公开(公告)号：US20220027894A1

公开(公告)日：2022-01-27

申请号：US17497074

申请日：2021-10-08

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  David W. Grawrock ,  Geoffrey H. Cooper

IPC: G06Q20/36 ,  G06Q20/02 ,  G06Q20/20 ,  G06Q20/38 ,  G06Q20/40

Abstract: Technologies for device commissioning include a rendezvous server to receive, from a buyer device, a request to transfer ownership of a compute device to the buyer device. The rendezvous server verifies the provenance of the compute device based on a block chain and establishes a secure session with the compute device in response to verification of the provenance. The block chain identifies each transaction associated with ownership of the compute device.

公开(公告)号：US20210044948A1

公开(公告)日：2021-02-11

申请号：US17083374

申请日：2020-10-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W4/70 ,  H04W4/00 ,  H04W12/06 ,  H04L29/06

Abstract: In one embodiment, a domain controller includes a quarantine logic to quarantine unknown devices from unrestricted network access. The quarantine logic comprises a first quarantine point at a first layer of a multi-layer communication model. The domain controller also includes: a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point that comprises a second quarantine point at a second layer of the multi-level communication model. The second layer is a lower layer than the first layer, and the second quarantine point is more restrictive than the first. Other embodiments are described and claimed.

公开(公告)号：US10411905B2

公开(公告)日：2019-09-10

申请号：US15201219

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  David W. Grawrock

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/00 ,  H04L9/06 ,  H04L9/14 ,  H04L9/30

Abstract: Techniques for implementing public key infrastructure using blockchains are described. An apparatus may receive, from a introducee principal, a proof-of-work. The apparatus may combine the proof-of-work with an identifier of the introducee principal. The apparatus may generate an introduction of the introducee principal. The introduction may include signing, using an asymmetric private key assigned to the apparatus, the combination of the proof-of-work and the identifier of the introducee principal. The apparatus may publish the introduction of the introducee principal to a blockchain.

公开(公告)号：US09990208B2

公开(公告)日：2018-06-05

申请号：US15402663

申请日：2017-01-10

Applicant: Intel Corporation

Inventor： James A. Sutton, II ,  David W. Grawrock

IPC: G06F9/44 ,  G06F12/14 ,  G06F21/57 ,  G06F9/445 ,  G01N23/223 ,  G01N33/50 ,  G01N33/68 ,  H04L9/32 ,  G06F12/0802 ,  G06F13/42

CPC classification number: G06F9/4403 ,  G01N23/223 ,  G01N33/502 ,  G01N33/6872 ,  G01N2223/076 ,  G06F9/44505 ,  G06F12/0802 ,  G06F12/145 ,  G06F12/1458 ,  G06F13/4282 ,  G06F21/57 ,  G06F21/572 ,  G06F2212/1052 ,  G06F2212/60 ,  G06F2213/0026 ,  G06F2221/033 ,  H04L9/32 ,  H04L9/3247

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：US09245106B2

公开(公告)日：2016-01-26

申请号：US14464874

申请日：2014-08-21

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Vedvyas Shanbhogue ,  Geoffrey S. Strongin ,  Willard M. Wiseman ,  David W. Grawrock

IPC: G06F12/00 ,  G06F21/44 ,  H04L29/08 ,  G06F21/57 ,  H04L29/06

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

公开(公告)号：US08844021B2

公开(公告)日：2014-09-23

申请号：US13925991

申请日：2013-06-25

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Vedvyas Shanbhogue ,  Geoffrey S. Strongin ,  Willard M. Wiseman ,  David W. Grawrock

IPC: G06F21/44 ,  H04L29/08 ,  G06F21/57 ,  H04L29/06

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器可以强制黑名单并且根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种执行可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁定完整性协议未被验证的设备的列表。 描述和要求保护其他实施例。

公开(公告)号：US11838841B2

公开(公告)日：2023-12-05

申请号：US17821422

申请日：2022-08-22

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W4/70 ,  H04W4/00 ,  H04W12/069 ,  H04L9/40

CPC classification number: H04W4/70 ,  H04L63/06 ,  H04L63/08 ,  H04L63/1441 ,  H04W4/00 ,  H04W12/069

Abstract: In one embodiment, a domain controller (a) quarantines unknown devices at a first quarantine point at a first layer of a multi-layer communication model; (b) communicates with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service; (c) receives a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model; (d) verifies a device type of the first device with the DNS service; and (e) responsive to that verification, provisions the first device into the domain. The domain controller may also send a provisioning response to the access point to enable the first device to be removed from the second quarantine point, to enable the first device to communicate with the domain controller. Other embodiments are described and claimed.

公开(公告)号：US10042649B2

公开(公告)日：2018-08-07

申请号：US15402661

申请日：2017-01-10

Applicant: Intel Corporation

Inventor： James A. Sutton, II ,  David W. Grawrock

IPC: G06F9/44 ,  G06F9/4401 ,  G06F12/14 ,  G06F21/57 ,  G06F9/445 ,  G01N23/223 ,  G01N33/50 ,  G01N33/68 ,  H04L9/32 ,  G06F12/0802 ,  G06F13/42

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：US10015014B2

公开(公告)日：2018-07-03

申请号：US14583701

申请日：2014-12-27

Applicant: Intel Corporation

Inventor： David Johnston ,  David W. Grawrock

IPC: H04L29/06 ,  H04L9/32 ,  G09C1/00

CPC classification number: H04L9/3242 ,  G09C1/00 ,  H04L9/3271

Abstract: Technologies for secure presence assurance include a computing device having a presence assertion circuitry that receives an input seed value and generates a cryptographic hash based on the received input seed value. The computing device further verifies the integrity of the presence assertion circuitry based on the generated cryptographic hash.

公开(公告)号：US20180089001A1

公开(公告)日：2018-03-29

申请号：US15280990

申请日：2016-09-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  David W. Grawrock

IPC: G06F9/50 ,  G06F21/62

CPC classification number: G06F9/5083 ,  G06F9/466 ,  G06F9/5044 ,  G06F9/5077 ,  G06F21/6245

Abstract: Cloud container resource binding and tasking using keys is generally described herein. An example device to bind and perform tasks using cloud-based resource may include a container to claim tasks to be performed and to select and bind to a resource based on capabilities of the resource and requirements of the tasks.