-
1.发明申请MECHANISM FOR FACILITATING DYNAMIC CONTEXT-BASED ACCESS CONTROL OF RESOURCES 审中-公开促进动态基于上下文的资源访问控制机制公开(公告)号:US20150135258A1
公开(公告)日:2015-05-14
申请号:US14129961
申请日:2013-09-27
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/45 , G06F21/6218 , G06F2221/2111 , H04L63/0876 , H04L63/20
摘要: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.
摘要翻译: 描述了一种用于促进根据一个实施例的资源的基于上下文的访问控制的机制。 如本文所述的实施例的方法包括接收访问多个资源的资源的第一请求。 第一请求可以与对应于在计算设备处放置第一请求的用户相关联的一个或多个上下文相关联。 该方法还可以包括评估一个或多个上下文。 一个或多个上下文的评估可以包括将一个或多个上下文与与所请求的资源相关联的一个或多个访问策略进行匹配。 该方法还可以包括:如果一个或多个上下文满足访问策略中的至少一个,则接受第一请求。
-
2.发明申请Privacy Enhanced Key Management For A Web Service Provider Using A Converged Security Engine 有权使用融合安全引擎的Web服务提供商的隐私增强密钥管理公开(公告)号:US20140181925A1
公开(公告)日:2014-06-26
申请号:US13721760
申请日:2012-12-20
CPC分类号: H04L9/0861 , G06F21/31 , G06F21/33 , G06F21/45 , H04L9/3234 , H04L63/0281 , H04L63/061 , H04L63/08 , H04L63/0815 , H04L63/0823 , H04L63/0838 , H04L63/1466 , H04L2209/127 , H04L2463/082
摘要: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器的安全引擎包括身份提供者逻辑,以生成密钥配对关联系统用户的第一密钥对和提供Web服务并具有通过网络耦合到系统的第二系统的服务提供者, 以执行与所述第二系统的安全通信,以使所述第二系统能够验证所述身份提供者逻辑在可信执行环境中正在执行,并且响应于所述验证,将所述第一密钥对的第一密钥发送到所述第二系统。 该密钥可以使得第二系统可以根据多因素认证来验证由身份提供者逻辑传达的断言,用户已被认证给系统。 描述和要求保护其他实施例。
-
公开(公告)号:US20140366111A1
公开(公告)日:2014-12-11
申请号:US13994016
申请日:2013-03-15
申请人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
发明人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F21/316 , G06F2221/2101 , G06F2221/2103 , G06F2221/2139 , H04L63/0861 , H04L67/14 , H04L67/24
摘要: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.
摘要翻译: 通常,本公开描述了连续认证置信模块。 系统可以包括用户设备,包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块,被配置为响应于特定用户的初始认证来确定置信度得分,至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度分数,并且通知操作 系统,如果更新的置信度分数在会话关闭阈值的容限内,认证不再有效; 所述初始认证被配置为打开会话,所述置信度分数被配置为指示所述会话期间的当前认证强度。
-
公开(公告)号:US20150057839A1
公开(公告)日:2015-02-26
申请号:US14128569
申请日:2013-08-26
申请人: Sherry S. Chang , Jason Martin , Abhilasha Bhargav-Spantzel , Hormuzd M. Khosravi , Craig T. Owen
发明人: Sherry S. Chang , Jason Martin , Abhilasha Bhargav-Spantzel , Hormuzd M. Khosravi , Craig T. Owen
IPC分类号: B60R16/037
CPC分类号: B60R16/037 , B60R16/0373
摘要: Embodiments of apparatus and methods for configuring user customizable operational features of a vehicle are described. In embodiments, an apparatus may include a communication module configured to be disposed in the vehicle, and communicate with a mobile device a user. The apparatus may further include a controller configured to be disposed in the vehicle and coupled with the communication module, to obtain from the mobile device, one or more preferences of the user for one or more user customizable features of the vehicle, and adjust the one or more user customizable operational features of the vehicle based at least in part on the one or more preferences of the user obtained. Other embodiments may be described and/or claimed.
摘要翻译: 描述了用于配置车辆的用户可定制操作特征的装置和方法的实施例。 在实施例中,装置可以包括被配置为布置在车辆中并且与用户的移动设备通信的通信模块。 该装置还可以包括控制器,其被配置为设置在车辆中并与通信模块耦合,以从移动设备获得用户对于车辆的一个或多个用户可定制特征的一个或多个偏好,并且调整一个 至少部分地基于所获得的用户的一个或多个偏好来确定车辆的用户可自定义的操作特征。 可以描述和/或要求保护其他实施例。
-
5.发明申请公开(公告)号:US20140189807A1
公开(公告)日:2014-07-03
申请号:US13822216
申请日:2011-11-18
申请人: Conor P. Cahill , Vinay Phegade , Jason Martin , Anand Rajan , Nikhil M. Deshpande , Radia Perlman
发明人: Conor P. Cahill , Vinay Phegade , Jason Martin , Anand Rajan , Nikhil M. Deshpande , Radia Perlman
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/41 , G06F2221/2139 , H04L9/3268 , H04L63/0853 , H04L63/0861 , H04L63/0876 , H04L63/108
摘要: Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider.
摘要翻译: 公开了方法,系统和装置以促进基于客户端的认证。 示例性方法包括将身份授权与客户机平台相关联在隔离的执行环境中,将用户身份与身份管理机构相关联,生成与第一服务提供商相关联的第一密钥对,基于第一授权序列生成认证 客户端平台,并签署一部分密钥对的认证,并向第一个服务提供商发送签名的认证,以授权客户端平台和第一个服务提供商之间的通信。
-
公开(公告)号:US20160188873A1
公开(公告)日:2016-06-30
申请号:US14583620
申请日:2014-12-27
申请人: Ned M. Smith , Dmitri Rubakha , Samir Shah , Jason Martin , Micah J. Sheller , Somnath Chakrabarti , Bin Xing
发明人: Ned M. Smith , Dmitri Rubakha , Samir Shah , Jason Martin , Micah J. Sheller , Somnath Chakrabarti , Bin Xing
CPC分类号: G06F21/53 , G06F21/34 , G06F2221/033 , H04L9/321 , H04L9/3247 , H04L9/3263
摘要: In an example, a computing device includes a trusted execution environment (TEE), including an enclave. The enclave may include both a binary translation engine (BTE) and an input verification engine (IVE). In one embodiment, the IVE receives a trusted binary as an input, and analyzes the trusted binary to identify functions, classes, and variables that perform input/output operations. To ensure the security of these interfaces, those operations may be performed within the enclave. The IVE tags the trusted binary and provides the binary to the BTE. The BTE then translates the trusted binary into a second format, including designating the tagged portion for execution within the enclave. The BTE may also sign the new binary in the second format and export it out of the enclave.
摘要翻译: 在一个示例中,计算设备包括可信执行环境(TEE),包括飞地。 飞地可以包括二进制翻译引擎(BTE)和输入验证引擎(IVE)。 在一个实施例中,IVE接收可信二进制作为输入,并且分析可信二进制以识别执行输入/输出操作的功能,类和变量。 为了确保这些接口的安全性,可以在飞地内执行这些操作。 IVE标记可信任的二进制文件,并向BTE提供二进制文件。 BTE然后将可信二进制文件转换为第二格式,包括指定用于在飞地内执行的标记部分。 BTE也可能以第二种格式签署新的二进制文件,并将其从飞地出口。
-
公开(公告)号:US09342704B2
公开(公告)日:2016-05-17
申请号:US13993421
申请日:2011-12-28
摘要: Enabling access control caches for co-processors to be charged using a VMX-nonroot instruction. As a result a transition to VMX-root is not needed, saving the cycles involved in such a transition.
摘要翻译: 使用VMX-nonroot指令为协处理器启用访问控制高速缓存。 因此,不需要转换到VMX-root,从而节省了这种转换所涉及的周期。
-
公开(公告)号:US20150086012A1
公开(公告)日:2015-03-26
申请号:US14036263
申请日:2013-09-25
申请人: Siddhartha Chhabra , Uday R. Savagaonkar , Prashant Dewan , David M. Durham , Balaji Vembu , Xiaozhu Kang , Scott Janus , Jason Martin , Vincent R. Scarlata
发明人: Siddhartha Chhabra , Uday R. Savagaonkar , Prashant Dewan , David M. Durham , Balaji Vembu , Xiaozhu Kang , Scott Janus , Jason Martin , Vincent R. Scarlata
IPC分类号: H04N7/167
CPC分类号: G06F21/82 , G06F21/84 , G06F21/85 , H04N21/4122 , H04N21/4143 , H04N21/4367
摘要: Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a processing core communicatively coupled to the architecturally protected memory, the processing core comprising a processing logic configured to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory; wherein the processing logic is further configured to provide a secure video output path by generating an output surface bitmap encrypted with a first encryption key and storing an encrypted first encryption key in an external memory, wherein the encrypted first encryption key is produced by encrypting the first encryption key with a second encryption key.
摘要翻译: 用于将输出表面位图安全传递到显示引擎的系统和方法。 一个示例处理系统包括:架构受保护的存储器; 以及处理核心,其通信地耦合到所述体系结构保护的存储器,所述处理核心包括处理逻辑,所述处理逻辑被配置为通过执行以下中的至少一个来实现架构保护的执行环境:执行驻留在架构保护的存储器中的指令, 建筑保护记忆; 其中所述处理逻辑还被配置为通过生成用第一加密密钥加密并将加密的第一加密密钥存储在外部存储器中的输出表面位图来提供安全视频输出路径,其中所述加密的第一加密密钥是通过加密所述第一加密密钥 具有第二加密密钥的加密密钥。
-
公开(公告)号:US20140366128A1
公开(公告)日:2014-12-11
申请号:US14127215
申请日:2013-05-30
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F2221/2111 , G06F2221/2113 , H04L63/107 , H04W12/00503 , H04W12/00504 , H04W12/06
摘要: An embodiment includes a method executed by at least one processor comprising: determining a first environmental factor for a mobile communications device; determining a first security authentication level based on the determined first environmental factor; and allowing access to a first module of the mobile communications device based on the first security authentication level. Other embodiments are described herein.
摘要翻译: 实施例包括由至少一个处理器执行的方法,包括:确定移动通信设备的第一环境因素; 基于所确定的第一环境因素确定第一安全认证级别; 以及允许基于所述第一安全认证级别访问所述移动通信设备的第一模块。 本文描述了其它实施例。
-
公开(公告)号:US20140282868A1
公开(公告)日:2014-09-18
申请号:US13832556
申请日:2013-03-15
IPC分类号: G06F21/31
CPC分类号: G06F21/31 , G06F21/316 , G06F2221/2139
摘要: A system is provided to determine whether to re-authenticate a user based on identification parameter measurements of low power sensors. According to an embodiment of the invention, a system may include a processor that includes analysis logic to determine whether to re-authenticate the user based on parameter values received from at least one of one or more agents. The system may also include authentication logic to re-authenticate the user that includes a confirmation of whether the user is authenticated based on input received from one or more authentication sensors. Other embodiments are described and claimed.
摘要翻译: 基于低功率传感器的识别参数测量,提供一种系统来确定是否重新认证用户。 根据本发明的实施例,系统可以包括处理器,其包括基于从一个或多个代理中的至少一个接收的参数值来确定是否重新认证用户的分析逻辑。 系统还可以包括认证逻辑,用于根据从一个或多个认证传感器接收到的输入来重新认证用户,其包括用户是否被认证的确认。 描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
72 条记录 (耗时 0.029 秒)
