-
公开(公告)号:US09600670B2
公开(公告)日:2017-03-21
申请号:US14580517
申请日:2014-12-23
申请人: Nathaniel J. Goss , Nathan Heldt-Sheller , Kevin C. Wells , Micah J. Sheller , Sindhu Pandian , Ned M. Smith , Bernard N. Keany
发明人: Nathaniel J. Goss , Nathan Heldt-Sheller , Kevin C. Wells , Micah J. Sheller , Sindhu Pandian , Ned M. Smith , Bernard N. Keany
CPC分类号: G06F21/57 , G06F21/31 , G06F21/6218 , G06F21/629 , G06F2221/034 , G06F2221/2105 , G06F2221/2111 , H04L63/107
摘要: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.
-
公开(公告)号:US20160180093A1
公开(公告)日:2016-06-23
申请号:US14580517
申请日:2014-12-23
申请人: Nathaniel J. Goss , Nathan Heldt-Sheller , Kevin C. Wells , Micah J. Sheller , Sindhu Pandian , Ned M. Smith , Bernard N. Keany
发明人: Nathaniel J. Goss , Nathan Heldt-Sheller , Kevin C. Wells , Micah J. Sheller , Sindhu Pandian , Ned M. Smith , Bernard N. Keany
IPC分类号: G06F21/57
CPC分类号: G06F21/57 , G06F21/31 , G06F21/6218 , G06F21/629 , G06F2221/034 , G06F2221/2105 , G06F2221/2111 , H04L63/107
摘要: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,系统包括:处理器,其包括执行指令的至少一个核心; 多个传感器,包括用于确定关于系统位置的位置信息的第一传感器; 以及将安全策略应用于系统的安全引擎。 在该实施例中,安全引擎包括策略逻辑,用于至少部分地基于位置信息来确定要应用的多个安全策略中的一个,其中位置信息指示与多个安全策略相关联的位置不同的位置。 描述和要求保护其他实施例。
-
3.发明申请公开(公告)号:US20160188853A1
公开(公告)日:2016-06-30
申请号:US14866950
申请日:2015-09-26
申请人: Ned M. Smith , Nathan Heldt-Sheller , Micah J. Sheller , Kevin C. Wells , Hannah L. Scurfield , Nathaniel J. Goss , Sindhu Pandian , Brad H. Needham
发明人: Ned M. Smith , Nathan Heldt-Sheller , Micah J. Sheller , Kevin C. Wells , Hannah L. Scurfield , Nathaniel J. Goss , Sindhu Pandian , Brad H. Needham
CPC分类号: G06F21/31 , G06F21/41 , G06F21/53 , G06F21/88 , G06F2221/2105 , G06F2221/2111 , G06F2221/2147 , H04L9/3226 , H04L63/0815 , H04L2209/127 , H04L2209/805 , H04W12/06 , H04W88/02
摘要: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.
-
4.发明申请TECHNOLOGIES FOR AUTHENTICATING A USER OF A COMPUTING DEVICE BASED ON AUTHENTICATION CONTEXT STATE 有权基于认证上下文状态认证计算机设备的用户的技术公开(公告)号:US20160188848A1
公开(公告)日:2016-06-30
申请号:US14583671
申请日:2014-12-27
申请人: Ned M. Smith , Nathan Heldt-Sheller , Micah J. Sheller , Kevin C. Wells , Hannah L. Scurfield , Nathaniel J. Goss , Sindhu Pandian , Brad H. Needham
发明人: Ned M. Smith , Nathan Heldt-Sheller , Micah J. Sheller , Kevin C. Wells , Hannah L. Scurfield , Nathaniel J. Goss , Sindhu Pandian , Brad H. Needham
IPC分类号: G06F21/31
CPC分类号: G06F21/31 , G06F21/41 , G06F21/53 , G06F21/88 , G06F2221/2105 , G06F2221/2111 , G06F2221/2147 , H04L9/3226 , H04L63/0815 , H04L2209/127 , H04L2209/805 , H04W12/06 , H04W88/02
摘要: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.
摘要翻译: 基于认证上下文状态来认证计算设备的用户的技术包括基于由移动计算设备的传感器生成的传感器数据来生成指示移动计算设备的各种上下文状态的上下文状态输出。 计算设备的认证管理器实现认证状态机以验证计算设备的用户。 认证状态机包括多个认证状态,并且每个认证状态包括到另一认证状态的一个或多个转换。 每个转换都取决于上下文状态输出。 计算设备还可以包括设备安全管理器,其实现包括多个安全状态的安全状态机。 安全状态之间的转换取决于用户当前的认证状态。 设备安全管理器可以在每个安全状态下实现不同的安全功能。
-
公开(公告)号:US20160182502A1
公开(公告)日:2016-06-23
申请号:US14581659
申请日:2014-12-23
申请人: Ned M. Smith , Hannah L. Scurfield , Nathan Heldt-Sheller , Micah J. Sheller , Nathaniel J. Goss , Kevin C. Wells , Sindhu Pandian
发明人: Ned M. Smith , Hannah L. Scurfield , Nathan Heldt-Sheller , Micah J. Sheller , Nathaniel J. Goss , Kevin C. Wells , Sindhu Pandian
CPC分类号: H04L63/0861 , G06F21/31 , G06F21/316 , G06F2221/2105 , G06N99/005 , H04L63/0884 , H04L67/306
摘要: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.
摘要翻译: 在实施例中,描述了使用上下文认证与用户简档选择相关联的装置,方法和存储介质(暂时性和非暂时性)。 在各种实施例中,计算设备的第一用户可被认证,并且具有与建立的第一用户简档相对应的访问控制状态,所述计算设备可以至少部分地基于改变的用户特征来选择第二用户简档,并且所述计算 设备可以至少部分地基于第二用户简档呈现资源。 在各种实施例中,计算设备可以包括传感器,并且可以至少部分地基于传感器的输出和由机器学习分类器生成的先前存储的模板来选择用户简档。
-
6.发明申请TECHNOLOGIES FOR SUPPORTING MULTIPLE DIGITAL RIGHTS MANAGEMENT PROTOCOLS ON A CLIENT DEVICE 有权技术支持客户端设备上的多个数字权限管理协议公开(公告)号:US20150222633A1
公开(公告)日:2015-08-06
申请号:US14360161
申请日:2013-12-19
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/10 , G06F2221/0708 , H04L67/42
摘要: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.
摘要翻译: 描述了在客户端设备上支持和实现多个数字版权管理协议的技术。 在一些实施例中,这些技术包括具有架构区域的客户端设备,其可以用于识别用于保护要从内容提供商或传感器接收的数字信息的多个数字版权管理协议中的一个。 如果在客户端上存在支持DRM协议的预先存在的SIPE,那么建筑飞地选择一个预先存在的安全信息处理环境(SIPE)来处理所述数字信息。 如果客户端上不存在支持DRM协议的预先存在的SIPE,那么该架构可以通用一个支持客户端DRM协议的新SIPE。 然后可以适当地将数字信息的传输指向所选择的预先存在的SIPE或新的SIPE。
-
公开(公告)号:US20150363582A1
公开(公告)日:2015-12-17
申请号:US14583662
申请日:2014-12-27
IPC分类号: G06F21/31
CPC分类号: G06F21/31
摘要: Technologies for determining a confidence of user authentication include authenticating a user of a computing device based on a set of authentication factors and a fusion function that fuses the set of authentication factors to generate an authentication result. A false accept rate and a false reject rate of the authentication result is determined, and an authentication confidence for the authentication result is determined. The authentication of the user is performed passively, without interruption or interruption of the user. If the authentication confidence is below a threshold value, an active authentication procedure may be performed.
摘要翻译: 用于确定用户认证的置信度的技术包括基于一组认证因素验证计算设备的用户,以及融合功能,该融合功能将认证因子集合到一起以产生认证结果。 确定认证结果的错误接受率和错误拒绝率,并且确定认证结果的认证置信度。 用户的认证被动地进行,不会中断或中断用户。 如果认证信度低于阈值,则可以执行主动认证过程。
-
8.发明申请TECHNOLOGIES FOR ENHANCED USER AUTHENTICATION USING ADVANCED SENSOR MONITORING 审中-公开使用高级传感器监控的增强用户认证技术公开(公告)号:US20160180078A1
公开(公告)日:2016-06-23
申请号:US14580785
申请日:2014-12-23
CPC分类号: G06F21/577 , G06F21/31 , G06F21/316 , G06F21/32 , G06F21/53 , G06F21/57 , G06F2221/034 , G06F2221/2115 , G06N20/00 , H04L63/083 , H04L63/0861 , H04L2463/082 , H04W12/06 , H04W12/12
摘要: Technologies for information security include a computing device with one or more sensors. The computing device may authenticate a user and, after successful authentication, analyze sensor data to determine whether it is likely that the user authenticated under duress. If so, the computing device performs a security operation such as generating an alert or presenting false but plausible data to the user. Additionally or alternatively, the computing device, within a trusted execution environment, may monitor sensor data and apply a machine-learning classifier to the sensor data to identify an elevated risk of malicious attack. For example, the classifier may identify potential user identification fraud. The computing device may trigger a security response if elevated risk of attack is detected. For example, the trusted execution environment may trigger increased authentication requirements or increased anti-theft monitoring for the computing device. Other embodiments are described and claimed.
摘要翻译: 用于信息安全的技术包括具有一个或多个传感器的计算设备。 计算设备可以认证用户,并且在成功认证之后,分析传感器数据以确定用户在胁迫下是否可能被认证。 如果是这样,则计算设备执行安全操作,例如生成警报或向用户呈现虚假但合理的数据。 附加地或替代地,计算设备在受信任的执行环境中可以监视传感器数据并将机器学习分类器应用于传感器数据以识别提高的恶意攻击的风险。 例如,分类器可以识别潜在的用户识别欺诈。 如果检测到升高的攻击风险,则计算设备可以触发安全响应。 例如,可信执行环境可以触发对计算设备的增加的认证要求或增加的防盗监视。 描述和要求保护其他实施例。
-
9.发明申请TECHNOLOGIES FOR HARDENING THE SECURITY OF DIGITAL INFORMATION ON CLIENT PLATFORMS 审中-公开加强客户平台数字信息安全的技术公开(公告)号:US20150304736A1
公开(公告)日:2015-10-22
申请号:US14127542
申请日:2013-06-04
申请人: Reshma Lal , Jason Martin , Micah J. Sheller , Michael M. Amirfathi , Nathan Heldt-Sheller , Pradeep M. Pappachan
发明人: Reshma Lal , Jason Martin , Micah J. Sheller , Michael M. Amirfathi , Nathan Heldt-Sheller , Pradeep M. Pappachan
IPC分类号: H04N21/647 , H04L9/08
CPC分类号: H04N21/64715 , G06F21/10 , G06F21/72 , H04L9/0816 , H04L2209/24
摘要: Technologies for hardening the security of digital information on a client device are described. In some embodiments, the client device includes a secure processing environment such as a secure enclave, which may be used to protect digital information on a client platform. The secure environment(s) may also protect assets which may be used to access the digital information. Using the secure processing environment(s), the described technologies may protect digital information as it is provided to, stored on, accessed on, and/or processed for display by a client device, even if the client device may be infested with malware or subject to attack by another entity.
摘要翻译: 描述了在客户端设备上加强数字信息安全性的技术。 在一些实施例中,客户端设备包括诸如安全飞地之类的安全处理环境,其可以用于保护客户端平台上的数字信息。 安全环境还可以保护可能用于访问数字信息的资产。 使用安全处理环境,所描述的技术可以保护数字信息,因为它被提供给存储,访问和/或处理以供客户端设备显示,即使客户端设备可能被恶意软件或 受另一实体的攻击。
-
公开(公告)号:US20140366111A1
公开(公告)日:2014-12-11
申请号:US13994016
申请日:2013-03-15
申请人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
发明人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F21/316 , G06F2221/2101 , G06F2221/2103 , G06F2221/2139 , H04L63/0861 , H04L67/14 , H04L67/24
摘要: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.
摘要翻译: 通常,本公开描述了连续认证置信模块。 系统可以包括用户设备,包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块,被配置为响应于特定用户的初始认证来确定置信度得分,至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度分数,并且通知操作 系统,如果更新的置信度分数在会话关闭阈值的容限内,认证不再有效; 所述初始认证被配置为打开会话,所述置信度分数被配置为指示所述会话期间的当前认证强度。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.035 秒)