-
公开(公告)号:US20180218548A1
公开(公告)日:2018-08-02
申请号:US15928557
申请日:2018-03-22
Applicant: Intel Corporation
Inventor: Ned M. Smith , Thomas G. Willis , Nathan Heldt-Sheller
Abstract: The present disclosure is directed to secure vehicular data management with enhanced privacy. A vehicle may comprise at least a vehicular control architecture (VCA) for controlling operation of the vehicle and a device. The VCA may record operational data identifying at least one vehicle operator and vehicular operational data recorded during operation of the vehicle by the at least one vehicle operator. The device may include at least a communication module and a trusted execution environment (TEE) including a privacy enforcement module (PEM). The PEM may receive the operational data from the VCA via the communication module, may generate filtered data by filtering the operational data based on privacy settings and may cause the filtered data to be transmitted via the communication module. The filtered data may be transmitted to at least one data consumer. The privacy settings may be configured in the PEM by the at least one operator.
-
公开(公告)号:US10331906B2
公开(公告)日:2019-06-25
申请号:US15650563
申请日:2017-07-14
Applicant: Intel Corporation
Inventor: Ned M. Smith , Nathan Heldt-Sheller , Thomas G. Willis
Abstract: Embodiments of the present disclosure are directed toward publication and/or removal of attributes in a multi-user computing environment. In some embodiments, a consumer information manager (CIM) associated with a user of a multi-user computing system may receive a notification, from a dimension authority (DA), of a decrease in a population count of users of the computing system who have published an attribute within the computing system, and may determine whether the user has published the attribute. In response to receiving the notification of the decrease and determining that the user has published the attribute, the CIM may determine a likelihood that continued publication of the attribute will enable identification of the user, compare the likelihood to a threshold, and, when the likelihood exceeds the threshold, remove the attribute from publication. Other embodiments may be disclosed and/or claimed.
-
公开(公告)号:US09467296B2
公开(公告)日:2016-10-11
申请号:US14473308
申请日:2014-08-29
Applicant: Intel Corporation
Inventor: Ned M. Smith , William C. Deleeuw , Thomas G. Willis , Nathaniel J. Goss
CPC classification number: H04L9/3247 , G06F21/606 , G06F21/6245 , H04L9/0838 , H04L63/0435 , H04L63/0442 , H04L63/061 , H04L63/123
Abstract: Technologies for utilizing trusted messaging include a local computing device including a message client and a local trusted message module established in a trusted execution environment. The local trusted message module performs attestation of a remote computing device based on communication with a corresponding remote trusted message module established in a trusted execution environment of the remote computing device. The local trusted message module further exchanges, with the remote trusted message module, cryptographic keys in response to successful attestation of the remote computing device. The message client forwards outgoing messages to the local trusted message module and receives incoming messages from the local trusted message module. To securely transmit an outgoing message to the remote computing device, the local trusted message module receives the outgoing message from the message client, encrypts the outgoing message, and cryptographically signs the outgoing message, prior to transmittal to the remote trusted message module of the remote computing device. To securely receive an incoming message from the remote computing device, the local trusted message module receives the incoming message from the remote trusted message module of the remote computing device, decrypts the incoming message, and verifies a cryptographic signature of the incoming message, based on the exchanged cryptographic keys and prior to transmittal of the incoming message to the message client.
Abstract translation: 用于使用可信消息的技术包括本地计算设备,其包括在可信执行环境中建立的消息客户端和本地可信消息模块。 本地可信消息模块基于与在远程计算设备的可信执行环境中建立的对应的远程可信消息模块的通信来执行远程计算设备的认证。 响应于远程计算设备的成功认证,本地可信消息模块进一步与远程可信消息模块交换密码密钥。 消息客户端将出站消息转发到本地可信消息模块,并从本地可信消息模块接收传入消息。 为了将传出消息安全地发送到远程计算设备,本地可信消息模块在传送到远程计算机的远程可信消息模块之前,从消息客户端接收输出消息,加密输出消息,并加密地对出站消息进行签名 计算设备。 为了安全地接收来自远程计算设备的传入消息,本地可信消息模块从远程计算设备的远程可信消息模块接收传入消息,对进入消息进行解密,并且基于进入消息的密码签名来验证 交换的加密密钥以及在将传入消息传送到消息客户端之前。
-
公开(公告)号:US10419438B2
公开(公告)日:2019-09-17
申请号:US14998275
申请日:2015-12-26
Applicant: Intel Corporation
Inventor: Ned M. Smith , Shao-Wen Yang , Nathan Heldt-Sheller , Thomas G. Willis
Abstract: In one embodiment, a method includes: presenting, in a user interface of an authoring tool, a plurality of levels of abstraction for a network having a plurality of devices; receiving information from a user regarding a subset of the plurality of devices to be provisioned with one or more security keys and an access control policy; automatically provisioning a key schedule for the subset of the plurality of devices in the network based on the user input and a topological context of the network; and automatically provisioning the access control policy for the subset of the plurality of devices in the network based on the user input and the topological context of the network.
-
公开(公告)号:US09860057B2
公开(公告)日:2018-01-02
申请号:US14580681
申请日:2014-12-23
Applicant: Intel Corporation
Inventor: Ned M. Smith , William C. Deleeuw , Thomas G. Willis
CPC classification number: H04L9/0841 , H04L9/002 , H04L9/3215 , H04L63/0428 , H04L63/061 , H04L63/1475
Abstract: A data processing system (DPS) supports exchange of digital keys. The DPS comprises a communication module which, when executed by the DPS, is operable to receive, via multiple different network routes, multiple copies of a seed message from a second DPS, as part of a Diffie-Hellman key exchange process with the second DPS, wherein each copy of the seed message includes a seed value. The DPS also comprises a security module which, when executed by the DPS, is operable to perform operations comprising (a) determining a prevalent seed value, based on the multiple copies of the seed message; (b) computing a prevalence metric to indicate how many of the seed messages contained the prevalent seed value; and (c) determining whether a seed exchange portion of the Diffie-Hellman key exchange process has been successfully performed, based on the prevalence metric. Other embodiments are described and claimed.
-
Patent Agency Ranking
公开(公告)号:US20170316225A1
公开(公告)日:2017-11-02
申请号:US15650563
申请日:2017-07-14
Applicant: Intel Corporation
Inventor: Ned M. Smith , Nathan Heldt-Sheller , Thomas G. Willis
IPC: G06F21/62
CPC classification number: G06F21/6254 , G06Q30/00 , G06Q30/02 , G06Q30/0241
Abstract: Embodiments of the present disclosure are directed toward publication and/or removal of attributes in a multi-user computing environment. In some embodiments, a consumer information manager (CIM) associated with a user of a multi-user computing system may receive a notification, from a dimension authority (DA), of a decrease in a population count of users of the computing system who have published an attribute within the computing system, and may determine whether the user has published the attribute. In response to receiving the notification of the decrease and determining that the user has published the attribute, the CIM may determine a likelihood that continued publication of the attribute will enable identification of the user, compare the likelihood to a threshold, and, when the likelihood exceeds the threshold, remove the attribute from publication. Other embodiments may be disclosed and/or claimed.
-
公开(公告)号:US09111100B2
公开(公告)日:2015-08-18
申请号:US13994422
申请日:2013-03-14
Applicant: Intel Corporation
Inventor: Ned M. Smith , Thomas G. Willis
CPC classification number: G06F21/577 , G06F11/00 , H04L61/2015 , H04L61/6095 , H04L63/04 , H04L67/22
Abstract: Generally, this disclosure describes a system including a privacy aware DHCP service and a user device. The user device includes a trusted execution environment including a client privacy agent configured to request a first Internet Protocol (IP) address from a DHCP service and to determine a device privacy score based, at least in part, on a DHCP policy; memory comprising secure storage configured to store the first IP address; and communication circuitry configured to establish at least one connection between the user device and at least one entity over a network using the first IP address. The client privacy agent is configured to monitor communication activity over the connection(s), to update the device privacy score based, at least in part, on the communication activity, and to close the connection(s) if the device privacy score is outside an acceptable privacy score range, the acceptable privacy range bounded by a privacy threshold.
Abstract translation: 通常,本公开描述了包括隐私感知DHCP服务和用户设备的系统。 所述用户设备包括可信执行环境,所述可信执行环境包括被配置为从DHCP服务请求第一互联网协议(IP)地址并且至少部分地基于DHCP策略来确定设备隐私分数的客户端隐私代理; 存储器,其包括被配置为存储所述第一IP地址的安全存储器; 以及通信电路,被配置为使用所述第一IP地址通过网络在所述用户设备与至少一个实体之间建立至少一个连接。 客户端隐私代理被配置为监视通过连接的通信活动,以至少部分地基于通信活动来更新设备隐私分数,并且如果设备隐私分数在外部时关闭连接 可接受的隐私分数范围,由隐私阈值限定的可接受隐私范围。
-
公开(公告)号:US20220207178A1
公开(公告)日:2022-06-30
申请号:US17573192
申请日:2022-01-11
Applicant: Intel Corporation
Inventor: Ned M. Smith , Nathan Heldt-Sheller , Thomas G. Willis
Abstract: This disclosure is directed to privacy enforcement via localized personalization. An example device may comprise at least a user interface to present content. A message may be received into a trusted execution environment (TEE) situated within the device or remotely, the message including at least metadata and content. The TEE may determine relevance of the content to a user based on the metadata and user data. Based on the relevance, the TEE may cause the content to be presented to the user via the user interface. In one embodiment, the TEE may be able to personalize the content based on the user data prior to presentation. If the content includes an offer, the TEE may also be able to present counteroffers to the user based on user interaction with the content. The TEE may also be able to cause feedback data to be transmitted to at least the content provider.
-
公开(公告)号:US09710670B2
公开(公告)日:2017-07-18
申请号:US14035559
申请日:2013-09-24
Applicant: INTEL CORPORATION
Inventor: Ned M. Smith , Nathan Heldt-Sheller , Thomas G. Willis
CPC classification number: G06F21/6254 , G06Q30/00 , G06Q30/02 , G06Q30/0241
Abstract: Embodiments of the present disclosure are directed toward publication and/or removal of attributes in a multi-user computing environment. In some embodiments, a consumer information manager (CIM) associated with a user of a multi-user computing system may receive a notification, from a dimension authority (DA), of a decrease in a population count of users of the computing system who have published an attribute within the computing system, and may determine whether the user has published the attribute. In response to receiving the notification of the decrease and determining that the user has published the attribute, the CIM may determine a likelihood that continued publication of the attribute will enable identification of the user, compare the likelihood to a threshold, and, when the likelihood exceeds the threshold, remove the attribute from publication. Other embodiments may be disclosed and/or claimed.
-
10.发明申请公开(公告)号:US20150220927A1
公开(公告)日:2015-08-06
申请号:US14129543
申请日:2013-09-25
Applicant: Ned M. SMITH , Thomas J. SAWICKI , Rajiv MATHUR , Tolga ACAR , Yuriy BULYGIN , Thomas G. WILLIS , Intel Corporation
Inventor: Ned M. Smith , Thomas J. Sawicki , Rajiv Mathur , Tolga Acar , Yuriy Bulygin , Thomas G. Willis
CPC classification number: G06Q20/4016 , G06Q30/06 , G06Q40/08 , H04L67/10
Abstract: Techniques and mechanisms to provide indemnification for a transaction involving communications between networked devices. In an embodiment, attestation logic of a first device sends to a second device attestation information to indicate a trustworthiness level of first device. Based on the attestation information, indemnification logic of the second device determines an indemnification value representing a cost of an indemnification for a first transaction. Indemnification logic of the first device receives the indemnification value and determines, based on the indemnification value, whether a participation in the transaction is to take place.
Abstract translation: 为涉及网络设备之间通信的交易提供赔偿的技术和机制。 在一个实施例中,第一设备的认证逻辑发送到第二设备认证信息以指示第一设备的可信赖级别。 基于认证信息,第二设备的赔偿逻辑确定代表第一交易的赔偿成本的赔偿价值。 第一设备的赔偿逻辑接收赔偿价值,并根据赔偿价值确定是否要进行交易。
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.016 seconds)
