公开(公告)号：US09160730B2

公开(公告)日：2015-10-13

申请号：US13994016

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Micah J. Sheller ,  Conor P. Cahill ,  Jason Martin ,  Ned M. Smith ,  Brandon Baker

IPC: G06F7/04 ,  G06F17/30 ,  G06F15/16 ,  H04L29/06 ,  G06F21/31 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2139 ,  H04L63/0861 ,  H04L67/14 ,  H04L67/24

Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

Abstract translation: 通常，本公开描述了连续认证置信模块。 系统可以包括用户设备，包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块，被配置为响应于特定用户的初始认证来确定置信度得分，至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度得分，并且通知操作 系统，如果更新的置信度分数在会话关闭阈值的容限内，认证不再有效; 所述初始认证被配置为打开会话，所述置信度分数被配置为指示所述会话期间的当前认证强度。

公开(公告)号：US09064109B2

公开(公告)日：2015-06-23

申请号：US13721760

申请日：2012-12-20

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Conor P. Cahill ,  Victoria C. Moore ,  Jason Martin ,  Micah J. Sheller

IPC: G06F17/30 ,  G06F21/45 ,  G06F21/31 ,  G06F21/33 ,  H04L29/06

CPC classification number: H04L9/0861 ,  G06F21/31 ,  G06F21/33 ,  G06F21/45 ,  H04L9/3234 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/1466 ,  H04L2209/127 ,  H04L2463/082

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器的安全引擎包括身份提供者逻辑，以生成密钥配对关联系统用户的第一密钥对和提供Web服务并具有通过网络耦合到系统的第二系统的服务提供者， 以执行与所述第二系统的安全通信，以使所述第二系统能够验证所述身份提供者逻辑在可信执行环境中正在执行，并且响应于所述验证​​，将所述第一密钥对的第一密钥发送到所述第二系统。 该密钥可以使得第二系统可以根据多因素认证来验证由身份提供者逻辑传达的断言，用户已被认证给系统。 描述和要求保护其他实施例。

公开(公告)号：US20140282945A1

公开(公告)日：2014-09-18

申请号：US13995247

申请日：2013-03-15

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Conor P. Cahill ,  Micah J. Sheller ,  Jason Martin

IPC: H04L29/06

CPC classification number: H04L63/06 ,  G06F21/32 ,  G06F21/62 ,  G06F21/78 ,  H04L63/0861

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

Abstract translation: 通常，本公开描述了用于安全地存储和使用生物测定认证信息（诸如生物测定参考模板）的技术。 在一些实施例中，技术包括将一个或多个生物测定参考模板存储在其存储器中的客户端设备。 客户端设备可以将这样的模板传送到认证设备。 传输可以根据认证设备包括用于模板的合适的受保护环境并将执行可接受的临时存储策略的验证。 这些技术还可以包括认证设备，其被配置为在其受保护的环境中临时存储从客户端设备接收的生物测定参考模板。 在完成生物认证或发生终止事件时，认证设备可以从受保护的环境中删除生物测定参考模板。

公开(公告)号：US11526745B2

公开(公告)日：2022-12-13

申请号：US15892138

申请日：2018-02-08

Applicant: Intel Corporation

Inventor： Micah Sheller ,  Cory Cornelius ,  Jason Martin ,  Yonghong Huang ,  Shih-Han Wang

IPC: G06F21/55 ,  G06N3/08 ,  G06N3/063

Abstract: Methods, apparatus, systems and articles of manufacture for federated training of a neural network using trusted edge devices are disclosed. An example system includes an aggregator device to aggregate model updates provided by one or more edge devices. The one or more edge devices to implement respective neural networks, and provide the model updates to the aggregator device. At least one of the edge devices to implement the neural network within a trusted execution environment.

公开(公告)号：US11416603B2

公开(公告)日：2022-08-16

申请号：US16246187

申请日：2019-01-11

Applicant: Intel Corporation

Inventor： Zheng Zhang ,  Jason Martin ,  Justin Gottschlich ,  Abhilasha Bhargav-Spantzel ,  Salmin Sultana ,  Li Chen ,  Wei Li ,  Priyam Biswas ,  Paul Carlson

IPC: G06F21/52 ,  G06N20/00 ,  G06F21/56 ,  G06F21/51 ,  G05B23/02

Abstract: Methods, systems, articles of manufacture and apparatus to detect process hijacking are disclosed herein. An example apparatus to detect control flow anomalies includes a parsing engine to compare a target instruction pointer (TIP) address to a dynamic link library (DLL) module list, and in response to detecting a match of the TIP address to a DLL in the DLL module list, set a first portion of a normalized TIP address to a value equal to an identifier of the DLL. The example apparatus disclosed herein also includes a DLL entry point analyzer to set a second portion of the normalized TIP address based on a comparison between the TIP address and an entry point of the DLL, and a model compliance engine to generate a flow validity decision based on a comparison between (a) the first and second portion of the normalized TIP address and (b) a control flow integrity model.

公开(公告)号：US10511600B2

公开(公告)日：2019-12-17

申请号：US15865063

申请日：2018-01-08

Applicant: INTEL CORPORATION

Inventor： Micah J. Sheller ,  Yonghong Huang ,  Narjala P. Bhasker ,  Jason Martin ,  Cory Cornelius

IPC: H04L29/06 ,  G06F21/20 ,  H04W12/00 ,  H04W12/06 ,  H04W12/08 ,  G06F1/16 ,  G06F3/01 ,  G06F21/30

Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to maintain user authentications with common trusted devices. If a user is in possession of a first computing device (e.g., a smartphone), an unlocked state of the first trusted device is maintained if the user is using a nearby trusted device (e.g., a computer) within a certain amount of time. If the first trusted device is in a pocket or other container, a longer span of time is granted to the user to register an on-body state.

公开(公告)号：US20190138007A1

公开(公告)日：2019-05-09

申请号：US16236291

申请日：2018-12-28

Applicant: Intel Corporation

Inventor： Sara Baghsorkhi ,  Justin Gottschlich ,  Alexander Heinecke ,  Mohammad Mejbah Ul Alam ,  Shengtian Zhou ,  Sridhar Sharma ,  Patrick Andrew Mead ,  Ignacio Alvarez ,  David Gonzalez Aguirre ,  Kathiravetpillai Sivanesan ,  Jeffrey Ota ,  Jason Martin ,  Liuyang Lily Yang

IPC: G05D1/00 ,  G05D1/02

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed that provide an apparatus to analyze vehicle perspectives, the apparatus comprising a profile generator to generate a first profile of an environment based on a profile template and first data generated by a first vehicle; a data analyzer to: determine a difference between the first profile and a second profile obtained from a first one of one or more nodes in the environment; and in response to a trigger event, update the first profile based on the difference; and a vehicle control system to: in response to the trigger event, update a first perspective of the environment based on one or more of second data from the first one of the one or more nodes or the updated first profile; update a path plan for the first vehicle based on the updated first perspective; and execute the updated path plan.

公开(公告)号：US20190042937A1

公开(公告)日：2019-02-07

申请号：US15892138

申请日：2018-02-08

Applicant: Intel Corporation

Inventor： Micah Sheller ,  Cory Cornelius ,  Jason Martin ,  Yonghong Huang ,  Shih-Han Wang

IPC: G06N3/08 ,  G06F21/55

Abstract: Methods, apparatus, systems and articles of manufacture for federated training of a neural network using trusted edge devices are disclosed. An example system includes an aggregator device to aggregate model updates provided by one or more edge devices. The one or more edge devices to implement respective neural networks, and provide the model updates to the aggregator device. At least one of the edge devices to implement the neural network within a trusted execution environment.

公开(公告)号：US10104122B2

公开(公告)日：2018-10-16

申请号：US14825645

申请日：2015-08-13

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Jason Martin ,  Howard C. Herbert ,  Michael LeMay ,  Karanvir Ken S. Grewal ,  Keith L. Shippy ,  Geoffrey Strongin

IPC: H04L29/06 ,  H04L29/08 ,  G06K9/00

Abstract: Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well.

公开(公告)号：US20150347768A1

公开(公告)日：2015-12-03

申请号：US14367405

申请日：2013-12-19

Applicant: INTEL CORPORATION

Inventor： Jason Martin ,  Matthew Hoekstra

IPC: G06F21/62 ,  G06F21/10 ,  G06F21/60 ,  H04L29/06 ,  G06F9/455

CPC classification number: G06F21/62 ,  G06F9/45558 ,  G06F21/10 ,  G06F21/56 ,  G06F21/602 ,  G06F21/74 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/0724 ,  G06F2221/2105 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/145 ,  H04L63/20

Abstract: An embodiment includes a method executed by at least one processor comprising: initializing first and second secure enclaves each comprising a trusted software execution environment that prevents software executing outside the first and second secure enclaves from having access to software and data inside the first and second secure enclaves; the first secure enclave (a)(i) inspecting a policy, (a)(ii) authenticating the second secure enclave in response to inspecting the policy; and (a)(iii) communicating encrypted content to the second secure enclave in response to authenticating the second secure enclave; and the second secure enclave (b)(i) decrypting the encrypted content to produce decrypted content, and (b)(ii) inspecting the decrypted content. Other embodiments are described herein.

Abstract translation: 一个实施例包括由至少一个处理器执行的方法，包括：初始化第一和第二安全空间，每个包括可信软件执行环境，其防止在第一和第二安全区域之外执行的软件在第一和第二安全区域内访问软件和数据 飞地 第一个安全飞地（a）（i）检查政策，（a）（ii）对检查该政策的第二个安全飞地进行认证; 和（a）（iii）响应于认证所述第二安全飞地而将加密的内容传送到所述第二安全飞地; 和第二安全飞地（b）（i）解密加密的内容以产生解密的内容，以及（b）（ii）检查解密的内容。 本文描述了其它实施例。