公开(公告)号：US20220141041A1

公开(公告)日：2022-05-05

申请号：US17435500

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Bhushan Girishkumar Parikh ,  Hari K. Tadepalli ,  Stephen T. Palermo ,  Thomas Joseph O'Dwyer ,  Abhilasha Bhargav-Spantzel ,  Ned M. Smith

IPC: H04L9/32 ,  H04L9/30

Abstract: An apparatus operating as a certificate authority (CA) is described. The apparatus can perform operations including receiving, from a plurality of requesting devices, a request to join a group. The request can include identification information for the group and attestation evidence for the plurality of requesting devices. Responsive to receiving the request, the apparatus can provide a group certificate for the group to the plurality of requesting devices.

公开(公告)号：US20200275273A1

公开(公告)日：2020-08-27

申请号：US16647403

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Mats Gustav Agerstam ,  Nathan Heldt-Sheller ,  Abhilasha Bhargav-Spantzel

IPC: H04W12/08 ,  H04W12/00 ,  H04W8/00 ,  H04L29/06

Abstract: Various systems and methods for establishing network connectivity and onboarding for Internet of Things (IoT) devices and trusted platforms, including in Open Connectivity Foundation (OCF) specification device deployments, are discussed. In an example, a zero touch owner transfer method includes operations of: receiving a first request from a new device for network access to begin an onboarding procedure with a network platform; transmitting credentials of a first network to the new device, the first network used to access a rendezvous server and obtain onboarding information associated with the network platform; receiving a second request from the new device for network access to continue the onboarding procedure; and transmitting credentials of a second network to the new device, as the new device uses the second network to access the onboarding server of the network platform and perform or complete the onboarding procedure with the network platform.

公开(公告)号：US20190163900A1

公开(公告)日：2019-05-30

申请号：US16246187

申请日：2019-01-11

Applicant: Intel Corporation

Inventor： Zheng Zhang ,  Jason Martin ,  Justin Gottschlich ,  Abhilasha Bhargav-Spantzel ,  Salmin Sultana ,  Li Chen ,  Wei Li ,  Priyam Biswas ,  Paul Carlson

IPC: G06F21/52 ,  G05B23/02 ,  G06N20/00 ,  G06F21/51

Abstract: Methods, systems, articles of manufacture and apparatus to detect process hijacking are disclosed herein. An example apparatus to detect control flow anomalies includes a parsing engine to compare a target instruction pointer (TIP) address to a dynamic link library (DLL) module list, and in response to detecting a match of the TIP address to a DLL in the DLL module list, set a first portion of a normalized TIP address to a value equal to an identifier of the DLL. The example apparatus disclosed herein also includes a DLL entry point analyzer to set a second portion of the normalized TIP address based on a comparison between the TIP address and an entry point of the DLL, and a model compliance engine to generate a flow validity decision based on a comparison between (a) the first and second portion of the normalized TIP address and (b) a control flow integrity model.

公开(公告)号：US20180183586A1

公开(公告)日：2018-06-28

申请号：US15392205

申请日：2016-12-28

Applicant: Intel Corporation

Inventor： Abhilasha Bhargav-Spantzel ,  Ned M. Smith ,  Hormuzd M. Khosravi ,  Sze Yiu Chau

IPC: H04L9/08 ,  G06F21/32 ,  H04L9/32

CPC classification number: H04L9/0861 ,  G06F21/32 ,  G06F21/33 ,  G06F2221/2111 ,  H04L9/0866 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L2463/082

Abstract: Various systems and methods for performing cryptographic operations based on an authentication policy are discussed. In an example, an authentication policy for implementing a user authentication factor (or multiple factors) may be deployed at a client computing device to control generation and use of a cryptographic key. Operations for generating a cryptographic key in accordance with an authentication policy may include: receiving the authentication policy from a policy broker, generating the cryptographic key in response to receipt of the user authentication factor defined by the authentication policy, generating attestation data that indicates compliance with the authentication policy, and communicating the attestation data to the policy broker. Operations for using the cryptographic key in accordance with the authentication policy may include: receiving a request to access the cryptographic key, and accessing the cryptographic key in response to successful receipt of the user authentication factor defined by the authentication policy.

公开(公告)号：US09973527B2

公开(公告)日：2018-05-15

申请号：US14359969

申请日：2013-11-19

Applicant: Intel Corporation

Inventor： Abhilasha Bhargav-Spantzel ,  John B. Vicente ,  Mohammad R. Haghighat ,  Oliver W. Chen ,  Hormuzd M. Khosravi ,  Uri Kahana

IPC: G06F12/14 ,  H04L29/06 ,  G06F3/0484 ,  G06F17/30 ,  G06F21/55 ,  G06F21/57

CPC classification number: H04L63/1441 ,  G06F3/0484 ,  G06F17/30864 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/2105

Abstract: This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.

公开(公告)号：US20170289153A1

公开(公告)日：2017-10-05

申请号：US15089070

申请日：2016-04-01

Applicant: Intel Corporation

Inventor： Michael Raziel ,  Abhilasha Bhargav-Spantzel ,  Hormuzd M. Khosravi ,  Ned M. Smith

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L9/0897 ,  H04L9/3271 ,  H04L63/0869 ,  H04L63/18

Abstract: Systems, apparatuses and methods may provide for generating, at a computing device, a challenge message in response to a recovery request and conducting a verification of one or more responses to the challenge message based on an encryption key stored in a hardware-based trusted execution environment (TEE) of the computing device. Additionally, an authentication template associated with a multifactor authentication service may be unlocked if the verification is successful.

公开(公告)号：US20160350761A1

公开(公告)日：2016-12-01

申请号：US14724025

申请日：2015-05-28

Applicant: Intel Corporation

Inventor： Michael Raziel ,  Ned M. Smith ,  Alex Nayshtut ,  Hormuzd M. Khosravi ,  Abhilasha Bhargav-Spantzel ,  Meir Shaked

IPC: G06Q20/40

CPC classification number: G06Q20/40145 ,  G06Q2220/00

Abstract: A method for managing a reference template for authentication includes generating the reference template using gait data collected during a training period. A user is authenticated utilizing the reference template. A universal background model (UBM) is generated using gait data collected after the training period. The reference template is updated using the UBM.

Abstract translation: 用于管理用于认证的参考模板的方法包括使用在训练期间收集的步态数据来生成参考模板。 使用参考模板对用户进行身份验证。 通过训练后采集的步态数据生成通用背景模型（UBM）。 参考模板使用UBM进行更新。

公开(公告)号：US12034873B2

公开(公告)日：2024-07-09

申请号：US17435500

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Bhushan Girishkumar Parikh ,  Hari K. Tadepalli ,  Stephen T. Palermo ,  Thomas Joseph O'Dwyer ,  Abhilasha Bhargav-Spantzel ,  Ned M. Smith

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/3066 ,  H04L9/3218

Abstract: An apparatus operating as a certificate authority (CA) is described. The apparatus can perform operations including receiving, from a plurality of requesting devices, a request to join a group. The request can include identification information for the group and attestation evidence for the plurality of requesting devices. Responsive to receiving the request, the apparatus can provide a group certificate for the group to the plurality of requesting devices.

公开(公告)号：US20220014917A1

公开(公告)日：2022-01-13

申请号：US17484473

申请日：2021-09-24

Applicant: Intel Corporation

Inventor： Abhilasha Bhargav-Spantzel ,  Michael Glik ,  Matan Levy ,  Ned M. Smith ,  Izoslav Tchigevsky

IPC: H04W12/06 ,  H04W12/0431 ,  G06F9/455

Abstract: Systems and methods for a virtual machine executing on a host device to establish a secured wireless connection and control a wireless network device without being exposed to the wireless network credentials are provided. A supplicant proxy is provided at the virtual machine to route authentication requests generated at the virtual machine through a supplicant and receive session keys from the supplicant, where the supplicant is at another virtual machine executing on the host device and has access to the network credentials.

公开(公告)号：US20220014520A1

公开(公告)日：2022-01-13

申请号：US17483652

申请日：2021-09-23

Applicant: Intel Corporation

Inventor： Abhilasha Bhargav-Spantzel ,  Michael Glik ,  Matan Levy ,  Ned M. Smith ,  Izoslav Tchigevsky

IPC: H04L29/06 ,  G06F9/455 ,  H04L12/24

Abstract: Systems and methods for a host device to mediate access by virtual machines executing on the host device to network connections of the host device based on characteristic of the network connection and on a per virtual machine basis are provided. The host device can execute a root partition or operating system and can include a switch to mediate connection between individual virtual switches of the virtual machines and the network stack of the root partition.