公开(公告)号：WO2016105784A1

公开(公告)日：2016-06-30

申请号：PCT/US2015/062238

申请日：2015-11-24

Applicant: MCAFEE, INC.

Inventor： SHARAGA, Avishay ,  NAYSHTUT, Alex ,  POGORELIK, Oleg ,  MUTTIK, Igor ,  SMITH, Ned M.

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L63/0853 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0876 ,  H04L63/0892

Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.

Abstract translation: 在实施例中提供技术以在可信执行环境（TEE）和外围设备之间建立信任。 实施例被配置为与认证服务器进行通信以生成加密密钥，并且使用加密密钥建立与认证服务器的安全连接，以实现认证服务器与外围设备之间的通信。 实施例还被配置为如果外围设备被认证并且至少部分地基于成对主密钥从外围设备接收可信通信，则接收成对主密钥。 实施例还可以被配置为在外围设备被认证到认证服务器之前识别到外围设备的连接，从外围设备接收标识符，以及基于标识符的至少一部分建立与认证服务器的连接。

公开(公告)号：WO2016048535A1

公开(公告)日：2016-03-31

申请号：PCT/US2015/046815

申请日：2015-08-25

Applicant: MCAFEE, INC.

Inventor： NAYSHTUT, Alex ,  SMITH, Ned ,  SHARAGA, Avishay ,  POGORELIK, Oleg ,  BHARGAV-SPANTZEL, Abhilasha ,  RAZIEL, Michael ,  PRIEV, Avi ,  SHALIV, Adi ,  MUTTIK, Igor

IPC: G06F21/57

CPC classification number: G06F21/6254 ,  G06Q30/0261 ,  H04L63/04 ,  H04L63/0414 ,  H04W4/021 ,  H04W4/21 ,  H04W8/06 ,  H04W12/00 ,  H04W12/02

Abstract: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.

Abstract translation: 在一个示例中，公开了客户机 - 服务器平台身份架构。 平台身份架构可用于使场地运营商能够提供在线服务并收集遥测数据和指标，同时为终端用户提供更多的隐私控制。 当进入兼容的场所时，用户的设备在安全硬件或软件中生成签名的临时假名身份（TPI）。 上传到场地服务器的任何遥测包括签名，使得服务器可以验证数据是否有效。 TPI可能有内置的到期。 因此，场地服务器可以在TPI期间接收有用的跟踪数据，同时确保用户永久地保持数据或与个人识别信息相关联。

公开(公告)号：WO2016105859A1

公开(公告)日：2016-06-30

申请号：PCT/US2015/062842

申请日：2015-11-28

Applicant: MCAFEE, INC.

Inventor： NAYSHTUT, Alex ,  POGORELIK, Oleg ,  SHARAGA, Avishay ,  SMITH, Ned M. ,  MUTTIK, Igor

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3268 ,  H04L63/0815 ,  H04L63/0823

Abstract: In an example, a DHN (DHN) is provided for enabling grantees to access digitally- controlled assets of a principal. The principal (level 0) establishes a digital testament (DT), identifying one or more grantees on levels 1 - n. Each grantee receives a digital heritage certificate (DHC), which may be based on the PKI certificate definition. The DHC includes a "PREDECESSORS" field, identifying one or more predecessor certificates that must be revoked before the DHC is valid. All grantee DHCs have the principal's level 0 DHC as a predecessor certificate. Level n certificates may also be valid only if all certificates at level n— 1 have been revoked. In practice, a DHC may be revoked when a user of the certificate passes away, so that nth generation grantees inherit only when generation n— 1 has passed away.

Abstract translation: 在一个例子中，提供DHN（DHN），使得受助人能够访问委托人的数字控制资产。 校长（0级）建立数字遗产（DT），识别1级至n级的一名或多名受助人。 每个受让人都可以获得数字遗产证书（DHC），这可能是基于PKI证书的定义。 DHC包括一个“PREDECESSORS”字段，标识在DHC有效之前必须被吊销的一个或多个前身证书。 所有受让人的DHC均为本科0级DHC作为前身证书。 只有在第1级第1级的所有证书都被撤销时，级别n证书也可能有效。 实际上，当证书的用户离开时，DHC可能被撤销，所以第n代的承授人只有在第n-1代已经过世时才继承。