公开(公告)号：US10437985B2

公开(公告)日：2019-10-08

申请号：US15283357

申请日：2016-10-01

Applicant: Intel Corporation

Inventor： Jonathan Trostle ,  Paritosh Saxena ,  Ernie Brickell ,  Thomas J. Barnes

IPC: G06F21/53 ,  G06F21/34 ,  G06F21/44 ,  G06F21/33

Abstract: A method, apparatus, and computer-readable medium are provided to determine whether to enroll a computing device as a provider of a secure application enclave for an application. The following information is obtained from a second computing device: a device identifier for a first computing device, application information, and data for a shared secret. The first computing device is configured to provide a secure application enclave to support execution of the application associated with the application information, and the shared secret is shared between the secure application enclave and a user of the first computing device. A determination is made whether to enroll the first computing device as a provider of the secure application enclave for the application using the device identifier, the application information, and the data for the shared secret. The secure application enclave may be notified whether the enrollment of the first computing device is successful.

公开(公告)号：US20160117498A1

公开(公告)日：2016-04-28

申请号：US14523886

申请日：2014-10-25

Applicant: Intel Corporation

Inventor： Paritosh Saxena ,  Adrian M.M.T. Dunbar ,  Michael S. Hughes ,  John Teddy ,  David Michael Durham ,  Balaji Vembu ,  Prashant Dewan ,  Debra Cablao ,  Nicholas D. Triantafillou ,  Craig D. Schmugar ,  Jason M. Surprise

IPC: G06F21/44 ,  G06F21/71 ,  G06F21/57

CPC classification number: G06F21/552 ,  G06F1/28 ,  G06F9/45558 ,  G06F9/5027 ,  G06F12/14 ,  G06F12/145 ,  G06F12/1491 ,  G06F21/445 ,  G06F21/554 ,  G06F21/558 ,  G06F21/56 ,  G06F21/566 ,  G06F21/57 ,  G06F21/71 ,  G06F21/74 ,  G06F2009/45587 ,  G06F2209/509 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2149 ,  G06T1/20 ,  G09G5/363

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.

公开(公告)号：US10019574B2

公开(公告)日：2018-07-10

申请号：US15391702

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Paul J. Thadikaran ,  Nicholas D. Triantafillou ,  Paritosh Saxena

IPC: G06F21/56 ,  G06F17/30 ,  G06F3/06 ,  G06F21/80

CPC classification number: G06F21/564 ,  G06F3/0623 ,  G06F3/0643 ,  G06F3/0673 ,  G06F16/13 ,  G06F16/14 ,  G06F21/565 ,  G06F21/567 ,  G06F21/575 ,  G06F21/78 ,  G06F21/80 ,  G06F2221/034

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

公开(公告)号：US20190238560A1

公开(公告)日：2019-08-01

申请号：US16116896

申请日：2018-08-29

Applicant: Intel Corporation

Inventor： Nicholas D. Triantafillou ,  Paritosh Saxena ,  Paul J. Thadikaran ,  David M. Durham

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/10

CPC classification number: H04L63/14 ,  G06F21/10 ,  G06F21/57 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/0478

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

公开(公告)号：US10349227B2

公开(公告)日：2019-07-09

申请号：US14929952

申请日：2015-11-02

Applicant: Intel Corporation

Inventor： Paritosh Saxena ,  David I Poisner ,  Nicholas Triantafillou ,  Casey Baron

IPC: H04W4/06 ,  H04W4/90 ,  H04W4/02 ,  H04W4/60

Abstract: Various systems and methods for a personal safety system are described herein. A personal safety system includes an alert detection module to receive, at a device, input indicating an alert event; and a communication module to: transmit information regarding the alert event to a cloud service; and broadcast wireless network information of a wireless environment around the device, obtained by the device, to a plurality of devices in the wireless environment.

公开(公告)号：US09916454B2

公开(公告)日：2018-03-13

申请号：US15187530

申请日：2016-06-20

Applicant: Intel Corporation

Inventor： Paul J. Thadikaran ,  Nicholas D. Triantafillou ,  Thomas R. Bowen ,  Paritosh Saxena

IPC: G06F21/57 ,  G06F12/14

CPC classification number: G06F21/575 ,  G06F12/1441 ,  G06F12/1466 ,  G06F2212/1052

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

公开(公告)号：US20160117497A1

公开(公告)日：2016-04-28

申请号：US14523884

申请日：2014-10-25

Applicant: Intel Corporation

Inventor： Paritosh Saxena ,  Adrian M.M.T. Dunbar ,  Michael S. Hughes ,  John Teddy ,  David Michael Durham ,  Balaji Vembu ,  Prashant Dewan ,  Debra Cablao ,  Nicholas D. Triantafillou ,  Craig D. Schmugar ,  Jason M. Surprise

IPC: G06F21/44 ,  G06F21/71 ,  G06F21/57

CPC classification number: G06F21/566 ,  G06F21/52 ,  G06F21/74

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.

公开(公告)号：US20220121470A1

公开(公告)日：2022-04-21

申请号：US17561676

申请日：2021-12-23

Applicant: Intel Corporation

Inventor： Paritosh Saxena ,  Anjo Lucas Vahldiek-Oberwagner ,  Mona Vij ,  Kshitij A. Doshi ,  Carlos H. Morales ,  Clair Bowman ,  Marcela S. Melara ,  Michael Steiner

IPC: G06F9/455 ,  H04L9/40

Abstract: In one embodiment, metadata associated with deployment of a container within an orchestration environment includes information indicating security preferences for deployment of the container within the orchestration environment, information indicating a level of communications between the container and other containers, and/or information indicating effects of execution of the container with respect to other containers. The metadata is used to select a particular node of a plurality of nodes within the orchestration environment on which to deploy the container based on the metadata.

公开(公告)号：US20160283721A1

公开(公告)日：2016-09-29

申请号：US15179665

申请日：2016-06-10

Applicant: Intel Corporation

Inventor： Daniel Nemiroff ,  Paul J. Thadikaran ,  Andrew H. Gafken ,  Purushottam Goel ,  Nicholas D. Triantafillou ,  Paritosh Saxena ,  Debra Cablao

IPC: G06F21/57 ,  G06F21/64 ,  G06F21/62 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F9/4401 ,  G06F21/554 ,  G06F21/561 ,  G06F21/575 ,  G06F21/6218 ,  G06F21/64 ,  G06F2221/033 ,  H04L9/3247

Abstract: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.

Abstract translation: 描述用于主机OS组件的带外验证的技术和系统的实施例。 在实施例中，带外主机OS引导序列验证系统（“BSVS”）可以在主机OS进程或“带外”检测的情况下访问系统存储器.BSVS可以访问系统存储器中的主机OS组件 并且可以从主机OS组件的内存覆盖区生成签名。 然后可以将这些签名与可信签名进行比较以验证主机OS组件的完整性。 在实施例中，可以在主机OS的引导期间或者根据需要执行该验证。 在实施例中，信任签名可以在引导之前被BSVS预先存储; 在一些实施例中，可信任签名可以被预先计算，然后由BSVS存储。 可以描述和要求保护其他实施例。

公开(公告)号：US20150341371A1

公开(公告)日：2015-11-26

申请号：US14818654

申请日：2015-08-05

Applicant: INTEL CORPORATION

Inventor： Nicholas D. Triantafillou ,  Paritosh Saxena ,  Paul J. Thadikaran ,  David Michael Durham

IPC: H04L29/06

CPC classification number: H04L63/14 ,  G06F21/10 ,  G06F21/57 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/0478

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

Abstract translation: 公开了提供安全存储的系统和方法。 示例性方法包括在存储设备和代理之间建立安全通道，经由安全隧道从代理向存储设备提供命令，响应于命令访问存储设备处的第一数据，并且识别对数据的修改 通过将第一数据与第二数据进行比较来存储在存储装置上，其中使用存储装置进行比较。