公开(公告)号：US20160180093A1

公开(公告)日：2016-06-23

申请号：US14580517

申请日：2014-12-23

申请人： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

发明人： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

IPC分类号： G06F21/57

CPC分类号： G06F21/57 ,  G06F21/31 ,  G06F21/6218 ,  G06F21/629 ,  G06F2221/034 ,  G06F2221/2105 ,  G06F2221/2111 ,  H04L63/107

摘要： In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

摘要翻译： 在一个实施例中，系统包括：处理器，其包括执行指令的至少一个核心; 多个传感器，包括用于确定关于系统位置的位置信息的第一传感器; 以及将安全策略应用于系统的安全引擎。 在该实施例中，安全引擎包括策略逻辑，用于至少部分地基于位置信息来确定要应用的多个安全策略中的一个，其中位置信息指示与多个安全策略相关联的位置不同的位置。 描述和要求保护其他实施例。

公开(公告)号：US09600670B2

公开(公告)日：2017-03-21

申请号：US14580517

申请日：2014-12-23

申请人： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

发明人： Nathaniel J. Goss ,  Nathan Heldt-Sheller ,  Kevin C. Wells ,  Micah J. Sheller ,  Sindhu Pandian ,  Ned M. Smith ,  Bernard N. Keany

IPC分类号： H04L29/06 ,  G06F21/57 ,  G06F21/62

CPC分类号： G06F21/57 ,  G06F21/31 ,  G06F21/6218 ,  G06F21/629 ,  G06F2221/034 ,  G06F2221/2105 ,  G06F2221/2111 ,  H04L63/107

摘要： In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.

公开(公告)号：US20160188848A1

公开(公告)日：2016-06-30

申请号：US14583671

申请日：2014-12-27

申请人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

发明人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC分类号： G06F21/31

CPC分类号： G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/06 ,  H04W88/02

摘要： Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

摘要翻译： 基于认证上下文状态来认证计算设备的用户的技术包括基于由移动计算设备的传感器生成的传感器数据来生成指示移动计算设备的各种上下文状态的上下文状态输出。 计算设备的认证管理器实现认证状态机以验证计算设备的用户。 认证状态机包括多个认证状态，并且每个认证状态包括到另一认证状态的一个或多个转换。 每个转换都取决于上下文状态输出。 计算设备还可以包括设备安全管理器，其实现包括多个安全状态的安全状态机。 安全状态之间的转换取决于用户当前的认证状态。 设备安全管理器可以在每个安全状态下实现不同的安全功能。

公开(公告)号：US20160188853A1

公开(公告)日：2016-06-30

申请号：US14866950

申请日：2015-09-26

申请人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

发明人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Kevin C. Wells ,  Hannah L. Scurfield ,  Nathaniel J. Goss ,  Sindhu Pandian ,  Brad H. Needham

IPC分类号： G06F21/31 ,  H04W12/06

CPC分类号： G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/06 ,  H04W88/02

摘要： Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：US20160182502A1

公开(公告)日：2016-06-23

申请号：US14581659

申请日：2014-12-23

申请人： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

发明人： Ned M. Smith ,  Hannah L. Scurfield ,  Nathan Heldt-Sheller ,  Micah J. Sheller ,  Nathaniel J. Goss ,  Kevin C. Wells ,  Sindhu Pandian

IPC分类号： H04L29/06 ,  G06N99/00

CPC分类号： H04L63/0861 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2105 ,  G06N99/005 ,  H04L63/0884 ,  H04L67/306

摘要： In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

摘要翻译： 在实施例中，描述了使用上下文认证与用户简档选择相关联的装置，方法和存储介质（暂时性和非暂时性）。 在各种实施例中，计算设备的第一用户可被认证，并且具有与建立的第一用户简档相对应的访问控制状态，所述计算设备可以至少部分地基于改变的用户特征来选择第二用户简档，并且所述计算 设备可以至少部分地基于第二用户简档呈现资源。 在各种实施例中，计算设备可以包括传感器，并且可以至少部分地基于传感器的输出和由机器学习分类器生成的先前存储的模板来选择用户简档。

公开(公告)号：US20150222633A1

公开(公告)日：2015-08-06

申请号：US14360161

申请日：2013-12-19

申请人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Reshma Lal ,  Micah J. Sheller ,  Matthew E. Hoekstra

发明人： Ned M. Smith ,  Nathan Heldt-Sheller ,  Reshma Lal ,  Micah J. Sheller ,  Matthew E. Hoekstra

IPC分类号： H04L29/06

CPC分类号： H04L63/10 ,  G06F21/10 ,  G06F2221/0708 ,  H04L67/42

摘要： Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.

摘要翻译： 描述了在客户端设备上支持和实现多个数字版权管理协议的技术。 在一些实施例中，这些技术包括具有架构区域的客户端设备，其可以用于识别用于保护要从内容提供商或传感器接收的数字信息的多个数字版权管理协议中的一个。 如果在客户端上存在支持DRM协议的预先存在的SIPE，那么建筑飞地选择一个预先存在的安全信息处理环境（SIPE）来处理所述数字信息。 如果客户端上不存在支持DRM协议的预先存在的SIPE，那么该架构可以通用一个支持客户端DRM协议的新SIPE。 然后可以适当地将数字信息的传输指向所选择的预先存在的SIPE或新的SIPE。

公开(公告)号：US20150363582A1

公开(公告)日：2015-12-17

申请号：US14583662

申请日：2014-12-27

申请人： Micah J. Sheller ,  Ned M. Smith ,  Nathan Heldt-Sheller

发明人： Micah J. Sheller ,  Ned M. Smith ,  Nathan Heldt-Sheller

IPC分类号： G06F21/31

CPC分类号： G06F21/31

摘要： Technologies for determining a confidence of user authentication include authenticating a user of a computing device based on a set of authentication factors and a fusion function that fuses the set of authentication factors to generate an authentication result. A false accept rate and a false reject rate of the authentication result is determined, and an authentication confidence for the authentication result is determined. The authentication of the user is performed passively, without interruption or interruption of the user. If the authentication confidence is below a threshold value, an active authentication procedure may be performed.

摘要翻译： 用于确定用户认证的置信度的技术包括基于一组认证因素验证计算设备的用户，以及融合功能，该融合功能将认证因子集合到一起以产生认证结果。 确定认证结果的错误接受率和错误拒绝率，并且确定认证结果的认证置信度。 用户的认证被动地进行，不会中断或中断用户。 如果认证信度低于阈值，则可以执行主动认证过程。

公开(公告)号：US20160180078A1

公开(公告)日：2016-06-23

申请号：US14580785

申请日：2014-12-23

申请人： Jasmeet Chhabra ,  Ned M. Smith ,  Micah J. Sheller ,  Nathan Heldt-Sheller

发明人： Jasmeet Chhabra ,  Ned M. Smith ,  Micah J. Sheller ,  Nathan Heldt-Sheller

IPC分类号： G06F21/50 ,  G06F21/32 ,  G06F21/31

CPC分类号： G06F21/577 ,  G06F21/31 ,  G06F21/316 ,  G06F21/32 ,  G06F21/53 ,  G06F21/57 ,  G06F2221/034 ,  G06F2221/2115 ,  G06N20/00 ,  H04L63/083 ,  H04L63/0861 ,  H04L2463/082 ,  H04W12/06 ,  H04W12/12

摘要： Technologies for information security include a computing device with one or more sensors. The computing device may authenticate a user and, after successful authentication, analyze sensor data to determine whether it is likely that the user authenticated under duress. If so, the computing device performs a security operation such as generating an alert or presenting false but plausible data to the user. Additionally or alternatively, the computing device, within a trusted execution environment, may monitor sensor data and apply a machine-learning classifier to the sensor data to identify an elevated risk of malicious attack. For example, the classifier may identify potential user identification fraud. The computing device may trigger a security response if elevated risk of attack is detected. For example, the trusted execution environment may trigger increased authentication requirements or increased anti-theft monitoring for the computing device. Other embodiments are described and claimed.

摘要翻译： 用于信息安全的技术包括具有一个或多个传感器的计算设备。 计算设备可以认证用户，并且在成功认证之后，分析传感器数据以确定用户在胁迫下是否可能被认证。 如果是这样，则计算设备执行安全操作，例如生成警报或向用户呈现虚假但合理的数据。 附加地或替代地，计算设备在受信任的执行环境中可以监视传感器数据并将机器学习分类器应用于传感器数据以识别提高的恶意攻击的风险。 例如，分类器可以识别潜在的用户识别欺诈。 如果检测到升高的攻击风险，则计算设备可以触发安全响应。 例如，可信执行环境可以触发对计算设备的增加的认证要求或增加的防盗监视。 描述和要求保护其他实施例。

公开(公告)号：US20160088474A1

公开(公告)日：2016-03-24

申请号：US14493613

申请日：2014-09-23

申请人： Ned M. Smith ,  David A. Sandage ,  William C. Deleeuw ,  Nathan Heldt-Sheller ,  Nathaniel J. Goss ,  John C. Neumann

发明人： Ned M. Smith ,  David A. Sandage ,  William C. Deleeuw ,  Nathan Heldt-Sheller ,  Nathaniel J. Goss ,  John C. Neumann

IPC分类号： H04W12/06 ,  H04W74/00

CPC分类号： H04W12/06 ,  H04W12/003 ,  H04W12/00508

摘要： In one embodiment, a security logic of first portable device is configured to receive first motion sample information from at least one motion sensor of the first portable device and second motion sample information from at least one motion sensor of a second portable device, the first and second motion sample information obtained responsive to training movement of the first and second portable devices by a first user. Based on the motion sample information, the security logic is configured to generate a device pairing value, generate a first confidence value based on the first motion sample information and first reference motion sample information stored in the first portable device corresponding to reference movement of the first portable device by the first user, generate a relationship key pair for a relationship, and communicate the first confidence value and a public key of the relationship key pair to the second portable device using the device pairing value. Other embodiments are described and claimed.

摘要翻译： 在一个实施例中，第一便携式设备的安全逻辑被配置为从第一便携式设备的至少一个运动传感器接收第一运动样本信息和来自第二便携式设备的至少一个运动传感器的第二运动样本信息，第一和第 响应于第一用户对第一和第二便携式设备的训练动作获得的第二运动样本信息。 基于运动样本信息，安全逻辑被配置为生成设备配对值，基于第一运动样本信息和存储在第一便携式设备中的与第一运动样本信息的参考运动相对应的第一参考运动样本信息生成第一置信度值 生成用于关系的关系密钥对，并且使用设备配对值将关系密钥对的第一置信度值和公开密钥传送到第二便携式设备。 描述和要求保护其他实施例。

公开(公告)号：US20150304736A1

公开(公告)日：2015-10-22

申请号：US14127542

申请日：2013-06-04

申请人： Reshma Lal ,  Jason Martin ,  Micah J. Sheller ,  Michael M. Amirfathi ,  Nathan Heldt-Sheller ,  Pradeep M. Pappachan

发明人： Reshma Lal ,  Jason Martin ,  Micah J. Sheller ,  Michael M. Amirfathi ,  Nathan Heldt-Sheller ,  Pradeep M. Pappachan

IPC分类号： H04N21/647 ,  H04L9/08

CPC分类号： H04N21/64715 ,  G06F21/10 ,  G06F21/72 ,  H04L9/0816 ,  H04L2209/24

摘要： Technologies for hardening the security of digital information on a client device are described. In some embodiments, the client device includes a secure processing environment such as a secure enclave, which may be used to protect digital information on a client platform. The secure environment(s) may also protect assets which may be used to access the digital information. Using the secure processing environment(s), the described technologies may protect digital information as it is provided to, stored on, accessed on, and/or processed for display by a client device, even if the client device may be infested with malware or subject to attack by another entity.

摘要翻译： 描述了在客户端设备上加强数字信息安全性的技术。 在一些实施例中，客户端设备包括诸如安全飞地之类的安全处理环境，其可以用于保护客户端平台上的数字信息。 安全环境还可以保护可能用于访问数字信息的资产。 使用安全处理环境，所描述的技术可以保护数字信息，因为它被提供给存储，访问和/或处理以供客户端设备显示，即使客户端设备可能被恶意软件或 受另一实体的攻击。