{
	"id": "f0b1e0c8-f3db-4374-8d26-e4cf6bbf52c2",
	"created_at": "2026-04-06T00:16:43.872835Z",
	"updated_at": "2026-04-10T03:20:02.64396Z",
	"deleted_at": null,
	"sha1_hash": "804366889e8916eb519992b99d0aabe21e61744f",
	"title": "Security Server and Security Agent",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 40316,
	"plain_text": "Security Server and Security Agent\r\nPublished: 2012-12-13 · Archived: 2026-04-05 18:58:07 UTC\r\nThe macOS and iOS security implementation includes a daemon called the Security Server that implements\r\nseveral security protocols, such as access to keychain items and root certificate trust management. macOS also\r\nincludes a separate per-user agent, called the Security Agent, that is used by the Security Server to display a user\r\ninterface.\r\nThis appendix briefly describes their roles.\r\nSecurity Server\r\nThe Security Server ( securityd ) is a daemon running in macOS and iOS that implements several security\r\nprotocols, such as encryption, decryption, and (in macOS) authorization computation.\r\nIn macOS and iOS, the Security Server listens for messages from various security APIs and performs\r\ncryptographic services on their behalf. Because developers generally use references to keys rather than using the\r\nkeys themselves, the Security Server can keep those keys in a separate address space from the client process, thus\r\nreducing the risk of accidental disclosure.\r\nAs an added advantage, whenever Apple introduces new authentication or encryption technology, existing\r\nsoftware that uses the macOS security APIs can transparently support it without code changes, provided that the\r\nsoftware does not need to import or export keys directly.\r\nThe Security Server has no public API. Instead, your code calls APIs such as Keychain Services; Certificate, Key,\r\nand Trust Services; and Authorization Services (only on macOS), which in turn communicate with the Security\r\nServer.\r\nSecurity Agent\r\nThe Security Agent is a separate process that provides the user interface for the Security Server in macOS (not\r\niOS). Its primary purpose is to request authentication whenever an app requests additional privileges.\r\nWhen the Security Server requires the user to authenticate, the Security Agent displays a dialog requesting a user\r\nname and password. The advantages of performing this action in a separate process are twofold. First, an\r\napplication can obtain authorization without ever having access to the user’s credentials (username and password,\r\nfor example). Second, it enables Apple to add new forms of authentication without requiring every application to\r\nunderstand them.\r\nThe Security Agent requires that the user be physically present in order to be authenticated. Because the graphical\r\nuser interface elements can’t be used through a command-line interface such as the Terminal app or a secure shell\r\n( ssh ) remote session, this restriction makes it much more difficult for a malicious user to breach an app’s\r\nsecurity.\r\nhttps://developer.apple.com/library/archive/documentation/Security/Conceptual/Security_Overview/Architecture/Architecture.html\r\nPage 1 of 2\n\nSource: https://developer.apple.com/library/archive/documentation/Security/Conceptual/Security_Overview/Architecture/Architecture.html\r\nhttps://developer.apple.com/library/archive/documentation/Security/Conceptual/Security_Overview/Architecture/Architecture.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://developer.apple.com/library/archive/documentation/Security/Conceptual/Security_Overview/Architecture/Architecture.html"
	],
	"report_names": [
		"Architecture.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434603,
	"ts_updated_at": 1775791202,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/804366889e8916eb519992b99d0aabe21e61744f.pdf",
		"text": "https://archive.orkl.eu/804366889e8916eb519992b99d0aabe21e61744f.txt",
		"img": "https://archive.orkl.eu/804366889e8916eb519992b99d0aabe21e61744f.jpg"
	}
}