样的实施例中,安全电路被配置为存储由生物传感器从多个用户收集的生物信息。
-
公开(公告)号:WO2014081890A1
公开(公告)日:2014-05-30
申请号:PCT/US2013/071099
申请日:2013-11-20
Applicant: APPLE INC.
Inventor: SHARP, Christopher B. , VAID, Yousuf H. , LI, Li , HAUCK, Jerrold V. , MATHIAS, Arun G. , YANG, Xiangying , MCLAUGHLIN, Kevin P.
CPC classification number: G06F21/604 , H04L63/102 , H04L63/105 , H04L63/20 , H04W12/08
Abstract: A policy-based framework is described. This policy-based framework may be used to specify the privileges for logical entities to perform operations associated with an access-control element (such as an electronic Subscriber Identity Module) located within a secure element in an electronic device. Note that different logical entities may have different privileges for different operations associated with the same or different access-control elements. Moreover, the policy-based framework may specify types of credentials that are used by the logical entities during authentication, so that different types of credentials may be used for different operations and/or by different logical entities. Furthermore, the policy-based framework may specify the security protocols and security levels that are used by the logical entities during authentication, so that different security protocols and security levels may be used for different operations and/or by different logical entities.
Abstract translation: 描述了基于策略的框架。 该基于策略的框架可以用于指定逻辑实体执行与位于电子设备中的安全元件内的访问控制元素(例如电子订户身份模块)相关联的操作的权限。 注意,对于与相同或不同的访问控制元素相关联的不同操作,不同的逻辑实体可以具有不同的权限。 此外,基于策略的框架可以指定在认证期间由逻辑实体使用的凭证的类型,使得不同类型的凭证可以用于不同的操作和/或由不同的逻辑实体使用。 此外,基于策略的框架可以指定在认证期间由逻辑实体使用的安全协议和安全级别,使得不同的安全协议和安全级别可以用于不同的操作和/或不同的逻辑实体。
-
公开(公告)号:WO2020214833A1
公开(公告)日:2020-10-22
申请号:PCT/US2020/028549
申请日:2020-04-16
Applicant: APPLE INC.
Inventor: LEDWITH, Alexander R. , BENSON, Wade , KROCHMAL, Marc J. , IAROCCI, John J. , HAUCK, Jerrold V. , BROUWER, Michael , ADLER, Mitchell D. , SIERRA, Yannick L. , SYKORA, Libor , MARGARITOV, Jiri
Abstract: In some embodiments, a first device performs ranging operations to allow a user to perform one or more operations on the first device without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account that is authorized to perform operations on the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the operations to be performed on the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the operation is authorized on the first device.
-
公开(公告)号:WO2017181132A2
公开(公告)日:2017-10-19
申请号:PCT/US2017/027792
申请日:2017-04-14
Applicant: APPLE INC.
Inventor: HAUCK, Jerrold V. , MARQUEZ, Alejandro J. , PAASKE, Timothy R. , SEN, Indranil S. , SIBERT, Herve , SIERRA, Yannick L. , THIARA, Raman S.
IPC: H04W64/00
Abstract: A secure ranging system can use a secure processing system to deliver one or more ranging keys to a ranging radio on a device, and the ranging radio can derive locally at the system ranging codes based on the ranging keys. A deterministic random number generator can derive the ranging codes using the ranging key and one or more session parameters, and each device (e.g. a cellular telephone and another device) can independently derive the ranging codes and derive them contemporaneously with their use in ranging operations.
Abstract translation: 安全测距系统可以使用安全处理系统来向设备上的测距无线电传递一个或多个测距密钥,并且测距无线电可以基于测距密钥在系统测距代码处本地导出 。 确定性随机数发生器可以使用测距键和一个或多个会话参数来导出测距码,并且每个设备(例如,蜂窝电话和另一个设备)可以独立地导出测距码并在测距操作中与它们的使用同时导出测距码。
-
Patent Agency Ranking
公开(公告)号:WO2019027503A1
公开(公告)日:2019-02-07
申请号:PCT/US2018/015498
申请日:2018-01-26
Applicant: APPLE INC.
Inventor: BALLARD, Lucia E. , HAUCK, Jerrold V. , PRAKASH, Deepti Sunder , TANG, Feng , LITTWIN, Etai , VASU, Pavan Kumar Anasosalu , LITTWIN, Gideon , GERNOTH, Thorsten , KUCEROVA, Lucie , KOSTKA, Petr , HOTELLING, Steve , HIRSH, Eitan , KAITZ, Tal , POKRASS, Jonathan , KOLIN, Andrei , LAIFENFELD, Moshe , WALDON, Matthew C. , MENSCH, Thomas P. , YOUNGS, Lynn , ZELEZNIK, Chris , MALONE, Michael , HENDEL, Ziv , KRSTIC, Ivan , SHARMA, Anup K.
Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.
-
公开(公告)号:WO2017181132A3
公开(公告)日:2017-10-19
申请号:PCT/US2017/027792
申请日:2017-04-14
Applicant: APPLE INC.
Inventor: HAUCK, Jerrold V. , MARQUEZ, Alejandro J. , PAASKE, Timothy R. , SEN, Indranil S. , SIBERT, Herve , SIERRA, Yannick L. , THIARA, Raman S.
Abstract: A secure ranging system can use a secure processing system to deliver one or more ranging keys to a ranging radio on a device, and the ranging radio can derive locally at the system ranging codes based on the ranging keys. A deterministic random number generator can derive the ranging codes using the ranging key and one or more session parameters, and each device (e.g. a cellular telephone and another device) can independently derive the ranging codes and derive them contemporaneously with their use in ranging operations.
-
公开(公告)号:WO2015077597A1
公开(公告)日:2015-05-28
申请号:PCT/US2014/066875
申请日:2014-11-21
Applicant: APPLE INC.
Inventor: ZIAT, Mehdi , SHARP, Christopher , MCLAUGHLIN, Kevin P. , LI, Li , HAUCK, Jerrold V. , VAID, Yousuf H.
IPC: G06F9/445 , G06F15/177 , G06F9/50
CPC classification number: H04W8/22 , G06F9/44505 , G06F9/5011
Abstract: ABSTRACT Systems and methods for validating and applying modifications to a policy control function (PCF) of a station. The methods include generating a PCF package including a modification to a PCF, and determining whether the PCF package is to be transmitted to the station by a first or second entity. The methods further include when the PCF package is to be transmitted by the first entity, including a first signature of the first entity in a deliverer field of the PCF package, and when the PCF package is to be transmitted by the second entity, including the first signature in an owner field and a second signature of the second entity in the deliverer field. The methods further include receiving the PCF package from the first or second entity, determining whether the PCF package is valid, and applying the modification when it is determined the PCF package is valid.
Abstract translation: 摘要用于验证和应用对站的策略控制功能(PCF)的修改的系统和方法。 所述方法包括生成包括对PCF的修改的PCF包,以及确定PCF包是否被第一或第二实体发送到该站。 所述方法进一步包括当PCF包将被第一实体发送时,包括PCF包的传送器字段中的第一实体的第一签名,以及当PCF包将被第二实体发送时,包括 所有者字段中的第一个签名和提供者字段中第二个实体的第二个签名。 所述方法还包括从第一或第二实体接收PCF包,确定PCF包是否有效,以及当确定PCF包有效时应用该修改。
-
公开(公告)号:WO2021262545A1
公开(公告)日:2021-12-30
申请号:PCT/US2021/038039
申请日:2021-06-18
Applicant: APPLE INC.
Inventor: KOVAH, Xeno S. , SCHLEJ, Nikolaj , MENSCH, Thomas P. , BENSON, Wade , HAUCK, Jerrold V. , DE CESARE, Josh P. , JENNINGS, Austin G. , DONG, John J. , GRAHAM, Robert C. , FORTIER, Jacques
IPC: G06F21/57 , H04L29/06 , H04L9/32 , G06F21/575 , G06F21/72 , G06F21/73 , G06F2221/034 , G06F9/4406 , H04L63/0823 , H04L63/123 , H04L63/126 , H04L9/0897 , H04L9/3226 , H04L9/3236 , H04L9/3247 , H04L9/3263 , H04L9/3268
Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.
-
公开(公告)号:WO2020102749A1
公开(公告)日:2020-05-22
申请号:PCT/US2019/061846
申请日:2019-11-15
Applicant: APPLE INC.
Inventor: SIBERT, Hervé , FRIEDMAN, Eric D. , NEUENSCHWANDER, Erik C. , HAUCK, Jerrold V. , MENSCH, Thomas P. , FREUDIGER, Julien F. , YU, Alan W.
Abstract: Techniques are disclosed relating to application verification. In various embodiments, a computing device includes a secure circuit configured to maintain a plurality of cryptographic keys of the computing device. In such an embodiment, the computing device receives, from an application, a request for an attestation usable to confirm an integrity of the application, instructs the secure circuit to use one of the plurality of cryptographic keys to supply the attestation for the application, and provides the attestation to a remote computing system in communication with the application. In some embodiments, the secure circuit is configured to verify received metadata pertaining to the identity of the application and use the cryptographic key to generate the attestation indicative of the identity of the application.
-
-
-
-
-
-
-
-
-
Search Results
24
records
(took 0.021 seconds)
