公开(公告)号：US20170316225A1

公开(公告)日：2017-11-02

申请号：US15650563

申请日：2017-07-14

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Thomas G. Willis

IPC: G06F21/62

CPC classification number: G06F21/6254 ,  G06Q30/00 ,  G06Q30/02 ,  G06Q30/0241

Abstract: Embodiments of the present disclosure are directed toward publication and/or removal of attributes in a multi-user computing environment. In some embodiments, a consumer information manager (CIM) associated with a user of a multi-user computing system may receive a notification, from a dimension authority (DA), of a decrease in a population count of users of the computing system who have published an attribute within the computing system, and may determine whether the user has published the attribute. In response to receiving the notification of the decrease and determining that the user has published the attribute, the CIM may determine a likelihood that continued publication of the attribute will enable identification of the user, compare the likelihood to a threshold, and, when the likelihood exceeds the threshold, remove the attribute from publication. Other embodiments may be disclosed and/or claimed.

公开(公告)号：US20170169231A1

公开(公告)日：2017-06-15

申请号：US15445298

申请日：2017-02-28

Applicant: Intel Corporation

Inventor： Jasmeet Chhabra ,  Ned M. Smith ,  Micah J. Sheller ,  Nathan Heldt-Sheller

IPC: G06F21/57 ,  G06F21/31 ,  G06N99/00 ,  G06F21/32

CPC classification number: G06F21/577 ,  G06F21/31 ,  G06F21/316 ,  G06F21/32 ,  G06F21/53 ,  G06F2221/034 ,  G06F2221/2115 ,  G06N99/005 ,  H04L63/083 ,  H04L63/0861 ,  H04L2463/082 ,  H04W12/06 ,  H04W12/12

Abstract: Technologies for information security include a computing device with one or more sensors. The computing device may authenticate a user and, after successful authentication, analyze sensor data to determine whether it is likely that the user authenticated under duress. If so, the computing device performs a security operation such as generating an alert or presenting false but plausible data to the user. Additionally or alternatively, the computing device, within a trusted execution environment, may monitor sensor data and apply a machine-learning classifier to the sensor data to identify an elevated risk of malicious attack. For example, the classifier may identify potential user identification fraud. The computing device may trigger a security response if elevated risk of attack is detected. For example, the trusted execution environment may trigger increased authentication requirements or increased anti-theft monitoring for the computing device. Other embodiments are described and claimed.

公开(公告)号：US20170147822A1

公开(公告)日：2017-05-25

申请号：US15426204

申请日：2017-02-07

Applicant: Intel Corporation

Inventor： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F21/31 ,  G06F21/6218 ,  G06F21/629 ,  G06F2221/034 ,  G06F2221/2105 ,  G06F2221/2111 ,  H04L63/107

Abstract: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

公开(公告)号：US09659158B2

公开(公告)日：2017-05-23

申请号：US14583662

申请日：2014-12-27

Applicant: Intel Corporation

Inventor： Micah J. Sheller ,  Ned M. Smith ,  Nathan Heldt-Sheller

IPC: H04L29/06 ,  G06F21/31

CPC classification number: G06F21/31

Abstract: Technologies for determining a confidence of user authentication include authenticating a user of a computing device based on a set of authentication factors and a fusion function that fuses the set of authentication factors to generate an authentication result. A false accept rate and a false reject rate of the authentication result is determined, and an authentication confidence for the authentication result is determined. The authentication of the user is performed passively, without interruption or interruption of the user. If the authentication confidence is below a threshold value, an active authentication procedure may be performed.

公开(公告)号：US11601436B2

公开(公告)日：2023-03-07

申请号：US16609711

申请日：2018-01-11

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: H04L9/40 ,  G06F9/50 ,  H04L41/50 ,  H04L67/10 ,  H04L67/12 ,  H04L41/0806 ,  G16Y40/35

Abstract: Systems and techniques for defining and operating management services within a “domain” portion of an Internet of Things (IoT) network are disclosed herein. An example technique for implementing management functions of a device in a domain of the IoT network, for a device that is a defined within a hierarchy managed in the domain, may include: defining a resource structure in a secure virtual resource of the device, for a resource structure that identifies and defines at least one management service of the device; establishing properties of the at least one management service resource on the device within a resource structure, with the use of properties that are associated with a management function to be performed in the domain; and operating the device in the domain according to the management function. Further integration and use of management services and other management functions are also disclosed.

公开(公告)号：US20230009787A1

公开(公告)日：2023-01-12

申请号：US17870998

申请日：2022-07-22

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Mats Gustav Agerstam ,  Nathan Heldt-Sheller ,  Abhilasha Bhargav-Spantzel

IPC: H04W12/08 ,  H04L9/40 ,  H04W8/00 ,  H04W12/30 ,  H04W12/50

Abstract: Various systems and methods for establishing network connectivity and onboarding for Internet of Things (IoT) devices and trusted platforms, including in Open Connectivity Foundation (OCF) specification device deployments, are discussed. In an example, a zero touch owner transfer method includes operations of: receiving a first request from a new device for network access to begin an onboarding procedure with a network platform; transmitting credentials of a first network to the new device, the first network used to access a rendezvous server and obtain onboarding information associated with the network platform; receiving a second request from the new device for network access to continue the onboarding procedure; and transmitting credentials of a second network to the new device, as the new device uses the second network to access the onboarding server of the network platform and perform or complete the onboarding procedure with the network platform.

公开(公告)号：US20220303123A1

公开(公告)日：2022-09-22

申请号：US16650439

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Eduardo Cabre ,  Nathan Heldt-Sheller ,  Ned M. Smith

IPC: H04L9/08 ,  G06F21/57

Abstract: Various systems and methods for establishing security profiles for Internet of Things (IoT) devices and trusted platforms, including in OCF specification device deployments, are discussed herein. In an example, a technique for onboarding a subject device for use with a security profile, includes: receiving a request to perform an owner transfer method of a device associated with a device platform; verifying attestation evidence associated with the subject device, the attestation evidence being signed by a certificate produced using a manufacturer-embedded key, with the key provided from a trusted hardware component of the device platform; and performing device provisioning of the subject device, based on the attestation evidence, as the device provisioning causes the subject device to use a security profile tied to manufacturer-embedded keys.

公开(公告)号：US11438422B2

公开(公告)日：2022-09-06

申请号：US17424116

申请日：2020-02-14

Applicant: Intel Corporation

Inventor： David J. McCall ,  Nathan Heldt-Sheller ,  Ned M. Smith

IPC: G06F15/16 ,  H04L67/141 ,  H04L9/40 ,  H04L67/12 ,  G16Y40/50

Abstract: Systems and methods for device to device communications in an Internet of Things (IoT) setting, via associated cloud services, are described. In an example, a procedure performed by a first IoT device, associated with a first domain or ecosystem, to communicate with a second IoT device, associated with a second domain or ecosystem, includes: obtaining communication information to communicate with a second service associated with the second device; providing the communication information to a first service associated with the first device; obtain service validation information, in response to the first service initiating the validation procedure with the second service; and providing the service validation information to the first service. This service validation information is used to enable a validated connection between the first service and the second service, to then communicate data or commands between the first device and the second device via the first and second remote services.

公开(公告)号：US20220248226A1

公开(公告)日：2022-08-04

申请号：US17670915

申请日：2022-02-14

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: H04W12/08 ,  H04W4/38 ,  G06F21/62 ,  H04L41/0893 ,  H04L9/40

Abstract: Various systems and methods for dynamic access policy provisioning in a connected device framework are described herein. In an example, the techniques for policy provisioning may include resource update access policy automation, directory resource access policy automation, or hidden resources access policy automation, as monitored and operated with an access management service (AMS). In an example, the AMS monitors resources to receive a notification when they change. If the change observed is an addition or deletion of a resource object, the AMS responds by performing security analysis of devices hosting the new resource(s), which may further result in device onboarding actions. The AMS may further respond by evaluating link semantics to determine which other devices and resources may need updated access control list (ACL) policies.

公开(公告)号：US20200097353A1

公开(公告)日：2020-03-26

申请号：US16609409

申请日：2017-12-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: G06F11/07 ,  G06F1/24 ,  G06F21/53 ,  G06F21/57 ,  G06F21/31 ,  G06F9/4401 ,  H04L29/08

Abstract: Various systems and methods for implementing a soft reset state. A server device includes processing circuitry; and at least one storage device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations of a soft reset operation, the operations to: define a soft reset state; cause a check of a secure virtual resource (SVR) of the server device, while in the soft reset state; and transition from the soft reset state in response to an event.