公开(公告)号：WO2014099485A1

公开(公告)日：2014-06-26

申请号：PCT/US2013/074090

申请日：2013-12-10

Applicant: INTEL CORPORATION ,  LI, Hong C. ,  BOUCHER, Mark D. ,  CAHILL, Conor P. ,  CASTELINO, Manohar R. ,  ORRIN, Steve ,  PHEGADE, Vinay ,  SIMPSON, JR, John E.

Inventor： LI, Hong C. ,  BOUCHER, Mark D. ,  CAHILL, Conor P. ,  CASTELINO, Manohar R. ,  ORRIN, Steve ,  PHEGADE, Vinay ,  SIMPSON, JR, John E.

IPC: G06F21/60 ,  G06F17/00

CPC classification number: H04L63/20 ,  G06F21/602 ,  G06F21/62 ,  G06F2221/2111 ,  H04L63/107

Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.

Abstract translation: 装置，系统和方法可以提供浏览器界面来检测网页内容来操纵本地数据存储中的数据的尝试。 此外，如果数据可远程访问，则数据可以分类为类别。 此外，安全策略可以基于该类别应用于数据。 在一个示例中，分离器可以基于类别将数据与其他数据分离，可以基于类别来加密/解密数据，和/或上下文信息，并且可以确定用户输入，以进一步基于 上下文信息和用户输入。

公开(公告)号：WO2014151038A1

公开(公告)日：2014-09-25

申请号：PCT/US2014/024811

申请日：2014-03-12

Applicant: INTEL CORPORATION ,  PHEGADE, Vinay ,  RAJAN, Anand ,  JOHNSON, Simon ,  SCARLATA, Vincent ,  ROZAS, Carlos ,  DESHPANDE, Nikhil

Inventor： PHEGADE, Vinay ,  RAJAN, Anand ,  JOHNSON, Simon ,  SCARLATA, Vincent ,  ROZAS, Carlos ,  DESHPANDE, Nikhil

IPC: G06F21/60 ,  G06F15/16

CPC classification number: H04L63/0428 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/2105 ,  H04L63/126 ,  H04L63/302

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract translation: 用于在实体之间共享信息的装置包括处理器和在处理器上执行的可信执行模块。 可信执行模块被配置为从与第一实体相关联的第一客户端设备接收第一机密信息，将可信执行环境中的第一机密信息密封，从与第二实体相关联的第二客户端设备接收第二机密信息， 可信执行环境中的第二机密信息，并在可信执行环境内执行代码。 代码被配置为基于第一机密信息和第二机密信息来计算机密结果。

公开(公告)号：WO2013158064A1

公开(公告)日：2013-10-24

申请号：PCT/US2012/033780

申请日：2012-04-16

Applicant: INTEL CORPORATION ,  PHEGADE, Vinay ,  CAHILL, Conor ,  MARTIN, Jason

Inventor： PHEGADE, Vinay ,  CAHILL, Conor ,  MARTIN, Jason

IPC: G06F21/22 ,  G06F21/20

CPC classification number: G06F21/629 ,  G06F3/04842 ,  G06F21/74 ,  G06F21/83 ,  G06F21/84 ,  G06F2221/2105

Abstract: In one embodiment a controller comprises a memory module, and logic configured to receive a request for trusted input from a user, define, on a region of a display device coupled to the secure controller, a dialog box, lock the dialog box such that input/output operations conducted in the dialog box are visible only to the secure controller, present, in the dialog box, one or more anti-spoof indicators and at least one input mechanism, receive a user input from the at least one input mechanism and process the user input in the secure controller. Other embodiments may be described.

Abstract translation: 在一个实施例中，控制器包括存储器模块和被配置为从用户接收对可信输入的请求的逻辑，在耦合到安全控制器的显示设备的区域上定义对话框，锁定对话框，使得输入 在对话框中执行的/输出操作仅对安全控制器可见，在对话框中存在一个或多个防欺骗指示符和至少一个输入机制，从至少一个输入机制接收用户输入和处理 用户在安全控制器中输入。 可以描述其他实施例。

公开(公告)号：WO2013158075A1

公开(公告)日：2013-10-24

申请号：PCT/US2012/033907

申请日：2012-04-17

Applicant: INTEL CORPORATION ,  PHEGADE, Vinay ,  CAHILL, Conor ,  BAKSHI, Sanjay

Inventor： PHEGADE, Vinay ,  CAHILL, Conor ,  BAKSHI, Sanjay

IPC: G06Q20/40

CPC classification number: H04L63/0823 ,  G06F3/0481 ,  G06F21/33 ,  G06F21/42 ,  G06F21/84 ,  G06Q20/382 ,  G06Q20/401 ,  H04L63/08 ,  H04L63/083 ,  H04L63/126 ,  H04L67/14

Abstract: In one embodiment a controller comprises logic configured to receive, from an application executing on an untrusted execution complex of the electronic device, a request for a secure communication session with a remote service, verify a security credential received from the remote service, establish a secure communication connection between the secure controller and the remote service, establish a secure user interface, collect one or more authentication credentials from a user via the secure user interface, forward the one or more authentication credentials to the remote service, and conduct a secure communication session with the remote service. Other embodiments may be described.

Abstract translation: 在一个实施例中，控制器包括被配置为从在电子设备的不受信任的执行复合体上执行的应用接收与远程服务的安全通信会话的请求的逻辑，验证从远程服务接收的安全凭证，建立安全的 安全控制器和远程服务之间的通信连接，建立安全用户界面，经由安全用户界面从用户收集一个或多个认证证书，将一个或多个认证凭证转发给远程服务，并进行安全通信会话 与远程服务。 可以描述其他实施例。

公开(公告)号：WO2013058781A1

公开(公告)日：2013-04-25

申请号：PCT/US2011/061359

申请日：2011-11-18

Applicant: INTEL CORPORATION ,  CAHILL, Conor, P. ,  PHEGADE, Vinay ,  MARTIN, Jason ,  RAJAN, Anand ,  DESHPANDE, Nikhil, M. ,  PERLMAN, Radia

Inventor： CAHILL, Conor, P. ,  PHEGADE, Vinay ,  MARTIN, Jason ,  RAJAN, Anand ,  DESHPANDE, Nikhil, M. ,  PERLMAN, Radia

IPC: H04L9/32 ,  G06F21/20

CPC classification number: H04L63/08 ,  G06F21/41 ,  G06F2221/2139 ,  H04L9/3268 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/0876 ,  H04L63/108

Abstract: Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider.

Abstract translation: 公开了方法，系统和装置以促进基于客户端的认证。 示例性方法包括将身份授权与客户机平台相关联在隔离的执行环境中，将用户身份与身份管理机构相关联，生成与第一服务提供商相关联的第一密钥对，基于第一授权序列生成认证 客户端平台，并签署一部分密钥对的认证，并向第一个服务提供商发送签名的认证，以授权客户端平台和第一个服务提供商之间的通信。

公开(公告)号：WO2014142858A1

公开(公告)日：2014-09-18

申请号：PCT/US2013/031144

申请日：2013-03-14

Applicant: INTEL CORPORATION ,  PHEGADE, Vinay ,  JAIN, Nilesh, K. ,  WALKER, Jesse

Inventor： PHEGADE, Vinay ,  JAIN, Nilesh, K. ,  WALKER, Jesse

IPC: H04L9/14 ,  H04L9/30

CPC classification number: H04L63/06 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L9/0825 ,  H04L9/0827 ,  H04L9/083

Abstract: Generally, this disclosure describes a system and method for trusted data processing in the public cloud. A system may include a cloud server including a trusted execution environment, the cloud server one of a plurality of cloud servers, a cloud storage device coupled to the cloud server, and a RKM server including a key server module, the RKM server configured to sign the key server module using a private key and a gateway server configured to provide the signed key server module to the cloud server, the trusted execution environment configured to verify the key server module using a public key related to the private key and to launch the key server module, the key server module configured to establish a secure communication channel between the gateway server and the key server module, and the gateway server configured to provide a cryptographic key to the key server module via the secure communication channel.

Abstract translation: 通常，本公开描述了在公共云中的可信数据处理的系统和方法。 系统可以包括包括可信执行环境的云服务器，云服务器中的多个云服务器之一，耦合到云服务器的云存储设备，以及包括密钥服务器模块的RKM服务器，该RKM服务器被配置为签署 所述密钥服务器模块使用专用密钥和网关服务器，所述网关服务器被配置为向所述云服务器提供所签署的密钥服务器模块，所述可信执行环境被配置为使用与所述私钥相关联的公钥来验证所述密钥服务器模块，并且启动所述密钥 服务器模块，所述密钥服务器模块被配置为在所述网关服务器和所述密钥服务器模块之间建立安全通信信道，所述网关服务器被配置为经由所述安全通信信道向所述密钥服务器模块提供加密密钥。

公开(公告)号：WO2013158060A1

公开(公告)日：2013-10-24

申请号：PCT/US2012/033748

申请日：2012-04-16

Applicant: INTEL CORPORATION ,  PHEGADE, Vinay ,  BAKSHI, Sanjay

Inventor： PHEGADE, Vinay ,  BAKSHI, Sanjay

IPC: H04W12/08 ,  H04W12/06 ,  H04W88/02 ,  H04W92/18

CPC classification number: G06F21/606 ,  G06F9/54 ,  H04W12/06

Abstract: In one embodiment a controller comprises logic configured to establish a pairing with a remote processor in a second electronic device, create a first secure communication channel with the remote processor, transmit a first portion of a processing task to the remote processor via the first secure channel, receive, via a second communication channel, an input from the first portion of the processing task, and complete at least a second portion of the processing task using the input. Other embodiments may be described.

Abstract translation: 在一个实施例中，控制器包括配置成与第二电子设备中的远程处理器建立配对的逻辑，与远程处理器建立第一安全通信信道，经由第一安全信道将处理任务的第一部分发送到远程处理器 经由第二通信信道接收来自处理任务的第一部分的输入，并且使用该输入来完成处理任务的至少第二部分。 可以描述其他实施例。

公开(公告)号：WO2013101207A1

公开(公告)日：2013-07-04

申请号：PCT/US2011/068183

申请日：2011-12-30

Applicant: INTEL CORPORATION ,  PHEGADE, Vinay ,  BAKSHI, Sanjay ,  CIHULA, Joseph ,  WALKER, Jesse

Inventor： PHEGADE, Vinay ,  BAKSHI, Sanjay ,  CIHULA, Joseph ,  WALKER, Jesse

IPC: G06F3/048 ,  G06F3/14 ,  G06F21/00

CPC classification number: G06F21/60 ,  G06F21/36 ,  G06F21/83

Abstract: A machine-controlled method can include visually presenting to a first user a first user interface for a first transaction involving user-sensitive information, the first user interface having a first user interface layout, and performing processing based on user-sensitive information received by way of user interaction by the first user with the first user interface. The method can also include visually presenting to a second user a second user interface for receiving a second transaction involving user-sensitive information, the second user interface having a second user interface layout that is visually distinct from the first user interface layout and has a desired level of entropy.

Abstract translation: 机器控制方法可以包括向第一用户视觉呈现涉及用户敏感信息的第一事务的第一用户界面，所述第一用户界面具有第一用户界面布局，以及基于通过方式接收的用户敏感信息执行处理 第一用户与第一用户界面的用户交互。 该方法还可以包括向第二用户可视地呈现用于接收涉及用户敏感信息的第二事务的第二用户界面，所述第二用户界面具有与第一用户界面布局在视觉上不同的第二用户界面布局， 熵水平。

公开(公告)号：WO2014209900A1

公开(公告)日：2014-12-31

申请号：PCT/US2014/043698

申请日：2014-06-23

Applicant: INTEL CORPORATION ,  WOUHAYBI, Rita H. ,  COPPERNOLL, Timothy G. ,  SIA, Jose K. Jr. ,  BECKWITH, Richard T. ,  BEZAITIS, Maria ,  ROBINSON, Scott H. ,  PHEGADE, Vinay ,  LEMAY, Michael

Inventor： WOUHAYBI, Rita H. ,  COPPERNOLL, Timothy G. ,  SIA, Jose K. Jr. ,  BECKWITH, Richard T. ,  BEZAITIS, Maria ,  ROBINSON, Scott H. ,  PHEGADE, Vinay ,  LEMAY, Michael

IPC: G06Q50/30

CPC classification number: G06Q30/0635 ,  G06F17/30598 ,  G06F17/30867 ,  G06Q30/0214 ,  G06Q30/0601 ,  G06Q30/0631 ,  G06Q30/0641 ,  G07C13/00

Abstract: Selective/controlled disclosure of user information to private workspaces of other users/invitees based on context/contextual relations, and a shared workspace or market to collaborate amongst the other users (e.g., to crowd-source gifts of interest to the recipient). Contextual disclosure may be based on common context or commonality under a set of conditions, such as a topic, which may include known topics of relationships amongst the users and/or undiscovered contexts. As an example, items of interest to each user are identified and clustered, keywords are assigned to the clusters indicative of topics/subjects of interests to the respective users, recipient keywords are compared to keywords of an invitee to identify common keywords as shared interests, and items of interest to the recipient that relate to the common keywords are disclosed to the invitee as a personalized wish-list. Keyword weighting and/or keyword/item level privacy designations may be provided to further control disclosure.

Abstract translation: 基于上下文/上下文关系向其他用户/受邀者的私有工作空间选择/控制地披露用户信息，以及共享工作空间或市场以在其他用户之间进行协作（例如，将收件人感兴趣的馈赠给接收者）。 上下文公开可以基于一组条件下的通用上下文或通用性，例如主题，其可以包括用户之间的关系的已知主题和/或未发现的上下文。 作为示例，识别和聚集每个用户感兴趣的项目，将关键字分配给指示相应用户的主题/主题的集群，将收件人关键字与受邀者的关键字进行比较，以将共同关键字识别为共享兴趣， 并且与所述公共关键字相关的所述收件人感兴趣的项目作为个性化愿望列表被公开给被邀请者。 可以提供关键字加权和/或关键字/项目级别隐私指定以进一步控制公开。

公开(公告)号：WO2013101084A1

公开(公告)日：2013-07-04

申请号：PCT/US2011/067878

申请日：2011-12-29

Applicant: INTEL CORPORATION ,  PHEGADE, Vinay ,  MARTIN, Jason ,  LAL, Reshma ,  SHELLER, Micah ,  KOHLENBERG, Tobias

Inventor： PHEGADE, Vinay ,  MARTIN, Jason ,  LAL, Reshma ,  SHELLER, Micah ,  KOHLENBERG, Tobias

IPC: G06F21/24 ,  G06F21/20 ,  H04L9/00

CPC classification number: H04L63/062 ,  G06F21/10 ,  G06F21/606 ,  G06F21/84 ,  G06F2221/0797 ,  G09G2358/00 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/1441 ,  H04L67/02

Abstract: A method of enforcing a virtual corporate boundary may include a client device requesting sensitive content from a network site on a server device responsive to a user's interaction with the client device. The server device can determine whether the user and/or client device are permitted to access the sensitive content. A secure element on the client device can establish a session key between the server device and the client device. The server device can render the sensitive content and send it to the client device, which can display the content to the user.

Abstract translation: 实施虚拟公司边界的方法可以包括响应于用户与客户端设备的交互而从服务器设备上的网络站点请求敏感内容的客户端设备。 服务器设备可以确定用户和/或客户端设备是否被允许访问敏感内容。 客户端设备上的安全元素可以在服务器设备和客户端设备之间建立会话密钥。 服务器设备可以呈现敏感内容并将其发送到客户端设备，可以向用户显示内容。