Patents by Inventor Ivan Krstic
Ivan Krstic has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10824705Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.Type: GrantFiled: May 15, 2018Date of Patent: November 3, 2020Assignee: Apple Inc.Inventors: Lucia E. Ballard, Jerrold V. Hauck, Deepti S. Prakash, Jan Cibulka, Ivan Krstic
-
Patent number: 10735396Abstract: Some embodiments provide an account-access recovery method that receives a request to recover access to an account. The method also assesses recent usage of a device that is associated with the account. The method also, based on the assessment, selects a recovery process from a group of different recovery processes for regaining access to the account. The method also provides the selected recovery process to a party that is requesting the access recovery.Type: GrantFiled: October 22, 2018Date of Patent: August 4, 2020Assignee: Apple Inc.Inventors: Ivan Krstic, James Wilson, Eric Daniel Friedman, Selvarajan Subramaniam, Patrice O. Gautier, John Patrick Gates, Ramarathnam Santhanagopal, Prabhakaran Vaidyanathaswami, Sudhakar Mambakkam, Raghunandan Pai, Karthik Narayanan
-
Publication number: 20200233984Abstract: Techniques are disclosed relating to securing an accessory interface on a computing device. In various embodiments, a computing device detects a connection of an accessory device to an accessory interface port and, in response to the detected connection, evaluates a policy defining one or more criteria for restricting unauthorized access to the accessory interface port. Based on the evaluating, the computing device determines whether to disable the accessory interface port to prevent communication with the connected accessory device. In some embodiments, the computing device includes an interconnect coupled between the processor and the accessory interface port, and the interconnect includes a hub circuit configured to facilitate communication between a plurality of devices via the interconnect. In some embodiments, the computing device, in response to determining to disable the accessory interface port, instructs the hub circuit to prevent traffic from being conveyed from the accessory interface port.Type: ApplicationFiled: May 3, 2019Publication date: July 23, 2020Inventors: Loukas Kalenderidis, Ivan Krstic, Brian J. Dawbin, Filip Stoklas, Carmen A. Bovalino, III, Shyam S. Toprani, Christopher B. Zimmermann, Libor Sykora, Arnold S. Liu, Lucia E. Ballard
-
Publication number: 20200213323Abstract: Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.Type: ApplicationFiled: December 2, 2019Publication date: July 2, 2020Inventors: Ivan KRSTIC, James WILSON, Eric Daniel FRIEDMAN, Selvarajan SUBRAMANIAM, Patrice O. GAUTIER, John Patrick GATES, Ramarathnam SANTHANAGOPAL, Prabhakaran VAIDYANATHASWAMI, Sudhakar MAMBAKKAM, Raghunandan PAI, Karthik NARAYANAN
-
Publication number: 20200143038Abstract: In accordance with some embodiments, the method includes: detecting, via the one or more input devices, a request to display information for password protected accounts; and, in response to detecting the request, concurrently displaying, on the display device: a representation of a first password protected account that is associated with a credential having one or more security issues, wherein the representation of the first password protected account is visually associated with an alert indicator indicating the one or more security issues associated with the credential of the first password protected account; and a representation of a second password protected account that is associated with a credential having one or more security issues, wherein the representation of the second password protected account is visually associated with an alert indicator indicating the one or more security issues associated with the credential of the second password protected account.Type: ApplicationFiled: November 7, 2019Publication date: May 7, 2020Inventors: Conrad A. Shultz, Richard J. Mondello, Reza Abbasian, Ivan Krstic, Darin Adler, Charilaos Papadopoulos, Maureen Grace Daum, Guillaume Borios, Patrick Robert Burns, Alexander David Sanciangco, Brent Michael Ledvina, Chelsea Elizabeth Pugh, Kyle Brogle, Marc J. Krochmal, Jacob Klapper, Paul Russell Knight, Connor David Graham, Shengkai Wu, I-Ting Liu, Steven Jon Falkenburg
-
Publication number: 20190370457Abstract: In accordance with some embodiments, a method is performed at an electronic device with a display device and one or more input devices. The method includes displaying, via the display device, a user interface that includes a new-password field. The method includes detecting, via the one or more input devices, a user input that corresponds to selection of the new-password field. In response to detecting the user input that corresponds to selection of the new-password field, the method includes displaying, on the display device, a representation of a new automatically-generated password in the new-password field and displaying, on the display device, an affordance to accept the new automatically-generated password and an affordance to decline to use the new automatically-generated password.Type: ApplicationFiled: May 30, 2019Publication date: December 5, 2019Inventors: Conrad A. Shultz, Richard J. Mondello, Reza Abbasian, Ivan Krstic, Darin Adler, Charilaos Papadopoulos, Maureen Grace Daum, Guillaume Borios, Patrick Robert Burns, Alexander David Sanciangco, Brent Michael Ledvina, Chelsea Elizabeth Pugh, Kyle Brogle, Marc J. Krochmal, Jacob Klapper, Paul Russell Knight, Connor David Graham, Shengkai Wu, I-Ting Liu, Steven Jon Falkenburg
-
Patent number: 10498738Abstract: Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.Type: GrantFiled: September 30, 2015Date of Patent: December 3, 2019Assignee: APPLE INC.Inventors: Ivan Krstic, James Wilson, Eric Daniel Friedman, Selvarajan Subramaniam, Patrice O. Gautier, John Patrick Gates, Ramarathnam Santhanagopal, Prabhakaran Vaidyanathaswami, Sudhakar Mambakkam, Raghunandan Pai, Karthik Narayanan
-
Publication number: 20190236254Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.Type: ApplicationFiled: April 1, 2019Publication date: August 1, 2019Inventors: Lucia E. Ballard, Jerrold V. Hauck, Deepti S. Prakash, Jan Cibulka, Ivan Krstic
-
Patent number: 10303885Abstract: Methods and systems for securely executing untrusted software are described. In one embodiment, two virtual memory mappings are used (one readable/writeable-RW and the other readable/executable-RX). In one embodiment, compiled software is used at run time through pointers to the RX virtual memory space and a compiler causes the storage of the compiled software in the RW virtual memory space through the use of an executable function (e.g. a memory copy like function) stored in an executable only memory region.Type: GrantFiled: September 23, 2016Date of Patent: May 28, 2019Assignee: Apple Inc.Inventors: Gregory D. Hughes, Ivan Krstic, Oliver J. Hunt
-
Publication number: 20190158478Abstract: Some embodiments provide an account-access recovery method that receives a request to recover access to an account. The method also assesses recent usage of a device that is associated with the account. The method also, based on the assessment, selects a recovery process from a group of different recovery processes for regaining access to the account. The method also provides the selected recovery process to a party that is requesting the access recovery.Type: ApplicationFiled: October 22, 2018Publication date: May 23, 2019Inventors: Ivan Krstic, James Wilson, Eric Daniel Friedman, Selvarajan Subramaniam, Patrice O. Gautier, John Patrick Gates, Ramarathnam Santhanagopal, Prabhakaran Vaidyanathaswami, Sudhakar Mambakkam, Raghunandan Pai, Karthik Narayanan
-
Publication number: 20190042718Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.Type: ApplicationFiled: July 31, 2018Publication date: February 7, 2019Inventors: Deepti S. Prakash, Lucia E. Ballard, Jerrold V. Hauck, Feng Tang, Etai Littwin, Pavan Kumar Ansosalu Vasu, Gideon Littwin, Thorsten Gernoth, Lucie Kucerova, Petr Kostka, Steven P. Hotelling, Eitan Hirsh, Tal Kaitz, Jonathan Pokrass, Andrei Kolin, Moshe Laifenfeld, Matthew C. Waldon, Thomas P. Mensch, Lynn R. Youngs, Christopher G. Zeleznik, Michael R. Malone, Ziv Hendel, Ivan Krstic, Anup K. Sharma, Kelsey Y. Ho
-
Publication number: 20190044723Abstract: Techniques are disclosed relating to biometric authentication, e.g., facial recognition. In some embodiments, a device is configured to verify that image data from a camera unit exhibits a pseudo-random sequence of image capture modes and/or a probing pattern of illumination points (e.g., from lasers in a depth capture mode) before authenticating a user based on recognizing a face in the image data. In some embodiments, a secure circuit may control verification of the sequence and/or the probing pattern. In some embodiments, the secure circuit may verify frame numbers, signatures, and/or nonce values for captured image information. In some embodiments, a device may implement one or more lockout procedures in response to biometric authentication failures. The disclosed techniques may reduce or eliminate the effectiveness of spoofing and/or replay attacks, in some embodiments.Type: ApplicationFiled: July 31, 2018Publication date: February 7, 2019Inventors: Deepti S. Prakash, Lucia E. Ballard, Jerrold V. Hauck, Feng Tang, Etai Littwin, Pavan Kumar Ansosalu Vasu, Gideon Littwin, Thorsten Gernoth, Lucie Kucerova, Petr Kostka, Steven P. Hotelling, Eitan Hirsh, Tal Kaitz, Jonathan Pokrass, Andrei Kolin, Moshe Laifenfeld, Matthew C. Waldon, Thomas P. Mensch, Lynn R. Youngs, Christopher G. Zeleznik, Michael R. Malone, Ziv Hendel, Ivan Krstic, Anup K. Sharma
-
Publication number: 20180352440Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.Type: ApplicationFiled: May 15, 2018Publication date: December 6, 2018Inventors: Lucia E. Ballard, Jerrold V. Hauck, Deepti S. Prakash, Jan Cibulka, Ivan Krstic
-
Patent number: 10110583Abstract: Some embodiments provide an account-access recovery method that receives a request to recover access to an account. The method also assesses recent usage of a device that is associated with the account. The method also, based on the assessment, selects a recovery process from a group of different recovery processes for regaining access to the account. The method also provides the selected recovery process to a party that is requesting the access recovery.Type: GrantFiled: August 7, 2016Date of Patent: October 23, 2018Assignee: APPLE INC.Inventors: Ivan Krstic, James Wilson, Eric Daniel Friedman, Selvarajan Subramaniam, Patrice O. Gautier, John Patrick Gates, Ramarathnam Santhanagopal, Prabhakaran Vaidyanathaswami, Sudhakar Mambakkam, Raghunandan Pai, Karthik Narayanan
-
Patent number: 10063557Abstract: Some embodiments of the invention provide a program for recovering access to an account. The program receives an access recovery parameter (ARP) after providing a first credential to log into an account and providing a notification of a second credential necessary for accessing another resource. The program then receives a request to modify the first credential and receives the second credential. Next, after authenticating the second credential, the program uses the ARP to modify the first credential without providing the first credential.Type: GrantFiled: September 30, 2015Date of Patent: August 28, 2018Assignee: Apple Inc.Inventors: Ivan Krstic, James Wilson, Eric Daniel Friedman, Selvarajan Subramaniam, Patrice O. Gautier, John Patrick Gates, Ramarathnam Santhanagopal, Prabhakaran Vaidyanathaswami, Sudhakar Mambakkam, Raghunandan Pai, Karthik Narayanan
-
Patent number: 10019598Abstract: When an application is launched, a framework scanning module scans a plurality of frameworks linked against by the application to generate a list of available services. When the application makes a request of a particular service, a service verification module compares the requested service to the list of available services and if the requested service is found in the list of available services, sends a signal to the application, the signal allowing access to the requested service for the application. Otherwise, access to the requested service is denied.Type: GrantFiled: September 30, 2015Date of Patent: July 10, 2018Assignee: Apple Inc.Inventors: Kevin J. Van Vechten, Damien Pascal Sorresso, Richard L. Hagy, Ivan Krstic
-
Patent number: 9811393Abstract: According to one embodiment, in response to an inquiry received from a first application for an extension service associated with a first of a plurality of extension points of an operating system, a list of one or more extensions is identified that have been registered for the first extension point with the operating system, where the first application is executed within a first sandboxed environment. The identified list of extensions is displayed to prompt a user to select one of the extensions to be associated with the first application. In response to a selection of one of the extensions, the selected extension is launched in a second sandboxed environment. The selected extension and the second application were packaged in an application bundle, and when the application bundle was installed, the selected extension and the second application appeared in a registry of the operating system as separate applications.Type: GrantFiled: September 16, 2014Date of Patent: November 7, 2017Assignee: Apple Inc.Inventors: Peter Kiehtreiber, Olivier Gutknecht, Ivan Krstic, Adele Peterson, Samuel M. Weinig, Yongjun Zhang, Ian J. Baird
-
Publication number: 20170255780Abstract: Methods and systems for securely executing untrusted software are described. In one embodiment, two virtual memory mappings are used (one readable/writeable-RW and the other readable/executable-RX). In one embodiment, compiled software is used at run time through pointers to the RX virtual memory space and a compiler causes the storage of the compiled software in the RW virtual memory space through the use of an executable function (e.g. a memory copy like function) stored in an executable only memory region.Type: ApplicationFiled: September 23, 2016Publication date: September 7, 2017Inventors: Gregory D. Hughes, Ivan Krstic, Oliver J. Hunt
-
Publication number: 20170185768Abstract: Techniques for handling security of an application and its extension are described. In one embodiment, an application manager of an operating system running within a data processing system launches an application in a first sandboxed environment based on a first security profile associated with the application. In response to receiving a request from the application for accessing a function of an application extension that is associated with the application, the application manager launches the application extension in a second sandboxed environment based on a second security profile associated with the application extension. The application manager is to individually enforce security and manage resources of the application and the application extension in the first and second sandboxed environments based on the first and second security profiles, respectively. The second security profile specifies resources fewer than the first security profile.Type: ApplicationFiled: December 9, 2016Publication date: June 29, 2017Inventors: Ivan Krstic, Damien P. Sorresso, Jason C. Beaver, Sophia Teutschler, Ian J. Baird
-
Patent number: 9684547Abstract: Techniques for handling security of an application and its extension are described. In one embodiment, an application manager of an operating system running within a data processing system launches an application in a first sandboxed environment based on a first security profile associated with the application. In response to receiving a request from the application for accessing a function of an application extension that is associated with the application, the application manager launches the application extension in a second sandboxed environment based on a second security profile associated with the application extension. The application manager is to individually enforce security and manage resources of the application and the application extension in the first and second sandboxed environments based on the first and second security profiles, respectively. The second security profile specifies resources fewer than the first security profile.Type: GrantFiled: September 16, 2014Date of Patent: June 20, 2017Assignee: Apple Inc.Inventors: Ivan Krstic, Damien P. Sorresso, Jason C. Beaver, Sophia Teutschler, Ian J. Baird