公开(公告)号：US20210044948A1

公开(公告)日：2021-02-11

申请号：US17083374

申请日：2020-10-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W4/70 ,  H04W4/00 ,  H04W12/06 ,  H04L29/06

Abstract: In one embodiment, a domain controller includes a quarantine logic to quarantine unknown devices from unrestricted network access. The quarantine logic comprises a first quarantine point at a first layer of a multi-layer communication model. The domain controller also includes: a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point that comprises a second quarantine point at a second layer of the multi-level communication model. The second layer is a lower layer than the first layer, and the second quarantine point is more restrictive than the first. Other embodiments are described and claimed.

公开(公告)号：US20230049177A1

公开(公告)日：2023-02-16

申请号：US17821422

申请日：2022-08-22

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W4/70 ,  H04W4/00 ,  H04W12/069 ,  H04L9/40

Abstract: In one embodiment, a domain controller includes a quarantine logic to quarantine unknown devices from unrestricted network access. The quarantine logic comprises a first quarantine point at a first layer of a multi-layer communication model. The domain controller also includes: a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point that comprises a second quarantine point at a second layer of the multi-level communication model. The second layer is a lower layer than the first layer, and the second quarantine point is more restrictive than the first. Other embodiments are described and claimed.

公开(公告)号：US11477625B2

公开(公告)日：2022-10-18

申请号：US17083374

申请日：2020-10-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W4/70 ,  H04W4/00 ,  H04W12/069 ,  H04L9/40

Abstract: In one embodiment, a domain controller includes a quarantine logic to quarantine unknown devices from unrestricted network access. The quarantine logic comprises a first quarantine point at a first layer of a multi-layer communication model. The domain controller also includes: a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point that comprises a second quarantine point at a second layer of the multi-level communication model. The second layer is a lower layer than the first layer, and the second quarantine point is more restrictive than the first. Other embodiments are described and claimed.

公开(公告)号：US10856122B2

公开(公告)日：2020-12-01

申请号：US15168321

申请日：2016-05-31

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W12/08 ,  H04W4/70 ,  H04W4/00 ,  H04W12/06 ,  H04L29/06

Abstract: In one embodiment, a domain controller includes: a quarantine logic to quarantine unknown devices from unrestricted network access, the quarantine logic comprising a first quarantine point at a first layer of a multi-layer communication model; a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model. Other embodiments are described and claimed.

公开(公告)号：US11838841B2

公开(公告)日：2023-12-05

申请号：US17821422

申请日：2022-08-22

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W4/70 ,  H04W4/00 ,  H04W12/069 ,  H04L9/40

CPC classification number: H04W4/70 ,  H04L63/06 ,  H04L63/08 ,  H04L63/1441 ,  H04W4/00 ,  H04W12/069

Abstract: In one embodiment, a domain controller (a) quarantines unknown devices at a first quarantine point at a first layer of a multi-layer communication model; (b) communicates with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service; (c) receives a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model; (d) verifies a device type of the first device with the DNS service; and (e) responsive to that verification, provisions the first device into the domain. The domain controller may also send a provisioning response to the access point to enable the first device to be removed from the second quarantine point, to enable the first device to communicate with the domain controller. Other embodiments are described and claimed.

公开(公告)号：US10326590B2

公开(公告)日：2019-06-18

申请号：US14670874

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Jesse Walker ,  Mats Agerstam ,  Ravi S. Subramaniam ,  Eduardo Cabre

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/14 ,  H04W12/04

Abstract: Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.