公开(公告)号：US20160315974A1

公开(公告)日：2016-10-27

申请号：US15051130

申请日：2016-02-23

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan D. Ross ,  Eran Birk

IPC: H04L29/06

CPC classification number: H04L63/205 ,  H04L63/08 ,  H04L63/105

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

Abstract translation: 为多个企业应用程序提供基于策略的安全容器的技术包括客户端计算设备和企业策略服务器。 客户端计算设备向企业策略服务器发送设备属性信息和企业应用访问请求。 企业策略服务器根据设备属性信息和基于企业应用的数据敏感性级别来确定设备信任级别，并根据设备信任级别和数据敏感级别向客户端计算设备发送安全策略。 客户端计算设备引用或创建用于安全策略的安全容器，将企业应用程序添加到安全容器，并在安全容器中执行企业应用程序时实施安全策略。 可以向每个安全容器添加多个企业应用程序。 描述和要求保护其他实施例。

公开(公告)号：US20160080393A1

公开(公告)日：2016-03-17

申请号：US14951654

申请日：2015-11-25

Applicant: Intel Corporation

Inventor： Keith Shippy ,  Tobias Kohlenberg ,  Mubashir Mian ,  Ned Smith ,  Omer Ben-Shalom ,  Tarun Viswanathan ,  Dennis Morgan ,  Timothy Verrall ,  Manish Dave ,  Eran Birk

IPC: H04L29/06

CPC classification number: H04L63/105 ,  G06F21/316 ,  G06F2221/2105 ,  G06F2221/2113 ,  H04L63/08 ,  H04L2463/082 ,  H04W12/06 ,  H04W88/02

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.

Abstract translation: 系统和方法可以提供用于从设备的一个或多个解锁接口接收运行时间输入，并且基于运行时间输入从多个访问级别中选择关于设备的访问级别。 所选择的访问级别可以具有相关联的安全策略，其中可以基于相关联的安全策略来执行运行时输入的认证。 在一个示例中，如果认证成功，则使用一个或多个加密密钥来将设备关于所选择的访问级别放置在解锁状态。 如果认证不成功，另一方面，相对于所选择的访问级别，设备可以保持在锁定状态。

公开(公告)号：US09276963B2

公开(公告)日：2016-03-01

申请号：US13729586

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan Ross ,  Eran Birk

IPC: G06F17/00 ,  H04L29/06

CPC classification number: H04L63/205 ,  H04L63/08 ,  H04L63/105

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

Abstract translation: 为多个企业应用程序提供基于策略的安全容器的技术包括客户端计算设备和企业策略服务器。 客户端计算设备向企业策略服务器发送设备属性信息和企业应用访问请求。 企业策略服务器基于设备属性信息和基于企业应用的数据敏感度级别来确定设备信任级别，并根据设备信任级别和数据敏感级别向客户端计算设备发送安全策略。 客户端计算设备引用或创建用于安全策略的安全容器，将企业应用程序添加到安全容器，并在安全容器中执行企业应用程序时实施安全策略。 可以向每个安全容器添加多个企业应用程序。 描述和要求保护其他实施例。

公开(公告)号：US09530294B2

公开(公告)日：2016-12-27

申请号：US14354486

申请日：2013-12-23

Applicant: Intel Corporation

Inventor： Eran Birk ,  Omer Ben-Shalom ,  Yosi Govezensky ,  Yoram Hassidim

IPC: G08B23/00 ,  G08B13/14 ,  G08B21/02

CPC classification number: G08B13/1427 ,  G06F21/445 ,  G06F2221/2101 ,  G06F2221/2111 ,  G06F2221/2115 ,  G08B21/0261 ,  G08B21/0269 ,  G08B21/0277 ,  H04W4/021

Abstract: An item of value comprises an assembly of parts. The parts comprise a component that has value independent of the item, and an assembly security system that is operable to communicate with a central security system via a wide area network. The component comprises a component security system that is operable to communicate with the assembly security system. The assembly security system is operable to perform operations comprising (a) saving component data that identifies the component as part of the item; (b) after saving the component data, monitoring the component, via the component security system, to automatically determine whether the component has left a predetermined zone of proximity, relative to the item; and (c) in response to determining that the component has left the predetermined zone of proximity, automatically notifying the central security system that the component has left the predetermined zone of proximity. Other embodiments are described and claimed.

Abstract translation: 价值项包括零件的组装。 这些部件包括具有与项目无关的值的组件，以及可操作以经由广域网与中央安全系统通信的组装安全系统。 该组件包括可操作以与组装安全系统通信的组件安全系统。 组装安全系统可操作以执行操作，包括（a）将组件数据保存为项目的一部分; （b）在保存组件数据之后，通过组件安全系统监视组件以自动确定组件是否已经相对于项目已经离开预定的接近区域; 和（c）响应于确定组件已经离开预定的接近区域，自动通知中央安全系统组件已经离开预定的接近区域。 描述和要求保护其他实施例。

公开(公告)号：US09298911B2

公开(公告)日：2016-03-29

申请号：US13840799

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Gal Chanoch ,  Eran Birk ,  Baiju Patel ,  Steven Grobman ,  Tobias Kohlenberg ,  Rajeev Gopalakrisha

IPC: H04L29/06 ,  G06F21/54 ,  G06F11/00 ,  G06F12/14 ,  G06F12/16

CPC classification number: H04L63/1408 ,  G06F21/54 ,  H04L63/10

Abstract: Technologies are provided in embodiments for receiving policy information associated with at least one security exception, the security exception relating to execution of at least one program, determining an operation associated with the security exception based, at least in part, on the policy information, and causing the operation to be performed, based at least in part, on a determination that the at least one security exception occurred.

Abstract translation: 在用于接收与至少一个安全异常相关联的策略信息，与至少一个程序的执行有关的安全异常，至少部分地基于策略信息确定与所述安全异常相关联的操作的实施例中提供技术，以及 至少部分地基于确定发生了至少一个安全异常来执行操作。

公开(公告)号：US09208299B2

公开(公告)日：2015-12-08

申请号：US13995540

申请日：2013-03-09

Applicant: Intel Corporation

Inventor： Eran Birk ,  Omer Ben-Shalom

IPC: G06F21/00 ,  G06F21/31 ,  G06F21/33

CPC classification number: G06F21/31 ,  G06F21/33 ,  G06F21/44 ,  G06F21/73

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for secure user authentication with improved OTP verification. The device may include an attribute collection module configured to collect attributes associated with the device; a client trust module configured to identify a user of the device, associate a user ID with the user and transmit the user ID and the collected attributes to a trust broker system; the client trust module further configured to receive a device ID from the trust broker system, the device ID associated with a pairing of the user ID and the attributes; and a client OTP generation module configured to generate an OTP and further configured to transmit the OTP and the device ID to an authentication server.

Abstract translation: 通常，本公开提供了用于通过改进的OTP验证进行安全用户认证的系统，设备，方法和计算机可读介质。 所述设备可以包括被配置为收集与所述设备相关联的属性的属性收集模块; 客户端信任模块，被配置为识别所述设备的用户，将用户ID与所述用户相关联，并将所述用户ID和所收集的属性发送到信任代理系统; 所述客户端信任模块还被配置为从所述信任代理系统接收设备ID，所述设备ID与所述用户ID的配对和所述属性相关联; 以及客户端OTP生成模块，被配置为生成OTP并进一步被配置为将OTP和设备ID传送到认证服务器。

公开(公告)号：US20140282832A1

公开(公告)日：2014-09-18

申请号：US13840799

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Gal Chanoch ,  Eran Birk ,  Baiju Patel ,  Steven Grobman ,  Tobias Kohlenberg ,  Rajeev Gopalakrisha

IPC: G06F21/00

CPC classification number: H04L63/1408 ,  G06F21/54 ,  H04L63/10

Abstract: Technologies are provided in embodiments for receiving policy information associated with at least one security exception, the security exception relating to execution of at least one program, determining an operation associated with the security exception based, at least in part, on the policy information, and causing the operation to be performed, based at least in part, on a determination that the at least one security exception occurred.

Abstract translation: 在用于接收与至少一个安全异常相关联的策略信息，与至少一个程序的执行相关的安全异常，至少部分地基于策略信息确定与所述安全异常相关联的操作的实施例中提供技术，以及 至少部分地基于确定发生了至少一个安全异常来执行操作。

公开(公告)号：US12184704B2

公开(公告)日：2024-12-31

申请号：US18542406

申请日：2023-12-15

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan Ross ,  Eran Birk

IPC: H04L9/40

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US20240275822A1

公开(公告)日：2024-08-15

申请号：US18542406

申请日：2023-12-15

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan Ross ,  Eran Birk

IPC: H04L9/40

CPC classification number: H04L63/205 ,  H04L63/08 ,  H04L63/105

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US10592639B2

公开(公告)日：2020-03-17

申请号：US15256964

申请日：2016-09-06

Applicant: Intel Corporation

Inventor： Tamara Gaidar ,  Eran Birk ,  Nava Levy ,  Glen J. Anderson ,  Ned M. Smith

IPC: G06F21/10 ,  G06F21/16

Abstract: A client platform supports digital rights management. The client platform comprises a digital rights management (DRM) engine which, when executed, enables the client platform to monitor download operations performed by the client platform and to obtain a shadow image for a digital content item from a DRM blockchain, in response to an operation to download the digital content item from a remote source. The shadow image comprises a hash of the digital content item and copyright policy settings to indicate security constraints for the digital content item. The client platform may automatically determine whether the copyright policy settings for the digital content item allow modification of the digital content item. A user may be allowed to create a modified version of the digital content item only if the copyright policy settings allow modification of the digital content item. Other embodiments are described and claimed.