公开(公告)号：EP3308494A1

公开(公告)日：2018-04-18

申请号：EP16807982.0

申请日：2016-05-09

Applicant: Intel Corporation

Inventor： SMITH, Ned M. ,  POORNACHANDRAN, Rajesh

IPC: H04L9/08 ,  H04L29/08

Abstract: In one embodiment, a method includes receiving, in a system of an external verifier of a first network, a plurality of attestation reports and a plurality of attestation values from a plurality of reporting nodes of the first network, each of the plurality of attestation values randomly generated in the corresponding reporting node based on a common random seed value; determining whether at least a threshold number of the plurality of attestation values match; responsive to at least the threshold number of the plurality of attestation values matching, decrypting the plurality of attestation reports, processing the decrypted plurality of attestation reports to obtain aggregated telemetry data of the plurality of nodes, where identity of the plurality of nodes remains anonymous to the external verifier; and enforcing a security policy based at least in part on the aggregated telemetry data. Other embodiments are described and claimed.

公开(公告)号：EP3219047A2

公开(公告)日：2017-09-20

申请号：EP15858908.5

申请日：2015-10-14

Applicant: INTEL Corporation

Inventor： SARANGDHAR, Nitin V. ,  NEMIROFF, Daniel ,  SMITH, Ned M. ,  BRICKELL, Ernie ,  LI, Jiangtao

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3234 ,  G06F21/57 ,  G06F21/64 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3263 ,  H04L2209/127

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

Abstract translation: 该应用针对可信平台模块认证和利用匿名密钥系统进行认证。 一般而言，TPM认证和TPM认证可以通过使用匿名密钥系统（AKS）认证在利用集成TPM的设备中得到支持。 示例设备可以包括至少组合的AKS和TPM资源，其将AKS和TPM固件（FW）加载到运行时间环境中，该运行时间环境还可以至少包括操作系统（OS）加密模块，AKS服务模块和TPM认证和证明 （CA）模块。 对于TPM认证，CA模块可以与运行时环境中的其他模块交互以生成TPM证书，该证书由AKS证书签名，可以传输到认证平台进行验证。 对于TPM证明，CA模块可能会导致TPM证书与TPM和/或AKS证书一起提供给证明平台进行验证。

公开(公告)号：EP3127274A1

公开(公告)日：2017-02-08

申请号：EP15773683.6

申请日：2015-03-05

Applicant: Intel Corporation

Inventor： SMITH, Ned M. ,  BEN-SHALOM, Omer ,  NAYSHTUT, Alex

IPC: H04L9/30

CPC classification number: H04L63/0428 ,  G06F21/6218 ,  H04L9/30 ,  H04L63/083 ,  H04L63/10 ,  H04L67/10 ,  H04L67/12 ,  H04L69/22

Abstract: Methods and apparatus to securely share data are disclosed. An example includes generating, at a first device of a first user of cloud services, an archive file representative of a drive of the first device; encrypting, via a processor, the archive file to form an encrypted archive file; and conveying the encrypted archive file to a cloud service provider, the encrypted archive file to be decrypted by a second device of a second user of the cloud services, the decrypted archive file to be mounted to an operating system of the second device.

Abstract translation: 公开了安全地共享数据的方法和装置。 一个示例包括在云服务的第一用户的第一设备处生成代表第一设备的驱动器的归档文件; 通过处理器加密存档文件以形成加密的归档文件; 以及将加密的存档文件传送到云服务提供商，由云服务的第二用户的第二设备解密的加密归档文件，将被安装到第二设备的操作系统的解密归档文件。

公开(公告)号：EP3123661A1

公开(公告)日：2017-02-01

申请号：EP15769806.9

申请日：2015-02-20

Applicant: Intel Corporation

Inventor： SMITH, Ned M. ,  BHARGAV-SPANTZEL, Abhilasha ,  SHELLER, Micah James

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L63/20 ,  G06F21/31 ,  G06F2221/2105 ,  H04L9/3247 ,  H04L63/08 ,  H04L2463/082

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate multi-factor authentication policy enforcement using one or more policy handlers. An example first policy handler to manage a global policy in a distributed environment includes a parser to identify a first sub-policy of the global policy that is capable of enforcement by the first policy handler, and an attester to sign the first sub-policy. The example first policy handler further includes a director to determine whether to forward the global policy to a second policy handler based on a signature status of the global policy, and to forward the global policy to the second policy handler when the signature status of the global policy is indicative of an unsigned second sub-policy.

Abstract translation: 方法，设备，系统和制品是游离缺失盘促进使用一个或多个策略处理多因素认证策略执行。 一个例子第一政策管理来管理分布式环境的全球策略包括一个分析器，以确定全球政策的第一子策略确实能够执行的第一策略处理程序，并在证明者签署第一子策略。 示例性的第一策略管理器还包括导演确定性矿山无论在全球政策转发给基于全局政策的签名状态的第二策略处理机，并在全球政策转发给第二策略处理程序当全球的签名状态 政策表示一个无符号的第二子政策。

公开(公告)号：EP3087520A1

公开(公告)日：2016-11-02

申请号：EP13900208.3

申请日：2013-12-24

Applicant: Intel Corporation

Inventor： SMITH, Ned M. ,  HELDT-SHELLER, Nathan ,  MICHELIS, Pablo A. ,  ZIMMER, Vincent J. ,  WOOD, Matthew D. ,  BECKWITH, Richard T. ,  ROTHMAN, Michael A.

IPC: G06F21/10

CPC classification number: H04L63/0428 ,  G06F21/10 ,  G06F21/60 ,  H04L63/0485 ,  H04L2463/101 ,  H04N21/4405 ,  H04N21/4627

Abstract: The present disclosure is directed to content protection for Data as a Service (DaaS). A device may receive encrypted data from a content provider via DaaS, the encrypted data comprising at least content for presentation on the device. For example, the content provider may utilize a secure multiplex transform (SMT) module in a trusted execution environment (TEE) module to generate encoded data from the content and digital rights management (DRM) data and to generate the encrypted data from the encoded data. The device may also comprise a TEE module including a secure demultiplex transform (SDT) module to decrypt the encoded data from the encrypted data and to decode the content and DRM data from the encoded data. The SMT and SDT modules may interact via a secure communication session to validate security, distribute decryption key(s), etc. In one embodiment, a trust broker may perform TEE module validation and key distribution.

公开(公告)号：EP3084668A1

公开(公告)日：2016-10-26

申请号：EP13899881.0

申请日：2013-12-19

Applicant: Intel Corporation

Inventor： SMITH, Ned M. ,  HELDT-SHELLER, Nathan ,  LAL, Reshma ,  SHELLER, Micah J. ,  HOEKSTRA, Matthew E.

IPC: G06F21/10

CPC classification number: H04L63/10 ,  G06F21/10 ,  G06F2221/0708 ,  H04L67/42

Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.

Abstract translation: 用于支撑和实现一个客户端设备上的多个数字权利管理协议技术进行了描述。 在一些实施例中，这些技术包括具有建筑学飞地哪个可以用于识别的数字版权管理协议的多个一个用于保护数字信息从内容提供者或传感器接收的客户端设备。 建筑飞地选择预先存在的安全信息的处理环境（SIPE）来处理所述数字信息，如果预先存在SIPE支持DRM协议存在于客户机上。 如果预先存在的SIPE支持DRM协议不存在在客户机上，建筑飞地可能一个新的一般SIPE确实支持客户端上的DRM协议。 的数字信息传输然后可被引导到所选择的预先存在的或SIPE新SIPE酌情。

公开(公告)号：EP3080946A2

公开(公告)日：2016-10-19

申请号：EP13899034.6

申请日：2013-12-12

Applicant: Intel Corporation

Inventor： SMITH, Ned M. ,  MOORE, Victoria C. ,  KANON, Avi ,  RESHEF, Ehud ,  NAYSHTUT, Alex ,  POGORELIK, Oleg ,  BHARGAV-SPANTZEL, Abhilasha ,  OWEN, Craig T. ,  KHOSRAVI, Hormuzd M.

IPC: H04L9/32 ,  H04W12/06

CPC classification number: G06F21/34 ,  G06F21/32 ,  G06F21/606 ,  G06F2221/2103 ,  G06F2221/2111 ,  G06F2221/2143 ,  G06Q20/3278 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0866 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/0492 ,  H04L63/0853 ,  H04L63/102 ,  H04L2209/805 ,  H04L2463/082 ,  H04W4/80 ,  H04W12/06

Abstract: A computing device is described. The computing device includes input/output (I/O) circuitry to receive sensory data and a trusted execution environment to monitor the I/O circuitry to detect one or more context characteristics of the computing device and to authenticate user identity based on context characteristics.

公开(公告)号：EP2864922A1

公开(公告)日：2015-04-29

申请号：EP13809751.4

申请日：2013-06-13

Applicant: Intel Corporation

Inventor： SMITH, Ned M.

IPC: G06F21/30 ,  G06F3/01 ,  G06F3/14

CPC classification number: G06F21/36

Abstract: In an embodiment, the present invention includes a method for receiving a request for user authentication of a system, displaying an authentication image on a display of the system using a set of random coordinates, receiving a plurality of gesture input values from the user, and determining whether to authenticate the user based at least in part on the plurality of gesture input values. Other embodiments are described and claimed.

公开(公告)号：EP4202696A1

公开(公告)日：2023-06-28

申请号：EP22204293.9

申请日：2022-10-28

Applicant: INTEL Corporation

Inventor： DOSHI, Kshitij Arun ,  GUIM BERNAT, Francesc ,  SMITH, Ned M.

IPC: G06F12/0888

Abstract: Systems and techniques for storage-class memory device including a network interface are described herein. A write for a network communication is received by the host interface of the memory device. Here, the network communication includes a header. The header is written to a non-volatile storage array managed by a memory controller. A network command is detected by the memory device. Here, the network command includes a pointer to the header in the non-volatile storage array. The header is retrieved from the non-volatile storage array and a packet based on the header is transmitted via a network interface of the memory controller.

公开(公告)号：EP4199450A1

公开(公告)日：2023-06-21

申请号：EP22207896.6

申请日：2022-11-16

Applicant: INTEL Corporation

Inventor： SMITH, Ned M. ,  ALAM, S. M. Iftekharul ,  SHARMA BANJADE, Vesh Raj ,  JHA, Satish Chandra ,  YANG, Liuyang Lily ,  MACIOCCO, Christian ,  HIMAYAT, Nageen ,  MERWADAY, Arvind ,  GUIM BERNAT, Francesc ,  DOSHI, Kshitij Arun

IPC: H04L41/0663

Abstract: Systems and techniques for digital twin framework for next generation networks are described herein. A digital twin model may be generated for physical nodes of an edge network. The digital twin model may include a digital twin for a physical node of the physical nodes. An error may be identified of the physical node or the digital twin for the physical node. The digital twin model may be updated to halt communication with the physical node or the digital twin of the physical node. A path may be created to another physical node or a digital twin of the another physical node in the digital twin model.