公开(公告)号：US20180341756A1

公开(公告)日：2018-11-29

申请号：US15982209

申请日：2018-05-17

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC: G06F21/31 ,  H04L9/32 ,  G06F21/53 ,  H04W12/06 ,  H04L29/06 ,  G06F21/41 ,  H04W88/02 ,  G06F21/88

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：US20170147822A1

公开(公告)日：2017-05-25

申请号：US15426204

申请日：2017-02-07

Applicant: Intel Corporation

Inventor： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F21/31 ,  G06F21/6218 ,  G06F21/629 ,  G06F2221/034 ,  G06F2221/2105 ,  G06F2221/2111 ,  H04L63/107

Abstract: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

公开(公告)号：US10055556B2

公开(公告)日：2018-08-21

申请号：US14866950

申请日：2015-09-26

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC: G06F7/04 ,  G06F21/31 ,  H04W12/06 ,  G06F21/53 ,  H04L9/32 ,  H04W88/02

CPC classification number: G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/00503 ,  H04W12/00504 ,  H04W12/00508 ,  H04W12/06 ,  H04W88/02

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：US20180069855A1

公开(公告)日：2018-03-08

申请号：US15812956

申请日：2017-11-14

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC: H04L29/06 ,  G06F21/31 ,  H04L29/08 ,  G06N99/00

CPC classification number: H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N20/00 ,  H04L63/0884 ,  H04L67/306

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

公开(公告)号：US09467296B2

公开(公告)日：2016-10-11

申请号：US14473308

申请日：2014-08-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  William C. Deleeuw ,  Thomas G. Willis ,  Nathaniel J. Goss

IPC: G06F21/00 ,  H04L9/32 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/3247 ,  G06F21/606 ,  G06F21/6245 ,  H04L9/0838 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/123

Abstract: Technologies for utilizing trusted messaging include a local computing device including a message client and a local trusted message module established in a trusted execution environment. The local trusted message module performs attestation of a remote computing device based on communication with a corresponding remote trusted message module established in a trusted execution environment of the remote computing device. The local trusted message module further exchanges, with the remote trusted message module, cryptographic keys in response to successful attestation of the remote computing device. The message client forwards outgoing messages to the local trusted message module and receives incoming messages from the local trusted message module. To securely transmit an outgoing message to the remote computing device, the local trusted message module receives the outgoing message from the message client, encrypts the outgoing message, and cryptographically signs the outgoing message, prior to transmittal to the remote trusted message module of the remote computing device. To securely receive an incoming message from the remote computing device, the local trusted message module receives the incoming message from the remote trusted message module of the remote computing device, decrypts the incoming message, and verifies a cryptographic signature of the incoming message, based on the exchanged cryptographic keys and prior to transmittal of the incoming message to the message client.

Abstract translation: 用于使用可信消息的技术包括本地计算设备，其包括在可信执行环境中建立的消息客户端和本地可信消息模块。 本地可信消息模块基于与在远程计算设备的可信执行环境中建立的对应的远程可信消息模块的通信来执行远程计算设备的认证。 响应于远程计算设备的成功认证，本地可信消息模块进一步与远程可信消息模块交换密码密钥。 消息客户端将出站消息转发到本地可信消息模块，并从本地可信消息模块接收传入消息。 为了将传出消息安全地发送到远程计算设备，本地可信消息模块在传送到远程计算机的远程可信消息模块之前，从消息客户端接收输出消息，加密输出消息，并加密地对出站消息进行签名 计算设备。 为了安全地接收来自远程计算设备的传入消息，本地可信消息模块从远程计算设备的远程可信消息模块接收传入消息，对进入消息进行解密，并且基于进入消息的密码签名来验证 交换的加密密钥以及在将传入消息传送到消息客户端之前。

公开(公告)号：US20180077154A1

公开(公告)日：2018-03-15

申请号：US15813789

申请日：2017-11-15

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC: H04L29/06 ,  G06F21/31 ,  H04L29/08 ,  G06N99/00

CPC classification number: H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N20/00 ,  H04L63/0884 ,  H04L67/306

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

公开(公告)号：US09628477B2

公开(公告)日：2017-04-18

申请号：US14581659

申请日：2014-12-23

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  G06N99/00 ,  G06F21/31

CPC classification number: H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N99/005 ,  H04L63/0884 ,  H04L67/306

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

公开(公告)号：US09990479B2

公开(公告)日：2018-06-05

申请号：US14583671

申请日：2014-12-27

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC: G06F7/04 ,  G06F21/31 ,  H04W12/06 ,  G06F21/53 ,  H04W88/02

CPC classification number: G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/06 ,  H04W88/02

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：US20180103034A1

公开(公告)日：2018-04-12

申请号：US15813823

申请日：2017-11-15

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC: H04L29/06 ,  G06N99/00 ,  H04L29/08 ,  G06F21/31

CPC classification number: H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N20/00 ,  H04L63/0884 ,  H04L67/306

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

公开(公告)号：US09922194B2

公开(公告)日：2018-03-20

申请号：US15426204

申请日：2017-02-07

Applicant: Intel Corporation

Inventor： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/62

CPC classification number: G06F21/57 ,  G06F21/31 ,  G06F21/6218 ,  G06F21/629 ,  G06F2221/034 ,  G06F2221/2105 ,  G06F2221/2111 ,  H04L63/107

Abstract: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.