公开(公告)号：US11483300B2

公开(公告)日：2022-10-25

申请号：US16876626

申请日：2020-05-18

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Seosamh O'Riordain ,  Ned M. Smith ,  Tarun Viswanathan

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/455 ,  G06F9/50 ,  G06F21/53 ,  G06F21/62 ,  G06F21/57 ,  G06F9/4401 ,  G06F9/46

Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

公开(公告)号：US20220217181A1

公开(公告)日：2022-07-07

申请号：US17481215

申请日：2021-09-21

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan Ross ,  Eran Birk

IPC: H04L9/40

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US11252198B2

公开(公告)日：2022-02-15

申请号：US16567504

申请日：2019-09-11

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan Ross ,  Eran Birk

IPC: H04L29/06

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US20190230002A1

公开(公告)日：2019-07-25

申请号：US16368980

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Kapil Sood ,  Tarun Viswanathan ,  Kshitij Doshi ,  Timothy Verrall ,  Ned M. Smith ,  Manish Dave ,  Alex Vul

IPC: H04L12/24 ,  H04L29/06

Abstract: Technologies for accelerated orchestration and attestation include multiple edge devices. An edge appliance device performs an attestation process with each of its components to generate component certificates. The edge appliance device generates an appliance certificate that is indicative of the component certificates and a current utilization of the edge appliance device and provides the appliance certificate to a relying party. The relying party may be an edge orchestrator device. The edge orchestrator device receives a workload scheduling request with a service level agreement requirement. The edge orchestrator device verifies the appliance certificate and determines whether the service level agreement requirement is satisfied based on the appliance certificate. If satisfied, the workload is scheduled to the edge appliance device. Attestation and generation of the appliance certificate by the edge appliance device may be performed by an accelerator of the edge appliance device. Other embodiments are described and claimed.

公开(公告)号：US09578037B2

公开(公告)日：2017-02-21

申请号：US14951654

申请日：2015-11-25

Applicant: Intel Corporation

Inventor： Keith Shippy ,  Tobias Kohlenberg ,  Mubashir Mian ,  Ned Smith ,  Omer Ben-Shalom ,  Tarun Viswanathan ,  Dennis Morgan ,  Timothy Verrall ,  Manish Dave ,  Eran Birk

IPC: G06F17/00 ,  H04L29/06 ,  G06F21/31 ,  H04W12/06 ,  H04W88/02

CPC classification number: H04L63/105 ,  G06F21/316 ,  G06F2221/2105 ,  G06F2221/2113 ,  H04L63/08 ,  H04L2463/082 ,  H04W12/06 ,  H04W88/02

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.

Abstract translation: 系统和方法可以提供用于从设备的一个或多个解锁接口接收运行时间输入，并且基于运行时间输入从多个访问级别中选择关于设备的访问级别。 所选择的访问级别可以具有相关联的安全策略，其中可以基于相关联的安全策略来执行运行时输入的认证。 在一个示例中，如果认证成功，则使用一个或多个加密密钥来将设备关于所选择的访问级别放置在解锁状态。 如果认证不成功，另一方面，相对于所选择的访问级别，设备可以保持在锁定状态。

公开(公告)号：US12184704B2

公开(公告)日：2024-12-31

申请号：US18542406

申请日：2023-12-15

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan Ross ,  Eran Birk

IPC: H04L9/40

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US20240275822A1

公开(公告)日：2024-08-15

申请号：US18542406

申请日：2023-12-15

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan Ross ,  Eran Birk

IPC: H04L9/40

CPC classification number: H04L63/205 ,  H04L63/08 ,  H04L63/105

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US11736942B2

公开(公告)日：2023-08-22

申请号：US17076452

申请日：2020-10-21

Applicant: Intel Corporation

Inventor： Alexander Bachmutsky ,  Dario Sabella ,  Francesc Guim Bernat ,  John J. Browne ,  Kapil Sood ,  Kshitij Arun Doshi ,  Mats Gustav Agerstam ,  Ned M. Smith ,  Rajesh Poornachandran ,  Tarun Viswanathan

IPC: H04W12/08 ,  H04W76/10 ,  H04W28/02 ,  G06F9/455 ,  H04W4/46 ,  H04L67/10 ,  H04W12/42 ,  H04W12/60 ,  H04W12/06 ,  H04W84/12

CPC classification number: H04W12/08 ,  G06F9/45558 ,  H04L67/10 ,  H04W4/46 ,  H04W12/068 ,  H04W12/42 ,  H04W12/66 ,  H04W28/02 ,  H04W76/10 ,  H04W84/12

Abstract: A service coordinating entity device includes communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity. A common TLA with trust attributes associated with communications between the first and second access networks is generated based on the exchanges. Data traffic is routed from the first access network to the UE in the second access network based on the trust attributes of the common TLA.

公开(公告)号：US20210357520A1

公开(公告)日：2021-11-18

申请号：US17386015

申请日：2021-07-27

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Mark Schmisseur ,  Kshitij Doshi ,  Kapil Sood ,  Tarun Viswanathan

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/08 ,  H04L29/08 ,  H04W12/08 ,  H04W12/02 ,  H04L29/06

Abstract: An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.

公开(公告)号：US20210153019A1

公开(公告)日：2021-05-20

申请号：US17076452

申请日：2020-10-21

Applicant: Intel Corporation

Inventor： Alexander Bachmutsky ,  Dario Sabella ,  Francesc Guim Bernat ,  John J. Browne ,  Kapil Sood ,  Kshitij Arun Doshi ,  Mats Gustav Agerstam ,  Ned M. Smith ,  Rajesh Poornachandran ,  Tarun Viswanathan

IPC: H04W12/08 ,  H04W76/10 ,  H04W28/02 ,  G06F9/455 ,  H04W4/46 ,  H04L29/08 ,  H04W12/42 ,  H04W12/60 ,  H04W12/06

Abstract: A service coordinating entity device includes communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity. A common TLA with trust attributes associated with communications between the first and second access networks is generated based on the exchanges. Data traffic is routed from the first access network to the UE in the second access network based on the trust attributes of the common TLA.