公开(公告)号：US20220207178A1

公开(公告)日：2022-06-30

申请号：US17573192

申请日：2022-01-11

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Thomas G. Willis

IPC: G06F21/62 ,  G06F17/00 ,  G06F21/60 ,  G06Q30/02

Abstract: This disclosure is directed to privacy enforcement via localized personalization. An example device may comprise at least a user interface to present content. A message may be received into a trusted execution environment (TEE) situated within the device or remotely, the message including at least metadata and content. The TEE may determine relevance of the content to a user based on the metadata and user data. Based on the relevance, the TEE may cause the content to be presented to the user via the user interface. In one embodiment, the TEE may be able to personalize the content based on the user data prior to presentation. If the content includes an offer, the TEE may also be able to present counteroffers to the user based on user interaction with the content. The TEE may also be able to cause feedback data to be transmitted to at least the content provider.

公开(公告)号：US20220191702A1

公开(公告)日：2022-06-16

申请号：US17531044

申请日：2021-11-19

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: H04W12/75 ,  H04W76/10 ,  H04W12/02 ,  H04W12/06 ,  H04W12/71 ,  H04W12/0471

Abstract: Various systems and methods for discovery and onboarding in an interconnected network framework of Internet of Things (IoT) devices are described. In an example, a technique for onboarding and provisioning a device onto an interconnected network framework includes operations to: receive a unique temporary device identifier from a device instance, the device instance indicating availability for onboarding onto a network; onboard the device instance onto the network; establish a secure session with the device instance via the network; receive, in the secure session, a secure device identifier; and initiate provisioning of the device instance in a secure directory based on the secure device identifier. In a further example, techniques are provided to securely identify and provision a second device instance (a doppelganger device instance) operating on a physical device that hosts both the first device instance and the second device instance.

公开(公告)号：US11337070B2

公开(公告)日：2022-05-17

申请号：US16613741

申请日：2018-01-11

Applicant: Intel Corporation

Inventor： Nathan Heldt-Sheller ,  Ned M. Smith

IPC: G06F21/00 ,  H04W12/084 ,  H04W12/50 ,  H04W12/60 ,  H04W12/06 ,  H04L9/32 ,  H04W84/18

Abstract: Various systems and methods for user-authorized onboarding of a device using a public authorization service (310) are described herein. In an example, a 3-way authorization protocol is used to coordinate device onboarding among several Internet of Things (IoT) Fog users (e.g., devices in a common network topology or domain) with principles of least privilege. For instance, respective onboarding steps may be assigned for performance by different Fog ‘owners’ such as respective users and clients (350A, 350B, . . . , 350N). Each owner may rely on a separate authorization protocol or user interaction to be notified of and to give approval for the specific onboarding action(s) assigned. Further techniques for implementation and tracking such onboarding actions as part of an IoT network service are also disclosed.

公开(公告)号：US20200067938A1

公开(公告)日：2020-02-27

申请号：US16609711

申请日：2018-01-11

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: H04L29/06 ,  G06F9/50 ,  H04L29/08 ,  H04L12/24

Abstract: Systems and techniques for defining and operating management services within a “domain” portion of an Internet of Things (IoT) network are disclosed herein. An example technique for implementing management functions of a device in a domain of the IoT network, for a device that is a defined within a hierarchy managed in the domain, may include: defining a resource structure in a secure virtual resource of the device, for a resource structure that identifies and defines at least one management service of the device; establishing properties of the at least one management service resource on the device within a resource structure, with the use of properties that are associated with a management function to be performed in the domain; and operating the device in the domain according to the management function. Further integration and use of management services and other management functions are also disclosed.

公开(公告)号：US10230696B2

公开(公告)日：2019-03-12

申请号：US14864957

申请日：2015-09-25

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/04 ,  H04W84/18 ,  H04W4/80

Abstract: In one embodiment, a method includes: request enrollment of the device with an identity provider, the enrollment including at least one role for the device for a publish-subscribe protocol of a distributed network; receiving a device identity credential from the identity provider and store the device identity credential in the device; receiving a ticket credential for a first topic associated with a first publisher, the ticket credential including the at least one role for the device; receiving a group key from a key manager for a group associated with the publish-subscribe protocol; and receiving content for the first topic in the device, the content protected by the group key.

公开(公告)号：US10187389B2

公开(公告)日：2019-01-22

申请号：US15653125

申请日：2017-07-18

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Reshma Lal ,  Micah J. Sheller ,  Matthew E. Hoekstra

IPC: H04L29/06 ,  G06F21/10

Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.

公开(公告)号：US20180077154A1

公开(公告)日：2018-03-15

申请号：US15813789

申请日：2017-11-15

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC: H04L29/06 ,  G06F21/31 ,  H04L29/08 ,  G06N99/00

CPC classification number: H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N20/00 ,  H04L63/0884 ,  H04L67/306

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

公开(公告)号：US09912704B2

公开(公告)日：2018-03-06

申请号：US14856857

申请日：2015-09-17

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Mats G. Agerstam ,  Nathan Heldt-Sheller

IPC: H04W12/08 ,  G06F11/30 ,  H04L29/06 ,  H04W4/00 ,  H04L29/08

CPC classification number: H04L63/205 ,  H04L63/101 ,  H04L67/12 ,  H04W4/70 ,  H04W12/08

Abstract: In one embodiment, a method includes receiving a first request from a first device to access a first resource of the system and determining whether to grant access to the first resource based on a first access control list stored in the system, the first access control list associated with the first device, the first device having a first relevance value, and based on the determination, granting the access to the first resource; and receiving a second request from a second device to access a second resource of the system and forwarding the second request to an access manager service coupled to the system to determine whether to grant access to the second resource based on a second access control list stored in the access manager service associated with the second device, the second device having a second relevance value, receive an access grant from the access manager service and based thereon, granting the access to the second resource.

公开(公告)号：US09792438B2

公开(公告)日：2017-10-17

申请号：US14578730

申请日：2014-12-22

Applicant: Intel Corporation

Inventor： Nathan Heldt-Sheller ,  Ned M. Smith

IPC: G06F21/57 ,  H04L29/06

CPC classification number: G06F21/57 ,  G06F2221/031 ,  G06F2221/033 ,  G06F2221/2111 ,  H04L63/145

Abstract: In an embodiment, a system includes a processor having at least one core and a security engine, the security engine having a focus change logic to inform a trusted application to be executed in a trusted execution environment of a request for a focus change during execution of the trusted application, enable the focus change to occur during execution of the trusted application when allowed by the trusted application, and otherwise to prevent the focus change. Other embodiments are described and claimed.

公开(公告)号：US09710670B2

公开(公告)日：2017-07-18

申请号：US14035559

申请日：2013-09-24

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Thomas G. Willis

IPC: G06Q30/00 ,  G06F21/10 ,  G06F21/62

CPC classification number: G06F21/6254 ,  G06Q30/00 ,  G06Q30/02 ,  G06Q30/0241

Abstract: Embodiments of the present disclosure are directed toward publication and/or removal of attributes in a multi-user computing environment. In some embodiments, a consumer information manager (CIM) associated with a user of a multi-user computing system may receive a notification, from a dimension authority (DA), of a decrease in a population count of users of the computing system who have published an attribute within the computing system, and may determine whether the user has published the attribute. In response to receiving the notification of the decrease and determining that the user has published the attribute, the CIM may determine a likelihood that continued publication of the attribute will enable identification of the user, compare the likelihood to a threshold, and, when the likelihood exceeds the threshold, remove the attribute from publication. Other embodiments may be disclosed and/or claimed.