Tag: iPhone/iPad/iOS/iPadOS

Posted on by Leave a comment

‘Sign in with Apple’ better but not perfect, says OpenID Foundation head

 

By Mike Wuerthele
Wednesday, October 02, 2019, 08:54 am PT (11:54 am ET)

After a critical letter to Apple during the iOS 13 beta process discussing “Sign in with Apple” shortcomings, the OpenID Foundation Chairman is now praising Apple for changes made —but the group is still seeking more.

Sign in with Apple

A letter to Apple’s Craig Federighi from OpenID Foundation Chairman Nat Sakimura is thanking Apple for changes made during the iOS 13 beta process.

“We applaud your team’s efforts in quickly addressing the critical security and compatibility gaps identified and successfully implementing them while Sign In with Apple is still in beta,” wrote Sakimura. “Now users will no longer be limited to where they can use the service and they can have confidence in their security and privacy. Furthermore, Sign In with Apple is now interoperable with widely available OpenID Connect Relying Party software.”

Sakimura concludes by asking Apple to “continue working through the issues identified.”

The original document calling for changes has been altered to reflect Apple’s changes, but the Foundation still points out areas of improvement. Specifically, the Foundation is calling for a discovery document to assist developers in implementation.

“The OpenID Foundation applauds Apple’s efforts to allow users to login to third-party mobile and Web applications with their Apple ID using OpenID Connect,” the original letter began, discussing that Connect is a “modern, widely-adopted identity protocol built on OAuth 2.0 that enables third-party login to applications,” and was “developed by a large number of companies and industry experts” within the Foundation.

At the time, the Foundation said that Apple “largely adopted” Connect in building Sign in with Apple. But, there were a host of differences that exposed users to privacy and security threats. Specifically cited were the lack of PKCE in the Authorization Code grant type, which could theoretically leave people exposed to code injection and replay attacks.

According to Sakimura, the problems allegedly placed “an unnecessary burden” on developers working with both Connect and Sign in with Apple, since Apple’s code wasn’t fully compatible with OpenID Connect Relying Party software.

The original letter asked Apple to “address the gaps,” use the Open ID Connect Self Certification Test Suite, state that Sign in with Apple is compatible with Relying Party software, and finally join the OpenID Foundation.

Testing of Sign in with Apple began well ahead of iOS 13 release. The technology is intended to be a more privacy-focused alternative to sign-in buttons from the likes of Facebook, Google, and Twitter. Apple has been criticized for making support mandatory if those third-party options are present.

Posted on by Leave a comment

Apple vs. VirnetX legal battle still raging over $439.8 million FaceTime ruling

 

By Mike Wuerthele
Friday, August 02, 2019, 03:44 am PT (06:44 am ET)

The US Court of Appeals for the Federal Circuit has issued two decisions against Apple and in favor of VirnetX, leaving Apple on the hook for $439.8 million in damages.

Apple's FaceTime technology on an iPhone and iPad

Apple’s FaceTime technology on an iPhone and iPad

In the first ruling, the Federal Circuit has denied Apple’s petition for a reconsideration on the matter that has been wearing on since the original filing in 2010. A separate ruling has declared that two of three patent reexamination proceedings for patents involved in the matter could not continue, as there have already been “final decisions” on validity entered by a federal court.

“We are extremely pleased with the Federal Court’s decisions, which vindicate many of VirnetX’s positions before both the Patent Board and the district court,” VirnetX CEO and President Kendall Larsen said in a statement about the rulings. “These decisions follow the Federal Circuit’s recent decisions in two other appeals that similarly vacated a number of the Patent Board’s invalidity rulings with respect to VirnetX’s patents on the basis of our arguments. Furthermore, we believe that Apple clearly and willfully infringed the claims upheld by the Federal Court.”

Apple has yet to comment on the rulings.

An April 2018 ruling finally made after about eight years of legal maneuvers found Apple had infringed on four VirnetX patents relating to secure communications, including its VPN-on-Demand technology as well as elements of FaceTime and iMessage. For that suit, the jury awarded VirnetX $502.6 million, bringing the total won from Apple to almost $1 billion when including a similar earlier case.

The following August, Apple was denied a motion for a new trial, forcing it to appeal the verdict. The U.S. Court of Appeals denied Apple on January 15.

Apple has had some success in avoiding payment to VirnetX for patent infringement. The first lawsuit in 2010 claimed multiple instances of infringement, but while a Texas court ordered Apple to pay $368 million for infringing one patent, the judgement was vacated almost two years later.

That case was then added to another patent suit in a 2016 retrial, which declared Apple had to pay $625 million to VirnetX. This was tossed over claims the trial was unfair, due to jury confusion. After two retrials, VirnetX was awarded $302.4 million, then enhanced to $439 million.