公开(公告)号：EP3175575A4

公开(公告)日：2018-03-28

申请号：EP15826300

申请日：2015-05-28

申请人： MCAFEE LLC

发明人： POGORELIK OLEG ,  NAYSHTUT ALEX ,  SMITH NED M ,  MUTTIK IGOR ,  LAPIDOT IDO

IPC分类号： H04L9/08 ,  G06F21/10 ,  H04L29/06

CPC分类号： H04L63/105 ,  G06F21/10 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/20 ,  H04L2209/603

摘要： Technologies for secure content packaging include a source computing device that transmits a secure package to a destination computing device. The destination computing device establishes a content policy trusted execution environment and a key policy trusted execution environment. The content policy trusted execution environment may be established in a secure enclave using processor support. The key policy trusted execution environment may be established using a security engine. The key policy trusted execution environment evaluates a key access policy and decrypts a content key using a master wrapping key. The content policy trusted execution environment evaluates a content access policy and decrypts the content using the decrypted content key. Similarly, the source computing device authors the secure package using a content policy trusted execution environment and a key policy trusted execution environment. The master wrapping key may be provisioned to the computing devices during manufacture. Other embodiments are described and claimed.

公开(公告)号：EP3198508A4

公开(公告)日：2018-05-02

申请号：EP15843707

申请日：2015-08-25

申请人： MCAFEE LLC

发明人： NAYSHTUT ALEX ,  SMITH NED ,  SHARAGA AVISHAY ,  POGORELIK OLEG ,  BHARGAV-SPANTZEL ABHILASHA ,  RAZIEL MICHAEL ,  PRIEV AVI ,  SHALIV ADI ,  MUTTIK IGOR

IPC分类号： G06Q30/02 ,  G06F21/57 ,  G06F21/62 ,  H04L29/06 ,  H04W4/021 ,  H04W4/21 ,  H04W12/00 ,  H04W12/02

CPC分类号： G06F21/6254 ,  G06Q30/0261 ,  H04L63/04 ,  H04L63/0414 ,  H04W4/021 ,  H04W4/206 ,  H04W4/21 ,  H04W8/06 ,  H04W12/00 ,  H04W12/02

摘要： In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.