公开(公告)号：US20160191595A1

公开(公告)日：2016-06-30

申请号：US14583668

申请日：2014-12-27

申请人： Rajesh Poornachandran ,  Ned M. Smith ,  Michael D. Rosenzweig ,  Vincent J. Zimmer ,  Qixiong J. Bian

发明人： Rajesh Poornachandran ,  Ned M. Smith ,  Michael D. Rosenzweig ,  Vincent J. Zimmer ,  Qixiong J. Bian

IPC分类号： H04L29/06 ,  H04L12/26

CPC分类号： H04L65/607 ,  H04L65/80

摘要： Technologies for adaptive real-time media streaming include a computing device to determine, by a trusted execution environment of the computing device, a current workload of the computing device based on at least one activity counter. The at least one activity counter is to record counter data associated with performance of the computing device. Further, the computing device determines a residual workload capable of being supported by the computing device based on the determined current workload and a new content playback characteristics for streaming media content based on the determined residual workload. The computing device streams media content received from a trusted server based on the determined new content playback characteristics.

摘要翻译： 用于自适应实时媒体流的技术包括计算设备，用于基于至少一个活动计数器确定所述计算设备的可信执行环境中所述计算设备的当前工作负载。 至少一个活动计数器是记录与计算设备的性能相关联的计数器数据。 此外，计算设备基于所确定的当前工作负载来确定能够被计算设备支持的剩余工作负载，以及基于所确定的剩余工作量的流媒体内容的新内容回放特性。 计算设备基于所确定的新内容播放特性来流式传输从可信服务器接收的媒体内容。

公开(公告)号：US20160188853A1

公开(公告)日：2016-06-30

申请号：US14866950

申请日：2015-09-26

申请人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

发明人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC分类号： G06F21/31 ,  H04W12/06

CPC分类号： G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/06 ,  H04W88/02

摘要： Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：US20160182491A1

公开(公告)日：2016-06-23

申请号：US14581277

申请日：2014-12-23

申请人： Lichun Jia ,  Craig T. Owen ,  Kevin C. Cheng ,  Ned M. Smith ,  Abhilasha Bhargav-Spantzel ,  Dave P. Singh

发明人： Lichun Jia ,  Craig T. Owen ,  Kevin C. Cheng ,  Ned M. Smith ,  Abhilasha Bhargav-Spantzel ,  Dave P. Singh

IPC分类号： H04L29/06

CPC分类号： H04L63/08 ,  H04L63/1433 ,  H04L63/20

摘要： Methods, apparatus, systems and articles of manufacture are disclosed to manage an authentication sequence. An example disclosed apparatus includes a verification engine to verify whether a platform policy sequence is authorized for the platform, when the platform policy sequence is authorized, a policy sequence engine to extract an ordered sequence of credential types from the platform policy sequence, in response to a platform log in request, a platform instruction engine to transmit an instruction for a first one of the credential types associated with a first sequence position of the platform policy sequence, to determine whether a response to the instruction contains a value indicative of the first credential type, and when the response contains the value indicative of the first credential type, comparing the value to a first threshold confidence value, and a platform authorization engine to unlock platform functionality when the value indicative of the first credential type satisfies the first threshold confidence value.

摘要翻译： 公开了方法，装置，系统和制品以管理认证序列。 一个示例公开的装置包括验证引擎，用于在平台策略序列被授权时验证平台策略序列是否被授权给平台策略序列，策略序列引擎从平台策略序列中提取凭证类型的有序序列，以响应于 平台登录请求，平台指令引擎，用于发送与平台策略序列的第一序列位置相关联的凭证类型中的第一个的指令，以确定对指令的响应是否包含指示第一凭证的值 并且当所述响应包含指示所述第一凭证类型的值时，将所述值与第一阈值置信度值进行比较，以及当所述指示所述第一凭证类型的值满足所述第一阈值置信度值时，平台授权引擎来解锁平台功能 。

公开(公告)号：US09372984B2

公开(公告)日：2016-06-21

申请号：US13993095

申请日：2011-09-30

申请人： Ned M. Smith ,  Ravi L. Sahita

发明人： Ned M. Smith ,  Ravi L. Sahita

IPC分类号： G06F21/44 ,  G06F21/00 ,  G06F9/455

CPC分类号： G06F21/44 ,  G06F9/45558 ,  G06F21/00 ,  G06F21/575 ,  G06F2009/45562 ,  G06F2009/45566 ,  G06F2009/45587

摘要： An embodiment of the invention provides for an authenticated launch of VMs and nested VMMs. The embodiment may do so using an interface that invokes a VMM protected launch control mechanism for the VMs and nested VMMs. The interface may be architecturally generic. Other embodiments are described herein.

摘要翻译： 本发明的实施例提供了VM和嵌套VMM的认证启动。 该实施例可以使用调用用于VM和嵌套VMM的VMM保护的启动控制机制的接口来实现。 接口可能是架构上通用的。 本文描述了其它实施例。

公开(公告)号：US20160088474A1

公开(公告)日：2016-03-24

申请号：US14493613

申请日：2014-09-23

申请人： Ned M. Smith ,  David A. Sandage ,  William C. Deleeuw ,  Nathan Heldt-Sheller ,  Nathaniel J. Goss ,  John C. Neumann

发明人： Ned M. Smith ,  David A. Sandage ,  William C. Deleeuw ,  Nathan Heldt-Sheller ,  Nathaniel J. Goss ,  John C. Neumann

IPC分类号： H04W12/06 ,  H04W74/00

CPC分类号： H04W12/06 ,  H04W12/003 ,  H04W12/00508

摘要： In one embodiment, a security logic of first portable device is configured to receive first motion sample information from at least one motion sensor of the first portable device and second motion sample information from at least one motion sensor of a second portable device, the first and second motion sample information obtained responsive to training movement of the first and second portable devices by a first user. Based on the motion sample information, the security logic is configured to generate a device pairing value, generate a first confidence value based on the first motion sample information and first reference motion sample information stored in the first portable device corresponding to reference movement of the first portable device by the first user, generate a relationship key pair for a relationship, and communicate the first confidence value and a public key of the relationship key pair to the second portable device using the device pairing value. Other embodiments are described and claimed.

摘要翻译： 在一个实施例中，第一便携式设备的安全逻辑被配置为从第一便携式设备的至少一个运动传感器接收第一运动样本信息和来自第二便携式设备的至少一个运动传感器的第二运动样本信息，第一和第 响应于第一用户对第一和第二便携式设备的训练动作获得的第二运动样本信息。 基于运动样本信息，安全逻辑被配置为生成设备配对值，基于第一运动样本信息和存储在第一便携式设备中的与第一运动样本信息的参考运动相对应的第一参考运动样本信息生成第一置信度值 生成用于关系的关系密钥对，并且使用设备配对值将关系密钥对的第一置信度值和公开密钥传送到第二便携式设备。 描述和要求保护其他实施例。

公开(公告)号：US20160012252A1

公开(公告)日：2016-01-14

申请号：US14369268

申请日：2013-12-23

申请人： William C. Deleeuw ,  Ned M. Smith

发明人： William C. Deleeuw ,  Ned M. Smith

IPC分类号： G06F21/62 ,  H04L9/08 ,  H04L9/06 ,  H04L29/06

CPC分类号： G06F21/6254 ,  G06F2221/2111 ,  G09C1/00 ,  H04L9/0656 ,  H04L9/0869 ,  H04L63/0421 ,  H04L2209/42 ,  H04W4/02

摘要： An apparatus may include an interface to receive a multiplicity of user information samples at a respective multiplicity of instances; a processor circuit, and an entropy multiplexer for execution on the processor circuit to generate a pseudo random number based upon a pseudo random number seed and pseudo random number algorithm for each user information sample of the multiplicity of user information samples. Other embodiments are described and claimed.

摘要翻译： 一种装置可以包括在相应多个实例处接收多个用户信息样本的接口; 处理器电路和熵多路复用器，用于在处理器电路上执行以基于用于多个用户信息样本的每个用户信息样本的伪随机数种子和伪随机数算法来生成伪随机数。 描述和要求保护其他实施例。

公开(公告)号：US20150281279A1

公开(公告)日：2015-10-01

申请号：US14229200

申请日：2014-03-28

申请人： Ned M. Smith ,  Abhilasha Bhargav-Spantzel ,  Micah James Sheller

发明人： Ned M. Smith ,  Abhilasha Bhargav-Spantzel ,  Micah James Sheller

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  G06F21/31 ,  G06F2221/2105 ,  H04L9/3247 ,  H04L63/08 ,  H04L2463/082

摘要： Methods, apparatus, systems and articles of manufacture are disclosed to facilitate multi-factor authentication policy enforcement using one or more policy handlers. An example first policy handler to manage a global policy in a distributed environment includes a parser to identify a first sub-policy of the global policy that is capable of enforcement by the first policy handler, and an attester to sign the first sub-policy. The example first policy handler further includes a director to determine whether to forward the global policy to a second policy handler based on a signature status of the global policy, and to forward the global policy to the second policy handler when the signature status of the global policy is indicative of an unsigned second sub-policy.

摘要翻译： 公开了方法，装置，系统和制品，以促进使用一个或多个策略处理程序的多因素认证策略实施。 用于在分布式环境中管理全局策略的示例性的第一策略处理器包括用于识别能够被第一策略处理程序强制执行的全局策略的第一子策略的解析器，以及用于签署第一子策略的请求者。 示例性的第一策略处理器还包括一个导向器，用于基于全局策略的签名状态来确定是否将全局策略转发到第二策略处理器，并且当全局策略处理器的签名状态 政策表明了无符号的第二个次级政策。

公开(公告)号：US20150220927A1

公开(公告)日：2015-08-06

申请号：US14129543

申请日：2013-09-25

申请人： Ned M. SMITH ,  Thomas J. SAWICKI ,  Rajiv MATHUR ,  Tolga ACAR ,  Yuriy BULYGIN ,  Thomas G. WILLIS ,  Intel Corporation

发明人： Ned M. Smith ,  Thomas J. Sawicki ,  Rajiv Mathur ,  Tolga Acar ,  Yuriy Bulygin ,  Thomas G. Willis

IPC分类号： G06Q20/40 ,  H04L29/08

CPC分类号： G06Q20/4016 ,  G06Q30/06 ,  G06Q40/08 ,  H04L67/10

摘要： Techniques and mechanisms to provide indemnification for a transaction involving communications between networked devices. In an embodiment, attestation logic of a first device sends to a second device attestation information to indicate a trustworthiness level of first device. Based on the attestation information, indemnification logic of the second device determines an indemnification value representing a cost of an indemnification for a first transaction. Indemnification logic of the first device receives the indemnification value and determines, based on the indemnification value, whether a participation in the transaction is to take place.

摘要翻译： 为涉及网络设备之间通信的交易提供赔偿的技术和机制。 在一个实施例中，第一设备的认证逻辑发送到第二设备认证信息以指示第一设备的可信赖级别。 基于认证信息，第二设备的赔偿逻辑确定代表第一交易的赔偿成本的赔偿价值。 第一设备的赔偿逻辑接收赔偿价值，并根据赔偿价值确定是否要进行交易。

公开(公告)号：US20150082024A1

公开(公告)日：2015-03-19

申请号：US14128040

申请日：2013-09-19

申请人： Ned M. Smith

发明人： Ned M. Smith

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L29/08

CPC分类号： H04L63/0428 ,  H04L9/0866 ,  H04L9/3263 ,  H04L63/0861 ,  H04L67/10 ,  H04L67/1095 ,  H04L67/42

摘要： Generally, this disclosure describes technologies for restoring and/or synchronizing templates such as biometric templates to/among one or more client devices. In some embodiments one or more client devices may register with a synchronization server and provide encrypted copies of their reference templates to the server. In a restoration operation, the synchronization server may provide an encrypted copy of a client's reference template(s) to the client, which may decrypt them in a protected environment. In a synchronization operation, the synchronization server may provide encrypted copy of a first client's template(s) to a plurality of second clients. The second clients may then decrypt the encrypted template(s) within a protected environment using an appropriate decryption key.

摘要翻译： 通常，本公开描述了用于在/在一个或多个客户端设备之间恢复和/或同步诸如生物测定模板的模板的技术。 在一些实施例中，一个或多个客户端设备可以向同步服务器注册，并将其引用模板的加密副本提供给服务器。 在恢复操作中，同步服务器可以向客户端提供客户端参考模板的加密副本，这可以在受保护的环境中解密它们。 在同步操作中，同步服务器可以向多个第二客户端提供第一客户端模板的加密副本。 然后，第二客户端可以使用适当的解密密钥来解密受保护环境中的加密模板。

公开(公告)号：US08966600B2

公开(公告)日：2015-02-24

申请号：US12976942

申请日：2010-12-22

申请人： Ned M. Smith ,  Victoria C. Moore ,  Moshe Valenci ,  Craig T. Owen

发明人： Ned M. Smith ,  Victoria C. Moore ,  Moshe Valenci ,  Craig T. Owen

IPC分类号： H04L29/00 ,  H04L9/32

CPC分类号： H04L9/3215 ,  H04L63/0807 ,  H04L2463/082

摘要： A manageability engine, and/or operations thereof, for controlling access to one or more resources of a computer device. In an embodiment, the manageability engine executes an authentication agent to perform authentication of a local user of a computer platform which includes the manageability engine. In another embodiment, the manageability engine includes a device driver to control an input/output device for the local user to exchange an authentication factor via a trusted path between the input/output device and the manageability engine.

摘要翻译： 一种可管理性引擎和/或其操作，用于控制对计算机设备的一个或多个资源的访问。 在一个实施例中，可管理性引擎执行认证代理以执行包括可管理引擎的计算机平台的本地用户的认证。 在另一个实施例中，可管理性引擎包括设备驱动程序，用于控制本地用户的输入/输出设备，以通过输入/输出设备和可管理性引擎之间的信任路径来交换认证因素。