Patents by Inventor Peter Kiehtreiber
Peter Kiehtreiber has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220109560Abstract: The present disclosure provides a system for securely maintaining data, wherein the customer has full visibility over all access to that data. In particular, the present disclosure provides for a multi-tenant cloud computing region operated jointly by a cloud platform provider and a local third-party partner. The multi-tenant region includes an isolated region and a non-isolated region, wherein the isolated region includes a proxy controlling access to the isolated region. Defined parameters are stored at the proxy and used to determine whether access to the isolated region should be granted. When requests are granted, credentials encrypted with a regional key are issued to the requester, and the access may be monitored and/or recorded.Type: ApplicationFiled: October 2, 2020Publication date: April 7, 2022Inventors: Dan Dennison, Alexander R. Perry, Aaron S. Joyner, Kyle R. Smith, Hildo P. Biersma, David M. Hamilton, Peter Kiehtreiber
-
Patent number: 10122759Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.Type: GrantFiled: August 14, 2015Date of Patent: November 6, 2018Assignee: APPLE INC.Inventors: Peter Kiehtreiber, Jacques A. Vidrine, Christopher S. Linn, Randy D. Saldinger, Braden J. Thomas
-
Patent number: 9811393Abstract: According to one embodiment, in response to an inquiry received from a first application for an extension service associated with a first of a plurality of extension points of an operating system, a list of one or more extensions is identified that have been registered for the first extension point with the operating system, where the first application is executed within a first sandboxed environment. The identified list of extensions is displayed to prompt a user to select one of the extensions to be associated with the first application. In response to a selection of one of the extensions, the selected extension is launched in a second sandboxed environment. The selected extension and the second application were packaged in an application bundle, and when the application bundle was installed, the selected extension and the second application appeared in a registry of the operating system as separate applications.Type: GrantFiled: September 16, 2014Date of Patent: November 7, 2017Assignee: Apple Inc.Inventors: Peter Kiehtreiber, Olivier Gutknecht, Ivan Krstic, Adele Peterson, Samuel M. Weinig, Yongjun Zhang, Ian J. Baird
-
Patent number: 9811381Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.Type: GrantFiled: July 25, 2016Date of Patent: November 7, 2017Assignee: APPLE INC.Inventors: Jussi-Pekka Mantere, III, Alexander Tony Maluta, John William Scalo, Eugene Ray Tyacke, Bruce Gaya, Michael John Smith, Peter Kiehtreiber, Simon P. Cooper
-
Publication number: 20170083370Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.Type: ApplicationFiled: July 25, 2016Publication date: March 23, 2017Inventors: Jussi-Pekka Mantere, III, Alexander Tony Maluta, John William Scalo, Eugene Ray Tyacke, Bruce Gaya, Michael John Smith, Peter Kiehtreiber, Simon P. Cooper
-
Patent number: 9536080Abstract: According to one embodiment, in response to a request received from an application by a launch module hosted by an operating system and executed by a processor to dynamically load a library, a library validation module hosted by the operating system extracts a first team identifier (ID) from the application, where the first team ID identifies an application provider that provides the application. The library validation module extracts a second team ID from the library, where the second team ID identifies a library provider that provides the library. The first team ID and the second team ID are compared to determine whether the first team ID matches the second team ID. In response to determining that the first team ID matches the second team ID, the launch module launches the library to allow the application communicate with the library; otherwise, the request is denied.Type: GrantFiled: May 29, 2015Date of Patent: January 3, 2017Assignee: Apple Inc.Inventors: Gregory I. Kerr, Pierre-Olivier J. Martel, Love Hornquist Astrand, Peter Kiehtreiber, Ivan Krstic
-
Publication number: 20160350529Abstract: According to one embodiment, in response to a request received from an application by a launch module hosted by an operating system and executed by a processor to dynamically load a library, a library validation module hosted by the operating system extracts a first team identifier (ID) from the application, where the first team ID identifies an application provider that provides the application. The library validation module extracts a second team ID from the library, where the second team ID identifies a library provider that provides the library. The first team ID and the second team ID are compared to determine whether the first team ID matches the second team ID. In response to determining that the first team ID matches the second team ID, the launch module launches the library to allow the application communicate with the library; otherwise, the request is denied.Type: ApplicationFiled: May 29, 2015Publication date: December 1, 2016Inventors: Gregory I. Kerr, Pierre-Olivier J. Martel, Love Hornquist Astrand, Peter Kiehtreiber, Ivan Krstic
-
Patent number: 9400688Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.Type: GrantFiled: September 19, 2014Date of Patent: July 26, 2016Assignee: APPLE INCInventors: Jussi-Pekka Mantere, III, Alexander Tony Maluta, John William Scalo, Eugene Ray Tyacke, Bruce Gaya, Michael John Smith, Peter Kiehtreiber, Simon P. Cooper
-
Publication number: 20160142441Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.Type: ApplicationFiled: August 14, 2015Publication date: May 19, 2016Inventors: Peter Kiehtreiber, Jacques A. Vidrine, Christopher S. Linn, Randy D. Saldinger, Braden J. Thomas
-
Publication number: 20150347749Abstract: According to one embodiment, in response to an inquiry received from a first application for an extension service associated with a first of a plurality of extension points of an operating system, a list of one or more extensions is identified that have been registered for the first extension point with the operating system, where the first application is executed within a first sandboxed environment. The identified list of extensions is displayed to prompt a user to select one of the extensions to be associated with the first application. In response to a selection of one of the extensions, the selected extension is launched in a second sandboxed environment. The selected extension and the second application were packaged in an application bundle, and when the application bundle was installed, the selected extension and the second application appeared in a registry of the operating system as separate applications.Type: ApplicationFiled: September 16, 2014Publication date: December 3, 2015Inventors: Peter Kiehtreiber, Olivier Gutknecht, Ivan Krstic, Adele Peterson, Samuel M. Weinig, Yongjun Zhang, Ian J. Baird
-
Patent number: 9137261Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.Type: GrantFiled: September 21, 2012Date of Patent: September 15, 2015Assignee: APPLE INC.Inventors: Peter Kiehtreiber, Jacques A. Vidrine, Christopher S. Linn, Randy D. Saldinger, Braden J. Thomas
-
Patent number: 8978094Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.Type: GrantFiled: September 21, 2012Date of Patent: March 10, 2015Assignee: Apple Inc.Inventors: Peter Kiehtreiber, Jacques A. Vidrine, Christopher S. Linn, Randy D. Saldinger, Braden J. Thomas
-
Patent number: 8966574Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.Type: GrantFiled: September 21, 2012Date of Patent: February 24, 2015Assignee: Apple Inc.Inventors: Peter Kiehtreiber, Jacques A. Vidrine, Christopher S. Linn, Randy D. Saldinger, Braden J. Thomas
-
Publication number: 20150020077Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.Type: ApplicationFiled: September 19, 2014Publication date: January 15, 2015Inventors: Jussi-Pekka Mantere, III, Alexander Tony Maluta, John William Scalo, Eugene Ray Tyacke, Bruce Gaya, Michael John Smith, Peter Kiehtreiber, Simon P. Cooper
-
Patent number: 8880897Abstract: The present invention discloses a method for quickly and easily authenticating large computer program. The system operates by first sealing the computer program with digital signature in an incremental manner. Specifically, the computer program is divided into a set of pages and a hash value is calculated for each page. The set of hash values is formed into a hash value array and then the hash value array is then sealed with a digital signature. The computer program is then distributed along with the hash value array and the digital signature. To authenticate the computer program, a recipient first verifies the authenticity of the hash value array with the digital signature and a public key. Once the hash value array has been authenticated, the recipient can then verify the authenticity of each page of the computer program by calculating a hash of a page to be loaded and then comparing with an associated hash value in the authenticated hash value array.Type: GrantFiled: December 21, 2012Date of Patent: November 4, 2014Assignee: Apple Inc.Inventors: Peter Kiehtreiber, Michael Brouwer
-
Patent number: 8874905Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.Type: GrantFiled: December 27, 2012Date of Patent: October 28, 2014Assignee: Apple Inc.Inventors: Jussi-Pekka Mantere, III, Alexander Tony Maluta, John William Scalo, Eugene Ray Tyacke, Bruce Gaya, Michael John Smith, Peter Kiehtreiber, Simon P. Cooper
-
Patent number: 8782807Abstract: A code authentication architecture is used to sign code by adding one or more digital signatures to it. The digital signatures identify what authority signed the code, what the code contains, what type of program the code is, or other identifying information. When the signed code is later executed on a computer system, its identity is obtained by accessing encrypted information of the code stored on disk. The architecture then determines whether the identity satisfies at least one requirement imposed on the code for some purpose. If the code has been altered from when it was signed or it fails to satisfy a requirement imposed, the code will not have a valid identity. In addition to verifying the identity of the code, the architecture also validates executing code immediately responsible for managing the code and additional executing code in a chain of hosts responsible for managing one another.Type: GrantFiled: February 4, 2013Date of Patent: July 15, 2014Assignee: Apple Inc.Inventor: Peter Kiehtreiber
-
Patent number: 8375458Abstract: A code authentication architecture is used to sign code by adding one or more digital signatures to it. The digital signatures identify what authority signed the code, what the code contains, what type of program the code is, or other identifying information. When the signed code is later executed on a computer system, its identity is obtained by accessing encrypted information of the code stored on disk. The architecture then determines whether the identity satisfies at least one requirement imposed on the code for some purpose. If the code has been altered from when it was signed or it fails to satisfy a requirement imposed, the code will not have a valid identity. In addition to verifying the identity of the code, the architecture also validates executing code immediately responsible for managing the code and additional executing code in a chain of hosts responsible for managing one another.Type: GrantFiled: January 5, 2007Date of Patent: February 12, 2013Assignee: Apple Inc.Inventor: Peter Kiehtreiber
-
Patent number: 8352733Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.Type: GrantFiled: August 4, 2006Date of Patent: January 8, 2013Assignee: Apple Inc.Inventors: Jussi-Pekka Mantere, Alexander Tony Maluta, John William Scalo, Eugene Ray Tyacke, Bruce Gaya, Michael John Smith, Peter Kiehtreiber, Simon P. Cooper
-
Publication number: 20080168553Abstract: A code authentication architecture is used to sign code by adding one or more digital signatures to it. The digital signatures identify what authority signed the code, what the code contains, what type of program the code is, or other identifying information. When the signed code is later executed on a computer system, its identity is obtained by accessing encrypted information of the code stored on disk. The architecture then determines whether the identity satisfies at least one requirement imposed on the code for some purpose. If the code has been altered from when it was signed or it fails to satisfy a requirement imposed, the code will not have a valid identity. In addition to verifying the identity of the code, the architecture also validates executing code immediately responsible for managing the code and additional executing code in a chain of hosts responsible for managing one another.Type: ApplicationFiled: January 5, 2007Publication date: July 10, 2008Applicant: APPLE COMPUTER, INC.Inventor: Peter Kiehtreiber