-
公开(公告)号:US20160065376A1
公开(公告)日:2016-03-03
申请号:US14473308
申请日:2014-08-29
CPC分类号: H04L9/3247 , G06F21/606 , G06F21/6245 , H04L9/0838 , H04L63/0435 , H04L63/0442 , H04L63/061 , H04L63/123
摘要: Technologies for utilizing trusted messaging include a local computing device including a message client and a local trusted message module established in a trusted execution environment. The local trusted message module performs attestation of a remote computing device based on communication with a corresponding remote trusted message module established in a trusted execution environment of the remote computing device. The local trusted message module further exchanges, with the remote trusted message module, cryptographic keys in response to successful attestation of the remote computing device. The message client forwards outgoing messages to the local trusted message module and receives incoming messages from the local trusted message module. To securely transmit an outgoing message to the remote computing device, the local trusted message module receives the outgoing message from the message client, encrypts the outgoing message, and cryptographically signs the outgoing message, prior to transmittal to the remote trusted message module of the remote computing device. To securely receive an incoming message from the remote computing device, the local trusted message module receives the incoming message from the remote trusted message module of the remote computing device, decrypts the incoming message, and verifies a cryptographic signature of the incoming message, based on the exchanged cryptographic keys and prior to transmittal of the incoming message to the message client.
摘要翻译: 用于使用可信消息的技术包括本地计算设备,其包括在可信执行环境中建立的消息客户端和本地可信消息模块。 本地可信消息模块基于与在远程计算设备的可信执行环境中建立的对应的远程可信消息模块的通信来执行远程计算设备的认证。 响应于远程计算设备的成功认证,本地可信消息模块进一步与远程可信消息模块交换密码密钥。 消息客户端将出站消息转发到本地可信消息模块,并从本地可信消息模块接收传入消息。 为了将传出消息安全地发送到远程计算设备,本地可信消息模块在传送到远程计算机的远程可信消息模块之前,从消息客户端接收输出消息,加密输出消息,并加密地对出站消息进行签名 计算设备。 为了安全地接收来自远程计算设备的传入消息,本地可信消息模块从远程计算设备的远程可信消息模块接收传入消息,对进入消息进行解密,并且基于进入消息的密码签名来验证 交换的加密密钥以及在将传入消息传送到消息客户端之前。
-
公开(公告)号:US09165129B2
公开(公告)日:2015-10-20
申请号:US13532852
申请日:2012-06-26
申请人: Ned M. Smith
发明人: Ned M. Smith
CPC分类号: G06F21/316 , G06F21/32
摘要: Various embodiments are generally directed to use of a keyboard as a biometric authentication device. In one embodiment, for example, an apparatus comprises a processor circuit executing a sequence of instructions causing the processor circuit to receive a signal indicative of a keypress of at least one key of a keyboard communicatively coupled to the apparatus, and indicative of at least one physical characteristic associated with the keypress; compare the at least one physical characteristic to at least one stored physical characteristic associated with at least one authorized user of the apparatus; and determine if the keypress is associated with at least one authorized user of the apparatus based on the comparison. Other embodiments are described and claimed herein.
摘要翻译: 各种实施例通常涉及使用键盘作为生物认证设备。 在一个实施例中,例如,一种装置包括处理器电路,其执行指令序列,使得处理器电路接收指示通信地耦合到该设备的键盘的至少一个键的按键的信号,并指示至少一个 与按键相关的物理特性; 将所述至少一个物理特性与至少一个与所述设备的至少一个授权用户相关联的存储的物理特征进行比较; 并且基于所述比较来确定所述按键是否与所述装置的至少一个授权用户相关联。 在此描述和要求保护的其它实施例。
-
公开(公告)号:US20150281186A1
公开(公告)日:2015-10-01
申请号:US14361759
申请日:2013-12-24
申请人: Ned M. Smith , Nathan Heldt-Sheller , Pablo A. Michelis , Vincent J. Zimmer , Matthew D. Wood , Richard T. Beckwith , Michael A. Rothman
发明人: Ned M. Smith , Nathan Heldt-Sheller , Pablo A. Michelis , Vincent J. Zimmer , Matthew D. Wood , Richard T. Beckwith , Michael A. Rothman
CPC分类号: H04L63/0428 , G06F21/10 , G06F21/60 , H04L63/0485 , H04L2463/101 , H04N21/4405 , H04N21/4627
摘要: The present disclosure is directed to content protection for Data as a Service (DaaS). A device may receive encrypted data from a content provider via DaaS, the encrypted data comprising at least content for presentation on the device. For example, the content provider may utilize a secure multiplex transform (SMT) module in a trusted execution environment (TEE) module to generate encoded data from the content and digital rights management (DRM) data and to generate the encrypted data from the encoded data. The device may also comprise a TEE module including a secure demultiplex transform (SDT) module to decrypt the encoded data from the encrypted data and to decode the content and DRM data from the encoded data. The SMT and SDT modules may interact via a secure communication session to validate security, distribute decryption key(s), etc. In one embodiment, a trust broker may perform TEE module validation and key distribution.
摘要翻译: 本公开涉及数据即服务(DaaS)的内容保护。 设备可以经由DaaS从内容提供商接收加密数据,所述加密数据至少包括用于在设备上呈现的内容。 例如,内容提供商可以利用可信执行环境(TEE)模块中的安全多路转换(SMT)模块来从内容和数字版权管理(DRM)数据生成编码数据,并从编码数据生成加密数据 。 该设备还可以包括TEE模块,该TEE模块包括安全解复用变换(SDT)模块,用于从加密的数据解密编码数据,并从编码的数据解码内容和DRM数据。 SMT和SDT模块可以通过安全通信会话交互以验证安全性,分发解密密钥等。在一个实施例中,信任代理可以执行TEE模块验证和密钥分发。
-
公开(公告)号:US20150178999A1
公开(公告)日:2015-06-25
申请号:US14361516
申请日:2013-12-19
摘要: The present disclosure is directed to secure vehicular data management with enhanced privacy. A vehicle may comprise at least a vehicular control architecture (VCA) for controlling operation of the vehicle and a device. The VCA may record operational data identifying at least one vehicle operator and vehicular operational data recorded during operation of the vehicle by the at least one vehicle operator. The device may include at least a communication module and a trusted execution environment (TEE) including a privacy enforcement module (PEM). The PEM may receive the operational data from the VCA via the communication module, may generate filtered data by filtering the operational data based on privacy settings and may cause the filtered data to be transmitted via the communication module. The filtered data may be transmitted to at least one data consumer. The privacy settings may be configured in the PEM by the at least one operator.
摘要翻译: 本公开旨在提高隐私的安全车辆数据管理。 车辆可以包括用于控制车辆和设备的操作的至少一个车辆控制架构(VCA)。 VCA可以记录识别至少一个车辆操作者的操作数据和由车辆操作者在车辆操作期间记录的车辆操作数据。 该设备可以至少包括通信模块和包括隐私执行模块(PEM)的可信执行环境(TEE)。 PEM可以经由通信模块从VCA接收操作数据,可以通过基于隐私设置过滤操作数据来生成过滤数据,并且可以使得经过通信模块传送经过滤的数据。 经过滤的数据可以被发送到至少一个数据消费者。 隐私设置可以由至少一个操作者在PEM中配置。
-
公开(公告)号:US08918641B2
公开(公告)日:2014-12-23
申请号:US13116698
申请日:2011-05-26
申请人: Ned M. Smith , Sanjay Bakshi , Suresh Sugumar
发明人: Ned M. Smith , Sanjay Bakshi , Suresh Sugumar
CPC分类号: H04L63/10 , G06F21/44 , G06F21/629 , H04L63/0823 , H04L63/0876
摘要: A manageability engine or adjunct processor on a computer platform may receive a request for activation and use of features embedded within that platform from a service provider authorized by the manageability engine's manufacturer. The manageability engine may initiate a request for authority through the service provider to a permit server. The permit server may provide, through the service provider, proof of the service provider's authority, together with a certificate identifying the service provider. Then the manageability engine may enable activation of the features on the platform coupled to the manageability engine, but only by the one particular service provider who has been authorized.
摘要翻译: 计算机平台上的可管理引擎或附属处理器可以从可管理引擎制造商授权的服务提供商接收对该平台内嵌的特征的激活和使用的请求。 可管理性引擎可以通过服务提供商向许可服务器发起权限请求。 许可证服务器可以通过服务提供商提供服务提供商的权限的证明,以及标识服务提供商的证书。 然后可管理性引擎可以启用耦合到可管理性引擎的平台上的功能的激活,但是仅由被授权的一个特定服务提供商激活。
-
公开(公告)号:US08909940B2
公开(公告)日:2014-12-09
申请号:US12974244
申请日:2010-12-21
CPC分类号: G06F21/575
摘要: In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a non-volatile storage that is configured with full disk encryption (FDE), and storing the PBA image in a memory. Then a callback protocol can be performed between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image, the PBA image is executed if the integrity is confirmed, and otherwise it is deleted. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种从配置有全盘加密(FDE)的非易失性存储器获得预引导认证(PBA)图像并将PBA图像存储在存储器中的方法。 然后,可以在执行在芯片组的引擎上的加载器和提供PBA图像以确认PBA图像的完整性的第三方的完整性检查器之间执行回调协议,如果确认完整性则执行PBA图像;以及 否则删除。 描述和要求保护其他实施例。
-
147.发明授权Providing software distribution and update services regardless of the state or physical location of an end point machine 有权提供软件分发和更新服务,而不管端点机器的状态或物理位置公开(公告)号:US08893112B2
公开(公告)日:2014-11-18
申请号:US12642911
申请日:2009-12-21
申请人: Hormuzd M. Khosravi , Ajith K. Illendula , Ned M. Smith , Yasser Rasheed , Bryan K. Jorgensen , Tracie L. Zenti
发明人: Hormuzd M. Khosravi , Ajith K. Illendula , Ned M. Smith , Yasser Rasheed , Bryan K. Jorgensen , Tracie L. Zenti
摘要: In accordance with some embodiments, software may be downloaded to an end point, even when that said end point is not fully functional. An indication that software is available for distribution may be stored in a dedicated location within a non-volatile memory. That location may be checked for software to download, for example, on each boot up. The software may then be downloaded and verified. Thereafter, the location is marked to indicate that the software has already been downloaded.
摘要翻译: 根据一些实施例,即使当所述终点没有完全起作用时,也可以将软件下载到终端。 软件可用于分发的指示可以存储在非易失性存储器内的专用位置。 可以检查该位置,例如,在每次启动时软件进行下载。 然后可以下载和验证软件。 此后,该位置被标记为指示该软件已经被下载。
-
公开(公告)号:US20140283099A1
公开(公告)日:2014-09-18
申请号:US13994422
申请日:2013-03-14
申请人: Ned M. Smith , Thomas G. Willis
发明人: Ned M. Smith , Thomas G. Willis
IPC分类号: G06F21/57
CPC分类号: G06F21/577 , G06F11/00 , H04L61/2015 , H04L61/6095 , H04L63/04 , H04L67/22
摘要: Generally, this disclosure describes a system including a privacy aware DHCP service and a user device. The user device includes a trusted execution environment including a client privacy agent configured to request a first Internet Protocol (IP) address from a DHCP service and to determine a device privacy score based, at least in part, on a DHCP policy; memory comprising secure storage configured to store the first IP address; and communication circuitry configured to establish at least one connection between the user device and at least one entity over a network using the first IP address. The client privacy agent is configured to monitor communication activity over the connection(s), to update the device privacy score based, at least in part, on the communication activity, and to close the connection(s) if the device privacy score is outside an acceptable privacy score range, the acceptable privacy range bounded by a privacy threshold.
摘要翻译: 通常,本公开描述了包括隐私感知DHCP服务和用户设备的系统。 所述用户设备包括可信执行环境,所述可信执行环境包括被配置为从DHCP服务请求第一互联网协议(IP)地址并且至少部分地基于DHCP策略来确定设备隐私分数的客户端隐私代理; 存储器,其包括被配置为存储所述第一IP地址的安全存储器; 以及通信电路,被配置为使用所述第一IP地址通过网络在所述用户设备与至少一个实体之间建立至少一个连接。 客户端隐私代理被配置为监视通过连接的通信活动,以至少部分地基于通信活动来更新设备隐私分数,并且如果设备隐私分数在外部时关闭连接 可接受的隐私分数范围,由隐私阈值限定的可接受隐私范围。
-
149.发明申请公开(公告)号:US20140181995A1
公开(公告)日:2014-06-26
申请号:US14035559
申请日:2013-09-24
IPC分类号: G06F21/62
CPC分类号: G06F21/6254 , G06Q30/00 , G06Q30/02 , G06Q30/0241
摘要: Embodiments of the present disclosure are directed toward publication and/or removal of attributes in a multi-user computing environment. In some embodiments, a consumer information manager (CIM) associated with a user of a multi-user computing system may receive a notification, from a dimension authority (DA), of a decrease in a population count of users of the computing system who have published an attribute within the computing system, and may determine whether the user has published the attribute. In response to receiving the notification of the decrease and determining that the user has published the attribute, the CIM may determine a likelihood that continued publication of the attribute will enable identification of the user, compare the likelihood to a threshold, and, when the likelihood exceeds the threshold, remove the attribute from publication. Other embodiments may be disclosed and/or claimed.
摘要翻译: 本公开的实施例针对在多用户计算环境中的属性的发布和/或移除。 在一些实施例中,与多用户计算系统的用户相关联的消费者信息管理器(CIM)可以从维度机构(DA)接收具有计算系统的用户的群体数量减少的通知 在计算系统内发布了一个属性,并且可以确定用户是否已经发布了该属性。 响应于接收到减少的通知并确定用户已经发布属性,CIM可以确定继续发布该属性将使得能够识别用户,将可能性与阈值进行比较的可能性,以及当可能性 超过阈值,从发布中删除属性。 可以公开和/或要求保护其他实施例。
-
150.发明申请Privacy Enhanced Key Management For A Web Service Provider Using A Converged Security Engine 有权使用融合安全引擎的Web服务提供商的隐私增强密钥管理公开(公告)号:US20140181925A1
公开(公告)日:2014-06-26
申请号:US13721760
申请日:2012-12-20
CPC分类号: H04L9/0861 , G06F21/31 , G06F21/33 , G06F21/45 , H04L9/3234 , H04L63/0281 , H04L63/061 , H04L63/08 , H04L63/0815 , H04L63/0823 , H04L63/0838 , H04L63/1466 , H04L2209/127 , H04L2463/082
摘要: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器的安全引擎包括身份提供者逻辑,以生成密钥配对关联系统用户的第一密钥对和提供Web服务并具有通过网络耦合到系统的第二系统的服务提供者, 以执行与所述第二系统的安全通信,以使所述第二系统能够验证所述身份提供者逻辑在可信执行环境中正在执行,并且响应于所述验证,将所述第一密钥对的第一密钥发送到所述第二系统。 该密钥可以使得第二系统可以根据多因素认证来验证由身份提供者逻辑传达的断言,用户已被认证给系统。 描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
200 条记录 (耗时 0.035 秒)