-
公开(公告)号:US20160182238A1
公开(公告)日:2016-06-23
申请号:US14574969
申请日:2014-12-18
申请人: Prashant Dewan , Kapil Sood , Kumar N. Dwarakanath , Ioannis T. Schoinas , William A. Stevens, JR. , Ned M. Smith
发明人: Prashant Dewan , Kapil Sood , Kumar N. Dwarakanath , Ioannis T. Schoinas , William A. Stevens, JR. , Ned M. Smith
CPC分类号: H04L9/3263 , G06F21/572 , G06F21/74 , G09C1/00 , H04L9/321 , H04L9/3234 , H04L9/3242 , H04L2209/12 , H04L2209/68
摘要: In one embodiment, a processor has at least one core to execute instructions, a security engine coupled to the at least one core, a first storage to store a first immutable key associated with a vendor of the processor, and a second storage to store a second immutable key associated with an original equipment manufacturer (OEM) of the system. A first portion of firmware is to be verified based at least in part on the first immutable key and a second portion of firmware is to be verified based at least in part on the second immutable key, the first portion of firmware associated with the vendor and the second portion of firmware associated with the OEM. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器具有执行指令的至少一个核心,耦合到所述至少一个核心的安全引擎,用于存储与所述处理器的供应商相关联的第一不可变密钥的第一存储器,以及存储 与系统的原始设备制造商(OEM)相关联的第二个不可变键。 至少部分地基于第一不可变密钥验证固件的第一部分,并且至少部分地基于第二不可变密钥,与供应商相关联的固件的第一部分和 与OEM相关联的固件的第二部分。 描述和要求保护其他实施例。
-
公开(公告)号:US20160180093A1
公开(公告)日:2016-06-23
申请号:US14580517
申请日:2014-12-23
申请人: Nathaniel J. Goss , Nathan Heldt-Sheller , Kevin C. Wells , Micah J. Sheller , Sindhu Pandian , Ned M. Smith , Bernard N. Keany
发明人: Nathaniel J. Goss , Nathan Heldt-Sheller , Kevin C. Wells , Micah J. Sheller , Sindhu Pandian , Ned M. Smith , Bernard N. Keany
IPC分类号: G06F21/57
CPC分类号: G06F21/57 , G06F21/31 , G06F21/6218 , G06F21/629 , G06F2221/034 , G06F2221/2105 , G06F2221/2111 , H04L63/107
摘要: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,系统包括:处理器,其包括执行指令的至少一个核心; 多个传感器,包括用于确定关于系统位置的位置信息的第一传感器; 以及将安全策略应用于系统的安全引擎。 在该实施例中,安全引擎包括策略逻辑,用于至少部分地基于位置信息来确定要应用的多个安全策略中的一个,其中位置信息指示与多个安全策略相关联的位置不同的位置。 描述和要求保护其他实施例。
-
公开(公告)号:US20160134419A1
公开(公告)日:2016-05-12
申请号:US14670874
申请日:2015-03-27
CPC分类号: H04L9/0841 , H04L9/0833 , H04L9/0844 , H04L9/0866 , H04L9/14 , H04L9/30 , H04L9/3013 , H04L2209/127 , H04W12/04
摘要: Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.
摘要翻译: 用于可信设备登机的技术包括第一计算设备,用于基于私有Diffie-Hellman密钥和第一计算设备的第一唯一标识符生成第一公共Diffie-Hellman密钥。 从第一计算设备的安全存储器检索第一唯一标识符。 第一计算设备将第一公共Diffie-Hellman密钥发送到第二计算设备,并从第二计算设备接收第二计算设备的第二公共Diffie-Hellman密钥。 第二个公共Diffie-Hellman密钥包含第二计算设备的第二唯一标识符。 此外,第一计算设备从第二公共Diffie-Hellman密钥去除第二唯一标识符的贡献,以生成修改的公共Diffie-Hellman密钥,并且基于修改的公共Diffie-Hellman密钥生成共享Diffie-Hellman密钥,并且 第一个计算设备的私人Diffie-Hellman密钥。
-
公开(公告)号:US20160085916A1
公开(公告)日:2016-03-24
申请号:US14494733
申请日:2014-09-24
申请人: Ned M. Smith
发明人: Ned M. Smith
IPC分类号: G06F19/00
摘要: Technologies for genomic data management include a patient device that computes an integrity register value as a function of genomic sequence data within a trusted execution environment. The genomic sequence data may not feasibly be reconstructed from the integrity register value. A genomic server computes an integrity register index of public genomic sequence data. The patient device transmits an integrity register value to the genomic server, and the genomic server responds with population data indicative of the genomic sequence data corresponding to the integrity register value. The patient device may contribute the genomic sequence data to the public genomic sequence data if the population data is sufficiently large. The patient device may also transmit the integrity register value to a research device, and the research device may respond with a compensation offer for the genomic sequence data if the population data is sufficiently small. Other embodiments are described and claimed.
摘要翻译: 用于基因组数据管理的技术包括在受信任执行环境内计算作为基因组序列数据的函数的完整性寄存器值的患者装置。 基因组序列数据可能无法从完整性寄存器值重建。 基因组服务器计算公共基因组序列数据的完整性寄存器索引。 患者装置向基因组服务器发送完整性寄存器值,并且基因组服务器用指示与完整性寄存器值对应的基因组序列数据的群体数据进行响应。 如果群体数据足够大,则患者装置可以将基因组序列数据贡献给公共基因组序列数据。 患者设备还可以将完整性寄存器值发送到研究设备,并且如果群体数据足够小,则研究设备可以对基因组序列数据的补偿提供响应。 描述和要求保护其他实施例。
-
公开(公告)号:US20160006763A1
公开(公告)日:2016-01-07
申请号:US14678093
申请日:2015-04-03
申请人: Victoria C. Moore , Ned M. Smith
发明人: Victoria C. Moore , Ned M. Smith
CPC分类号: G01J5/02 , G06F11/3058 , G06F13/14 , G06F21/00 , G06F21/31 , G06F2221/2133 , G06F2221/2139
摘要: According to some embodiments, a method and apparatus are provided to receive a first signal from a sensor, determine that a user is present based on the received first signal, receive a second signal from the sensor, and determine if the user is still present based on the received second signal.
-
公开(公告)号:US09059854B2
公开(公告)日:2015-06-16
申请号:US14051364
申请日:2013-10-10
申请人: Ned M. Smith , Steven E. Wells , Robert W. Strong
发明人: Ned M. Smith , Steven E. Wells , Robert W. Strong
CPC分类号: H04L9/32 , G06F21/44 , G06F21/629 , G06F21/70 , G06F2221/2107 , H04L9/3252
摘要: A protocol provides authentication of peripheral devices by a computing device to which the peripheral device connects. Computing devices include a verifier with a public key that authenticates multiple associated private keys. Private keys are embedded on peripheral devices. When the verifier is able to authenticate a connected peripheral, particular functionality is enabled that may not be enabled for peripherals that do not authenticate.
摘要翻译: 协议通过外围设备连接的计算设备提供对外围设备的认证。 计算设备包括具有认证多个相关私钥的公开密钥的验证者。 私钥嵌入在外围设备上。 当验证者能够对连接的外围设备进行身份验证时,启用特定的功能,这些功能可能无法为不进行身份验证的外设启用。
-
127.发明申请MECHANISM FOR FACILITATING DYNAMIC CONTEXT-BASED ACCESS CONTROL OF RESOURCES 审中-公开促进动态基于上下文的资源访问控制机制公开(公告)号:US20150135258A1
公开(公告)日:2015-05-14
申请号:US14129961
申请日:2013-09-27
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/45 , G06F21/6218 , G06F2221/2111 , H04L63/0876 , H04L63/20
摘要: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.
摘要翻译: 描述了一种用于促进根据一个实施例的资源的基于上下文的访问控制的机制。 如本文所述的实施例的方法包括接收访问多个资源的资源的第一请求。 第一请求可以与对应于在计算设备处放置第一请求的用户相关联的一个或多个上下文相关联。 该方法还可以包括评估一个或多个上下文。 一个或多个上下文的评估可以包括将一个或多个上下文与与所请求的资源相关联的一个或多个访问策略进行匹配。 该方法还可以包括:如果一个或多个上下文满足访问策略中的至少一个,则接受第一请求。
-
128.发明申请METHOD AND SYSTEM FOR ENTERPRISE NETWORK SINGLE-SIGN-ON BY A MANAGEABILITY ENGINE 有权用于企业网络的方法和系统由可管理性引擎单点登录公开(公告)号:US20150095638A1
公开(公告)日:2015-04-02
申请号:US14508494
申请日:2014-10-07
申请人: Ned M. Smith , Purushottam Goel
发明人: Ned M. Smith , Purushottam Goel
CPC分类号: G06F21/335 , G06F21/31 , G06F21/33 , G06F21/41 , G06F21/575 , G06F21/72 , G06F21/80 , G06F2221/034 , G06F2221/2103 , G09G2358/00 , H04L9/0822 , H04L9/083 , H04L9/3213 , H04L63/0807 , H04L63/0815
摘要: A manageability engine (ME) receives an authentication response from a user during pre-boot authentication and registers the user with a key distribution center (KDC), indicating that the user has successfully authenticated to the PC. The KDC supplies the ME with single-sign-on credentials in the form of a Key Encryption Key (KEK). The KEK may later be used by the PC to obtain a credential used to establish secure access to Enterprise servers.
摘要翻译: 可管理性引擎(ME)在预引导认证期间从用户接收认证响应,并向用户注册密钥分配中心(KDC),指示用户已成功认证到PC。 KDC以密钥加密密钥(KEK)的形式向ME提供单点登录凭证。 PC随后可以使用KEK来获取用于建立对企业服务器的安全访问的证书。
-
129.发明授权公开(公告)号:US08973095B2
公开(公告)日:2015-03-03
申请号:US13531878
申请日:2012-06-25
申请人: Ned M. Smith
发明人: Ned M. Smith
CPC分类号: G06F21/36
摘要: In an embodiment, the present invention includes a method for receiving a request for user authentication of a system, displaying an authentication image on a display of the system using a set of random coordinates, receiving a plurality of gesture input values from the user, and determining whether to authenticate the user based at least in part on the plurality of gesture input values. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于接收对系统的用户认证的请求的方法,使用一组随机坐标在系统的显示器上显示认证图像,从用户接收多个手势输入值,以及 至少部分地基于所述多个手势输入值来确定是否对所述用户进行认证。 描述和要求保护其他实施例。
-
公开(公告)号:US20140366111A1
公开(公告)日:2014-12-11
申请号:US13994016
申请日:2013-03-15
申请人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
发明人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F21/316 , G06F2221/2101 , G06F2221/2103 , G06F2221/2139 , H04L63/0861 , H04L67/14 , H04L67/24
摘要: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.
摘要翻译: 通常,本公开描述了连续认证置信模块。 系统可以包括用户设备,包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块,被配置为响应于特定用户的初始认证来确定置信度得分,至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度分数,并且通知操作 系统,如果更新的置信度分数在会话关闭阈值的容限内,认证不再有效; 所述初始认证被配置为打开会话,所述置信度分数被配置为指示所述会话期间的当前认证强度。
-
-
-
-
-
-
-
-
-
搜索结果
200 条记录 (耗时 0.058 秒)