-
公开(公告)号:US20150363582A1
公开(公告)日:2015-12-17
申请号:US14583662
申请日:2014-12-27
IPC分类号: G06F21/31
CPC分类号: G06F21/31
摘要: Technologies for determining a confidence of user authentication include authenticating a user of a computing device based on a set of authentication factors and a fusion function that fuses the set of authentication factors to generate an authentication result. A false accept rate and a false reject rate of the authentication result is determined, and an authentication confidence for the authentication result is determined. The authentication of the user is performed passively, without interruption or interruption of the user. If the authentication confidence is below a threshold value, an active authentication procedure may be performed.
摘要翻译: 用于确定用户认证的置信度的技术包括基于一组认证因素验证计算设备的用户,以及融合功能,该融合功能将认证因子集合到一起以产生认证结果。 确定认证结果的错误接受率和错误拒绝率,并且确定认证结果的认证置信度。 用户的认证被动地进行,不会中断或中断用户。 如果认证信度低于阈值,则可以执行主动认证过程。
-
公开(公告)号:US09018585B2
公开(公告)日:2015-04-28
申请号:US13992001
申请日:2011-12-28
申请人: Victoria C. Moore , Ned M. Smith
发明人: Victoria C. Moore , Ned M. Smith
CPC分类号: G01J5/02 , G06F11/3058 , G06F13/14 , G06F21/00 , G06F21/31 , G06F2221/2133 , G06F2221/2139
摘要: According to some embodiments, a method and apparatus are provided to receive a first signal from a sensor, determine that a user is present based on the received first signal, receive a second signal from the sensor, and determine if the user is still present based on the received second signal.
摘要翻译: 根据一些实施例,提供了一种方法和装置,用于从传感器接收第一信号,基于接收的第一信号确定用户存在,从传感器接收第二信号,并确定用户是否仍然存在 接收到的第二个信号。
-
公开(公告)号:US20150079933A1
公开(公告)日:2015-03-19
申请号:US14119493
申请日:2013-09-19
申请人: Ned M. Smith , Adi Shaliv
发明人: Ned M. Smith , Adi Shaliv
CPC分类号: H04W4/02 , G01C21/206 , G01S5/02 , H04L63/0869 , H04L63/0876 , H04W4/029 , H04W4/043 , H04W12/06 , H04W84/12
摘要: Systems and techniques for securely managed location-and-tracking service (LTS) access are described herein. A trusted execution environment (TEE) may establish a connection to an LTS. The TEE may provide verification to the LTS that the connection origination from the TEE. The TEE may request an LTS location for the mobile device from the LTS using the connection. The TEE may provide the LTS location to applications of the mobile device.
摘要翻译: 本文描述了用于安全管理的位置和跟踪服务(LTS)访问的系统和技术。 可信执行环境(TEE)可以建立到LTS的连接。 TEE可以向LTS提供来自TEE的连接的验证。 TEE可以使用连接从LTS请求移动设备的LTS位置。 TEE可以向移动设备的应用提供LTS位置。
-
74.发明授权Method and apparatus for dynamic provisioning of an access control policy in a controller hub 有权用于控制器集线器中的访问控制策略的动态供应的方法和装置公开(公告)号:US08745224B2
公开(公告)日:2014-06-03
申请号:US11321271
申请日:2005-12-28
申请人: Ned M. Smith
发明人: Ned M. Smith
IPC分类号: G06F15/173 , G06F15/16
CPC分类号: G06F21/85 , G06F21/74 , G06F2221/2105 , G06F2221/2141
摘要: A method and apparatus for dynamic provisioning of an access control policy in an input/output (I/O) controller hub are described. In one embodiment, the method includes the establishment of a control channel during evaluation stages of a network access request. In one embodiment, the control channel enables resource enumeration of a hardware platform while disabling data read/write processing of the hardware platform. Once resource enumeration is completed, conditional control settings for each enumerated platform resource are sent to a network policy decision point. Once transmitted, if the conditional control settings identify the hardware platform as having a non-compliant configuration, conditional control settings for at least one enumerated resource of the hardware platform are modified according to a received access control policy to provide compliance of the hardware platform configuration to enable network access. Other embodiments are described and claimed.
摘要翻译: 描述了用于在输入/输出(I / O)控制器集线器中动态供应访问控制策略的方法和装置。 在一个实施例中,该方法包括在网络访问请求的评估阶段期间建立控制信道。 在一个实施例中,控制通道在禁用硬件平台的数据读/写处理的同时能够实现硬件平台的资源枚举。 一旦资源枚举完成,每个枚举的平台资源的条件控制设置被发送到网络策略决策点。 一旦传输,如果条件控制设置将硬件平台识别为具有不兼容配置,则根据接收到的访问控制策略修改硬件平台的至少一个枚举资源的条件控制设置,以提供硬件平台配置的符合性 启用网络访问。 描述和要求保护其他实施例。
-
公开(公告)号:US20140025939A1
公开(公告)日:2014-01-23
申请号:US13810654
申请日:2011-12-29
IPC分类号: G06F21/57
CPC分类号: G06F21/575 , G06F9/24 , G06F9/4401
摘要: A data processing system may include a high integrity storage (HIS) device with a partition or cache that is protected from updates. The data processing system may perform a boot process in response to being reactivated. The boot process may include the operation of executing a boot object. During the boot process, before executing the boot object, the data processing system may retrieve a digest for the boot object from the protected cache of the HIS device. The digest may be a cryptographic hash value for the boot object. During the boot process, the retrieved digest may be extended into a platform configuration register in a trusted platform module of the data processing system. Other embodiments are described and claimed.
摘要翻译: 数据处理系统可以包括具有防止更新的分区或高速缓存的高完整性存储(HIS)设备。 数据处理系统可以响应于重新激活而执行引导过程。 引导过程可以包括执行引导对象的操作。 在引导过程中,在执行引导对象之前,数据处理系统可以从HIS设备的受保护缓存中检索引导对象的摘要。 摘要可能是引导对象的加密哈希值。 在引导过程中,检索到的摘要可以扩展到数据处理系统的可信平台模块中的平台配置寄存器。 描述和要求保护其他实施例。
-
公开(公告)号:US20130248717A1
公开(公告)日:2013-09-26
申请号:US13992001
申请日:2011-12-28
申请人: Victoria C. Moore , Ned M. Smith
发明人: Victoria C. Moore , Ned M. Smith
IPC分类号: G01J5/02
CPC分类号: G01J5/02 , G06F11/3058 , G06F13/14 , G06F21/00 , G06F21/31 , G06F2221/2133 , G06F2221/2139
摘要: According to some embodiments, a method and apparatus are provided to receive a first signal from a sensor, determine that a user is present based on the received first signal, receive a second signal from the sensor, and determine if the user is still present based on the received second signal.
摘要翻译: 根据一些实施例,提供了一种方法和装置,用于从传感器接收第一信号,基于接收的第一信号确定用户存在,从传感器接收第二信号,并确定用户是否仍然存在 接收到的第二个信号。
-
公开(公告)号:US20120303952A1
公开(公告)日:2012-11-29
申请号:US13116698
申请日:2011-05-26
申请人: Ned M. Smith , Sanjay Bakshi , Suresh Sugumar
发明人: Ned M. Smith , Sanjay Bakshi , Suresh Sugumar
IPC分类号: H04L9/32
CPC分类号: H04L63/10 , G06F21/44 , G06F21/629 , H04L63/0823 , H04L63/0876
摘要: A manageability engine or adjunct processor on a computer platform may receive a request for activation and use of features embedded within that platform from a service provider authorized by the manageability engine's manufacturer. The manageability engine may initiate a request for authority through the service provider to a permit server. The permit server may provide, through the service provider, proof of the service provider's authority, together with a certificate identifying the service provider. Then the manageability engine may enable activation of the features on the platform coupled to the manageability engine, but only by the one particular service provider who has been authorized.
摘要翻译: 计算机平台上的可管理引擎或附属处理器可以从可管理引擎制造商授权的服务提供商接收对该平台内嵌的特征的激活和使用的请求。 可管理性引擎可以通过服务提供商向许可服务器发起对权限的请求。 许可证服务器可以通过服务提供商提供服务提供商的权限的证明,以及标识服务提供商的证书。 然后可管理性引擎可以启用耦合到可管理性引擎的平台上的功能的激活,但是仅由被授权的一个特定服务提供商激活。
-
78.发明申请METHOD AND APPARATUS FOR ENFORCING A MANDATORY SECURITY POLICY ON AN OPERATING SYSTEM (OS) INDEPENDENT ANTI-VIRUS (AV) SCANNER 审中-公开用于执行独立的反病毒(AV)扫描仪的操作系统(OS)上的强制性安全策略的方法和装置公开(公告)号:US20120047580A1
公开(公告)日:2012-02-23
申请号:US12858882
申请日:2010-08-18
IPC分类号: G06F21/00
CPC分类号: G06F21/53 , G06F21/564 , G06F21/575
摘要: An antivirus (AV) application specifies a fault handler code image, a fault handler manifest, a memory location of the AV application, and an AV application manifest. A loader verifies the fault handler code image and the fault handler manifest, creates a first security domain having a first security level, copies the fault handler code image to memory associated with the first security domain, and initiates execution of the fault handler. The loader requests the locking of memory pages in the guest OS that are reserved for the AV application. The fault handler locks the executable code image of the AV application loaded into guest OS memory by setting traps on selected code segments in guest OS memory.
摘要翻译: 防病毒(AV)应用程序指定故障处理程序代码映像,故障处理程序清单,AV应用程序的存储位置和AV应用程序清单。 加载程序验证故障处理程序代码映像和故障处理程序清单,创建具有第一安全级别的第一安全域,将故障处理程序代码映像复制到与第一安全域相关联的存储器,并启动故障处理程序的执行。 加载程序请求锁定为AV应用程序保留的访客操作系统中的内存页面。 故障处理器通过在客户机操作系统内存中的选定代码段上设置陷阱来锁定加载到客户机操作系统内存中的AV应用程序的可执行代码映像。
-
公开(公告)号:US20110145558A1
公开(公告)日:2011-06-16
申请号:US12636884
申请日:2009-12-14
申请人: Hormuzd M. Khosravi , Ajith K. Illendula , Ned M. Smith , Yasser Rasheed , Tracie L. Zenti , Bryan K. Jorgensen
发明人: Hormuzd M. Khosravi , Ajith K. Illendula , Ned M. Smith , Yasser Rasheed , Tracie L. Zenti , Bryan K. Jorgensen
IPC分类号: G06F15/177 , G06F13/00
CPC分类号: G06F9/4416 , G06F13/105 , G06F13/4027
摘要: A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional.
摘要翻译: 管理引擎可用于在引导过程期间以及其后响应于操作系统枚举来捕获配置周期。 结果,可以创建虚拟总线设备。 总线设备可用于将软件提供给平台,即使操作系统损坏或不起作用。
-
公开(公告)号:US20110138166A1
公开(公告)日:2011-06-09
申请号:US12974244
申请日:2010-12-21
IPC分类号: G06F9/24
CPC分类号: G06F21/575
摘要: In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a non-volatile storage that is configured with full disk encryption (FDE), and storing the PBA image in a memory. Then a callback protocol can be performed between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image, the PBA image is executed if the integrity is confirmed, and otherwise it is deleted. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种从配置有全盘加密(FDE)的非易失性存储器获得预引导认证(PBA)图像并将PBA图像存储在存储器中的方法。 然后,可以在执行在芯片组的引擎上的加载器和提供PBA图像以确认PBA图像的完整性的第三方的完整性检查器之间执行回调协议,如果确认完整性则执行PBA图像;以及 否则删除。 描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
200 条记录 (耗时 0.041 秒)