公开(公告)号：US20170185776A1

公开(公告)日：2017-06-29

申请号：US14998065

申请日：2015-12-24

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Ravi L. Sahita ,  Mark W. Shanahan ,  Karanvir S. Grewal ,  Nitin V. Sarangdhar ,  Carlos V. Rozas ,  Bo Zhang ,  Shanwei Cen

IPC: G06F21/56 ,  G06F12/08 ,  G06F12/14 ,  G06F9/455

CPC classification number: G06F12/145 ,  G06F9/45558 ,  G06F21/575 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2221/034

Abstract: Systems, apparatuses and methods may provide for verifying, from outside a trusted computing base of a computing system, an identity an enclave instance prior to the enclave instance being launched in the trusted computing base, determining a memory location of the enclave instance and confirming that the memory location is local to the computing system. In one example, the enclave instance is a proxy enclave instance, wherein communications are conducted with one or more additional enclave instances in the trusted computing base via the proxy enclave instance and an unencrypted channel.

公开(公告)号：US20160284091A1

公开(公告)日：2016-09-29

申请号：US14672054

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Nitin V. Sarangdhar ,  Terry H. Pilsner

IPC: G06T7/00 ,  G06K9/00 ,  G01B11/14

CPC classification number: G06K9/00268 ,  G01B11/14 ,  G06K9/00604

Abstract: Particular embodiments described herein provide for an electronic device that includes a distance detector that can determine a distance between the distance detector and an object and a scanner. The scanner is not activated if the distance is less than a predetermined distance. In one example, the object is a user and the scanner is an iris scanner.

Abstract translation: 本文描述的特定实施例提供了一种电子设备，其包括能够确定距离检测器与物体和扫描仪之间的距离的距离检测器。 如果距离小于预定距离，则扫描仪不被激活。 在一个示例中，对象是用户，扫描仪是虹膜扫描器。

公开(公告)号：US20160283425A1

公开(公告)日：2016-09-29

申请号：US14671465

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Nitin V. Sarangdhar ,  Steven B. McGowan ,  Raul Gutierrez ,  Karthi R. Vadivelu

IPC: G06F13/362 ,  G06F13/42 ,  G06F13/40

CPC classification number: G06F13/362 ,  G06F13/4068 ,  G06F13/4282

Abstract: An apparatus is described herein. The apparatus includes a Universal Serial Bus (USB) component and a controller interface. The controller interface is to allocate register space for interfacing with the USB component and the USB component is virtualized into multiple instantiations. The apparatus also includes a secure environment, and the secure environment further virtualizes the multiple instantiations such that the multiple instantiations are owned by the secure environment.

Abstract translation: 这里描述了一种装置。 该装置包括通用串行总线（USB）组件和控制器接口。 控制器接口是分配与USB组件接口的寄存器空间，并将USB组件虚拟化为多个实例。 该装置还包括安全环境，并且安全环境进一步虚拟化多个实例，使得多个实例由安全环境所拥有。

公开(公告)号：US10089247B2

公开(公告)日：2018-10-02

申请号：US15282647

申请日：2016-09-30

Applicant: INTEL CORPORATION

Inventor： Nitin V. Sarangdhar ,  Baiju V. Patel ,  Tin-Cheung Kung ,  Joseph F. Cihula ,  Prashant Sethi ,  Vinay Kumar Rangineni

IPC: G06F13/00 ,  G06F12/14 ,  G06F12/02 ,  G06F13/28 ,  G06F13/16 ,  G06F9/455 ,  G06F21/57

Abstract: One embodiment provides an apparatus. The apparatus includes an input output memory management unit (I/O MMU), a non-secure operating system (OS) driver, a secure OS driver and a virtual machine monitor (VMM). The I/OMMU is to couple an I/O Controller to a memory. The I/O Controller is coupled to a secure device and a non-secure device and has one I/O Controller identifier. The non-secure OS driver is associated with the non-secure device. The secure OS driver is associated with the secure device. The VMM is to allocate a secure address space to a secure OS and a non-secure address space to a non-secure OS. The secure address space is non-overlapping with the non-secure address space.

公开(公告)号：US20180279449A1

公开(公告)日：2018-09-27

申请号：US15984624

申请日：2018-05-21

Applicant: Intel Corporation

Inventor： Nitin V. Sarangdhar ,  Victoria C. Moore ,  Kumar Narasimhan Dwarakanath

IPC: H05B37/02 ,  H04N5/33 ,  H05B33/08 ,  G06F21/32 ,  G08B21/18 ,  G08B5/36 ,  G06F21/82

CPC classification number: H05B37/0227 ,  G06F21/32 ,  G06F21/82 ,  G08B5/36 ,  G08B21/182 ,  H04N5/33 ,  H05B33/0842 ,  H05B37/0281 ,  Y02B20/42

Abstract: Disclosed in some examples are devices, methods, and machine-readable mediums for reliable control of IR LEDs. In some examples, a microcontroller running firmware controls whether the LED is activated or not by use of a disable signal. The microcontroller enables or disables the operation of the LED based upon a user's proximity to the LED, a watchdog timer, and a confirmation that only trusted software is executing.

公开(公告)号：US10079684B2

公开(公告)日：2018-09-18

申请号：US14974893

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Ansuya Negi ,  Nitin V. Sarangdhar ,  Ulhas S. Warrier ,  Ramkumar Venkatachary ,  Ravi L. Sahita ,  Scott H. Robinson ,  Karanvir S. Grewal

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3231 ,  H04L9/0816 ,  H04L9/0825

Abstract: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.

公开(公告)号：US09977888B2

公开(公告)日：2018-05-22

申请号：US14978578

申请日：2015-12-22

Applicant: Intel Corporation

Inventor： Nitin V. Sarangdhar ,  Raul Gutierrez

IPC: G06F21/00 ,  G06F21/32 ,  G06F21/62

CPC classification number: G06F21/32 ,  G06F21/62

Abstract: Systems and techniques for privacy protected input-output port control are described herein. In an example, an indication may be obtained that a protected port is disabled. A set of application attributes stored in a secure memory location may be compared to a set of attested application attributes to create a verification flag. At least one port attribute of the protected port may be obtained based on the verification flag. The protected port may be enabled using the at least one port attribute. Other examples, for controlling an input-output port using computer firmware and trusted execution techniques are further disclosed.

公开(公告)号：US20180095900A1

公开(公告)日：2018-04-05

申请号：US15282647

申请日：2016-09-30

Applicant: INTEL CORPORATION

Inventor： Nitin V. Sarangdhar ,  Baiju V. Patel ,  Tin-Cheung Kung ,  Joseph F. Cihula ,  Prashant Sethi ,  Vinay Kumar Rangineni

IPC: G06F12/14 ,  G06F12/02 ,  G06F13/28 ,  G06F13/16 ,  G06F9/455

CPC classification number: G06F12/1425 ,  G06F9/45558 ,  G06F12/0223 ,  G06F13/1668 ,  G06F13/28 ,  G06F21/57 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1052

Abstract: One embodiment provides an apparatus. The apparatus includes an input output memory management unit (I/O MMU), a non-secure operating system (OS) driver, a secure OS driver and a virtual machine monitor (VMM). The I/OMMU is to couple an I/O Controller to a memory. The I/O Controller is coupled to a secure device and a non-secure device and has one I/O Controller identifier. The non-secure OS driver is associated with the non-secure device. The secure OS driver is associated with the secure device. The VMM is to allocate a secure address space to a secure OS and a non-secure address space to a non-secure OS. The secure address space is non-overlapping with the non-secure address space.

公开(公告)号：US09594969B1

公开(公告)日：2017-03-14

申请号：US14945652

申请日：2015-11-19

Applicant: Intel Corporation

Inventor： Ansuya Negi ,  Nitin V. Sarangdhar

IPC: G01J5/00 ,  G06K9/00 ,  H04N5/225 ,  H04N5/33 ,  G06K9/52 ,  G06T7/60 ,  G06K9/46

CPC classification number: G06K9/00906 ,  G06K9/00604 ,  G06K9/00617 ,  G06K9/2018 ,  G06K9/4661 ,  G06K9/52 ,  H04N5/2256 ,  H04N5/33

Abstract: This disclosure pertains to iris recognition including liveness testing. A device may perform iris recognition with testing to check liveness. Sensing circuitry in the device may comprise an IR sensor and IR emitter to generate a uniform IR emission and a pulsed IR emission. Sensor data based on the uniform IR emission may be used for iris recognition, which may be confirmed by at least one test confirming that real eyes are being analyzed and not spoof data. For example, a determination may be made as to whether a light reflection is visible in images captured by the IR sensor, whether the light reflection is aligned and/or synchronized with an eye center and/or iris center, whether a portion of the iris visible in the captured images changes from image to image, whether the images show that a pupil of the eye is reactive to the pulsed IR emissions, etc.

Abstract translation: 本公开涉及虹膜识别，包括活性测试。 设备可以通过测试执行虹膜识别以检查活动。 器件中的感测电路可以包括IR传感器和IR发射器，以产生均匀的IR发射和脉冲IR发射。 基于均匀红外发射的传感器数据可用于虹膜识别，这可以通过至少一个测试来确认，以确认正在分析真实眼睛并且不欺骗数据。 例如，可以确定在由IR传感器拍摄的图像中光反射是否可见，光反射是否与眼睛中心和/或虹膜中心对准和/或同步，无论虹膜的一部分 所捕获的图像中可见的图像是否从图像变为图像，图像是否显示眼睛的瞳孔对脉冲的红外发射等有反应。

公开(公告)号：US09594910B2

公开(公告)日：2017-03-14

申请号：US14229708

申请日：2014-03-28

Applicant: Intel Corporation

Inventor： Nitin V. Sarangdhar ,  Robert J. Royer, Jr. ,  Eng Hun Ooi ,  Brian R. McFarlane ,  Mukesh Kataria

IPC: G06F9/44 ,  G06F11/14 ,  G06F21/57

CPC classification number: G06F21/572 ,  G06F9/4403 ,  G06F9/4406 ,  G06F9/4411 ,  G06F11/1417 ,  G06F21/57 ,  G06F21/575 ,  G06F2212/1052 ,  G06F2221/03 ,  G06F2221/033

Abstract: A hardware platform includes a nonvolatile storage device that can store system firmware as well as code for the primary operating system for the hardware platform. The hardware platform includes a controller that determines the hardware platform lacks functional firmware to boot the primary operating system from the storage device. The controller accesses a firmware image from an external interface that interfaces a device external to the hardware platform, where the external device is a firmware image source. The controller provisions the firmware from the external device to the storage device and initiates a boot sequence from the provisioned firmware.

Abstract translation: 硬件平台包括可以存储系统固件的非易失性存储设备以及用于硬件平台的主操作系统的代码。 硬件平台包括一个确定硬件平台的控制器缺乏从存储设备引导主操作系统的功能固件。 控制器从外部接口访问固件映像，该外部接口将硬件平台外部的设备连接到外部设备是固件映像源。 控制器将固件从外部设备提供给存储设备，并从配置的固件启动启动顺序。