-
公开(公告)号:US20150195301A1
公开(公告)日:2015-07-09
申请号:US14359969
申请日:2013-11-19
申请人: Abhilasha Bhargav-Spantzel , John B. Vicente , Mohammad R. Haghighat , Oliver W. Chen , Hormuzd M. Khosravi , Uri Kahana
发明人: Abhilasha Bhargav-Spantzel , John B. Vicente , Mohammad R. Haghighat , Oliver W. Chen , Hormuzd M. Khosravi , Uri Kahana
IPC分类号: H04L29/06 , G06F17/30 , G06F3/0484
CPC分类号: H04L63/1441 , G06F3/0484 , G06F17/30864 , G06F21/552 , G06F21/577 , G06F2221/2105
摘要: This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.
摘要翻译: 本公开涉及上下文感知主动威胁管理系统。 通常,设备可以使用内部活动数据以及关于外部活动的数据(例如由远程资源提供)来进行威胁评估和缓解。 设备可以包括例如恶意环境检测(HED)模块来协调威胁评估和缓解。 HED模块可以从远程资源累积内部活动数据(例如,来自设备中的安全服务)和关于系统环境和/或物理环境的外部活动数据。 然后,HED模块可以基于活动数据来评估威胁,并且确定自动和/或手动缓解操作以应对威胁。 在一个实施例中,可视化特征也可以用于例如可视化对用户的威胁,可视化自动/手动缓解操作,请求关于手动缓解操作的执行的用户确认等。
-
公开(公告)号:US20170093906A1
公开(公告)日:2017-03-30
申请号:US14866628
申请日:2015-09-25
CPC分类号: H04L63/1441 , H04L9/3218 , H04L9/3234 , H04L9/3271 , H04L63/1433
摘要: Technologies for anonymous context attestation and threat analytics include a computing device to receive sensor data generated by one or more sensors of the computing device and generate an attestation quote based on the sensor data. The attestation quote includes obfuscated attributes of the computing device based on the sensor data. The computing device transmits zero knowledge commitment of the attestation quote to a server and receives a challenge from the server in response to transmitting the zero knowledge commitment. The challenge requests an indication regarding whether the obfuscated attributes of the computing device have commonality with attributes identified in a challenge profile received with the challenge. The computing device generates a zero knowledge proof that the obfuscated attributes of the computing device have commonality with the attributes identified in the challenge profile.
-
公开(公告)号:US20160286393A1
公开(公告)日:2016-09-29
申请号:US14669268
申请日:2015-03-26
CPC分类号: H04W12/06 , G06F21/35 , G06F21/43 , H04L9/3215 , H04L9/3234 , H04L63/0853 , H04L63/18 , H04L2209/80 , H04W12/08
摘要: In an embodiment, at least one non-transitory computer readable storage medium includes instructions that when executed enable a system to: request, by an authentication logic of the system during a multi-factor authentication of a user of the system to obtain access to a first service, a token to be sent from a second system associated with the first service to a third system associated with the user; receive, in the authentication logic, the token from the third system without user involvement via a secure channel; and send the token from the authentication logic to the second system to authenticate the user. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,至少一个非暂时性计算机可读存储介质包括指令,当被执行时,该指令使得系统能够在系统的用户的多因素认证期间由系统的认证逻辑请求以获得对 第一服务,要从与第一服务相关联的第二系统发送到与用户相关联的第三系统的令牌; 在认证逻辑中接收来自第三系统的令牌,而无需通过安全信道进行用户参与; 并将令牌从认证逻辑发送到第二系统以认证用户。 描述和要求保护其他实施例。
-
公开(公告)号:US20150057839A1
公开(公告)日:2015-02-26
申请号:US14128569
申请日:2013-08-26
申请人: Sherry S. Chang , Jason Martin , Abhilasha Bhargav-Spantzel , Hormuzd M. Khosravi , Craig T. Owen
发明人: Sherry S. Chang , Jason Martin , Abhilasha Bhargav-Spantzel , Hormuzd M. Khosravi , Craig T. Owen
IPC分类号: B60R16/037
CPC分类号: B60R16/037 , B60R16/0373
摘要: Embodiments of apparatus and methods for configuring user customizable operational features of a vehicle are described. In embodiments, an apparatus may include a communication module configured to be disposed in the vehicle, and communicate with a mobile device a user. The apparatus may further include a controller configured to be disposed in the vehicle and coupled with the communication module, to obtain from the mobile device, one or more preferences of the user for one or more user customizable features of the vehicle, and adjust the one or more user customizable operational features of the vehicle based at least in part on the one or more preferences of the user obtained. Other embodiments may be described and/or claimed.
摘要翻译: 描述了用于配置车辆的用户可定制操作特征的装置和方法的实施例。 在实施例中,装置可以包括被配置为布置在车辆中并且与用户的移动设备通信的通信模块。 该装置还可以包括控制器,其被配置为设置在车辆中并与通信模块耦合,以从移动设备获得用户对于车辆的一个或多个用户可定制特征的一个或多个偏好,并且调整一个 至少部分地基于所获得的用户的一个或多个偏好来确定车辆的用户可自定义的操作特征。 可以描述和/或要求保护其他实施例。
-
公开(公告)号:US20160180068A1
公开(公告)日:2016-06-23
申请号:US14580817
申请日:2014-12-23
申请人: Barnan Das , Abhilasha Bhargav-Spantzel , Narayan Biswal , Micha J Sheller , Ned M Smith , Hormuzd M. Khosravi
发明人: Barnan Das , Abhilasha Bhargav-Spantzel , Narayan Biswal , Micha J Sheller , Ned M Smith , Hormuzd M. Khosravi
CPC分类号: G06F21/32 , G06F21/316 , H04L63/0861 , H04L63/1408 , H04L2463/082
摘要: Technologies for multi-factor authentication of a user include a computing device with one or more sensors. The computing device may authenticate the user by analyzing biometric and/or environmental sensor data to determine whether to allow the user access to a computing device. To do so, the computing device may determine reliability scores based on the environment during authentication for each biometric authentication factor used to authenticate the user. Additionally, the computing device may determine a login pattern based on sensor data collected during historical authentication attempts by the user over a period of time. The computing device may apply a machine-learning classification algorithm to determine classification rules, based on the login pattern, applied by the computing device to determine whether to allow the user access to the computing device. Other embodiments are described herein and claimed.
摘要翻译: 用于用户的多因素认证的技术包括具有一个或多个传感器的计算设备。 计算设备可以通过分析生物特征和/或环境传感器数据来认证用户,以确定是否允许用户访问计算设备。 为了这样做,计算设备可以基于用于认证用户的每个生物认证因子的认证期间的环境来确定可靠性评分。 此外,计算设备可以基于用户在一段时间内的历史认证尝试期间收集的传感器数据来确定登录模式。 计算设备可以应用机器学习分类算法,以基于由计算设备应用的登录模式来确定是否允许用户访问计算设备的分类规则。 其他实施例在本文中被描述并被要求保护。
-
6.发明申请METHOD AND DEVICE FOR SECURE COMMUNICATIONS OVER A NETWORK USING A HARDWARE SECURITY ENGINE 有权使用硬件安全引擎在网络上进行安全通信的方法和设备公开(公告)号:US20150039890A1
公开(公告)日:2015-02-05
申请号:US13997412
申请日:2011-12-15
IPC分类号: H04L9/08
CPC分类号: H04L9/0838 , H04L9/0841 , H04L9/0861 , H04L63/061
摘要: A method, device, and system for establishing a secure communication session with a server includes initiating a request for a secure communication session, such as a Secure Sockets Layer (SLL) communication session with a server using a nonce value generated in a security engine of a system-on-a-chip (SOC) of a client device. Additionally, a cryptographic key exchange is performed between the client and the server to generate a symmetric session key, which is stored in a secure storage of the security engine. The cryptographic key exchange may be, for example, a Rivest-Shamir-Adleman (RSA) key exchange or a Diffie-Hellman key exchange. Private keys and other data generated during the cryptographic key exchange may be generated and/or stored in the security engine.
摘要翻译: 用于与服务器建立安全通信会话的方法,设备和系统包括:使用在安全引擎中生成的随机值发起与服务器的安全通信会话的安全套接层(SLL)通信会话的请求, 客户端设备的片上系统(SOC)。 此外,在客户机和服务器之间执行加密密钥交换以产生存储在安全引擎的安全存储器中的对称会话密钥。 加密密钥交换可以是例如Rivest-Shamir-Adleman(RSA)密钥交换或Diffie-Hellman密钥交换。 在密钥交换期间生成的私钥和其他数据可以被生成和/或存储在安全引擎中。
-
7.发明授权Secure local boot using third party data store (3PDS) based ISO image 有权使用基于第三方数据存储(3PDS)的ISO映像进行本地启动公开(公告)号:US08751782B2
公开(公告)日:2014-06-10
申请号:US12970698
申请日:2010-12-16
CPC分类号: G06F21/572 , G06F21/575
摘要: In some embodiments, the invention involves a method and apparatus for secure/authenticated local boot of a host operating system on a computing platform using active management technology (AMT) with a third party data store (3PDS)-based ISO firmware image. A portion of non-volatile memory is hardware secured against access by the host processor and OS, and accessible only to the AMT. The AMT comprises an AT/ATAPI protocol emulator to access an ISO boot image from secured memory, while appearing to the host processor as a communication with an AT/ATAPI device. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,本发明涉及一种用于使用基于第三方数据存储(3PDS)的ISO固件映像的主动管理技术(AMT)在计算平台上安全/认证的主机操作系统本地引导的方法和装置。 非易失性存储器的一部分是由主机处理器和OS访问的硬件安全的,并且只能由AMT访问。 AMT包括AT / ATAPI协议仿真器,用于从安全存储器访问ISO引导映像,同时作为与AT / ATAPI设备的通信向主机处理器呈现。 描述和要求保护其他实施例。
-
公开(公告)号:US08635705B2
公开(公告)日:2014-01-21
申请号:US12658876
申请日:2010-02-17
申请人: Ravi L. Sahita , David M. Durham , Steve Orrin , Yasser Rasheed , Prasanna G. Mulgaonkar , Paul S. Schmitz , Hormuzd M. Khosravi
发明人: Ravi L. Sahita , David M. Durham , Steve Orrin , Yasser Rasheed , Prasanna G. Mulgaonkar , Paul S. Schmitz , Hormuzd M. Khosravi
摘要: In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.
摘要翻译: 在一些实施例中,方法可以提供带外(OOB)代理来保护平台。 OOB代理可能能够使用非TRS方法来测量和保护带内安全代理。 在一些实施例中,可管理性引擎可以向带内和带外安全代理提供带外连接,并提供对系统存储器资源的访问,而不必依赖于OS服务。 这可以用于受信任的反恶意软件和修复服务。
-
公开(公告)号:US08375430B2
公开(公告)日:2013-02-12
申请号:US11475751
申请日:2006-06-27
CPC分类号: H04L9/3234 , H04L9/3271 , H04L63/162 , H04W12/06
摘要: Secure re-authentication of host devices roaming between different connection and/or access points within a network controlled by the same administrative domain is described. Platform overhead associated with exchanging information for authentication and/or validation on each new connection during mobility is reduced by enabling prior authenticated network access to influence subsequent network access.
摘要翻译: 描述在由相同管理域控制的网络内的不同连接和/或接入点之间漫游的主机设备的安全重新认证。 通过使先前的经过身份验证的网络访问来影响后续网络访问,减少了在移动性期间在每个新连接上交换用于认证和/或验证的信息的平台开销。
-
10.发明授权Secure software licensing and provisioning using hardware based security engine 有权使用基于硬件的安全引擎来安全的软件许可和配置公开(公告)号:US08332631B2
公开(公告)日:2012-12-11
申请号:US12951853
申请日:2010-11-22
CPC分类号: H04L9/0825 , G06F21/10 , G06F21/105 , H04L9/3228 , H04L9/3247 , H04L63/061 , H04L63/123 , H04L2209/60 , H04L2463/061 , H04L2463/101
摘要: Provisioning a license and an application program from a first server to a computing platform over a network. The host application derives a symmetric key at least in part from a user password, and sends the license to a license management firmware component of a security engine, in a message signed by the symmetric key. The license management firmware component derives the symmetric key at least in part from the user password stored in a secure storage of the security engine, verifies the signature on the message using the symmetric key, verifies the first server's signature on the license, decrypts the license using a first private key of the license management firmware component corresponding to the first public key to obtain the second key, and sends the second key to the host application, which decrypts the application program using the second key.
摘要翻译: 通过网络将许可证和应用程序从第一个服务器提供给计算平台。 主机应用至少部分地从用户密码中导出对称密钥,并将该许可证发送到由对称密钥签名的消息中的安全引擎的许可证管理固件组件。 许可证管理固件组件至少部分地从存储在安全引擎的安全存储器中的用户密码中导出对称密钥,使用对称密钥验证消息上的签名,验证许可证上的第一服务器的签名,解密许可证 使用与第一公钥相对应的许可证管理固件组件的第一私钥来获得第二密钥,并将第二密钥发送到使用第二密钥解密应用程序的主机应用。
-
-
-
-
-
-
-
-
-
搜索结果
93 条记录 (耗时 0.038 秒)