公开(公告)号：US20170255194A1

公开(公告)日：2017-09-07

申请号：US15063210

申请日：2016-03-07

Applicant: Intel Corporation

Inventor： RAJESH POORNACHANDRAN ,  NED M. SMITH ,  VINCENT J. ZIMMER

IPC: G05D1/00 ,  G07C5/00 ,  H04L29/06 ,  H04W4/02 ,  G06F21/10 ,  B64C39/02 ,  H04W12/06

CPC classification number: H04L63/20 ,  B64C39/024 ,  B64C2201/141 ,  G05D1/0022 ,  G06F21/10 ,  G07C5/008 ,  G08G5/0013 ,  G08G5/006 ,  G08G5/0069 ,  G08G5/0086 ,  H04L63/08 ,  H04L63/102 ,  H04W4/021 ,  H04W12/06 ,  H04W12/08

Abstract: Apparatuses, methods and storage medium associated with reverse DRM geo-fencing are disclosed. In embodiments, an UAV may comprise sensors to provide sensor data for aerial operation over or near a geographic area, and collect sensor data of a target within the geographic area, and a reverse DRM geo-fence policy enforcement manager to enforce reverse DRM geo-fence policies on operation of the sensors while the UAV operates over/near the geographic area. In other embodiments, a base station may include a reverse DRM geo-fence policy generator to instruct an UAV to enforce reverse DRM geo-fence policies on operation of sensors of the UAV on collecting sensor data of the target within the geographic area while the UAV operates over or near the geographic area. Other embodiments may be disclosed or claimed.

公开(公告)号：US20170039389A1

公开(公告)日：2017-02-09

申请号：US15039021

申请日：2013-12-24

Applicant: INTEL CORPORATION

Inventor： NED M. SMITH ,  NATHAN HELDT-SHELLER ,  THOMAS G. WILLIS

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F17/00 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6263 ,  G06Q30/02

Abstract: This disclosure is directed to privacy enforcement via localized personalization. An example device may comprise at least a user interface to present content. A message may be received into a trusted execution environment (TEE) situated within the device or remotely, the message including at least metadata and content. The TEE may determine relevance of the content to a user based on the metadata and user data. Based on the relevance, the TEE may cause the content to be presented to the user via the user interface. In one embodiment, the TEE may be able to personalize the content based on the user data prior to presentation. If the content includes an offer, the TEE may also be able to present counteroffers to the user based on user interaction with the content. The TEE may also be able to cause feedback data to be transmitted to at least the content provider.

Abstract translation: 本公开旨在通过本地化个性化进行隐私执行。 示例性设备可以至少包括用于呈现内容的用户界面。 消息可以被接收到位于设备内或远程的可信任执行环境（TEE）中，该消息至少包括元数据和内容。 TEE可以基于元数据和用户数据确定内容与用户的相关性。 基于相关性，TEE可能会通过用户界面将内容呈现给用户。 在一个实施例中，TEE可以在呈现之前基于用户数据来个性化内容。 如果内容包括报价，则TEE也可以基于用户与内容的交互来向用户呈现反作者。 TEE也可能导致反馈数据被传送到至少内容提供者。

公开(公告)号：US20160365975A1

公开(公告)日：2016-12-15

申请号：US14863043

申请日：2015-09-23

Applicant: Intel Corporation

Inventor： NED M. SMITH

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0833 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0841 ,  H04L63/065 ,  H04L63/0869 ,  H04L2463/062

Abstract: An embodiment includes receiving, in a first key management device (KMD) of a first autonomous network associated with a first realm, a request for a group key to enable content to be shared between one or more first devices of the first autonomous network and one or more second devices of a second autonomous network associated with a second realm, the second autonomous network having a second KMD; creating the group key and providing the group key to the one or more first devices from the first KMD; establishing a temporal key to be used to establish a secure channel between the first KMD and the second KMD; and delivering the group key to the second KMD from the first KMD via the secure channel, to enable the second KMD to provide the group key to the one or more second devices. Other embodiments are addressed herein.

Abstract translation: 实施例包括在与第一领域相关联的第一自主网络的第一密钥管理设备（KMD）中接收对组密钥的请求，以使得能够在第一自主网络的一个或多个第一设备和一个 或更多与第二领域相关联的第二自主网络的第二设备，所述第二自主网络具有第二KMD; 创建组密钥并将组密钥提供给来自第一KMD的一个或多个第一设备; 建立用于在第一KMD和第二KMD之间建立安全通道的时间密钥; 以及经由所述安全通道从所述第一KMD将所述组密钥递送到所述第二KMD，以使得所述第二KMD能够将组密钥提供给所述一个或多个第二设备。 其他实施例在这里被解决。

公开(公告)号：US20160248809A1

公开(公告)日：2016-08-25

申请号：US14628016

申请日：2015-02-20

Applicant: Intel Corporation

Inventor： NED M. SMITH ,  ABHILASHA BHARGAV-SPANTZEL ,  ODED BAR-EL

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/06 ,  H04L63/105 ,  H04L63/107 ,  H04L63/205 ,  H04W12/08

Abstract: Methods and apparatus to process data based on automatically detecting a security environment are disclosed. An example apparatus includes an input device, an environment identifier, a security level selector, and a secure data processor. The input device captures information indicating a physical environment in which the computing device is located. The environment identifier identifies a security environment based on the captured information and a security policy, the security policy defining the security environment and security levels. The security level selector selects, based on the security environment, one of the security levels to be authorized at the computing device within the security environment. The secure data processor processes data based on the selected security level.

Abstract translation: 公开了基于自动检测安全环境来处理数据的方法和装置。 示例性设备包括输入设备，环境标识符，安全级别选择器和安全数据处理器。 输入设备捕获指示计算设备所在的物理环境的信息。 环境标识符基于捕获的信息和安全策略来识别安全环境，安全策略定义安全环境和安全级别。 安全级别选择器基于安全环境选择在安全环境内在计算设备处被授权的安全级别之一。 安全数据处理器基于所选择的安全级别来处理数据。

公开(公告)号：US20190013940A1

公开(公告)日：2019-01-10

申请号：US15973172

申请日：2018-05-07

Applicant: INTEL CORPORATION

Inventor： WILLIAM C. DELEEUW ,  NED M. SMITH

IPC: H04L9/08 ,  G06F21/62 ,  G06F7/58 ,  H04L29/06

CPC classification number: H04L9/0869 ,  G06F7/582 ,  G06F21/6218 ,  H04L63/0428 ,  H04L67/1002 ,  H04L2209/24

Abstract: Various embodiments are directed to techniques for controlling access to data in a decentralized manner. An apparatus includes an apportioning component to divide an item of data into multiple portions based on an organizational structure of the item of data; a tree component to generate a PRN tree including a multitude of nodes and a branching structure based on the organizational structure, the multitude including at least one branching node and multiple leaf nodes that correspond to the multiple portions; a PRN component to generate a PRN for each node of the multitude, the PRN component to use a PRN of a branching node of the PRN tree to generate a PRN for a leaf node that depends therefrom; and a communications component to transmit the multiple portions and multiple addresses based on PRNs of leaf nodes of the PRN tree to a server. Other embodiments are described and claimed.

公开(公告)号：US20170244684A1

公开(公告)日：2017-08-24

申请号：US15451600

申请日：2017-03-07

Applicant: Intel Corporation

Inventor： NED M. SMITH ,  CONOR P. CAHILL ,  MICAH J. SHELLER ,  JASON MARTIN

IPC: H04L29/06

CPC classification number: H04L63/06 ,  G06F21/32 ,  G06F21/62 ,  G06F21/78 ,  H04L63/0861

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

公开(公告)号：US20170170966A1

公开(公告)日：2017-06-15

申请号：US15431479

申请日：2017-02-13

Applicant: Intel Corporation

Inventor： NITIN V. SARANGDHAR ,  DANIEL NEMIROFF ,  NED M. SMITH ,  ERNIE BRICKELL ,  JIANGTAO LI

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3234 ,  G06F21/57 ,  G06F21/64 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3263 ,  H04L2209/127

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

公开(公告)号：US20160182228A1

公开(公告)日：2016-06-23

申请号：US14580681

申请日：2014-12-23

Applicant: Intel Corporation

Inventor： NED M. SMITH ,  WILLIAM C. DELEEUW ,  THOMAS G. WILLIS

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0841 ,  H04L9/002 ,  H04L9/3215 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/1475

Abstract: A data processing system (DPS) supports exchange of digital keys. The DPS comprises a communication module which, when executed by the DPS, is operable to receive, via multiple different network routes, multiple copies of a seed message from a second DPS, as part of a Diffie-Hellman key exchange process with the second DPS, wherein each copy of the seed message includes a seed value. The DPS also comprises a security module which, when executed by the DPS, is operable to perform operations comprising (a) determining a prevalent seed value, based on the multiple copies of the seed message; (b) computing a prevalence metric to indicate how many of the seed messages contained the prevalent seed value; and (c) determining whether a seed exchange portion of the Diffie-Hellman key exchange process has been successfully performed, based on the prevalence metric. Other embodiments are described and claimed.

Abstract translation: 数据处理系统（DPS）支持数字键的交换。 DPS包括通信模块，当由DPS执行时，该通信模块可操作以经由多个不同网络路由从第二DPS接收种子消息的多个副本，作为与第二DPS的Diffie-Hellman密钥交换过程的一部分 ，其中种子消息的每个副本包括种子值。 DPS还包括一个安全模块，当由DPS执行时，该模块可操作以执行操作，该操作包括：（a）基于种子消息的多个副本来确定普遍的种子值; （b）计算流行度量以指示种子消息中有多少含有普遍种子值; 以及（c）基于流行度量确定是否成功地执行了Diffie-Hellman密钥交换过程的种子交换部分。 描述和要求保护其他实施例。

公开(公告)号：US20160134602A1

公开(公告)日：2016-05-12

申请号：US14534476

申请日：2014-11-06

Applicant: Intel Corporation

Inventor： RAJESH POORNACHANDRAN ,  SAURABH DADU ,  NED M. SMITH

IPC: H04L29/06 ,  G06F17/24

CPC classification number: H04L63/062 ,  G06F17/241 ,  G06F21/12 ,  H04L63/0428

Abstract: Generally, this disclosure provides systems, methods and computer readable media for secure sharing of user annotated subscription media content with trusted devices. The shared content may include user specified snapshots of the media along with user supplied annotations. The system may include a host processor configured to arrange a secure session with a server and to receive the subscription media content from the server in an encrypted format. The system may also include a trusted execution environment (TEE) comprising a secure processor and secure storage configured to decrypt and store the media content, based on a content encryption key obtained from the server. The system may further be configured to: receive a snapshot frame request and annotations from the user; generate a composite image of the snapshot and an overlay including the annotations; and encrypt the composite image for sharing with other users.

Abstract translation: 通常，本公开提供用于用可信设备安全共享用户带注释的订阅媒体内容的系统，方法和计算机可读介质。 共享内容可以包括用户指定的媒体快照以及用户提供的注释。 该系统可以包括被配置为与服务器安排安全会话并且以加密格式从服务器接收订阅媒体内容的主机处理器。 该系统还可以包括基于从服务器获得的内容加密密钥，包括安全处理器和被配置为解密和存储媒体内容的安全存储器的可信执行环境（TEE）。 系统还可以被配置为：从用户接收快照帧请求和注释; 生成快照的合成图像和包含注释的叠加图像; 并加密合成图像以与其他用户共享。

公开(公告)号：US20160105430A1

公开(公告)日：2016-04-14

申请号：US14883756

申请日：2015-10-15

Applicant: Intel Corporation

Inventor： NED M. SMITH

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/51

CPC classification number: H04L63/0853 ,  G06F21/51 ,  G06F21/54 ,  G06F21/57 ,  G06F2221/2107 ,  H04L9/0872 ,  H04L29/08135 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/061 ,  H04L63/20 ,  H04L2209/127

Abstract: Devices, systems, and methods for conducting trusted computing tasks on a distributed computer system are described. In some embodiments, a client device initiates a trusted task for execution within a trusted execution environment of a remote service provider. The devices, systems, and methods may permit the client to evaluate the trusted execution capabilities of the service provider via a planning and attestation process, prior to sending data/code associated with the trusted task to the service provider for execution. Execution of the trusted task may be performed while enforcing security and/or compartmentalization context on the data/code. Systems and methods for managing and exchanging encryption keys are also described. Such systems and methods may be used to maintain the security of the data/code before during, and/or after the execution of the trusted task.

Abstract translation: 描述了用于在分布式计算机系统上执行可信计算任务的设备，系统和方法。 在一些实施例中，客户端设备发起可信任的任​​务以在远程服务提供商的受信任执行环境内执行。 设备，系统和方法可以允许客户端在将与可信任任务相关联的数据/代码发送到服务提供商以执行之前，通过计划和认证过程来评估服务提供商的可信执行能力。 可以在对数据/代码执行安全性和/或分区上下文的同时执行可信任务的执行。 还描述了用于管理和交换加密密钥的系统和方法。 这样的系统和方法可以用于在可信任任务的执行期间和/或之后维护数据/代码的安全性。