公开(公告)号：US20150143118A1

公开(公告)日：2015-05-21

申请号：US14127533

申请日：2013-06-04

申请人： Micah J. Sheller ,  Reshma Lal ,  Pradeep M. Pappachan ,  Krystof C. Zmudzinski

发明人： Micah J. Sheller ,  Reshma Lal ,  Pradeep M. Pappachan ,  Krystof C. Zmudzinski

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0428 ,  H04L9/14 ,  H04L9/3223 ,  H04L63/062 ,  H04L63/08 ,  H04L2209/60

摘要： The present disclosure is directed to an end-to-end secure communication system wherein, in addition to encrypting transmissions between clients, communication-related operations occurring within each client may also be secured. Each client may comprise a secure processing environment to process encrypted communication information received from other clients and locally-captured media information for transmission to other clients. The secure processing environment may include resources to decrypt received encrypted communication information and to process the communication information into media information for presentation by the client. The secure processing environment may also operate in reverse to provide locally recorded audio, image, video, etc. to other clients. Encryption protocols may be employed at various stages of information processing in the client to help ensure that information being transferred between the processing resources cannot be read, copied, altered, etc. In one example implementation, a server may manage interaction between clients, provision encryption keys, etc.

摘要翻译： 本公开涉及一种端到端安全通信系统，其中除了加密客户端之间的传输之外，还可以确保在每个客户端内发生的与通信相关的操作。 每个客户端可以包括用于处理从其他客户端接收的加密通信信息和本地捕获的媒体信息以便传输到其他客户端的安全处理环境。 安全处理环境可以包括用于解密所接收的加密通信信息并将通信信息处理成媒体信息以供客户呈现的资源。 安全处理环境也可以相反地操作，以向其他客户端提供本地记录的音频，图像，视频等。 可以在客户端的信息处理的各个阶段采用加密协议，以帮助确保在处理资源之间传递的信息不能被读取，复制，改变等。在一个示例实现中，服务器可以管理客户端之间的交互，提供加密 钥匙等

公开(公告)号：US20150304736A1

公开(公告)日：2015-10-22

申请号：US14127542

申请日：2013-06-04

申请人： Reshma Lal ,  Jason Martin ,  Micah J. Sheller ,  Michael M. Amirfathi ,  Nathan Heldt-Sheller ,  Pradeep M. Pappachan

发明人： Reshma Lal ,  Jason Martin ,  Micah J. Sheller ,  Michael M. Amirfathi ,  Nathan Heldt-Sheller ,  Pradeep M. Pappachan

IPC分类号： H04N21/647 ,  H04L9/08

CPC分类号： H04N21/64715 ,  G06F21/10 ,  G06F21/72 ,  H04L9/0816 ,  H04L2209/24

摘要： Technologies for hardening the security of digital information on a client device are described. In some embodiments, the client device includes a secure processing environment such as a secure enclave, which may be used to protect digital information on a client platform. The secure environment(s) may also protect assets which may be used to access the digital information. Using the secure processing environment(s), the described technologies may protect digital information as it is provided to, stored on, accessed on, and/or processed for display by a client device, even if the client device may be infested with malware or subject to attack by another entity.

摘要翻译： 描述了在客户端设备上加强数字信息安全性的技术。 在一些实施例中，客户端设备包括诸如安全飞地之类的安全处理环境，其可以用于保护客户端平台上的数字信息。 安全环境还可以保护可能用于访问数字信息的资产。 使用安全处理环境，所描述的技术可以保护数字信息，因为它被提供给存储，访问和/或处理以供客户端设备显示，即使客户端设备可能被恶意软件或 受另一实体的攻击。

公开(公告)号：US20150222633A1

公开(公告)日：2015-08-06

申请号：US14360161

申请日：2013-12-19

申请人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Reshma Lal ,  Micah J. Sheller ,  Matthew E. Hoekstra

发明人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Reshma Lal ,  Micah J. Sheller ,  Matthew E. Hoekstra

IPC分类号： H04L29/06

CPC分类号： H04L63/10 ,  G06F21/10 ,  G06F2221/0708 ,  H04L67/42

摘要： Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.

摘要翻译： 描述了在客户端设备上支持和实现多个数字版权管理协议的技术。 在一些实施例中，这些技术包括具有架构区域的客户端设备，其可以用于识别用于保护要从内容提供商或传感器接收的数字信息的多个数字版权管理协议中的一个。 如果在客户端上存在支持DRM协议的预先存在的SIPE，那么建筑飞地选择一个预先存在的安全信息处理环境（SIPE）来处理所述数字信息。 如果客户端上不存在支持DRM协议的预先存在的SIPE，那么该架构可以通用一个支持客户端DRM协议的新SIPE。 然后可以适当地将数字信息的传输指向所选择的预先存在的SIPE或新的SIPE。

公开(公告)号：US20170085565A1

公开(公告)日：2017-03-23

申请号：US14757769

申请日：2015-12-23

申请人： Micah J. Sheller ,  Yonghong Huang ,  Narjala P. Bhasker ,  Jason Martin ,  Cory Cornelius

发明人： Micah J. Sheller ,  Yonghong Huang ,  Narjala P. Bhasker ,  Jason Martin ,  Cory Cornelius

IPC分类号： H04L29/06

CPC分类号： H04L63/0876 ,  G06F1/163 ,  G06F3/01 ,  G06F3/014 ,  G06F3/017 ,  G06F21/30 ,  G06F21/305 ,  H04L63/0492 ,  H04L63/0853 ,  H04W12/06 ,  H04W12/08

摘要： Various embodiments are generally directed to an apparatus, method, and other techniques to maintain user authentications with common trusted devices. If a user is in possession of a first computing device (e.g., a smartphone), an unlocked state of the first trusted device is maintained if the user is using a nearby trusted device (e.g., a computer) within a certain amount of time. If the first trusted device is in a pocket or other container, a longer span of time is granted to the user to register an on-body state.

公开(公告)号：US20160188853A1

公开(公告)日：2016-06-30

申请号：US14866950

申请日：2015-09-26

申请人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

发明人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC分类号： G06F21/31 ,  H04W12/06

CPC分类号： G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/06 ,  H04W88/02

摘要： Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：US09600670B2

公开(公告)日：2017-03-21

申请号：US14580517

申请日：2014-12-23

申请人： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

发明人： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

IPC分类号： H04L29/06 ,  G06F21/57 ,  G06F21/62

CPC分类号： G06F21/57 ,  G06F21/31 ,  G06F21/6218 ,  G06F21/629 ,  G06F2221/034 ,  G06F2221/2105 ,  G06F2221/2111 ,  H04L63/107

摘要： In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

公开(公告)号：US20160188848A1

公开(公告)日：2016-06-30

申请号：US14583671

申请日：2014-12-27

申请人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

发明人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC分类号： G06F21/31

CPC分类号： G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/06 ,  H04W88/02

摘要： Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

摘要翻译： 基于认证上下文状态来认证计算设备的用户的技术包括基于由移动计算设备的传感器生成的传感器数据来生成指示移动计算设备的各种上下文状态的上下文状态输出。 计算设备的认证管理器实现认证状态机以验证计算设备的用户。 认证状态机包括多个认证状态，并且每个认证状态包括到另一认证状态的一个或多个转换。 每个转换都取决于上下文状态输出。 计算设备还可以包括设备安全管理器，其实现包括多个安全状态的安全状态机。 安全状态之间的转换取决于用户当前的认证状态。 设备安全管理器可以在每个安全状态下实现不同的安全功能。

公开(公告)号：US20150363582A1

公开(公告)日：2015-12-17

申请号：US14583662

申请日：2014-12-27

申请人： Micah J. Sheller ,  Ned M. Smith ,  Nathan Heldt-Sheller

发明人： Micah J. Sheller ,  Ned M. Smith ,  Nathan Heldt-Sheller

IPC分类号： G06F21/31

CPC分类号： G06F21/31

摘要： Technologies for determining a confidence of user authentication include authenticating a user of a computing device based on a set of authentication factors and a fusion function that fuses the set of authentication factors to generate an authentication result. A false accept rate and a false reject rate of the authentication result is determined, and an authentication confidence for the authentication result is determined. The authentication of the user is performed passively, without interruption or interruption of the user. If the authentication confidence is below a threshold value, an active authentication procedure may be performed.

摘要翻译： 用于确定用户认证的置信度的技术包括基于一组认证因素验证计算设备的用户，以及融合功能，该融合功能将认证因子集合到一起以产生认证结果。 确定认证结果的错误接受率和错误拒绝率，并且确定认证结果的认证置信度。 用户的认证被动地进行，不会中断或中断用户。 如果认证信度低于阈值，则可以执行主动认证过程。

公开(公告)号：US20150235024A1

公开(公告)日：2015-08-20

申请号：US14362399

申请日：2013-12-23

申请人： Bradley W. Corrion ,  Micah J. Sheller ,  Jeffrey M. Tripp

发明人： Bradley W. Corrion ,  Micah J. Sheller ,  Jeffrey M. Tripp

IPC分类号： G06F21/56 ,  G06F21/31 ,  H04L29/06

CPC分类号： G06F21/36 ,  G06F3/04845 ,  G06F3/04886 ,  G06F21/31 ,  G06F21/552 ,  G06F21/56 ,  G06F2221/034 ,  H04L63/083

摘要： Methods, apparatus, systems and articles of manufacture are disclosed to facilitate secure screen input. An example disclosed system includes a user interface (UI) manager to generate a UI comprising a quantity of ordinal entry points, each one of the quantity of ordinal entry points comprising a repeating selectable pattern, an ordinal sequence generator to generate an initial randomized combination of the quantity of ordinal entry points, the randomized combination stored in a trusted execution environment, and an offset calculator to calculate a password entry value by comparing an offset value and direction value retrieved from the UI with the initial randomized combination of the quantity of ordinal entry points.

摘要翻译： 公开了方法，装置，系统和制品以便于安全的屏幕输入。 一个示例公开的系统包括用户界面（UI）管理器，用于生成包括一定数量的顺序入口点的UI，每个数量的顺序入口点包括重复的可选择模式，序数序列生成器，用于生成初始随机化组合 顺序入口点的数量，存储在可信执行环境中的随机化组合，以及偏移计算器，用于通过将从UI获取的偏移值和方向值与序数量的初始随机组合进行比较来计算密码输入值 积分

公开(公告)号：US20160180093A1

公开(公告)日：2016-06-23

申请号：US14580517

申请日：2014-12-23

申请人： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

发明人： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

IPC分类号： G06F21/57

CPC分类号： G06F21/57 ,  G06F21/31 ,  G06F21/6218 ,  G06F21/629 ,  G06F2221/034 ,  G06F2221/2105 ,  G06F2221/2111 ,  H04L63/107

摘要： In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

摘要翻译： 在一个实施例中，系统包括：处理器，其包括执行指令的至少一个核心; 多个传感器，包括用于确定关于系统位置的位置信息的第一传感器; 以及将安全策略应用于系统的安全引擎。 在该实施例中，安全引擎包括策略逻辑，用于至少部分地基于位置信息来确定要应用的多个安全策略中的一个，其中位置信息指示与多个安全策略相关联的位置不同的位置。 描述和要求保护其他实施例。