公开(公告)号：US20240305616A1

公开(公告)日：2024-09-12

申请号：US18435546

申请日：2024-02-07

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Seosamh O'Riordain ,  Ned M. Smith ,  Tarun Viswanathan

IPC: H04L9/40 ,  G06F9/4401 ,  G06F9/455 ,  G06F9/46 ,  G06F9/50 ,  G06F21/53 ,  G06F21/57 ,  G06F21/62

CPC classification number: H04L63/06 ,  G06F9/4401 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/468 ,  G06F9/5077 ,  G06F21/53 ,  G06F21/57 ,  G06F21/6209 ,  H04L63/0435 ,  H04L63/062 ,  H04L63/083 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

公开(公告)号：US11936637B2

公开(公告)日：2024-03-19

申请号：US18047934

申请日：2022-10-19

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Seosamh O'Riordain ,  Ned M. Smith ,  Tarun Viswanathan

IPC: H04L9/40 ,  G06F9/4401 ,  G06F9/455 ,  G06F9/46 ,  G06F9/50 ,  G06F21/53 ,  G06F21/57 ,  G06F21/62

CPC classification number: H04L63/06 ,  G06F9/4401 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/468 ,  G06F9/5077 ,  G06F21/53 ,  G06F21/57 ,  G06F21/6209 ,  H04L63/0435 ,  H04L63/062 ,  H04L63/083 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

公开(公告)号：US20210021484A1

公开(公告)日：2021-01-21

申请号：US17033557

申请日：2020-09-25

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Timothy Verrall ,  Ned M. Smith ,  Tarun Viswanathan ,  Kshitij Doshi ,  Francesc Guim Bernat ,  John J. Browne ,  Katalin Bartfai-Walcott ,  Maryam Tahhan ,  Eoin Walsh ,  Damien Power

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/26

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to schedule workloads based on secure edge to device telemetry by calculating a difference between a first telemetric data received from a first hardware device and an operating parameter and computing an adjustment for a second hardware device based on the difference between the first telemetric data and the operating parameter.

公开(公告)号：US20180357099A1

公开(公告)日：2018-12-13

申请号：US15617375

申请日：2017-06-08

Applicant: Intel Corporation

Inventor： John J. Browne ,  Tomasz Kantecki ,  Eoin Walsh ,  Maryam Tahhan ,  Timothy Verrall ,  Tarun Viswanathan ,  Rory Browne

IPC: G06F9/50 ,  G06F9/48 ,  G06F9/455

CPC classification number: G06F9/5005 ,  G06F9/45504 ,  G06F9/4881

Abstract: Particular embodiments described herein provide for a network element that can be configured to determine a pre-execution performance test, where the pre-execution performance test is at least partially based on requirements for a process to be executed, cause the pre-execution performance test to be executed on a platform before the process is executed on the platform, where the platform is a dynamically allocated group of resources, analyze results of the pre-execution performance test, and cause the process to be executed on the platform if the results of the pre-execution performance test satisfy a condition. In an example, the process is a virtual network function.

公开(公告)号：US20160315974A1

公开(公告)日：2016-10-27

申请号：US15051130

申请日：2016-02-23

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan D. Ross ,  Eran Birk

IPC: H04L29/06

CPC classification number: H04L63/205 ,  H04L63/08 ,  H04L63/105

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

Abstract translation: 为多个企业应用程序提供基于策略的安全容器的技术包括客户端计算设备和企业策略服务器。 客户端计算设备向企业策略服务器发送设备属性信息和企业应用访问请求。 企业策略服务器根据设备属性信息和基于企业应用的数据敏感性级别来确定设备信任级别，并根据设备信任级别和数据敏感级别向客户端计算设备发送安全策略。 客户端计算设备引用或创建用于安全策略的安全容器，将企业应用程序添加到安全容器，并在安全容器中执行企业应用程序时实施安全策略。 可以向每个安全容器添加多个企业应用程序。 描述和要求保护其他实施例。

公开(公告)号：US20160080393A1

公开(公告)日：2016-03-17

申请号：US14951654

申请日：2015-11-25

Applicant: Intel Corporation

Inventor： Keith Shippy ,  Tobias Kohlenberg ,  Mubashir Mian ,  Ned Smith ,  Omer Ben-Shalom ,  Tarun Viswanathan ,  Dennis Morgan ,  Timothy Verrall ,  Manish Dave ,  Eran Birk

IPC: H04L29/06

CPC classification number: H04L63/105 ,  G06F21/316 ,  G06F2221/2105 ,  G06F2221/2113 ,  H04L63/08 ,  H04L2463/082 ,  H04W12/06 ,  H04W88/02

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.

Abstract translation: 系统和方法可以提供用于从设备的一个或多个解锁接口接收运行时间输入，并且基于运行时间输入从多个访问级别中选择关于设备的访问级别。 所选择的访问级别可以具有相关联的安全策略，其中可以基于相关联的安全策略来执行运行时输入的认证。 在一个示例中，如果认证成功，则使用一个或多个加密密钥来将设备关于所选择的访问级别放置在解锁状态。 如果认证不成功，另一方面，相对于所选择的访问级别，设备可以保持在锁定状态。

公开(公告)号：US09276963B2

公开(公告)日：2016-03-01

申请号：US13729586

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan Ross ,  Eran Birk

IPC: G06F17/00 ,  H04L29/06

CPC classification number: H04L63/205 ,  H04L63/08 ,  H04L63/105

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

Abstract translation: 为多个企业应用程序提供基于策略的安全容器的技术包括客户端计算设备和企业策略服务器。 客户端计算设备向企业策略服务器发送设备属性信息和企业应用访问请求。 企业策略服务器基于设备属性信息和基于企业应用的数据敏感度级别来确定设备信任级别，并根据设备信任级别和数据敏感级别向客户端计算设备发送安全策略。 客户端计算设备引用或创建用于安全策略的安全容器，将企业应用程序添加到安全容器，并在安全容器中执行企业应用程序时实施安全策略。 可以向每个安全容器添加多个企业应用程序。 描述和要求保护其他实施例。

公开(公告)号：US12068928B2

公开(公告)日：2024-08-20

申请号：US17033557

申请日：2020-09-25

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Timothy Verrall ,  Ned M. Smith ,  Tarun Viswanathan ,  Kshitij Doshi ,  Francesc Guim Bernat ,  John J. Browne ,  Katalin Bartfai-Walcott ,  Maryam Tahhan ,  Eoin Walsh ,  Damien Power

IPC: H04L12/00 ,  H04L9/40 ,  H04L41/5006 ,  H04L41/5019 ,  H04L43/0888

CPC classification number: H04L41/5006 ,  H04L41/5019 ,  H04L43/0888 ,  H04L63/123 ,  H04L63/126

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to schedule workloads based on secure edge to device telemetry by calculating a difference between a first telemetric data received from a first hardware device and an operating parameter and computing an adjustment for a second hardware device based on the difference between the first telemetric data and the operating parameter.

公开(公告)号：US11856032B2

公开(公告)日：2023-12-26

申请号：US17481215

申请日：2021-09-21

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan Ross ,  Eran Birk

IPC: H04L9/40

CPC classification number: H04L63/205 ,  H04L63/08 ,  H04L63/105

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US20230045505A1

公开(公告)日：2023-02-09

申请号：US17891780

申请日：2022-08-19

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Kapil Sood ,  Tarun Viswanathan ,  Kshitij Doshi ,  Timothy Verrall ,  Ned M. Smith ,  Manish Dave ,  Alex Vul

IPC: H04L41/00 ,  H04L9/40 ,  H04L41/5003 ,  H04L41/0893 ,  G06F21/57

Abstract: Technologies for accelerated orchestration and attestation include multiple edge devices. An edge appliance device performs an attestation process with each of its components to generate component certificates. The edge appliance device generates an appliance certificate that is indicative of the component certificates and a current utilization of the edge appliance device and provides the appliance certificate to a relying party. The relying party may be an edge orchestrator device. The edge orchestrator device receives a workload scheduling request with a service level agreement requirement. The edge orchestrator device verifies the appliance certificate and determines whether the service level agreement requirement is satisfied based on the appliance certificate. If satisfied, the workload is scheduled to the edge appliance device. Attestation and generation of the appliance certificate by the edge appliance device may be performed by an accelerator of the edge appliance device. Other embodiments are described and claimed.