公开(公告)号：US20200186998A1

公开(公告)日：2020-06-11

申请号：US16608788

申请日：2017-05-09

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: H04W12/00 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W76/10

Abstract: Various systems and methods for discovery and onboarding in an interconnected network framework of Internet of Things (IoT) devices are described. In an example, a technique for onboarding and provisioning a device onto an interconnected network framework includes operations to: receive a unique temporary device identifier from a device instance, the device instance indicating availability for onboarding onto a network; onboard the device instance onto the network; establish a secure session with the device instance via the network; receive, in the secure session, a secure device identifier; and initiate provisioning of the device instance in a secure directory based on the secure device identifier. In a further example, techniques are provided to securely identify and provision a second device instance (a doppelganger device instance) operating on a physical device that hosts both the first device instance and the second device instance.

公开(公告)号：US10389756B2

公开(公告)日：2019-08-20

申请号：US15045676

申请日：2016-02-17

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Rajesh Poornachandran ,  Nathan Heldt-Sheller

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/62

Abstract: In one embodiment, an apparatus comprises a first logic to receive security attribute information from a plurality of devices, generate a connectivity graph of the plurality of devices based at least in part on the security attribute information and identify an interoperability issue between a first device and a second device based on the connectivity graph. The apparatus may further include a second logic to generate a recommendation to resolve the interoperability issue and a third logic to provide provisioning information to at least one of the first device and the second device based on the recommendation. Other embodiments are described and claimed.

公开(公告)号：US10075443B2

公开(公告)日：2018-09-11

申请号：US14863496

申请日：2015-09-24

Applicant: Intel Corporation

Inventor： Nathan Heldt-Sheller ,  Ned M. Smith

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L63/101 ,  H04L63/20

Abstract: In one embodiment, a system includes a processor having a first logic to execute in a trusted execution environment, and a storage to store a plurality of access control policies, each of the plurality of access control policies associated with a composite device state of the system and including an access policy for a resource to be protected by the first logic, where the first logic is to apply one or more of the plurality of access control policies to a request for access to the resource, responsive to a matching of the associated composite device state of the one or more access control policies with a current composite device state of the system. Other embodiments are described and claimed.

公开(公告)号：US09990479B2

公开(公告)日：2018-06-05

申请号：US14583671

申请日：2014-12-27

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC: G06F7/04 ,  G06F21/31 ,  H04W12/06 ,  G06F21/53 ,  H04W88/02

CPC classification number: G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/06 ,  H04W88/02

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：US09985946B2

公开(公告)日：2018-05-29

申请号：US14977742

申请日：2015-12-22

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Rajesh Poornachandran ,  Nathan Heldt-Sheller

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L63/08 ,  H04L9/0847 ,  H04L9/3255 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/102 ,  H04W4/70

Abstract: In one embodiment, a device includes: at least one processor; at least one sensor to sense an environmental condition; and a storage to store instructions that, when executed by the at least one processor, enable the device to: receive an encrypted nonce from a safety controller; decrypt the encrypted nonce using a value obtained from an entropy multiplexing seed tree generated by the device based at least in part on an initialization seed value received from the safety controller; responsive to decryption of the nonce, update a portion of a shared memory associated with the device to identify a safety state of the device; and encrypt a second nonce using the value obtained from the entropy multiplexing seed tree and send the encrypted second nonce to the safety controller. Other embodiments are described and claimed.

公开(公告)号：US09953467B2

公开(公告)日：2018-04-24

申请号：US14361516

申请日：2013-12-19

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Thomas G. Willis ,  Nathan Heldt-Sheller

IPC: G01M19/00 ,  G07C5/00 ,  H04W4/04 ,  H04W12/02 ,  G07C5/08 ,  H04W4/00

CPC classification number: G07C5/008 ,  G07C5/085 ,  H04W4/046 ,  H04W4/40 ,  H04W4/60 ,  H04W12/02

Abstract: The present disclosure is directed to secure vehicular data management with enhanced privacy. A vehicle may comprise at least a vehicular control architecture (VCA) for controlling operation of the vehicle and a device. The VCA may record operational data identifying at least one vehicle operator and vehicular operational data recorded during operation of the vehicle by the at least one vehicle operator. The device may include at least a communication module and a trusted execution environment (TEE) including a privacy enforcement module (PEM). The PEM may receive the operational data from the VCA via the communication module, may generate filtered data by filtering the operational data based on privacy settings and may cause the filtered data to be transmitted via the communication module. The filtered data may be transmitted to at least one data consumer. The privacy settings may be configured in the PEM by the at least one operator.

公开(公告)号：US20180103034A1

公开(公告)日：2018-04-12

申请号：US15813823

申请日：2017-11-15

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC: H04L29/06 ,  G06N99/00 ,  H04L29/08 ,  G06F21/31

CPC classification number: H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N20/00 ,  H04L63/0884 ,  H04L67/306

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

公开(公告)号：US09922194B2

公开(公告)日：2018-03-20

申请号：US15426204

申请日：2017-02-07

Applicant: Intel Corporation

Inventor： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/62

CPC classification number: G06F21/57 ,  G06F21/31 ,  G06F21/6218 ,  G06F21/629 ,  G06F2221/034 ,  G06F2221/2105 ,  G06F2221/2111 ,  H04L63/107

Abstract: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

公开(公告)号：US20170180363A1

公开(公告)日：2017-06-22

申请号：US15449568

申请日：2017-03-03

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N20/00 ,  H04L63/0884 ,  H04L67/306

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

公开(公告)号：US20170180208A1

公开(公告)日：2017-06-22

申请号：US14977870

申请日：2015-12-22

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: H04L12/24

CPC classification number: H04L41/12 ,  H04L41/044 ,  H04L41/5054 ,  H04L63/101 ,  H04W4/70 ,  H04W12/08

Abstract: Disclosed in some examples are methods, devices, and machine readable mediums which allow for disparate IoT networks to combine forming larger networks in an organic and independent manner. Following the methods disclosed herein, the newly formed network is well formed topologically and does not require the use of gateways or other specialized devices to provide IoT realm services. Indeed, individual nodes within the network perform the key management, access management, and network operations functions that were previously performed by the gateway device.