-
公开(公告)号:US20130283383A1
公开(公告)日:2013-10-24
申请号:US13919609
申请日:2013-06-17
IPC分类号: G06F21/56
CPC分类号: G06F21/561 , G06F21/51 , G06F21/56 , G06F21/74 , G06F21/85 , G06F2221/034 , G06F2221/2101 , G06F2221/2105
摘要: A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions.
摘要翻译: 支持验证输入输出设备内容的平台。 该平台包括可以验证I / O设备内容的平台硬件。 即使在I / O设备的内容暴露于由主机支持的操作系统之前,平台硬件也可以包括用于验证I / O设备的内容的诸如可管理性引擎和验证引擎的组件。 如果验证过程指示I / O设备的内容包括感染部分,则平台组件可以删除I / O设备的内容的被感染部分。
-
公开(公告)号:US20110078799A1
公开(公告)日:2011-03-31
申请号:US12658876
申请日:2010-02-17
申请人: Ravi L. Sahita , David M. Durham , Steve Orrin , Yasser Rasheed , Prasanna G. Mulgaonkar , Paul S. Schmitz , Hormuzd M. Khosravi
发明人: Ravi L. Sahita , David M. Durham , Steve Orrin , Yasser Rasheed , Prasanna G. Mulgaonkar , Paul S. Schmitz , Hormuzd M. Khosravi
摘要: In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.
摘要翻译: 在一些实施例中,方法可以提供带外(OOB)代理来保护平台。 OOB代理可能能够使用非TRS方法来测量和保护带内安全代理。 在一些实施例中,可管理性引擎可以向带内和带外安全代理提供带外连接,并提供对系统存储器资源的访问,而不必依赖于OS服务。 这可以用于受信任的反恶意软件和修复服务。
-
公开(公告)号:US20160180068A1
公开(公告)日:2016-06-23
申请号:US14580817
申请日:2014-12-23
申请人: Barnan Das , Abhilasha Bhargav-Spantzel , Narayan Biswal , Micha J Sheller , Ned M Smith , Hormuzd M. Khosravi
发明人: Barnan Das , Abhilasha Bhargav-Spantzel , Narayan Biswal , Micha J Sheller , Ned M Smith , Hormuzd M. Khosravi
CPC分类号: G06F21/32 , G06F21/316 , H04L63/0861 , H04L63/1408 , H04L2463/082
摘要: Technologies for multi-factor authentication of a user include a computing device with one or more sensors. The computing device may authenticate the user by analyzing biometric and/or environmental sensor data to determine whether to allow the user access to a computing device. To do so, the computing device may determine reliability scores based on the environment during authentication for each biometric authentication factor used to authenticate the user. Additionally, the computing device may determine a login pattern based on sensor data collected during historical authentication attempts by the user over a period of time. The computing device may apply a machine-learning classification algorithm to determine classification rules, based on the login pattern, applied by the computing device to determine whether to allow the user access to the computing device. Other embodiments are described herein and claimed.
摘要翻译: 用于用户的多因素认证的技术包括具有一个或多个传感器的计算设备。 计算设备可以通过分析生物特征和/或环境传感器数据来认证用户,以确定是否允许用户访问计算设备。 为了这样做,计算设备可以基于用于认证用户的每个生物认证因子的认证期间的环境来确定可靠性评分。 此外,计算设备可以基于用户在一段时间内的历史认证尝试期间收集的传感器数据来确定登录模式。 计算设备可以应用机器学习分类算法,以基于由计算设备应用的登录模式来确定是否允许用户访问计算设备的分类规则。 其他实施例在本文中被描述并被要求保护。
-
公开(公告)号:US20170094510A1
公开(公告)日:2017-03-30
申请号:US14866903
申请日:2015-09-26
CPC分类号: H04W12/06 , G06F21/32 , G06F21/72 , G06F21/78 , H04L63/04 , H04L63/0428 , H04L63/0861 , H04L2463/082 , H04W12/0608
摘要: Technologies for authenticating a user and a mobile computing device of the user at an authentication computing device include generating, at the authentication computing device, a multi-factor authentication credential that includes a text-based credential and a plurality of biometric authentication factors corresponding to the user. The mobile computing device is configured to detect whether the authentication computing device is within proximity of the mobile computing device and establish a secure communication channel therebetween. The mobile computing device is further configured to securely store the multi-factor authentication credential received from the authentication computing device. The authentication computing device is configured to receive the multi-factor authentication credential from the mobile computing device and analyze the received multi-factor authentication credential to determine whether the user is an authorized user of the authentication computing device and take an action based on a result of the analysis. Other embodiments are described and claimed.
-
25.发明申请METHOD AND DEVICE FOR SECURE COMMUNICATIONS OVER A NETWORK USING A HARDWARE SECURITY ENGINE 有权使用硬件安全引擎在网络上进行安全通信的方法和设备公开(公告)号:US20150039890A1
公开(公告)日:2015-02-05
申请号:US13997412
申请日:2011-12-15
IPC分类号: H04L9/08
CPC分类号: H04L9/0838 , H04L9/0841 , H04L9/0861 , H04L63/061
摘要: A method, device, and system for establishing a secure communication session with a server includes initiating a request for a secure communication session, such as a Secure Sockets Layer (SLL) communication session with a server using a nonce value generated in a security engine of a system-on-a-chip (SOC) of a client device. Additionally, a cryptographic key exchange is performed between the client and the server to generate a symmetric session key, which is stored in a secure storage of the security engine. The cryptographic key exchange may be, for example, a Rivest-Shamir-Adleman (RSA) key exchange or a Diffie-Hellman key exchange. Private keys and other data generated during the cryptographic key exchange may be generated and/or stored in the security engine.
摘要翻译: 用于与服务器建立安全通信会话的方法,设备和系统包括:使用在安全引擎中生成的随机值发起与服务器的安全通信会话的安全套接层(SLL)通信会话的请求, 客户端设备的片上系统(SOC)。 此外,在客户机和服务器之间执行加密密钥交换以产生存储在安全引擎的安全存储器中的对称会话密钥。 加密密钥交换可以是例如Rivest-Shamir-Adleman(RSA)密钥交换或Diffie-Hellman密钥交换。 在密钥交换期间生成的私钥和其他数据可以被生成和/或存储在安全引擎中。
-
26.发明授权Secure local boot using third party data store (3PDS) based ISO image 有权使用基于第三方数据存储(3PDS)的ISO映像进行本地启动公开(公告)号:US08751782B2
公开(公告)日:2014-06-10
申请号:US12970698
申请日:2010-12-16
CPC分类号: G06F21/572 , G06F21/575
摘要: In some embodiments, the invention involves a method and apparatus for secure/authenticated local boot of a host operating system on a computing platform using active management technology (AMT) with a third party data store (3PDS)-based ISO firmware image. A portion of non-volatile memory is hardware secured against access by the host processor and OS, and accessible only to the AMT. The AMT comprises an AT/ATAPI protocol emulator to access an ISO boot image from secured memory, while appearing to the host processor as a communication with an AT/ATAPI device. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,本发明涉及一种用于使用基于第三方数据存储(3PDS)的ISO固件映像的主动管理技术(AMT)在计算平台上安全/认证的主机操作系统本地引导的方法和装置。 非易失性存储器的一部分是由主机处理器和OS访问的硬件安全的,并且只能由AMT访问。 AMT包括AT / ATAPI协议仿真器,用于从安全存储器访问ISO引导映像,同时作为与AT / ATAPI设备的通信向主机处理器呈现。 描述和要求保护其他实施例。
-
公开(公告)号:US08375430B2
公开(公告)日:2013-02-12
申请号:US11475751
申请日:2006-06-27
CPC分类号: H04L9/3234 , H04L9/3271 , H04L63/162 , H04W12/06
摘要: Secure re-authentication of host devices roaming between different connection and/or access points within a network controlled by the same administrative domain is described. Platform overhead associated with exchanging information for authentication and/or validation on each new connection during mobility is reduced by enabling prior authenticated network access to influence subsequent network access.
摘要翻译: 描述在由相同管理域控制的网络内的不同连接和/或接入点之间漫游的主机设备的安全重新认证。 通过使先前的经过身份验证的网络访问来影响后续网络访问,减少了在移动性期间在每个新连接上交换用于认证和/或验证的信息的平台开销。
-
28.发明授权Secure software licensing and provisioning using hardware based security engine 有权使用基于硬件的安全引擎来安全的软件许可和配置公开(公告)号:US08332631B2
公开(公告)日:2012-12-11
申请号:US12951853
申请日:2010-11-22
CPC分类号: H04L9/0825 , G06F21/10 , G06F21/105 , H04L9/3228 , H04L9/3247 , H04L63/061 , H04L63/123 , H04L2209/60 , H04L2463/061 , H04L2463/101
摘要: Provisioning a license and an application program from a first server to a computing platform over a network. The host application derives a symmetric key at least in part from a user password, and sends the license to a license management firmware component of a security engine, in a message signed by the symmetric key. The license management firmware component derives the symmetric key at least in part from the user password stored in a secure storage of the security engine, verifies the signature on the message using the symmetric key, verifies the first server's signature on the license, decrypts the license using a first private key of the license management firmware component corresponding to the first public key to obtain the second key, and sends the second key to the host application, which decrypts the application program using the second key.
摘要翻译: 通过网络将许可证和应用程序从第一个服务器提供给计算平台。 主机应用至少部分地从用户密码中导出对称密钥,并将该许可证发送到由对称密钥签名的消息中的安全引擎的许可证管理固件组件。 许可证管理固件组件至少部分地从存储在安全引擎的安全存储器中的用户密码中导出对称密钥,使用对称密钥验证消息上的签名,验证许可证上的第一服务器的签名,解密许可证 使用与第一公钥相对应的许可证管理固件组件的第一私钥来获得第二密钥,并将第二密钥发送到使用第二密钥解密应用程序的主机应用。
-
29.发明申请公开(公告)号:US20100262739A1
公开(公告)日:2010-10-14
申请号:US12824074
申请日:2010-06-25
CPC分类号: G06F12/1491
摘要: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.
摘要翻译: 这里通常描述用于将标识符与用于控制存储器访问的存储器位置相关联的装置,物品,方法和系统的实施例。 可以描述和要求保护其他实施例。
-
30.发明授权公开(公告)号:US07761674B2
公开(公告)日:2010-07-20
申请号:US11322669
申请日:2005-12-30
CPC分类号: G06F12/1491
摘要: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.
摘要翻译: 这里通常描述用于将标识符与用于控制存储器访问的存储器位置相关联的装置,物品,方法和系统的实施例。 可以描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
93 条记录 (耗时 0.044 秒)
