公开(公告)号：US09436838B2

公开(公告)日：2016-09-06

申请号：US13721912

申请日：2012-12-20

Applicant: Intel Corporation

Inventor： Hong C. Li ,  Mark D. Boucher ,  Conor P. Cahill ,  Manohar R. Castelino ,  Steve Orrin ,  Vinay Phegade ,  John E. Simpson, Jr.

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/20 ,  G06F21/602 ,  G06F21/62 ,  G06F2221/2111 ,  H04L63/107

Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.

Abstract translation: 装置，系统和方法可以提供浏览器界面来检测网页内容来操纵本地数据存储中的数据的尝试。 此外，如果数据可远程访问，则数据可以分类为类别。 此外，安全策略可以基于该类别应用于数据。 在一个示例中，分离器可以基于类别将数据与其他数据分离，可以基于类别来加密/解密数据，和/或上下文信息，并且可以确定用户输入，以进一步基于 上下文信息和用户输入。

公开(公告)号：US20150373007A1

公开(公告)日：2015-12-24

申请号：US14838731

申请日：2015-08-28

Applicant: Intel Corporation

Inventor： Micah J. Sheller ,  Conor P. Cahill ,  Jason Martin ,  Ned M. Smith ,  Brandon Baker

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/31

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2139 ,  H04L63/0861 ,  H04L67/14 ,  H04L67/24

Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

Abstract translation: 通常，本公开描述了连续认证置信模块。 系统可以包括用户设备，包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块，被配置为响应于特定用户的初始认证来确定置信度得分，至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度得分，并且通知操作 系统，如果更新的置信度分数在会话关闭阈值的容限内，认证不再有效; 所述初始认证被配置为打开会话，所述置信度分数被配置为指示所述会话期间的当前认证强度。

公开(公告)号：US09871779B2

公开(公告)日：2018-01-16

申请号：US14838731

申请日：2015-08-28

Applicant: Intel Corporation

Inventor： Micah J. Sheller ,  Conor P. Cahill ,  Jason Martin ,  Ned M. Smith ,  Brandon Baker

IPC: G06F21/31 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2139 ,  H04L63/0861 ,  H04L67/14 ,  H04L67/24

Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

公开(公告)号：US09628478B2

公开(公告)日：2017-04-18

申请号：US14812514

申请日：2015-07-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Conor P. Cahill ,  Micah J. Sheller ,  Jason Martin

IPC: G06F21/32 ,  G06F21/60 ,  G06F21/78 ,  H04L29/06 ,  G06F21/62

CPC classification number: H04L63/06 ,  G06F21/32 ,  G06F21/62 ,  G06F21/78 ,  H04L63/0861

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

公开(公告)号：US20170012983A1

公开(公告)日：2017-01-12

申请号：US15098524

申请日：2016-04-14

Applicant: INTEL CORPORATION

Inventor： Ned M. SMITH ,  Conor P. Cahill ,  Jason Martin ,  Abhilasha Bhargav-Spantzel ,  Sanjay Bakshi

IPC: H04L29/06

CPC classification number: H04L63/10 ,  G06F21/45 ,  G06F21/6218 ,  G06F2221/2111 ,  H04L63/0876 ,  H04L63/20

Abstract: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.

Abstract translation: 描述了一种用于促进根据一个实施例的资源的基于上下文的访问控制的机制。 如本文所述的实施例的方法包括接收访问多个资源的资源的第一请求。 第一请求可以与对应于在计算设备处放置第一请求的用户相关联的一个或多个上下文相关联。 该方法还可以包括评估一个或多个上下文。 一个或多个上下文的评估可以包括将一个或多个上下文与与所请求的资源相关联的一个或多个访问策略进行匹配。 该方法还可以包括：如果一个或多个上下文满足访问策略中的至少一个，则接受第一请求。

公开(公告)号：US20160359921A1

公开(公告)日：2016-12-08

申请号：US15241658

申请日：2016-08-19

Applicant: Intel Corporation

Inventor： Hong C. Li ,  Mark D. Boucher ,  Conor P. Cahill ,  Manohar R. Castelino ,  Steve Orrin ,  Vinay Phegade ,  John E. Simpson, JR.

IPC: H04L29/06 ,  G06F21/60

CPC classification number: H04L63/20 ,  G06F21/602 ,  G06F21/62 ,  G06F2221/2111 ,  H04L63/107

Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.

Abstract translation: 装置，系统和方法可以提供浏览器界面来检测网页内容来操纵本地数据存储中的数据的尝试。 此外，如果数据可远程访问，则数据可以分类为类别。 此外，安全策略可以基于该类别应用于数据。 在一个示例中，分离器可以基于类别将数据与其他数据分离，可以基于类别来加密/解密数据，和/或上下文信息，并且可以确定用户输入，以进一步基于 上下文信息和用户输入。

公开(公告)号：US09137247B2

公开(公告)日：2015-09-15

申请号：US13995247

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Conor P. Cahill ,  Micah J. Sheller ,  Jason Martin

IPC: G06F21/00 ,  G06F11/30 ,  H04L29/06 ,  G06F21/32 ,  G06F21/78

CPC classification number: H04L63/06 ,  G06F21/32 ,  G06F21/62 ,  G06F21/78 ,  H04L63/0861

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

Abstract translation: 通常，本公开描述了用于安全地存储和使用生物测定认证信息（诸如生物测定参考模板）的技术。 在一些实施例中，技术包括将一个或多个生物测定参考模板存储在其存储器中的客户端设备。 客户端设备可以将这样的模板传送到认证设备。 传输可以根据认证设备包括用于模板的合适的受保护环境并将执行可接受的临时存储策略的验证。 这些技术还可以包括认证设备，其被配置为在其受保护的环境中临时存储从客户端设备接收的生物测定参考模板。 在完成生物认证或发生终止事件时，认证设备可以从受保护的环境中删除生物测定参考模板。