公开(公告)号：EP2756628B1

公开(公告)日：2018-07-18

申请号：EP11872400.4

申请日：2011-09-12

Applicant: Intel Corporation

Inventor： DEWAN, Prashant ,  DURHAM, David M. ,  KANG, Xiaozhu ,  GREWAL, Karanvir S.

IPC: H04L9/32 ,  H04N21/4415 ,  G06K9/78 ,  G06F21/32 ,  H04L9/08 ,  G06F21/62 ,  H04L29/06

CPC classification number: H04L9/3231 ,  G06F21/32 ,  G06F21/6209 ,  G06F2221/2109 ,  H04L9/0825 ,  H04L63/045 ,  H04L63/0861

Abstract: A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the decrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device.

公开(公告)号：EP2529505A2

公开(公告)日：2012-12-05

申请号：EP11737451.2

申请日：2011-01-19

Applicant: Intel Corporation

Inventor： LONG, Men ,  GREWAL, Karanvir S.

IPC: H04L9/14 ,  G06F21/20

CPC classification number: H04L9/0827 ,  H04L9/0838 ,  H04L9/14 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/06 ,  H04L2209/60 ,  H04L2209/76

Abstract: An embodiment may include circuitry to establish, at least in part, a secure communication channel between, at least in part, a client in a first domain and a server in a second domain. The channel may include a first and second domain sessions in the first and second domains. The circuitry may generate first and second domain session keys that may encrypt, at least in part, respectively, the first and second domain sessions. The first domain session key may be generated based upon a first domain key assigned to the first domain and a first data set associated with the first domain session. The second domain session key may be generated based upon a second domain key assigned to the second domain and a second data set associated with the second domain session.

公开(公告)号：EP3210159B1

公开(公告)日：2019-11-27

申请号：EP15852606.1

申请日：2015-08-27

Applicant: Intel Corporation

Inventor： KANG, Xiaozhu ,  GARUDAPURAM, Ghayathri V. ,  GREWAL, Karanvir S.

IPC: G06F21/82 ,  G06F21/50 ,  G06F21/83 ,  G06F21/84

公开(公告)号：EP2798577A1

公开(公告)日：2014-11-05

申请号：EP11878347.1

申请日：2011-12-27

Applicant: Intel Corporation

Inventor： DEWAN, Prashant ,  DURHAM, David M. ,  HUANG, Ling ,  GREWAL, Karanvir S. ,  KANG, Xiaozhu

IPC: G06K9/46

CPC classification number: G06F21/32 ,  G06K9/00288 ,  G06K9/00899

Abstract: A password-less method for authenticating a user includes capturing one or more images of a face of the user and comparing the one or more images with a previously collected face template. Randomly selected colored light and randomized blinking patterns are used to capture the images of the user. Such captured images are compared to previously collected face templates, thereby thwarting spoof attacks. A secret image, known only to the user and the device, is moved from one area of the display to another randomly selected area, using the movements of the user's head or face, thereby providing a Turing based challenge. Protected audio video path (PAVP) enabled devices and components are used to protect the challenge from malware attacks.

公开(公告)号：EP2756628A1

公开(公告)日：2014-07-23

申请号：EP11872400.4

申请日：2011-09-12

Applicant: Intel Corporation

Inventor： DEWAN, Prashant ,  DURHAM, David M. ,  KANG, Xiaozhu ,  GREWAL, Karanvir S.

IPC: H04L9/32 ,  H04N21/4415 ,  G06K9/78

CPC classification number: H04L9/3231 ,  G06F21/32 ,  G06F21/6209 ,  G06F2221/2109 ,  H04L9/0825 ,  H04L63/045 ,  H04L63/0861

Abstract: A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the encrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device.

公开(公告)号：EP2832102B1

公开(公告)日：2018-10-31

申请号：EP12872435.8

申请日：2012-03-31

Applicant: Intel Corporation

Inventor： GREWAL, Karanvir S. ,  DURHAM, David M. ,  DEWAN, Prashant ,  KANG, Xiaozhu ,  LONG, Men

IPC: H04N21/266 ,  H04N21/2347 ,  H04N21/254 ,  H04N21/4405 ,  H04N21/4627 ,  H04N21/647 ,  H04N21/8355

CPC classification number: H04N21/64715 ,  H04N21/23476 ,  H04N21/2541 ,  H04N21/266 ,  H04N21/4405 ,  H04N21/4627 ,  H04N21/8355

Abstract: Cryptographic access control of multimedia video is presented. A method includes generating as metadata an access control policy (ACP) associated with video, the ACP including authorization rules and cryptographic information associated with an encryption policy; encrypting the video according to the encryption policy; and encoding the encrypted video with the authorization rules and the cryptographic information, which may be used to decrypt and render the encoded video. As an example, an authorized receiver device having credentials and/or capabilities matched to the authorization rules may extract the ACP information from the encrypted video and use it to decrypt and properly render the video. The method may further include visually encoding the encrypted video with at least portions of the authorization rules and the cryptographic information, such that the visually encoded video is renderable as the video by an authorized device, but is renderable as visually unintelligible video by an unauthorized device.

公开(公告)号：EP2529505B1

公开(公告)日：2018-10-24

申请号：EP11737451.2

申请日：2011-01-19

Applicant: Intel Corporation

Inventor： LONG, Men ,  GREWAL, Karanvir S.

IPC: H04L9/14 ,  G06F21/00 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0827 ,  H04L9/0838 ,  H04L9/14 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/06 ,  H04L2209/60 ,  H04L2209/76

Abstract: An embodiment may include circuitry to establish, at least in part, a secure communication channel between, at least in part, a client in a first domain and a server in a second domain. The channel may include a first and second domain sessions in the first and second domains. The circuitry may generate first and second domain session keys that may encrypt, at least in part, respectively, the first and second domain sessions. The first domain session key may be generated based upon a first domain key assigned to the first domain and a first data set associated with the first domain session. The second domain session key may be generated based upon a second domain key assigned to the second domain and a second data set associated with the second domain session.

公开(公告)号：EP2893450B1

公开(公告)日：2017-11-29

申请号：EP13834942.8

申请日：2013-09-05

Applicant: Intel Corporation

Inventor： GREWAL, Karanvir S. ,  SAHITA, Ravi L. ,  DURHAM, David

IPC: G06F12/14 ,  G06F21/60

CPC classification number: H04L63/0428 ,  G06F21/52 ,  G06F21/53 ,  G06F21/606 ,  G06F21/78 ,  G06F21/85

Abstract: One particular example implementation of an apparatus for mitigating unauthorized access to data traffic, comprises: an operating system stack to allocate unprotected kernel transfer buffers; a hypervisor to allocate protected memory data buffers, where data is to be stored in the protected memory data buffers before being copied to the unprotected kernel transfer buffers; and an encoder module to encrypt the data stored in the protected memory data buffers, where the unprotected kernel transfer buffers receive a copy the encrypted data.

公开(公告)号：EP4020272A1

公开(公告)日：2022-06-29

申请号：EP21196104.0

申请日：2021-09-10

Applicant: INTEL Corporation

Inventor： DURHAM, David M. ,  GREWAL, Karanvir S. ,  LEMAY, Michael D. ,  WEILER, Andrew James ,  SULTANA, Salim

IPC: G06F21/52 ,  G06F21/72 ,  G06F12/14 ,  G06F9/35 ,  H04L9/08 ,  H04L9/06

Abstract: A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.

公开(公告)号：EP2791855B1

公开(公告)日：2019-01-23

申请号：EP11877297.9

申请日：2011-12-15

Applicant: Intel Corporation

Inventor： DURHAM, David M. ,  LONG, Men ,  GREWAL, Karanvir S. ,  DEWAN, Prashant ,  KANG, Xiaozhu

IPC: G06F21/60 ,  G06F15/16 ,  H04N21/2347 ,  H04L29/06