公开(公告)号：US10708247B2

公开(公告)日：2020-07-07

申请号：US16144531

申请日：2018-09-27

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Seosamh O'Riordain ,  Ned M. Smith ,  Tarun Viswanathan

IPC: H04L9/32 ,  H04L29/06 ,  G06F9/455 ,  G06F9/50 ,  G06F21/53 ,  G06F21/62 ,  G06F21/57 ,  G06F9/4401 ,  G06F9/46

Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

公开(公告)号：US10511638B2

公开(公告)日：2019-12-17

申请号：US16168273

申请日：2018-10-23

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan D. Ross ,  Eran Birk

IPC: H04L29/06

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US20190058737A1

公开(公告)日：2019-02-21

申请号：US16168273

申请日：2018-10-23

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan D. Ross ,  Eran Birk

IPC: H04L29/06

CPC classification number: H04L63/205 ,  H04L63/08 ,  H04L63/105

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US10122766B2

公开(公告)日：2018-11-06

申请号：US15051130

申请日：2016-02-23

Applicant: Intel Corporation

Inventor： Tarun Viswanathan ,  Uri Kahana ,  Alan D. Ross ,  Eran Birk

IPC: H04L29/06

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

公开(公告)号：US20180173549A1

公开(公告)日：2018-06-21

申请号：US15382075

申请日：2016-12-16

Applicant: Intel Corporation

Inventor： John J. Browne ,  Tomasz Kantecki ,  Timothy Verrall ,  Maryam Tahhan ,  Eoin Walsh ,  Rory Browne ,  Tarun Viswanathan

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/5077 ,  H04L41/0896 ,  H04L41/5009 ,  H04L41/5025 ,  H04L41/5035 ,  H04L43/0817

Abstract: There is disclosed in an example, a computing apparatus, including: a processor having a resource direction capability; and one or more logic elements providing a network function virtualization orchestrator (NFVO) engine to: store for a virtual machine (VM) an extended performance profile, comprising a metric from the resource direction capability.

公开(公告)号：US09223952B2

公开(公告)日：2015-12-29

申请号：US13630100

申请日：2012-09-28

Applicant: Intel Corporation

Inventor： Keith Shippy ,  Tobias Kohlenberg ,  Mubashir Mian ,  Ned Smith ,  Omer Ben-Shalom ,  Tarun Viswanathan ,  Dennis Morgan ,  Timothy Verrall ,  Manish Dave ,  Eran Birk

IPC: G06F17/00 ,  H04L29/06 ,  G06F21/31 ,  H04W12/06 ,  H04W88/02

CPC classification number: H04L63/105 ,  G06F21/316 ,  G06F2221/2105 ,  G06F2221/2113 ,  H04L63/08 ,  H04L2463/082 ,  H04W12/06 ,  H04W88/02

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.

Abstract translation: 系统和方法可以提供用于从设备的一个或多个解锁接口接收运行时间输入，并且基于运行时间输入从多个访问级别中选择关于设备的访问级别。 所选择的访问级别可以具有相关联的安全策略，其中可以基于相关联的安全策略来执行运行时输入的认证。 在一个示例中，如果认证成功，则使用一个或多个加密密钥来将设备关于所选择的访问级别放置在解锁状态。 如果认证不成功，另一方面，相对于所选择的访问级别，设备可以保持在锁定状态。