公开(公告)号：US20170244684A1

公开(公告)日：2017-08-24

申请号：US15451600

申请日：2017-03-07

Applicant: Intel Corporation

Inventor： NED M. SMITH ,  CONOR P. CAHILL ,  MICAH J. SHELLER ,  JASON MARTIN

IPC: H04L29/06

CPC classification number: H04L63/06 ,  G06F21/32 ,  G06F21/62 ,  G06F21/78 ,  H04L63/0861

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

公开(公告)号：US20160006732A1

公开(公告)日：2016-01-07

申请号：US14812514

申请日：2015-07-29

Applicant: Intel Corporation

Inventor： NED M. SMITH ,  CONOR P. CAHILL ,  MICAH J. SHELLER ,  JASON MARTIN

IPC: H04L29/06 ,  G06F21/78 ,  G06F21/32

CPC classification number: H04L63/06 ,  G06F21/32 ,  G06F21/62 ,  G06F21/78 ,  H04L63/0861

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

Abstract translation: 通常，本公开描述了用于安全地存储和使用生物测定认证信息（诸如生物测定参考模板）的技术。 在一些实施例中，技术包括将一个或多个生物测定参考模板存储在其存储器中的客户端设备。 客户端设备可以将这样的模板传送到认证设备。 传输可以根据认证设备包括用于模板的合适的受保护环境并将执行可接受的临时存储策略的验证。 这些技术还可以包括认证设备，其被配置为在其受保护的环境中临时存储从客户端设备接收的生物测定参考模板。 在完成生物认证或发生终止事件时，认证设备可以从受保护的环境中删除生物测定参考模板。

公开(公告)号：US20150341332A1

公开(公告)日：2015-11-26

申请号：US14714513

申请日：2015-05-18

Applicant: Intel Corporation

Inventor： NED M. SMITH ,  CONOR P. CAHILL ,  VICTORIA C. MOORE ,  JASON MARTIN ,  MICAH J. SHELLER

IPC: H04L29/06 ,  G06F21/33 ,  G06F21/31

CPC classification number: H04L9/0861 ,  G06F21/31 ,  G06F21/33 ,  G06F21/45 ,  H04L9/3234 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/1466 ,  H04L2209/127 ,  H04L2463/082

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器的安全引擎包括身份提供者逻辑，以生成密钥配对关联系统用户的第一密钥对和提供Web服务并具有通过网络耦合到系统的第二系统的服务提供者， 以执行与所述第二系统的安全通信，以使所述第二系统能够验证所述身份提供者逻辑在可信执行环境中正在执行，并且响应于所述验证​​，将所述第一密钥对的第一密钥发送到所述第二系统。 该密钥可以使得第二系统可以根据多因素认证来验证由身份提供者逻辑传达的断言，用户已被认证给系统。 描述和要求保护其他实施例。