-
公开(公告)号:US20160180080A1
公开(公告)日:2016-06-23
申请号:US14578730
申请日:2014-12-22
Applicant: Intel Corporation
Inventor: Nathan Heldt-Sheller , Ned M. Smith
IPC: G06F21/53
CPC classification number: G06F21/57 , G06F2221/031 , G06F2221/033 , G06F2221/2111 , H04L63/145
Abstract: In an embodiment, a system includes a processor having at least one core and a security engine, the security engine having a focus change logic to inform a trusted application to be executed in a trusted execution environment of a request for a focus change during execution of the trusted application, enable the focus change to occur during execution of the trusted application when allowed by the trusted application, and otherwise to prevent the focus change. Other embodiments are described and claimed.
Abstract translation: 在一个实施例中,系统包括具有至少一个核心和安全引擎的处理器,所述安全引擎具有聚焦改变逻辑,以便在受信任的执行环境中通知在可执行环境中执行焦点改变的请求 受信任的应用程序可以在可信应用程序执行期间发生焦点更改,而在受信任应用程序允许的情况下,可能会发生焦点更改,否则可能会阻止焦点更改。 描述和要求保护其他实施例。
-
公开(公告)号:US11832102B2
公开(公告)日:2023-11-28
申请号:US17740608
申请日:2022-05-10
Applicant: Intel Corporation
Inventor: Nathan Heldt-Sheller , Ned M. Smith
IPC: H04L29/06 , H04W12/50 , H04W12/084 , H04W12/60 , H04W12/06 , H04W12/08 , H04W12/71 , H04W12/77 , H04W84/18
CPC classification number: H04W12/084 , H04W12/06 , H04W12/50 , H04W12/66 , H04W84/18
Abstract: Various systems and methods for user-authorized onboarding of a device using a public authorization service are described herein. In an example, a 3-way authorization protocol is used to coordinate device onboarding among several Internet of Things (IoT) Fog users (e.g., devices in a common network topology or domain) with principles of least privilege. For instance, respective onboarding steps may be assigned for performance by different Fog ‘owners’ such as respective users and clients. Each owner may rely on a separate authorization protocol or user interaction to be notified of and to give approval for the specific onboarding actions(s) assigned. Further techniques for implementation and tracking such onboarding actions as part of an IoT network service are also disclosed.
-
公开(公告)号:US11818584B2
公开(公告)日:2023-11-14
申请号:US17531044
申请日:2021-11-19
Applicant: Intel Corporation
Inventor: Ned M. Smith , Nathan Heldt-Sheller
CPC classification number: H04W12/75 , H04W12/02 , H04W12/0471 , H04W12/06 , H04W12/71 , H04W76/10 , G06Q2220/00
Abstract: Various systems and methods for discovery and onboarding in an interconnected network framework of Internet of Things (IoT) devices are described. In an example, a technique for onboarding and provisioning a device onto an interconnected network framework includes operations to: receive a unique temporary device identifier from a device instance, the device instance indicating availability for onboarding onto a network; onboard the device instance onto the network; establish a secure session with the device instance via the network; receive, in the secure session, a secure device identifier; and initiate provisioning of the device instance in a secure directory based on the secure device identifier. In a further example, techniques are provided to securely identify and provision a second device instance (a doppelganger device instance) operating on a physical device that hosts both the first device instance and the second device instance.
-
公开(公告)号:US11546761B2
公开(公告)日:2023-01-03
申请号:US16609697
申请日:2018-05-08
Applicant: Intel Corporation
Inventor: Ned M. Smith , Nathan Heldt-Sheller
Abstract: Various systems and methods for implementing observe-notify callback context automation in a connected device framework are described herein. In an example, the techniques for context automation may include: expansion of RESTful permissions to include an OBSERVE command (e.g., as part of a CRUDON (Create, Retrieve, Update, Delete, Observe, Notify) command definition); configuration of a callback resource to implement the OBSERVE command; access control policies to implement the OBSERVE command; and OBSERVE registration events to be monitored within an access management service.
-
公开(公告)号:US11284259B2
公开(公告)日:2022-03-22
申请号:US16610835
申请日:2018-05-11
Applicant: Intel Corporation
Inventor: Ned M. Smith , Nathan Heldt-Sheller
IPC: H04L29/06 , H04W12/08 , H04W4/38 , G06F21/62 , H04L41/0893
Abstract: Various systems and methods for dynamic access policy provisioning in a connected device framework are described herein. In an example, the techniques for policy provisioning may include resource update access policy automation, directory resource access policy automation, or hidden resources access policy automation, as monitored and operated with an access management service (AMS). In an example, the AMS monitors resources to receive a notification when they change (520). If the change observed is an addition or deletion of a resource object (530), the AMS responds by performing security analysis of devices hosting the new resource(s) (540), which may further result in device onboarding actions (550). The AMS may further respond by evaluating link semantics to determine which other devices and resources may need updated access control list (ACL) policies (560).
-
Patent Agency Ranking
公开(公告)号:US10419438B2
公开(公告)日:2019-09-17
申请号:US14998275
申请日:2015-12-26
Applicant: Intel Corporation
Inventor: Ned M. Smith , Shao-Wen Yang , Nathan Heldt-Sheller , Thomas G. Willis
Abstract: In one embodiment, a method includes: presenting, in a user interface of an authoring tool, a plurality of levels of abstraction for a network having a plurality of devices; receiving information from a user regarding a subset of the plurality of devices to be provisioned with one or more security keys and an access control policy; automatically provisioning a key schedule for the subset of the plurality of devices in the network based on the user input and a topological context of the network; and automatically provisioning the access control policy for the subset of the plurality of devices in the network based on the user input and the topological context of the network.
-
17.发明授权公开(公告)号:US10244001B2
公开(公告)日:2019-03-26
申请号:US15259560
申请日:2016-09-08
Applicant: Intel Corporation
Inventor: Ned M. Smith , Mats G. Agerstam , Nathan Heldt-Sheller
Abstract: In one embodiment, a method includes receiving a first request from a first device to access a first resource of the system and determining whether to grant access to the first resource based on a first access control list stored in the system, the first access control list associated with the first device, the first device having a first relevance value, and based on the determination, granting the access to the first resource; and receiving a second request from a second device to access a second resource of the system and forwarding the second request to an access manager service coupled to the system to determine whether to grant access to the second resource based on a second access control list stored in the access manager service associated with the second device, the second device having a second relevance value, receive an access grant from the access manager service and based thereon, granting the access to the second resource.
-
公开(公告)号:US09900319B2
公开(公告)日:2018-02-20
申请号:US14951129
申请日:2015-11-24
Applicant: Intel Corporation
Inventor: Ned M. Smith , Nathan Heldt-Sheller
CPC classification number: H04L63/104 , H04L9/3263 , H04L63/0823 , H04L63/101 , H04L63/126 , H04L63/20
Abstract: Systems and techniques for resilient network construction using enhanced privacy identification are described herein. A group certificate may be generated for a first device group. The first device group may include a plurality of devices having a shared attribute. A request may be received from a device of the plurality of devices for a data exchange session with a data partner device. The data partner device may be included in a second device group. The data exchange session may be enabled based on a set of permissions related to the group certificate. The set of permissions may define, at least in part, the accessibility of the second device group to the first device group.
-
公开(公告)号:US20170374509A1
公开(公告)日:2017-12-28
申请号:US15480058
申请日:2017-04-05
Applicant: INTEL CORPORATION
Inventor: Ned M. Smith , Micah J. Sheller , Nathan Heldt-Sheller
Abstract: Various embodiments are generally directed to the provision and use of geometric location based security systems that use multiple beacons for determining a location. A beacon transmitted from an ultrasound broadcast as well as one or more different wireless broadcasts can be used to geo-locate a device and provide access controls based on the geo-location.
-
公开(公告)号:US09832172B2
公开(公告)日:2017-11-28
申请号:US14361759
申请日:2013-12-24
Applicant: Intel Corporation
Inventor: Ned M. Smith , Nathan Heldt-Sheller , Pablo A. Michelis , Vincent J. Zimmer , Matthew D. Wood , Richard T. Beckwith , Michael A. Rothman
IPC: H04L29/06 , G06F21/10 , H04N21/4405 , H04N21/4627 , G06F21/60
CPC classification number: H04L63/0428 , G06F21/10 , G06F21/60 , H04L63/0485 , H04L2463/101 , H04N21/4405 , H04N21/4627
Abstract: The present disclosure is directed to content protection for Data as a Service (DaaS). A device may receive encrypted data from a content provider via DaaS, the encrypted data comprising at least content for presentation on the device. For example, the content provider may utilize a secure multiplex transform (SMT) module in a trusted execution environment (TEE) module to generate encoded data from the content and digital rights management (DRM) data and to generate the encrypted data from the encoded data. The device may also comprise a TEE module including a secure demultiplex transform (SDT) module to decrypt the encoded data from the encrypted data and to decode the content and DRM data from the encoded data. The SMT and SDT modules may interact via a secure communication session to validate security, distribute decryption key(s), etc. In one embodiment, a trust broker may perform TEE module validation and key distribution.
-
-
-
-
-
-
-
-
-
Search Results
73
records
(took 0.026 seconds)
