公开(公告)号：US20200314079A1

公开(公告)日：2020-10-01

申请号：US16847941

申请日：2020-04-14

Applicant: Intel Corporation

Inventor： Venky P. Venkateswaran ,  Jason Martin ,  Gyan Prakash

IPC: H04L29/06 ,  G06F21/31 ,  H04W12/06

Abstract: A machine-readable medium comprises data which, if used by a computing system, causes the computing system to (a) determine a first environmental factor corresponding to a first location of a user; (b) determine a second environmental factor corresponding to an identity of the user; (c) access first and second preconfigured authorization policies in response to determining the first and second environmental factors, respectively; (d) determine first and third security access mechanisms in response to accessing the first authorization policy; (e) determine a second security access mechanism in response to accessing the second authorization policy; (f) allow the user access to a first module of the computing system when the user complies with both the first and third security access mechanisms; and (g) allow the user access to a second module in response to the user's compliance with the second security access mechanism. Other embodiments are described and claimed.

公开(公告)号：US10484378B2

公开(公告)日：2019-11-19

申请号：US15098524

申请日：2016-04-14

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Conor P. Cahill ,  Jason Martin ,  Abhilasha Bhargav-Spantzel ,  Sanjay Bakshi

IPC: H04L29/06 ,  G06F21/45 ,  G06F21/62

Abstract: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.

公开(公告)号：US20190138423A1

公开(公告)日：2019-05-09

申请号：US16235959

申请日：2018-12-28

Applicant: Intel Corporation

Inventor： Mats Agerstam ,  Bahareh Sadeghi ,  Jason Martin ,  Jeffrey Ota ,  Justin Gottschlich ,  Marcos Carranza ,  Maria Ramirez Loaiza ,  Alexander Heinecke ,  Mohammad Mejbah Ul Alam ,  Robert Colby ,  Sara Baghsorkhi ,  Shengtian Zhou

IPC: G06F11/34 ,  H04L12/24 ,  G06F11/00 ,  H04L29/06 ,  H04L29/08 ,  G06K9/62 ,  H04L12/66 ,  G06N20/00

Abstract: An apparatus includes a data interface to obtain first sensor data from a first sensor and second sensor data from a second sensor of a monitored system; a data analyzer to extract a feature based on analyzing the first and second sensor data using a model, the model trained based on historical sensor data, the model to determine the feature as a deviation between the first and second sensor data to predict a future malfunction of the monitored system; an anomaly detector to detect an anomaly in at least one of the first sensor data or the second sensor data based on the feature, the anomaly corresponding to the future malfunction of the monitored system; and a system applicator to modify operation of the monitored system based on the anomaly.

公开(公告)号：US20190129822A1

公开(公告)日：2019-05-02

申请号：US16234503

申请日：2018-12-27

Applicant: Intel Corporation

Inventor： Mohammad Mejbah Ul Alam ,  Jason Martin ,  Justin Gottschlich ,  Alexander Heinecke ,  Shengtian Zhou

IPC: G06F11/34 ,  G06F11/30 ,  G06F11/32 ,  G06N3/08

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed. An example system includes a memory accessed by a program of interest, a performance monitoring unit to collect first memory access information and second memory access information about an object accessed in the memory by the program of interest; and a leak detector to: determine a non-access period based on the first memory access information and an unsupervised machine learning model trained based on the program of interest; and detect a potential memory leak of the program of interest based on the second memory access information and the non-access period.

公开(公告)号：US09519803B2

公开(公告)日：2016-12-13

申请号：US13690401

申请日：2012-11-30

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Jason Martin ,  Michael Goldsmith ,  Ravi L. Sahita ,  Francis X. McKeen ,  Carlos Rozas ,  Balaji Vembu ,  Scott Janus ,  Geoffrey S. Strongin ,  Xiaozhu Kang ,  Karanvir S. Grewal ,  Siddhartha Chhabra ,  Alpha T. Narendra Trivedi

IPC: G06F21/00 ,  G06F21/64 ,  G06F21/53 ,  G06F21/56

CPC classification number: G06F21/64 ,  G06F21/53 ,  G06F21/56

Abstract: In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.

Abstract translation: 根据一些实施例，可以为图形处理单元定义受保护的执行环境。 该框架不仅保护了图形处理单元上运行的恶意软件的工作负载，还保护了这些工作负载免受中央处理单元上运行的恶意软件。 此外，信任框架可以通过测量用于执行工作负载的代码和数据结构来促进安全执行的证明。 如果该框架或受保护的执行环境的可信计算基础的一部分受到损害，那么该部分可以被远程修补，并且在一些实施例中可以通过验证远程验证修补。

公开(公告)号：US09514317B2

公开(公告)日：2016-12-06

申请号：US14367405

申请日：2013-12-19

Applicant: INTEL CORPORATION

Inventor： Jason Martin ,  Matthew Hoekstra

IPC: G06F21/62 ,  H04L29/06 ,  G06F9/455 ,  G06F21/60 ,  G06F21/10

CPC classification number: G06F21/62 ,  G06F9/45558 ,  G06F21/10 ,  G06F21/56 ,  G06F21/602 ,  G06F21/74 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/0724 ,  G06F2221/2105 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/145 ,  H04L63/20

Abstract: An embodiment includes a method executed by at least one processor comprising: initializing first and second secure enclaves each comprising a trusted software execution environment that prevents software executing outside the first and second secure enclaves from having access to software and data inside the first and second secure enclaves; the first secure enclave (a)(i) inspecting a policy, (a)(ii) authenticating the second secure enclave in response to inspecting the policy; and (a)(iii) communicating encrypted content to the second secure enclave in response to authenticating the second secure enclave; and the second secure enclave (b)(i) decrypting the encrypted content to produce decrypted content, and (b)(ii) inspecting the decrypted content. Other embodiments are described herein.

Abstract translation: 一个实施例包括由至少一个处理器执行的方法，包括：初始化第一和第二安全空间，每个包括可信软件执行环境，其防止在第一和第二安全区域之外执行的软件在第一和第二安全区域内访问软件和数据 飞地 第一个安全飞地（a）（i）检查政策，（a）（ii）对检查该政策的第二个安全飞地进行认证; 和（a）（iii）响应于认证所述第二安全飞地而将加密的内容传送到所述第二安全飞地; 和第二安全飞地（b）（i）解密加密的内容以产生解密的内容，以及（b）（ii）检查解密的内容。 本文描述了其它实施例。

公开(公告)号：US09450931B2

公开(公告)日：2016-09-20

申请号：US13840572

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Micah Sheller ,  Conor Cahill ,  Jason Martin ,  Brandon Baker

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  G06F21/57

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

公开(公告)号：US20160092665A1

公开(公告)日：2016-03-31

申请号：US14499138

申请日：2014-09-27

Applicant: Intel Corporation

Inventor： Melissa A. Cowan ,  Ramune Nagisetty ,  Jason Martin ,  Richard A. Forand ,  Conor P. Cahill ,  Bradley A. Jackson

IPC: G06F21/34 ,  G06F21/35

CPC classification number: G06F21/35 ,  G06F21/32 ,  G06F2221/2133 ,  H04W12/06

Abstract: An initial authentication of a user, if successful, causes a token to be stored on, and presented from, a wearable device (WD). The WD continually monitors one or more of the wearer's vital signs to confirm that (1) the WD is being worn by a living person rather than an inanimate simulacrum, and (2) the WD is still worn by the same person who underwent the authentication. The token can be read by a token-reader on at least one protected device (PD). If the token is valid, its presentation serves as authentication and the token-reader grants the user access to the PD. If the WD vital-sign signal is interrupted when the user removes the WD, the WD stops presenting the token and can no longer be used to access a PD.

Abstract translation: 用户的初始认证（如果成功）导致将令牌存储在可穿戴设备（WD）上并从可穿戴设备（WD）呈现。 WD持续监测一个或多个佩戴者的生命体征，以确认（1）WD由正在使用的人而不是无生命的模拟人员穿戴，以及（2）WD仍然由同一人进行身份验证 。 令牌可以由至少一个受保护设备（PD）上的令牌读取器读取。 如果令牌有效，则其演示文稿用作身份验证，令牌读取器授予用户对PD的访问权。 如果用户删除WD时W​​D生命信号中断，则WD停止显示令牌，不能再用于访问PD。

公开(公告)号：US09248794B2

公开(公告)日：2016-02-02

申请号：US14128569

申请日：2013-08-26

Applicant: INTEL CORPORATION

Inventor： Sherry S. Chang ,  Jason Martin ,  Abhilasha Bhargav-Spantzel ,  Hormuzd M. Khosravi ,  Craig T. Owen

IPC: B60R16/037

CPC classification number: B60R16/037 ,  B60R16/0373

Abstract: Embodiments of apparatus and methods for configuring user customizable operational features of a vehicle are described. In embodiments, an apparatus may include a communication module configured to be disposed in the vehicle, and communicate with a mobile device a user. The apparatus may further include a controller configured to be disposed in the vehicle and coupled with the communication module, to obtain from the mobile device, one or more preferences of the user for one or more user customizable features of the vehicle, and adjust the one or more user customizable operational features of the vehicle based at least in part on the one or more preferences of the user obtained. Other embodiments may be described and/or claimed.

Abstract translation: 描述了用于配置车辆的用户可定制操作特征的装置和方法的实施例。 在实施例中，装置可以包括被配置为布置在车辆中并且与用户的移动设备通信的通信模块。 该装置还可以包括控制器，其被配置为设置在车辆中并与通信模块耦合，以从移动设备获得用户对于车辆的一个或多个用户可定制特征的一个或多个偏好，并且调整一个 至少部分地基于所获得的用户的一个或多个偏好来确定车辆的用户可自定义的操作特征。 可以描述和/或要求保护其他实施例。

公开(公告)号：US20240211549A1

公开(公告)日：2024-06-27

申请号：US18591640

申请日：2024-02-29

Applicant: Intel Corporation

Inventor： Marius Arvinte ,  Brandon Edwards ,  Cory Cornelius ,  Jason Martin ,  Sebastian Szyller ,  Micah Sheller ,  Nageen Himayat

IPC: G06F21/10

CPC classification number: G06F21/101

Abstract: An example apparatus includes interface circuitry, machine-readable instructions, and at least one processor circuit to be programmed by the machine-readable instructions to access a first set of samples associated with a diffusion model, the first set of samples including a plurality of input data samples, generate a representation of the first set of samples, sample the representation of the first set of samples to generate a representation of a second set of samples, and generate the second set of samples from the representation of the second set of samples, the second set of samples including a plurality of output data samples, an output data sample corresponding to an input data sample and being different from the corresponding input data sample.