公开(公告)号：US10135828B2

公开(公告)日：2018-11-20

申请号：US15681955

申请日：2017-08-21

Applicant: Intel Corporation

Inventor： Oron Lenz ,  Noam Milshten ,  Ilya Berdichevsky

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/10

Abstract: Technologies for secure server access include a client computing device that loads a license agent into a secure enclave established by a processor of the client computing device. The license agent receives a request from an application to access a remote server device. The license agent opens a secure connection with the server device and performs remote attestation of the secure enclave. The license agent authenticates the user and transmits a machine identifier and a user identifier to the server device. The machine identifier may be based on an enclave sealing key of the client computing device. The server device verifies that the machine identifier and the user identifier are bound to a valid application license. If the machine identifier and the user identifier are successfully verified, the application communicates with the server device using the secure connection. Other embodiments are described and claimed.

公开(公告)号：US20180219841A1

公开(公告)日：2018-08-02

申请号：US15417508

申请日：2017-01-27

Applicant: Intel Corporation

Inventor： Ishai Nadler ,  Ilya Berdichevsky

IPC: H04L29/06 ,  G06F21/62

CPC classification number: G06F21/6218 ,  G06F21/64 ,  H04L9/0637 ,  H04L9/0836 ,  H04L9/0891 ,  H04L9/3236 ,  H04L63/0428 ,  H04L63/123 ,  H04L2209/38

Abstract: A file layout and encryption scheme to protect a data file are introduced. A system, computer-readable medium, and method are provided for selecting an encrypted data node of a data file for writing data, generating a node encryption key for the selected encrypted node, encrypting the selected encrypted node with the node encryption key, saving the node encryption key and a node integrity check value for the node encryption key in a parent encrypted cryptographic node, selecting an ancestor encrypted cryptographic node as the selected encrypted node, and repeating the generating, encrypting, saving, and selecting the ancestor encrypted cryptographic node until the selected ancestor encrypted cryptographic node is a root encrypted cryptographic node for the data file. Encrypting a data node with the node encryption key further saves the data to be written to the encrypted data node.

公开(公告)号：US20180041513A1

公开(公告)日：2018-02-08

申请号：US15681955

申请日：2017-08-21

Applicant: Intel Corporation

Inventor： Oron Lenz ,  Noam Milshten ,  Ilya Berdichevsky

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/10

CPC classification number: H04L63/10 ,  G06F21/10 ,  G06F21/577 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0876 ,  H04L63/102 ,  H04L2463/103

Abstract: Technologies for secure server access include a client computing device that loads a license agent into a secure enclave established by a processor of the client computing device. The license agent receives a request from an application to access a remote server device. The license agent opens a secure connection with the server device and performs remote attestation of the secure enclave. The license agent authenticates the user and transmits a machine identifier and a user identifier to the server device. The machine identifier may be based on an enclave sealing key of the client computing device. The server device verifies that the machine identifier and the user identifier are bound to a valid application license. If the machine identifier and the user identifier are successfully verified, the application communicates with the server device using the secure connection. Other embodiments are described and claimed.

公开(公告)号：US10097554B2

公开(公告)日：2018-10-09

申请号：US15681955

申请日：2017-08-21

Applicant: Intel Corporation

Inventor： Oron Lenz ,  Noam Milshten ,  Ilya Berdichevsky

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/10

Abstract: Technologies for secure server access include a client computing device that loads a license agent into a secure enclave established by a processor of the client computing device. The license agent receives a request from an application to access a remote server device. The license agent opens a secure connection with the server device and performs remote attestation of the secure enclave. The license agent authenticates the user and transmits a machine identifier and a user identifier to the server device. The machine identifier may be based on an enclave sealing key of the client computing device. The server device verifies that the machine identifier and the user identifier are bound to a valid application license. If the machine identifier and the user identifier are successfully verified, the application communicates with the server device using the secure connection. Other embodiments are described and claimed.

公开(公告)号：US09749323B2

公开(公告)日：2017-08-29

申请号：US14670959

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Oron Lenz ,  Noam Milshten ,  Ilya Berdichevsky

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/10

CPC classification number: H04L63/10 ,  G06F21/10 ,  G06F21/577 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0876 ,  H04L63/102 ,  H04L2463/103

Abstract: Technologies for secure server access include a client computing device that loads a license agent into a secure enclave established by a processor of the client computing device. The license agent receives a request from an application to access a remote server device. The license agent opens a secure connection with the server device and performs remote attestation of the secure enclave. The license agent authenticates the user and transmits a machine identifier and a user identifier to the server device. The machine identifier may be based on an enclave sealing key of the client computing device. The server device verifies that the machine identifier and the user identifier are bound to a valid application license. If the machine identifier and the user identifier are successfully verified, the application communicates with the server device using the secure connection. Other embodiments are described and claimed.