公开(公告)号：US20160182228A1

公开(公告)日：2016-06-23

申请号：US14580681

申请日：2014-12-23

Applicant: Intel Corporation

Inventor： NED M. SMITH ,  WILLIAM C. DELEEUW ,  THOMAS G. WILLIS

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0841 ,  H04L9/002 ,  H04L9/3215 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/1475

Abstract: A data processing system (DPS) supports exchange of digital keys. The DPS comprises a communication module which, when executed by the DPS, is operable to receive, via multiple different network routes, multiple copies of a seed message from a second DPS, as part of a Diffie-Hellman key exchange process with the second DPS, wherein each copy of the seed message includes a seed value. The DPS also comprises a security module which, when executed by the DPS, is operable to perform operations comprising (a) determining a prevalent seed value, based on the multiple copies of the seed message; (b) computing a prevalence metric to indicate how many of the seed messages contained the prevalent seed value; and (c) determining whether a seed exchange portion of the Diffie-Hellman key exchange process has been successfully performed, based on the prevalence metric. Other embodiments are described and claimed.

Abstract translation: 数据处理系统（DPS）支持数字键的交换。 DPS包括通信模块，当由DPS执行时，该通信模块可操作以经由多个不同网络路由从第二DPS接收种子消息的多个副本，作为与第二DPS的Diffie-Hellman密钥交换过程的一部分 ，其中种子消息的每个副本包括种子值。 DPS还包括一个安全模块，当由DPS执行时，该模块可操作以执行操作，该操作包括：（a）基于种子消息的多个副本来确定普遍的种子值; （b）计算流行度量以指示种子消息中有多少含有普遍种子值; 以及（c）基于流行度量确定是否成功地执行了Diffie-Hellman密钥交换过程的种子交换部分。 描述和要求保护其他实施例。

公开(公告)号：US20160366141A1

公开(公告)日：2016-12-15

申请号：US14998275

申请日：2015-12-26

Applicant: Intel Corporation

Inventor： NED M. SMITH ,  SHAO-WEN YANG ,  NATHAN HELDT-SHELLER ,  THOMAS G. WILLIS

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L41/12 ,  H04L63/062 ,  H04L63/08 ,  H04L63/104 ,  H04L67/12 ,  H04W4/70 ,  H04W12/04 ,  H04W12/08

Abstract: In one embodiment, a method includes: presenting, in a user interface of an authoring tool, a plurality of levels of abstraction for a network having a plurality of devices; receiving information from a user regarding a subset of the plurality of devices to be provisioned with one or more security keys and an access control policy; automatically provisioning a key schedule for the subset of the plurality of devices in the network based on the user input and a topological context of the network; and automatically provisioning the access control policy for the subset of the plurality of devices in the network based on the user input and the topological context of the network.

Abstract translation: 在一个实施例中，一种方法包括：在创作工具的用户界面中呈现具有多个设备的网络的多个抽象级别; 从用户接收关于要被提供的多个设备的子集的信息，其具有一个或多个安全密钥和访问控制策略; 基于所述用户输入和所述网络的拓扑上下文，自动地为所述网络中的所述多个设备的子集提供密钥调度; 以及基于所述用户输入和所述网络的拓扑上下文，自动地为所述网络中的所述多个设备的子集提供所述访问控制策略。

公开(公告)号：US20170039389A1

公开(公告)日：2017-02-09

申请号：US15039021

申请日：2013-12-24

Applicant: INTEL CORPORATION

Inventor： NED M. SMITH ,  NATHAN HELDT-SHELLER ,  THOMAS G. WILLIS

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F17/00 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6263 ,  G06Q30/02

Abstract: This disclosure is directed to privacy enforcement via localized personalization. An example device may comprise at least a user interface to present content. A message may be received into a trusted execution environment (TEE) situated within the device or remotely, the message including at least metadata and content. The TEE may determine relevance of the content to a user based on the metadata and user data. Based on the relevance, the TEE may cause the content to be presented to the user via the user interface. In one embodiment, the TEE may be able to personalize the content based on the user data prior to presentation. If the content includes an offer, the TEE may also be able to present counteroffers to the user based on user interaction with the content. The TEE may also be able to cause feedback data to be transmitted to at least the content provider.

Abstract translation: 本公开旨在通过本地化个性化进行隐私执行。 示例性设备可以至少包括用于呈现内容的用户界面。 消息可以被接收到位于设备内或远程的可信任执行环境（TEE）中，该消息至少包括元数据和内容。 TEE可以基于元数据和用户数据确定内容与用户的相关性。 基于相关性，TEE可能会通过用户界面将内容呈现给用户。 在一个实施例中，TEE可以在呈现之前基于用户数据来个性化内容。 如果内容包括报价，则TEE也可以基于用户与内容的交互来向用户呈现反作者。 TEE也可能导致反馈数据被传送到至少内容提供者。