Abstract: Techniques are disclosed relating to securing an accessory interface on a computing device. In various embodiments, a computing device detects a connection of an accessory device to an accessory interface port and, in response to the detected connection, evaluates a policy defining one or more criteria for restricting unauthorized access to the accessory interface port. Based on the evaluating, the computing device determines whether to disable the accessory interface port to prevent communication with the connected accessory device. In some embodiments, the computing device includes an interconnect coupled between the processor and the accessory interface port, and the interconnect includes a hub circuit configured to facilitate communication between a plurality of devices via the interconnect. In some embodiments, the computing device, in response to determining to disable the accessory interface port, instructs the hub circuit to prevent traffic from being conveyed from the accessory interface port.

Abstract: An authentication process for an endpoint device uses a pair of tokens. Tokens are generated at an authentication server that maintains a data store of token states, where the states are defined to include a “normal” state sequence along which a token is expected to advance. The endpoint device can store a token pair in non-volatile local storage. To authenticate, the endpoint device can provide its stored token pair to the authentication server, which can determine whether authentication succeeds based on the states of the tokens in the token pair. After successful authentication, the authentication server can provide a new token pair to the endpoint device and advance the token states along the normal sequence. When the endpoint device confirms receipt of the new token pair, which replaces the previous token pair, the authentication server can advance the state of the tokens again.

Abstract: Techniques are disclosed relating to securing an accessory interface on a computing device. In various embodiments, a computing device detects a connection of an accessory device to an accessory interface port and, in response to the detected connection, evaluates a policy defining one or more criteria for restricting unauthorized access to the accessory interface port. Based on the evaluating, the computing device determines whether to disable the accessory interface port to prevent communication with the connected accessory device. In some embodiments, the computing device includes an interconnect coupled between the processor and the accessory interface port, and the interconnect includes a hub circuit configured to facilitate communication between a plurality of devices via the interconnect. In some embodiments, the computing device, in response to determining to disable the accessory interface port, instructs the hub circuit to prevent traffic from being conveyed from the accessory interface port.

Abstract: An authentication process for an endpoint device uses a pair of tokens. Tokens are generated at an authentication server that maintains a data store of token states, where the states are defined to include a “normal” state sequence along which a token is expected to advance. The endpoint device can store a token pair in non-volatile local storage. To authenticate, the endpoint device can provide its stored token pair to the authentication server, which can determine whether authentication succeeds based on the states of the tokens in the token pair. After successful authentication, the authentication server can provide a new token pair to the endpoint device and advance the token states along the normal sequence. When the endpoint device confirms receipt of the new token pair, which replaces the previous token pair, the authentication server can advance the state of the tokens again.