Patents by Inventor Kyle C. BROGLE
Kyle C. BROGLE has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11876806Abstract: Techniques are disclosed relating to user authentication. In some embodiments, a first computing device receives, from a second computing device, a request for a user credential to be input into an authentication prompt associated with the second device. The first computing device determines a proximity associated with the second computing device based on a received wireless location beacon and, based on the request and the determined proximity, presents a selection prompt asking a user of the first computing device to select a user credential stored in the first computing device. The first computing device then provides the selected user credential to the second computing device to input into the authentication prompt. In some embodiments, the first computing device receives the wireless location beacon from a remote controller of the second computing device and determines a proximity based on a signal strength associated with the received location beacon.Type: GrantFiled: June 24, 2022Date of Patent: January 16, 2024Assignee: Apple Inc.Inventors: Conrad A. Shultz, Alexander D. Sanciangco, Brent M. Ledvina, Chelsea E. Pugh, Kyle C. Brogle, Marc J. Krochmal, Maureen G. Daum, Reza Abbasian, Richard J. Mondello, Jacob S. Klapper
-
Patent number: 11863671Abstract: Embodiments described herein enable a user to bypass the use of one-time keys or account recovery codes by providing techniques for accessory assisted account recovery. In various embodiments, accessory assisted account recovery makes use of an accessory device of a user, where the accessory device can be any device having a secure processor, cryptographic engine, public key accelerator, or is otherwise able to accelerate cryptographic operations or perform cryptographic operations in a secure execution environment. An account recovery key can be split into multiple portions. At least one portion of the recovery key is then encrypted. The accessory device is then configured to be uniquely capable of decrypting the encrypted portion of an account recovery key.Type: GrantFiled: April 14, 2020Date of Patent: January 2, 2024Assignee: Apple Inc.Inventors: Yannick L. Sierra, Lucia E. Ballard, Kyle C. Brogle, DJ Capelis
-
Publication number: 20230421372Abstract: Embodiments described herein enable a user to bypass the use of one-time keys or account recovery codes by providing techniques for accessory assisted account recovery. In various embodiments, accessory assisted account recovery makes use of an accessory device of a user, where the accessory device can be any device having a secure processor, cryptographic engine, public key accelerator, or is otherwise able to accelerate cryptographic operations or perform cryptographic operations in a secure execution environment. An account recovery key can be split into multiple portions. At least one portion of the recovery key is then encrypted. The accessory device is then configured to be uniquely capable of decrypting the encrypted portion of an account recovery key.Type: ApplicationFiled: September 8, 2023Publication date: December 28, 2023Inventors: YANNICK L. SIERRA, LUCIA E. BALLARD, KYLE C. BROGLE, DJ CAPELIS
-
Publication number: 20230412373Abstract: Embodiments described herein enable a user to bypass the use of one-time keys or account recovery codes by providing techniques for accessory assisted account recovery. In various embodiments, accessory assisted account recovery makes use of an accessory device of a user, where the accessory device can be any device having a secure processor, cryptographic engine, public key accelerator, or is otherwise able to accelerate cryptographic operations or perform cryptographic operations in a secure execution environment. An account recovery key can be split into multiple portions. At least one portion of the recovery key is then encrypted. The accessory device is then configured to be uniquely capable of decrypting the encrypted portion of an account recovery key.Type: ApplicationFiled: April 14, 2020Publication date: December 21, 2023Inventors: YANNICK L. SIERRA, LUCIA E. BALLARD, KYLE C. BROGLE, DJ CAPELIS
-
Publication number: 20230393888Abstract: A kernel of an operating system receives a request from a parent process (e.g., an exec or spawn system call) to launch a child process that executes a binary. The kernel identifies a process-specific launch constraint, which is a precondition for launching the child process. The kernel evaluates the constraint, which can match against any type of system state or variable, including the process's location on disk, protection on disk, and how the process is to be launched. The kernel can then determine whether to launch the child process, thus permitting the child process to be scheduled for execution by the operating system. Launch constraints can be used both for a child process to impose preconditions on the parent process, and vice versa. Launch constraints can be included in the launch request, embedded in the binary, or located elsewhere, such as in a trust cache in kernel memory.Type: ApplicationFiled: June 1, 2023Publication date: December 7, 2023Inventors: David P. Remahl, Kyle C. Brogle, Robert J. Kendall-Kuppe, Pavlo Malynin, Geoffrey McCormack
-
Patent number: 11775632Abstract: Techniques are disclosed relating to credential managers. In some embodiments, a computing device maintains a credential manager that stores, in a protected manner, a set of credentials for authenticating a user and metadata about the credentials. The computing device stores an instance of the metadata externally to the credential manager. The computing device uses the externally stored metadata to determine whether the set of credentials includes a particular credential associated with a service and, in response to determining that the set of credentials includes the particular credential, displays an indication of the particular credential. In some embodiments, the computing device receives a selection of the displayed indication by the user and, in response to the selection, sends a request for the particular credential to the credential manager.Type: GrantFiled: January 30, 2023Date of Patent: October 3, 2023Assignee: Apple Inc.Inventors: Reza Abbasian, Richard J. Mondello, David P. Quesada, Kyle C. Brogle, Patrick L. Coffman
-
Patent number: 11777936Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.Type: GrantFiled: June 7, 2019Date of Patent: October 3, 2023Assignee: Apple Inc.Inventors: Florian Galdo, Stephanie R. Martin, Yannick L. Sierra, Ivan Krstic, Christopher A. Volkert, Najeeb M. Abdulrahiman, Matthias Lerch, Onur E. Tackin, Kyle C. Brogle
-
Patent number: 11720504Abstract: Some aspects of this disclosure relate to implementing a thread device that can associate with a thread network. The thread device includes a network processor, a first memory, and a host processor communicatively coupled to the network processor and the first memory. The first memory can be a nonvolatile memory with a first level security protection, and configured to store a first dataset including thread network parameters for the network processor to manage network functions for the thread device associated with the thread network. The network processor can be coupled to a second memory to store a second dataset having a same content as the first dataset. The network processor is configured to manage the network functions based on the second dataset. The second memory can be a volatile memory with a second level security protection that is less than the first level security protection.Type: GrantFiled: April 15, 2021Date of Patent: August 8, 2023Assignee: Apple Inc.Inventors: Venkateswara Rao Manepalli, Amit Gulia, Andrei Tudorancea, Dominic Spill, Jesus A. Gutierrez Gomez, Kahraman D. Akdemir, Aaron M. Sigel, William K. Estes, Kyle C. Brogle
-
Publication number: 20230177141Abstract: Techniques are disclosed relating to credential managers. In some embodiments, a computing device maintains a credential manager that stores, in a protected manner, a set of credentials for authenticating a user and metadata about the credentials. The computing device stores an instance of the metadata externally to the credential manager. The computing device uses the externally stored metadata to determine whether the set of credentials includes a particular credential associated with a service and, in response to determining that the set of credentials includes the particular credential, displays an indication of the particular credential. In some embodiments, the computing device receives a selection of the displayed indication by the user and, in response to the selection, sends a request for the particular credential to the credential manager.Type: ApplicationFiled: January 30, 2023Publication date: June 8, 2023Inventors: Reza Abbasian, Richard J. Mondello, David P. Quesada, Kyle C. Brogle, Patrick L. Coffman
-
Publication number: 20230147041Abstract: Techniques disclosed herein relate to the pairing of a pairing initiator device and a pairing responder device for communication. The pairing initiator device and the pairing responder device range with each other to determine the distance between the pairing initiator device and the pairing responder device. Based on the distance being below a threshold distance, the pairing initiator device and the pairing responder device wirelessly pair with each other without further input from the user.Type: ApplicationFiled: December 22, 2022Publication date: May 11, 2023Inventors: Brent M. Ledvina, Yannick L. Sierra, Kyle C. Brogle, Steven Andrew Myers
-
Publication number: 20230095816Abstract: Aspects of the subject technology provide electronic devices that operate, in part, based on enrolled user characteristics, and that can be operated by a guest user that has not been enrolled. For example, upon determining that a current user of an electronic device storing a first physical model of a primary user is a guest user different from the primary user, the electronic device may obtain initial physical characteristic data for the guest user and generate a guest physical model of the guest user based on the initial physical characteristic data. In one or more implementations, the electronic device may operate based on guest user inputs and the guest physical model of the guest user, while updating the guest physical model based on the guest user inputs.Type: ApplicationFiled: September 16, 2022Publication date: March 30, 2023Inventors: David COHEN, Kyle C. BROGLE, Michael J. ROCKWELL, Ranjit DESAI, Joel N. KERR, Amy E. DEDONATO, Joaquim Gonçalo LOBO FERREIRA DA SILVA, Tyler R. CALDERONE, Charilaos PAPADOPOULOS
-
Patent number: 11568039Abstract: Techniques are disclosed relating to credential managers. In some embodiments, a computing device maintains a credential manager that stores, in a protected manner, a set of credentials for authenticating a user and metadata about the credentials. The computing device stores an instance of the metadata externally to the credential manager. The computing device uses the externally stored metadata to determine whether the set of credentials includes a particular credential associated with a service and, in response to determining that the set of credentials includes the particular credential, displays an indication of the particular credential. In some embodiments, the computing device receives a selection of the displayed indication by the user and, in response to the selection, sends a request for the particular credential to the credential manager.Type: GrantFiled: September 28, 2018Date of Patent: January 31, 2023Assignee: Apple Inc.Inventors: Reza Abbasian, Richard J. Mondello, David P. Quesada, Kyle C. Brogle, Patrick L. Coffman
-
Publication number: 20230020855Abstract: A wireless access device can be configured to determine a list of accessory groups corresponding to accessories connected to a network managed by the wireless access device. The wireless access device may also be configured to identify at least one firmware update that corresponds to at least one accessory group of the list of accessory groups and request all firmware updates that correspond to the at least one accessory group. The wireless access device can also be configured to receive one or more firmware updates that corresponds to at least one of the accessories of the at least one accessory group for which a respective firmware update is available and transmit at least one firmware update of the received one or more firmware updates to at least one corresponding accessory of the at least one accessory group.Type: ApplicationFiled: September 19, 2022Publication date: January 19, 2023Applicant: Apple Inc.Inventors: Wayne A. Lee, Zaka Ur Rehman Ashraf, Daniel R. Borges, Kyle C. Brogle, Srinivas Rama, Benjamin S. Turner, Hung Q. Le, Devin E. Gund, Keith W. Rauenbuehler, Praveen Chegondi
-
Publication number: 20230008448Abstract: Techniques are disclosed relating to user authentication. In some embodiments, a first computing device receives, from a second computing device, a request for a user credential to be input into an authentication prompt associated with the second device. The first computing device determines a proximity associated with the second computing device based on a received wireless location beacon and, based on the request and the determined proximity, presents a selection prompt asking a user of the first computing device to select a user credential stored in the first computing device. The first computing device then provides the selected user credential to the second computing device to input into the authentication prompt. In some embodiments, the first computing device receives the wireless location beacon from a remote controller of the second computing device and determines a proximity based on a signal strength associated with the received location beacon.Type: ApplicationFiled: June 24, 2022Publication date: January 12, 2023Inventors: Conrad A. Shultz, Alexander D. Sanciangco, Brent M. Ledvina, Chelsea E. Pugh, Kyle C. Brogle, Marc J. Krochmal, Maureen G. Daum, Reza Abbasian, Richard J. Mondello, Jacob S. Klapper
-
Patent number: 11540137Abstract: Techniques disclosed herein relate to the pairing of a pairing initiator device and a pairing responder device for communication. The pairing initiator device and the pairing responder device range with each other to determine the distance between the pairing initiator device and the pairing responder device. Based on the distance being below a threshold distance, the pairing initiator device and the pairing responder device wirelessly pair with each other without further input from the user.Type: GrantFiled: March 30, 2020Date of Patent: December 27, 2022Assignee: Apple Inc.Inventors: Brent M. Ledvina, Yannick L. Sierra, Kyle C. Brogle, Steven Andrew Myers
-
Publication number: 20220393885Abstract: Techniques are disclosed relating to securely authenticating communicating devices. In various embodiments, a computing device receives, via a network connection with a network, a first certificate for a first public key pair of the computing device. The computing device provides the first certificate to an offline accessory device and receives a second certificate for a second public key pair maintained by the offline accessory device. The computing device performs a verification of the second certificate and, responsive to the verification being successful, interacts with the offline accessory device. In some embodiments, prior to providing the first certificate, the computing device determines an ordering in which the first and second certificates are to be exchanged by the first computing device and the offline accessory device, and the first certificate is provided to the offline accessory device in accordance with the determined ordering.Type: ApplicationFiled: June 3, 2022Publication date: December 8, 2022Inventors: Steven A. Myers, Kyle C. Brogle, Sean P. Devlin, Edwin W. Foo, John T. Perry
-
Patent number: 11483708Abstract: A controller device within a home network (or any suitable network) can be configured to manage network access tokens for various accessory devices within the home network. These network access tokens can be used by the accessory devices to access the home network without needing the network owner's network password. The network access tokens can be revocable and/or for a limited time. The controller device can generate the network access tokens, and can provide them to the accessory devices (or other user devices) as well as to an access device on the home network. Once the access device is provisioned with the accessory device's network access token, the router can control whether the accessory device is to be granted access to the home network and for how long.Type: GrantFiled: February 13, 2020Date of Patent: October 25, 2022Assignee: Apple Inc.Inventors: Wayne A. Lee, Zaka Ur Rehman Ashraf, Daniel R. Borges, Kyle C. Brogle, Srinivas Rama, Benjamin S. Turner, Hung Q. Le, Devin E. Gund, Keith W. Rauenbuehler, Praveen Chegondi
-
Publication number: 20220334980Abstract: Some aspects of this disclosure relate to implementing a thread device that can associate with a thread network. The thread device includes a network processor, a first memory, and a host processor communicatively coupled to the network processor and the first memory. The first memory can be a nonvolatile memory with a first level security protection, and configured to store a first dataset including thread network parameters for the network processor to manage network functions for the thread device associated with the thread network. The host processor is configured to perform various operations associated with the first dataset stored in the first memory. The network processor can be communicatively coupled to a second memory to store a second dataset, where the second dataset has a same content as the first dataset. The network processor is configured to manage the network functions based on the second dataset.Type: ApplicationFiled: April 15, 2021Publication date: October 20, 2022Applicant: Apple Inc.Inventors: Venkateswara Rao MANEPALLI, Amit GULIA, Andrei TUDORANCEA, Dominic SPILL, Jesus A. GUTIERREZ GOMEZ, Kahraman D. AKDEMIR, Aaron M. SIGEL, William K. ESTES, Kyle C. BROGLE
-
Publication number: 20220303137Abstract: Embodiments described herein provided techniques to enable peripherals configured to provide secure functionality. A secure circuit on a peripheral device can be paired with a secure circuit on a host device outside of a factory environment without compromising security by verifying silicon keys that are embedded within the secure circuit during manufacturing.Type: ApplicationFiled: March 16, 2022Publication date: September 22, 2022Applicant: APPLE INC.Inventors: Kyle C. Brogle, Wade Benson, Sean P. Devlin, Lucie Kucerova, Thomas P. Mensch, Yannick L. Sierra, Tomislav Suchan
-
Publication number: 20220237274Abstract: The present disclosure generally relates to methods and user interfaces for authentication, including providing and controlling authentication at a computer system using an external device in accordance with some embodiments.Type: ApplicationFiled: January 28, 2022Publication date: July 28, 2022Inventors: Grant PAUL, Benjamin BIRON, Kyle C. BROGLE, Naresh Kumar CHINNATHAMBI KAILASAM, Brent M. LEDVINA, Robert W. MAYOR, Nicole WELLS