公开(公告)号：US09648457B2

公开(公告)日：2017-05-09

申请号：US14572576

申请日：2014-12-16

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Micah J. Sheller ,  Nathan Heldt-Sheller

IPC: H04W12/08 ,  H04W4/02

CPC classification number: H04W4/021 ,  H04W12/08

Abstract: Various embodiments are generally directed to the provision and use of geometric location based security systems that use multiple beacons for determining a location. A beacon transmitted from an ultrasound broadcast as well as one or more different wireless broadcasts can be used to geo-locate a device and provide access controls based on the geo-location.

公开(公告)号：US09628477B2

公开(公告)日：2017-04-18

申请号：US14581659

申请日：2014-12-23

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  G06N99/00 ,  G06F21/31

CPC classification number: H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N99/005 ,  H04L63/0884 ,  H04L67/306

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

公开(公告)号：US09369441B2

公开(公告)日：2016-06-14

申请号：US14127533

申请日：2013-06-04

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep M. Pappachan ,  Krystof C. Zmudzinski ,  Micah J. Sheller

IPC: H04L29/06 ,  H04L9/14 ,  H04L9/32

CPC classification number: H04L63/0428 ,  H04L9/14 ,  H04L9/3223 ,  H04L63/062 ,  H04L63/08 ,  H04L2209/60

Abstract: The present disclosure is directed to an end-to-end secure communication system wherein, in addition to encrypting transmissions between clients, communication-related operations occurring within each client may also be secured. Each client may comprise a secure processing environment to process encrypted communication information received from other clients and locally-captured media information for transmission to other clients. The secure processing environment may include resources to decrypt received encrypted communication information and to process the communication information into media information for presentation by the client. The secure processing environment may also operate in reverse to provide locally recorded audio, image, video, etc. to other clients. Encryption protocols may be employed at various stages of information processing in the client to help ensure that information being transferred between the processing resources cannot be read, copied, altered, etc. In one example implementation, a server may manage interaction between clients, provision encryption keys, etc.

Abstract translation: 本公开涉及一种端到端安全通信系统，其中除了加密客户端之间的传输之外，还可以确保在每个客户端内发生的与通信相关的操作。 每个客户端可以包括用于处理从其他客户端接收的加密通信信息和本地捕获的媒体信息以便传输到其他客户端的安全处理环境。 安全处理环境可以包括用于解密所接收的加密通信信息并将通信信息处理成媒体信息以供客户呈现的资源。 安全处理环境也可以相反地操作，以向其他客户端提供本地记录的音频，图像，视频等。 可以在客户端的信息处理的各个阶段采用加密协议，以帮助确保在处理资源之间传递的信息不能被读取，复制，改变等。在一个示例实现中，服务器可以管理客户端之间的交互，提供加密 钥匙等

公开(公告)号：US20180341756A1

公开(公告)日：2018-11-29

申请号：US15982209

申请日：2018-05-17

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC: G06F21/31 ,  H04L9/32 ,  G06F21/53 ,  H04W12/06 ,  H04L29/06 ,  G06F21/41 ,  H04W88/02 ,  G06F21/88

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：US20180097822A1

公开(公告)日：2018-04-05

申请号：US15283389

申请日：2016-10-01

Applicant: Intel Corporation

Inventor： Yonghong Huang ,  Jason Martin ,  Micah J. Sheller ,  Cory Cornelius ,  Shih-han Wang

IPC: H04L29/06 ,  G06N3/04 ,  G06N3/08

CPC classification number: H04L63/1408 ,  G06F21/562 ,  G06F21/57 ,  G06N99/005

Abstract: Technologies for analyzing a Uniform Resource Locator (URL) include a multi-stage URL analysis system. The multi-stage URL analysis system analyzes the URL using a multi-stage analysis. In the first stage, the multi-stage URL analysis system analyzes the URL using an ensemble lexical analysis. In the second stage, the multi-stage URL analysis system analyzes the URL based on third-party detection results. In the third stage, the multi-stage URL analysis system analyzes the URL based on metadata related to the URL. The multi-stage URL analysis system advances the stages of analysis if a malicious classification score determined by each stage does not satisfy a confidence threshold. The URL may also be selected for additional rigorous analysis using selection criteria not used in by the analysis stages.

公开(公告)号：US09781113B2

公开(公告)日：2017-10-03

申请号：US14360161

申请日：2013-12-19

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Reshma Lal ,  Micah J. Sheller ,  Matthew E. Hoekstra

IPC: H04L29/06 ,  G06F21/10

CPC classification number: H04L63/10 ,  G06F21/10 ,  G06F2221/0708 ,  H04L67/42

Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.

公开(公告)号：US20170214526A1

公开(公告)日：2017-07-27

申请号：US15423975

申请日：2017-02-03

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Conor P. Cahill ,  Victoria C. Moore ,  Jason Martin ,  Micah J. Sheller

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0861 ,  G06F21/31 ,  G06F21/33 ,  G06F21/45 ,  H04L9/3234 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/1466 ,  H04L2209/127 ,  H04L2463/082

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

公开(公告)号：US09606940B2

公开(公告)日：2017-03-28

申请号：US14671222

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Micah J. Sheller ,  Bin Xing ,  Vincent R. Scarlata

IPC: G06F7/04 ,  G06F12/14 ,  G06F21/62

CPC classification number: G06F12/1458 ,  G06F21/51 ,  G06F21/57 ,  G06F21/6218 ,  G06F2212/1052

Abstract: An embodiment includes at least one machine readable medium on which is stored code that, when executed enables a system to initialize a trusted loader enclave (TL) and a measurement and storage manager enclave (MSM) within a memory of the system, to receive by the MSM a TL measurement of the TL from a trusted processor of the system, to determine whether to establish a secure channel between the MSM and the TL based at least in part on the TL measurement, and responsive to a determination to establish the secure channel, to establish the secure channel and store particular code in the TL. Additional embodiments are described and claimed.

公开(公告)号：US09160730B2

公开(公告)日：2015-10-13

申请号：US13994016

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Micah J. Sheller ,  Conor P. Cahill ,  Jason Martin ,  Ned M. Smith ,  Brandon Baker

IPC: G06F7/04 ,  G06F17/30 ,  G06F15/16 ,  H04L29/06 ,  G06F21/31 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2139 ,  H04L63/0861 ,  H04L67/14 ,  H04L67/24

Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

Abstract translation: 通常，本公开描述了连续认证置信模块。 系统可以包括用户设备，包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块，被配置为响应于特定用户的初始认证来确定置信度得分，至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度得分，并且通知操作 系统，如果更新的置信度分数在会话关闭阈值的容限内，认证不再有效; 所述初始认证被配置为打开会话，所述置信度分数被配置为指示所述会话期间的当前认证强度。

公开(公告)号：US09064109B2

公开(公告)日：2015-06-23

申请号：US13721760

申请日：2012-12-20

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Conor P. Cahill ,  Victoria C. Moore ,  Jason Martin ,  Micah J. Sheller

IPC: G06F17/30 ,  G06F21/45 ,  G06F21/31 ,  G06F21/33 ,  H04L29/06

CPC classification number: H04L9/0861 ,  G06F21/31 ,  G06F21/33 ,  G06F21/45 ,  H04L9/3234 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/1466 ,  H04L2209/127 ,  H04L2463/082

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器的安全引擎包括身份提供者逻辑，以生成密钥配对关联系统用户的第一密钥对和提供Web服务并具有通过网络耦合到系统的第二系统的服务提供者， 以执行与所述第二系统的安全通信，以使所述第二系统能够验证所述身份提供者逻辑在可信执行环境中正在执行，并且响应于所述验证​​，将所述第一密钥对的第一密钥发送到所述第二系统。 该密钥可以使得第二系统可以根据多因素认证来验证由身份提供者逻辑传达的断言，用户已被认证给系统。 描述和要求保护其他实施例。