-
1.发明公开CONTEXT-AWARE PROACTIVE THREAT MANAGEMENT SYSTEM 审中-公开KONTEXTBEWUSSTES PROAKTIVES BEDROHUNGSVERWALTUNGSSYSTEM
公开(公告)号:EP3072077A1
公开(公告)日:2016-09-28
申请号:EP13897947.1
申请日:2013-11-19
申请人: Intel Corporation
发明人: BHARGAV-SPANTZEL, Abhilasha , VICENTE, John B. , HAGHIGHAT, Mohammad R. , CHEN, Oliver W. , KHOSRAVI, Hormuzd M. , KAHANA, Uri
IPC分类号: G06F21/00
CPC分类号: H04L63/1441 , G06F3/0484 , G06F17/30864 , G06F21/552 , G06F21/577 , G06F2221/2105
摘要: This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.
摘要翻译: 本公开针对上下文感知主动威胁管理系统。 通常,设备可以使用内部活动数据以及关于用于威胁评估和缓解的外部活动(例如由远程资源提供)的数据。 设备可以包括例如恶意环境检测(HED)模块来协调威胁评估和缓解。 HED模块可以从远程资源累积内部活动数据(例如,来自设备中的安全服务)和关于系统环境和/或物理环境的外部活动数据。 然后,HED模块可以基于活动数据来评估威胁,并且确定自动和/或手动缓解操作以应对威胁。 在一个实施例中,可视化特征也可用于例如可视化对用户的威胁,可视化自动/手动缓解操作,请求关于手动缓解操作的执行的用户确认等。
-
公开(公告)号:EP3238123B1
公开(公告)日:2020-01-29
申请号:EP15873915.1
申请日:2015-11-16
申请人: Intel Corporation
IPC分类号: G06F21/57 , G06F21/50 , G06F9/4401 , G06F21/31 , H04L29/06
-
3.发明公开MECHANISM FOR FACILITATING DYNAMIC CONTEXT-BASED ACCESS CONTROL OF RESOURCES 审中-公开机制,允许资源访问一个动态的基于上下文的控制
公开(公告)号:EP3049981A1
公开(公告)日:2016-08-03
申请号:EP13894105.9
申请日:2013-09-27
申请人: Intel Corporation
发明人: SMITH, Ned M. , CAHILL, Conor P. , MARTIN, Jason , BHARGAV-SPANTZEL, Abhilasha , BAKSHI, Banjay
CPC分类号: H04L63/10 , G06F21/45 , G06F21/6218 , G06F2221/2111 , H04L63/0876 , H04L63/20
摘要: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.
摘要翻译: 一种机制描述了一种用于促进资源的gemäß一个实施例的基于上下文的访问控制。 如在描述的实施例的方法,包括:接收访问资源的多个资源的第一请求。 第一请求可以与一个或多个上下文对应于放置在计算设备的第一请求的用户相关联。 该方法可以包括进一步评估所述一个或多个上下文。 在一个或多个上下文的评价可以包括与所请求的资源相关联的一个或多个访问策略相匹配的一个或多个上下文。 该方法可以包括进一步接受所述第一请求如果所述一个或多个上下文满足访问策略中的至少一个。
-
-
公开(公告)号:EP3238123A1
公开(公告)日:2017-11-01
申请号:EP15873915.1
申请日:2015-11-16
申请人: Intel Corporation
CPC分类号: G06F21/575 , G06F9/4406 , G06F9/441 , G06F9/4418 , G06F21/31 , H04L63/102 , H04L63/108
摘要: Methods, apparatus, systems and articles of manufacture are disclosed to initialize a platform. An example disclosed apparatus includes a boot loader manager to prevent operating system loading in response to detecting a power-on condition, a context manager to retrieve first context information associated with the platform, and a policy manager to identify a first operating system based on the first context information, the policy manager to authorize the boot loader manager to load the first operating system.
摘要翻译: 公开了用于初始化平台的方法,设备,系统和制造物品。 所公开的示例装置包括:引导加载器管理器,用于响应于检测到加电条件而阻止操作系统加载;上下文管理器,用于检索与平台相关联的第一上下文信息;以及策略管理器,用于基于 第一上下文信息,策略管理器授权引导加载器管理器加载第一操作系统。
-
公开(公告)号:EP3186993A1
公开(公告)日:2017-07-05
申请号:EP15836036.2
申请日:2015-06-25
申请人: Intel Corporation
发明人: BHARGAV-SPANTZEL, Abhilasha , SMITH, Ned M. , KHOSRAVI, Hormuzd M. , RAZIEL, Michael , NAYSHTUT, Alex
CPC分类号: H04W12/06 , G06F21/34 , G06F21/35 , G06F21/40 , H04L63/065 , H04L63/0869 , H04L63/105 , H04W12/04 , H04W88/14
摘要: In an embodiment, an apparatus includes a security engine to operate in a trusted execution environment to perform security operations and to authenticate a user of the apparatus, and a pairing logic to receive an indication of discovery of a peer device and to determine whether the user of the apparatus corresponds to a user of the peer device, and if so to enable a pairing with the peer device according to a first security ring if the correspondence is determined, and to enable the pairing with the peer device according to a second security ring if no correspondence is detected and the user of the apparatus is authenticated. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,一种设备包括:安全引擎,用于在可信执行环境中操作以执行安全操作并对设备的用户进行认证;以及配对逻辑,用于接收对等设备的发现指示并确定用户 是否与对端设备的用户对应,如果是,则根据第一安全环实现与对端设备的配对,如果对应关系确定,并且根据第二安全环实现与对端设备的配对 如果没有检测到对应并且装置的用户被认证。 描述并要求保护其他实施例。
-
7.发明公开
公开(公告)号:EP3235221A1
公开(公告)日:2017-10-25
申请号:EP15870515.2
申请日:2015-10-05
申请人: Intel Corporation
CPC分类号: H04L63/105 , G06F21/60 , G06F21/629 , G06F21/85 , H04L12/5692 , H04L41/0853 , H04L41/0893 , H04L63/04 , H04L63/20 , H04L67/12 , H04W4/70 , H04W12/0027 , H04W12/005
摘要: The techniques described herein include configuration of channels between devices and service providers at a connectable system platform. For example, a system platform may include a receiver to receive data from a communicatively coupled device. The system platform may include a controller having logic, at least partially comprising hardware logic, to configure communications channels. The communication channels include a communication channel for transmission between the system platform and a service provider to receive the data, and a communication channel for transmission between the system platform and the coupled device. The communication channels are configured based on a context. The context comprises characteristics of the coupled device, content of the data, and security requirements associated with the service provider.
摘要翻译: 这里描述的技术包括在可连接系统平台处的设备和服务提供商之间的信道配置。 例如,系统平台可以包括接收器以从通信耦合的设备接收数据。 该系统平台可以包括具有逻辑的控制器,该逻辑至少部分地包括硬件逻辑以配置通信信道。 通信信道包括用于在系统平台和服务提供商之间传输以接收数据的通信信道以及用于在系统平台和耦合设备之间传输的通信信道。 通信通道基于上下文进行配置。 上下文包括耦合设备的特性,数据内容以及与服务提供商相关的安全要求。
-
8.发明公开SYSTEMS AND METHODS TO FACILITATE MULTI-FACTOR AUTHENTICATION POLICY ENFORCEMENT USING ONE OR MORE POLICY HANDLERS 有权系统和方法多因素身份验证策略实施使能使用一个或DIRECTIVE手ABERS更多
公开(公告)号:EP3123661A1
公开(公告)日:2017-02-01
申请号:EP15769806.9
申请日:2015-02-20
申请人: Intel Corporation
CPC分类号: H04L63/20 , G06F21/31 , G06F2221/2105 , H04L9/3247 , H04L63/08 , H04L2463/082
摘要: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate multi-factor authentication policy enforcement using one or more policy handlers. An example first policy handler to manage a global policy in a distributed environment includes a parser to identify a first sub-policy of the global policy that is capable of enforcement by the first policy handler, and an attester to sign the first sub-policy. The example first policy handler further includes a director to determine whether to forward the global policy to a second policy handler based on a signature status of the global policy, and to forward the global policy to the second policy handler when the signature status of the global policy is indicative of an unsigned second sub-policy.
摘要翻译: 方法,设备,系统和制品是游离缺失盘促进使用一个或多个策略处理多因素认证策略执行。 一个例子第一政策管理来管理分布式环境的全球策略包括一个分析器,以确定全球政策的第一子策略确实能够执行的第一策略处理程序,并在证明者签署第一子策略。 示例性的第一策略管理器还包括导演确定性矿山无论在全球政策转发给基于全局政策的签名状态的第二策略处理机,并在全球政策转发给第二策略处理程序当全球的签名状态 政策表示一个无符号的第二子政策。
-
公开(公告)号:EP3080946A2
公开(公告)日:2016-10-19
申请号:EP13899034.6
申请日:2013-12-12
申请人: Intel Corporation
发明人: SMITH, Ned M. , MOORE, Victoria C. , KANON, Avi , RESHEF, Ehud , NAYSHTUT, Alex , POGORELIK, Oleg , BHARGAV-SPANTZEL, Abhilasha , OWEN, Craig T. , KHOSRAVI, Hormuzd M.
CPC分类号: G06F21/34 , G06F21/32 , G06F21/606 , G06F2221/2103 , G06F2221/2111 , G06F2221/2143 , G06Q20/3278 , H04L9/006 , H04L9/0822 , H04L9/0825 , H04L9/0866 , H04L9/3234 , H04L9/3271 , H04L63/0492 , H04L63/0853 , H04L63/102 , H04L2209/805 , H04L2463/082 , H04W4/80 , H04W12/06
摘要: A computing device is described. The computing device includes input/output (I/O) circuitry to receive sensory data and a trusted execution environment to monitor the I/O circuitry to detect one or more context characteristics of the computing device and to authenticate user identity based on context characteristics.
-
公开(公告)号:EP2847927A1
公开(公告)日:2015-03-18
申请号:EP12872734.4
申请日:2012-03-29
申请人: Intel Corporation
CPC分类号: H04L63/10 , G06F21/57 , H04L9/3247 , H04L9/3271 , H04L63/08 , H04L63/1433 , H04L63/145 , H04L2209/72
摘要: In accordance with embodiments disclosed herein, there are provided systems, apparatuses, and methods for implementing secure remediation of devices requesting cloud services. For example, in one embodiment, such means may include means for receiving, at a services provider, a request for services from a client; means for requesting authentication from the client to verify the client is one of a plurality of known subscribers of the services; means for requesting attestation to verify compliance of the client with a policy specified by the services provider; means for receiving an attestation confirmation from an attestation verifier, the attestation confirmation verifying compliance of the client with the policy specified by the services provider; and means for granting the client access to the services requested.
摘要翻译: 根据这里公开的实施例,提供了用于实现请求云服务的设备的安全补救的系统,设备和方法。 例如,在一个实施例中,这样的装置可以包括用于在服务提供商处接收来自客户的对服务的请求的装置; 用于从所述客户端请求认证以验证所述客户端是所述服务的多个已知订户中的一个的装置; 用于请求证明以验证客户与服务提供商指定的策略的符合性的装置; 用于从认证验证者接收证明确认的装置,所述证明确认验证所述客户与所述服务提供者指定的策略的符合性; 以及允许客户访问所请求服务的手段。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.017 秒)
