公开(公告)号：US09648457B2

公开(公告)日：2017-05-09

申请号：US14572576

申请日：2014-12-16

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Micah J. Sheller ,  Nathan Heldt-Sheller

IPC: H04W12/08 ,  H04W4/02

CPC classification number: H04W4/021 ,  H04W12/08

Abstract: Various embodiments are generally directed to the provision and use of geometric location based security systems that use multiple beacons for determining a location. A beacon transmitted from an ultrasound broadcast as well as one or more different wireless broadcasts can be used to geo-locate a device and provide access controls based on the geo-location.

公开(公告)号：US09628477B2

公开(公告)日：2017-04-18

申请号：US14581659

申请日：2014-12-23

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  G06N99/00 ,  G06F21/31

CPC classification number: H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N99/005 ,  H04L63/0884 ,  H04L67/306

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

公开(公告)号：US20160381081A1

公开(公告)日：2016-12-29

申请号：US15259560

申请日：2016-09-08

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Mats G. Agerstam ,  Nathan Heldt-Sheller

IPC: H04L29/06

CPC classification number: H04L63/205 ,  G06F21/62 ,  G06F2221/2141 ,  H04L63/101 ,  H04L63/20 ,  H04L67/12 ,  H04W4/70 ,  H04W12/08

Abstract: In one embodiment, a method includes receiving a first request from a first device to access a first resource of the system and determining whether to grant access to the first resource based on a first access control list stored in the system, the first access control list associated with the first device, the first device having a first relevance value, and based on the determination, granting the access to the first resource; and receiving a second request from a second device to access a second resource of the system and forwarding the second request to an access manager service coupled to the system to determine whether to grant access to the second resource based on a second access control list stored in the access manager service associated with the second device, the second device having a second relevance value, receive an access grant from the access manager service and based thereon, granting the access to the second resource.

Abstract translation: 在一个实施例中，一种方法包括从第一设备接收访问系统的第一资源的第一请求，并且基于存储在系统中的第一访问控制列表来确定是否授予对第一资源的访问权限，第一访问控制列表 与所述第一设备相关联，所述第一设备具有第一相关性值，并且基于所述确定，授予对所述第一资源的访问; 以及从第二设备接收访问所述系统的第二资源的第二请求，并且将所述第二请求转发给耦合到所述系统的访问管理器服务，以基于存储在所述第二访问控制列表中确定是否授予对所述第二资源的访问 与第二设备相关联的接入管理器服务，第二设备具有第二相关性值，从接入管理器服务接收接入授权，并基于此授予对第二资源的接入。

公开(公告)号：US20160366157A1

公开(公告)日：2016-12-15

申请号：US14865198

申请日：2015-09-25

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Sachin Agrawal ,  Mats G. Agerstam

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/06 ,  H04L63/10 ,  H04L63/20

Abstract: In one embodiment, a method includes receiving, in an on-boarding system for a first network, a request to transfer ownership of a first device having a trusted execution environment to a new owner; receiving, in the on-boarding system, notification information from a spectrum analyzer regarding wireless signal information within the first network; determining if a potential attacker is within a radio range of the first network based on the wireless signal information; responsive to determining that the potential attacker is within the radio range, manipulating a signal strength of the on-boarding system and the first device, to limit an emission range of the on-boarding system and the first device; and performing a native communication protocol between the on-boarding system and the first device to communicate ownership information to execute the ownership transfer to the new owner, and to cause the first device to store the ownership information in a storage of the first device.

Abstract translation: 在一个实施例中，一种方法包括在用于第一网络的登机系统中接收将具有可信执行环境的第一设备的所有权转移给新所有者的请求; 在所述登机系统中接收来自频谱分析仪的关于所述第一网络内的无线信号信息的通知信息; 基于所述无线信号信息确定潜在攻击者是否在所述第一网络的无线电范围内; 响应于确定潜在攻击者在无线电范围内，操纵登机系统和第一装置的信号强度，以限制登机系统和第一装置的发射范围; 以及在所述登机系统和所述第一设备之间执行本地通信协议以传送所有权信息以执行对所述新所有者的所有权转移，并且使所述第一设备将所述所有权信息存储在所述第一设备的存储器中。

公开(公告)号：US20160366136A1

公开(公告)日：2016-12-15

申请号：US14863496

申请日：2015-09-24

Applicant: Intel Corporation

Inventor： Nathan Heldt-Sheller ,  Ned M. Smith

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L63/101 ,  H04L63/20

Abstract: In one embodiment, a system includes a processor having a first logic to execute in a trusted execution environment, and a storage to store a plurality of access control policies, each of the plurality of access control policies associated with a composite device state of the system and including an access policy for a resource to be protected by the first logic, where the first logic is to apply one or more of the plurality of access control policies to a request for access to the resource, responsive to a matching of the associated composite device state of the one or more access control policies with a current composite device state of the system. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，系统包括具有在可信执行环境中执行的第一逻辑的处理器和存储多个访问控制策略的存储器，所述多个访问控制策略中的每一个与系统的复合设备状态相关联 并且包括用于要被第一逻辑保护的资源的访问策略，其中第一逻辑将应用所述多个访问控制策略中的一个或多个访问资源的请求，响应于所述相关复合体的匹配 具有当前系统的复合设备状态的一个或多个访问控制策略的设备状态。 描述和要求保护其他实施例。

公开(公告)号：US09215252B2

公开(公告)日：2015-12-15

申请号：US14128419

申请日：2013-09-27

Applicant: Intel Corporation

Inventor： Ned M Smith ,  Nathan Heldt-Sheller

IPC: G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  H04L29/06 ,  G06F21/60 ,  H04L9/00 ,  G06F21/62 ,  G06Q10/00

CPC classification number: H04L63/20 ,  G06F21/60 ,  G06F21/6245 ,  G06Q10/00 ,  H04L9/00 ,  H04L63/0407 ,  H04L2209/42

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify privacy relevant correlations between data values. An example disclosed apparatus includes a principal monitor to identify a first privacy value associated with a first principal, a tuple manager to build a probability tuple matrix comprising a first tuple and a plurality of second tuples, the first tuple including the first principal and the associated first privacy value, and an Eigenvector engine to evaluate the probability tuple matrix to identify a dominant Eigenvector indicative of a correlation between the first privacy value and one of the plurality of second tuples.

Abstract translation: 公开了方法，装置，系统和制品以识别数据值之间的隐私相关的相关性。 一个示例公开的装置包括：主体监视器，用于识别与第一主体相关联的第一隐私值，元组管理器，用于构建包括第一元组和多个第二元组的概率元组矩阵，第一元组包括第一主体和相关联的元组 第一隐私值和特征向量引擎，用于评估概率元组矩阵以识别指示第一隐私值与多个第二元组之一之间的相关性的显性特征向量。

公开(公告)号：US11520646B2

公开(公告)日：2022-12-06

申请号：US16609409

申请日：2017-12-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: G06F11/14 ,  G06F11/07 ,  G06F1/24 ,  G06F9/4401 ,  G06F21/31 ,  G06F21/53 ,  G06F21/57 ,  H04L67/00

Abstract: Various systems and methods for implementing a soft reset state. A server device includes processing circuitry; and at least one storage device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations of a soft reset operation, the operations to: define a soft reset state; cause a check of a secure virtual resource (SVR) of the server device, while in the soft reset state; and transition from the soft reset state in response to an event.

公开(公告)号：US20220345891A1

公开(公告)日：2022-10-27

申请号：US17740608

申请日：2022-05-10

Applicant: Intel Corporation

Inventor： Nathan Heldt-Sheller ,  Ned M. Smith

IPC: H04W12/084 ,  H04W12/50 ,  H04W12/60 ,  H04W12/06

Abstract: Various systems and methods for user-authorized onboarding of a device using a public authorization service are described herein. In an example, a 3-way authorization protocol is used to coordinate device onboarding among several Internet of Things (IoT) Fog users (e.g., devices in a common network topology or domain) with principles of least privilege. For instance, respective onboarding steps may be assigned for performance by different Fog ‘owners’ such as respective users and clients. Each owner may rely on a separate authorization protocol or user interaction to be notified of and to give approval for the specific onboarding actions(s) assigned. Further techniques for implementation and tracking such onboarding actions as part of an IoT network service are also disclosed.

公开(公告)号：US11244068B2

公开(公告)日：2022-02-08

申请号：US15039021

申请日：2013-12-24

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Thomas G. Willis

IPC: G06F21/62 ,  G06F17/00 ,  G06F21/60 ,  G06Q30/02

Abstract: This disclosure is directed to privacy enforcement via localized personalization. An example device may comprise at least a user interface to present content. A message may be received into a trusted execution environment (TEE) situated within the device or remotely, the message including at least metadata and content. The TEE may determine relevance of the content to a user based on the metadata and user data. Based on the relevance, the TEE may cause the content to be presented to the user via the user interface. In one embodiment, the TEE may be able to personalize the content based on the user data prior to presentation. If the content includes an offer, the TEE may also be able to present counteroffers to the user based on user interaction with the content. The TEE may also be able to cause feedback data to be transmitted to at least the content provider.

公开(公告)号：US20210176638A1

公开(公告)日：2021-06-10

申请号：US16613741

申请日：2018-01-11

Applicant: Intel Corporation

Inventor： Nathan Heldt-Sheller ,  Ned M. Smith

IPC: H04W12/084 ,  H04W12/50 ,  H04W12/06 ,  H04W12/60

Abstract: Various systems and methods for user-authorized onboarding of a device using a public authorization service (310) are described herein. In an example, a 3-way authorization protocol is used to coordinate device onboarding among several Internet of Things (IoT) Fog users (e.g., devices in a common network topology or domain) with principles of least privilege. For instance, respective onboarding steps may be assigned for performance by different Fog ‘owners’ such as respective users and clients (350A, 350B, . . . , 350N). Each owner may rely on a separate authorization protocol or user interaction to be notified of and to give approval for the specific onboarding action(s) assigned. Further techniques for implementation and tracking such onboarding actions as part of an IoT network service are also disclosed.