公开(公告)号：WO2020205514A1

公开(公告)日：2020-10-08

申请号：PCT/US2020/025211

申请日：2020-03-27

Applicant: INTEL CORPORATION ,  GIRISHKUMAR PARIKH, Bhushan ,  TADEPALLI, Hari K. ,  PALERMO, Stephen T. ,  O'DWYER, Thomas Joseph ,  BHARGAV-SPANTZEL, Abhilasha ,  SMITH, Ned M.

Inventor： GIRISHKUMAR PARIKH, Bhushan ,  TADEPALLI, Hari K. ,  PALERMO, Stephen T. ,  O'DWYER, Thomas Joseph ,  BHARGAV-SPANTZEL, Abhilasha ,  SMITH, Ned M.

IPC: G06F21/44 ,  G06F21/45 ,  H04L9/08 ,  H04L9/30 ,  H04L9/06

Abstract: An apparatus operating as a certificate authority (CA) is described. The apparatus can perform operations including receiving, from a plurality of requesting devices, a request to join a group. The request can include identification information for the group and attestation evidence for the plurality of requesting devices. Responsive to receiving the request, the apparatus can provide a group certificate for the group to the plurality of requesting devices.

公开(公告)号：WO2017052971A1

公开(公告)日：2017-03-30

申请号：PCT/US2016/048680

申请日：2016-08-25

Applicant: INTEL CORPORATION

Inventor： BHARGAV-SPANTZEL, Abhilasha ,  KHOSRAVI, Hormuzd M. ,  NAYSHTUT, Alex

IPC: H04L29/06 ,  G06F21/31

CPC classification number: H04L63/1441 ,  H04L9/3218 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/1433

Abstract: Technologies for anonymous context attestation and threat analytics include a computing device to receive sensor data generated by one or more sensors of the computing device and generate an attestation quote based on the sensor data. The attestation quote includes obfuscated attributes of the computing device based on the sensor data. The computing device transmits zero knowledge commitment of the attestation quote to a server and receives a challenge from the server in response to transmitting the zero knowledge commitment. The challenge requests an indication regarding whether the obfuscated attributes of the computing device have commonality with attributes identified in a challenge profile received with the challenge. The computing device generates a zero knowledge proof that the obfuscated attributes of the computing device have commonality with the attributes identified in the challenge profile.

Abstract translation: 用于匿名上下文证明和威胁分析的技术包括用于接收由计算设备的一个或多个传感器生成的传感器数据的计算设备，并且基于传感器数据生成认证报价。 认证报价包括基于传感器数据的计算设备的模糊属性。 计算设备将认证报价的零知识承诺传送到服务器，并且响应于传送零知识承诺而从服务器接收挑战。 挑战请求关于计算设备的模糊化属性是否具有与在挑战中接收到的挑战简档中识别的属性的共同性的指示。 计算设备生成零知识证明，计算设备的模糊属性与挑战简档中识别的属性具有共同性。

公开(公告)号：WO2016099631A1

公开(公告)日：2016-06-23

申请号：PCT/US2015/053952

申请日：2015-10-05

Applicant: INTEL CORPORATION

Inventor： KHOSRAVI, Hormuzd, M. ,  BHARGAV-SPANTZEL, Abhilasha ,  BJORKENGREN, Ulf

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/105 ,  G06F21/60 ,  H04L12/2825 ,  H04L12/283 ,  H04L12/5692 ,  H04L41/0853 ,  H04L41/0893 ,  H04L63/04 ,  H04L63/20 ,  H04L67/12 ,  H04W4/70

Abstract: The techniques described herein include configuration of channels between devices and service providers at a connectable system platform. For example, a system platform may include a receiver to receive data from a communicatively coupled device. The system platform may include a controller having logic, at least partially comprising hardware logic, to configure communications channels. The communication channels include a communication channel for transmission between the system platform and a service provider to receive the data, and a communication channel for transmission between the system platform and the coupled device. The communication channels are configured based on a context. The context comprises characteristics of the coupled device, content of the data, and security requirements associated with the service provider.

Abstract translation: 这里描述的技术包括在可连接的系统平台上的设备和服务提供商之间的通道的配置。 例如，系统平台可以包括从通信耦合设备接收数据的接收器。 系统平台可以包括具有至少部分地包括硬件逻辑的逻辑以配置通信信道的控制器。 通信信道包括用于在系统平台和服务提供商之间传输以接收数据的通信信道，以及用于在系统平台和耦合设备之间进行传输的通信信道。 基于上下文配置通信信道。 上下文包括耦合设备的特性，数据内容以及与服务提供商相关联的安全性要求。

公开(公告)号：WO2016105692A1

公开(公告)日：2016-06-30

申请号：PCT/US2015/060883

申请日：2015-11-16

Applicant: INTEL CORPORATION

Inventor： KHOSRAVI, Hormuzd M. ,  PEARSON, Adrian R. ,  SMITH, Ned M. ,  BHARGAV-SPANTZEL, Abhilasha

IPC: G06F21/57 ,  G06F21/50

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F9/441 ,  G06F9/4418 ,  G06F21/31 ,  H04L63/102 ,  H04L63/108

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to initialize a platform. An example disclosed apparatus includes a boot loader manager to prevent operating system loading in response to detecting a power-on condition, a context manager to retrieve first context information associated with the platform, and a policy manager to identify a first operating system based on the first context information, the policy manager to authorize the boot loader manager to load the first operating system.

Abstract translation: 公开了方法，装置，系统和制品以初始化平台。 一个示例公开的装置包括：启动加载程序管理器，用于响应于检测到开机状况而防止操作系统加载;上下文管理器，用于检索与该平台相关联的第一上下文信息;以及策略管理器，用于基于该第一操作系统识别第一操作系统 第一个上下文信息，策略管理器授权引导加载程序管理器加载第一个操作系统。

公开(公告)号：WO2015076790A1

公开(公告)日：2015-05-28

申请号：PCT/US2013/070858

申请日：2013-11-19

Applicant: INTEL CORPORATION ,  BHARGAV-SPANTZEL, Abhilasha ,  VICENTE, John, B. ,  HAGHIGHAT, Mohammad, R. ,  CHEN, Oliver, W. ,  KHOSRAVI, Hormuzd, M. ,  KAHANA, Uri

Inventor： BHARGAV-SPANTZEL, Abhilasha ,  VICENTE, John, B. ,  HAGHIGHAT, Mohammad, R. ,  CHEN, Oliver, W. ,  KHOSRAVI, Hormuzd, M. ,  KAHANA, Uri

IPC: G06F21/00

CPC classification number: H04L63/1441 ,  G06F3/0484 ,  G06F17/30864 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/2105

Abstract: This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.

Abstract translation: 本公开涉及上下文感知主动威胁管理系统。 通常，设备可以使用内部活动数据以及关于外部活动的数据（例如由远程资源提供）来进行威胁评估和缓解。 设备可以包括例如恶意环境检测（HED）模块来协调威胁评估和缓解。 HED模块可以从远程资源累积内部活动数据（例如，来自设备中的安全服务）和关于系统环境和/或物理环境的外部活动数据。 然后，HED模块可以基于活动数据来评估威胁，并且确定自动和/或手动缓解操作以应对威胁。 在一个实施例中，可视化特征也可以用于例如可视化对用户的威胁，可视化自动/手动缓解操作，请求关于手动缓解操作的执行的用户确认等。

公开(公告)号：WO2013048540A1

公开(公告)日：2013-04-04

申请号：PCT/US2011/054504

申请日：2011-10-01

Applicant: INTEL CORPORATION ,  SENGUPTA, Uttam ,  AISSI, Selim ,  VENKATESWARAN, Venky ,  BHARGAV-SPANTZEL, Abhilasha

Inventor： SENGUPTA, Uttam ,  AISSI, Selim ,  VENKATESWARAN, Venky ,  BHARGAV-SPANTZEL, Abhilasha

IPC: G06Q30/00 ,  G06Q20/00 ,  G06K9/18

CPC classification number: G06Q20/3226 ,  G06Q20/12 ,  G06Q20/20 ,  G06Q20/3276 ,  G06Q30/06

Abstract: In some embodiments, an electronic device comprises an input interface, a communication interface, a processor, and logic to launch, in the electronic device, a shopping application associated with one or more specific vendors, establish, via the communication interface, a communication connection between the electronic device and a shopping server, and receive, via the input interface, an identifier associated with one or more products sold by the one or more specific vendors, receive, via the communication interface, point of sale information associated with the one or more products associated with the identifier, receive, via the communication interface, a transaction authorization to purchase the one or more products associated with the identifier, and execute the purchase transaction on the electronic device. Other embodiments may be described.

Abstract translation: 在一些实施例中，电子设备包括输入接口，通信接口，处理器和逻辑以在电子设备中启动与一个或多个特定供应商相关联的购物应用，经由通信接口建立通信连接 在所述电子设备和购物服务器之间，并且经由所述输入界面接收与所述一个或多个特定供应商销售的一个或多个产品相关联的标识符，经由所述通信接口接收与所述一个或多个特定供应商相关联的销售点信息， 与标识符相关联的更多产品，通过通信接口接收交易授权以购买与标识符相关联的一个或多个产品，并在电子设备上执行购买交易。 可以描述其他实施例。

公开(公告)号：WO2017172239A1

公开(公告)日：2017-10-05

申请号：PCT/US2017/020435

申请日：2017-03-02

Applicant: INTEL CORPORATION

Inventor： RAZIEL, Michael ,  BHARGAV-SPANTZEL, Abhilasha ,  KHOSRAVI, Hormuzd M. ,  SMITH, Ned M.

IPC: G06F21/53 ,  G06F21/30 ,  H04L9/08

CPC classification number: H04L63/0853 ,  H04L9/0897 ,  H04L9/3271 ,  H04L63/0869 ,  H04L63/18

Abstract: Systems, apparatuses and methods may provide for generating, at a computing device, a challenge message in response to a recovery request and conducting a verification of one or more responses to the challenge message based on an encryption key stored in a hardware-based trusted execution environment (TEE) of the computing device. Additionally, an authentication template associated with a multifactor authentication service may be unlocked if the verification is successful.

Abstract translation: 系统，设备和方法可以提供用于响应于恢复请求在计算设备处生成质询消息，并且基于加密密钥来对针对质询消息的一个或多个响应进行验证 存储在计算设备的基于硬件的可信执行环境（TEE）中。 另外，如果验证成功，与多因素验证服务相关联的验证模板可以被解锁。

公开(公告)号：WO2016032610A1

公开(公告)日：2016-03-03

申请号：PCT/US2015/037623

申请日：2015-06-25

Applicant: INTEL CORPORATION

Inventor： BHARGAV-SPANTZEL, Abhilasha ,  SMITH, Ned, M. ,  KHOSRAVI, Hormuzd, M. ,  RAZIEL, Michael ,  NAYSHTUT, Alex

IPC: H04W12/08 ,  H04W12/06 ,  H04W8/00

CPC classification number: H04W12/06 ,  G06F21/34 ,  G06F21/35 ,  G06F21/40 ,  H04L63/065 ,  H04L63/0869 ,  H04L63/105 ,  H04W12/04 ,  H04W88/14

Abstract: In an embodiment, an apparatus includes a security engine to operate in a trusted execution environment to perform security operations and to authenticate a user of the apparatus, and a pairing logic to receive an indication of discovery of a peer device and to determine whether the user of the apparatus corresponds to a user of the peer device, and if so to enable a pairing with the peer device according to a first security ring if the correspondence is determined, and to enable the pairing with the peer device according to a second security ring if no correspondence is detected and the user of the apparatus is authenticated. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，一种装置包括在可信执行环境中操作以执行安全操作并对该设备的用户进行认证的安全引擎以及用于接收对等设备的发现的指示的配对逻辑，并且确定用户是否 所述设备对应于所述对等体设备的用户，如果是，则如果确定了所述对应关系，则能够根据第一安全环配对对等设备，并且使得能够根据第二安全环与所述对等设备配对 如果没有检测到对应关系，并且设备的用户被认证。 描述和要求保护其他实施例。

公开(公告)号：WO2013147810A1

公开(公告)日：2013-10-03

申请号：PCT/US2012/031296

申请日：2012-03-29

Applicant: INTEL CORPORATION ,  DEUTSCH, Steven ,  BHARGAV-SPANTZEL, Abhilasha

Inventor： DEUTSCH, Steven ,  BHARGAV-SPANTZEL, Abhilasha

IPC: H04L9/32 ,  G06F21/20

CPC classification number: H04L63/10 ,  G06F21/57 ,  H04L9/3247 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/1433 ,  H04L63/145 ,  H04L2209/72

Abstract: In accordance with embodiments disclosed herein, there are provided systems, apparatuses, and methods for implementing secure remediation of devices requesting cloud services. For example, in one embodiment, such means may include means for receiving, at a services provider, a request for services from a client; means for requesting authentication from the client to verify the client is one of a plurality of known subscribers of the services; means for requesting attestation to verify compliance of the client with a policy specified by the services provider; means for receiving an attestation confirmation from an attestation verifier, the attestation confirmation verifying compliance of the client with the policy specified by the services provider; and means for granting the client access to the services requested.

Abstract translation: 根据本文公开的实施例，提供了用于实现请求云服务的设备的安全修复的系统，设备和方法。 例如，在一个实施例中，这种装置可以包括用于在服务提供商处接收来自客户端的服务请求的装置; 用于从客户端请求认证以验证客户端是服务的多个已知订户之一的装置; 用于请求认证以验证客户端遵守由服务提供商指定的策略的方式; 用于从证明验证者接收证明确认的手段，验证客户端遵守由服务提供商指定的策略的证明确认; 以及用于授予客户端访问所请求的服务的方法。

公开(公告)号：WO2019089164A1

公开(公告)日：2019-05-09

申请号：PCT/US2018/053486

申请日：2018-09-28

Applicant: INTEL CORPORATION

Inventor： SMITH, Ned M. ,  AGERSTAM, Mats ,  HELDT-SHELLER, Nathan ,  BHARGAV-SPANTZEL, Abhilasha

IPC: H04L29/06

Abstract: Various systems and methods for establishing network connectivity and onboarding for Internet of Things (IoT) devices and trusted platforms, including in Open Connectivity Foundation (OCF) specification device deployments, are discussed. In an example, a zero touch owner transfer method includes operations of: receiving a first request from a new device for network access to begin an onboarding procedure with a network platform; transmitting credentials of a first network to the new device, the first network used to access a rendezvous server and obtain onboarding information associated with the network platform; receiving a second request from the new device for network access to continue the onboarding procedure; and transmitting credentials of a second network to the new device, as the new device uses the second network to access the onboarding server of the network platform and perform or complete the onboarding procedure with the network platform.