公开(公告)号：EP2864928A4

公开(公告)日：2016-02-17

申请号：EP13807277

申请日：2013-06-10

Applicant: INTEL CORP

Inventor： SMITH NED M ,  JOHNSON SIMON P ,  ORRIN STEVE ,  WISEMAN WILLARD M

IPC: G06F21/62 ,  G06F21/57

CPC classification number: H04L63/107 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/2111 ,  H04W4/021 ,  H04W12/06 ,  H04W12/08

公开(公告)号：EP2761805A4

公开(公告)日：2015-06-24

申请号：EP11873252

申请日：2011-09-30

Applicant: INTEL CORP

Inventor： BAILEY ABDUL M ,  SMITH NED M ,  GUPTA ATUL

IPC: H04L9/32 ,  H04L29/06 ,  H04W12/06

CPC classification number: H04L63/08 ,  H04L9/3215 ,  H04L63/18 ,  H04W12/06

Abstract: In an embodiment a single user authentication event, performed between a trusted path hardware module and a service provider via an out of band communication, can enable a user to transparently access multiple service providers using strong credentials that are specific to each service provider. The authentication event may be based on multifactor authentication that is indicative of a user's actual physical presence. Thus, for example, a user would not need to enter a different retinal scan to gain access to each of the service providers. Other embodiments are described herein.

公开(公告)号：EP2606450A4

公开(公告)日：2014-08-20

申请号：EP11818526

申请日：2011-07-25

Applicant: INTEL CORP

Inventor： SMITH NED M ,  DANNEELS GUNNER D ,  SHANBHOGUE VEDVYAS ,  SUGUMAR SURESH

IPC: G06F9/44 ,  G06F9/06 ,  G06F9/30 ,  G06F21/53 ,  G06F21/56 ,  G06F21/57

CPC classification number: G06F21/53 ,  G06F21/564 ,  G06F21/575

公开(公告)号：EP3219044A4

公开(公告)日：2018-06-27

申请号：EP15858445

申请日：2015-10-06

Applicant: INTEL CORP

Inventor： SMITH NED M ,  WALKER JESSE ,  AGERSTAM MATS ,  SUBRAMANIAM RAVI S ,  CABRE EDUARDO

IPC: H04L9/08

CPC classification number: H04L9/0841 ,  H04L9/0833 ,  H04L9/0844 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3013 ,  H04L2209/127 ,  H04W12/04

Abstract: Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.

公开(公告)号：EP3186993A4

公开(公告)日：2018-03-21

申请号：EP15836036

申请日：2015-06-25

Applicant: INTEL CORP

Inventor： BHARGAV SPANTZEL ABHILASHA ,  SMITH NED M ,  KHOSRAVI HORMUZD M ,  RAZIEL MICHAEL ,  NAYSHTUT ALEX

IPC: H04W12/08 ,  G06F21/34 ,  G06F21/35 ,  G06F21/40 ,  H04L29/06 ,  H04W8/00 ,  H04W12/04 ,  H04W12/06 ,  H04W88/14

CPC classification number: H04W12/06 ,  G06F21/34 ,  G06F21/35 ,  G06F21/40 ,  H04L63/065 ,  H04L63/0869 ,  H04L63/105 ,  H04W12/04 ,  H04W88/14

Abstract: In an embodiment, an apparatus includes a security engine to operate in a trusted execution environment to perform security operations and to authenticate a user of the apparatus, and a pairing logic to receive an indication of discovery of a peer device and to determine whether the user of the apparatus corresponds to a user of the peer device, and if so to enable a pairing with the peer device according to a first security ring if the correspondence is determined, and to enable the pairing with the peer device according to a second security ring if no correspondence is detected and the user of the apparatus is authenticated. Other embodiments are described and claimed.

公开(公告)号：EP3114793A4

公开(公告)日：2017-09-27

申请号：EP14884957

申请日：2014-03-03

Applicant: INTEL CORP

Inventor： SMITH NED M ,  NAYSHTUT ALEX

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06

CPC classification number: H04L9/0822 ,  G06F21/53 ,  G06F2221/034 ,  H04L9/0863 ,  H04L9/0877 ,  H04L9/3231 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0861 ,  H04L63/20 ,  H04W12/04 ,  H04W12/06

公开(公告)号：EP3047601A4

公开(公告)日：2017-05-17

申请号：EP13893694

申请日：2013-09-19

Applicant: INTEL CORP

Inventor： SMITH NED M

IPC: H04L9/30 ,  H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/0866 ,  H04L9/3263 ,  H04L63/0861 ,  H04L67/10 ,  H04L67/1095 ,  H04L67/42

Abstract: Generally, this disclosure describes technologies for restoring and/or synchronizing templates such as biometric templates to/among one or more client devices. In some embodiments one or more client devices may register with a synchronization server and provide encrypted copies of their reference templates to the server. In a restoration operation, the synchronization server may provide an encrypted copy of a client's reference template(s) to the client, which may decrypt them in a protected environment. In a synchronization operation, the synchronization server may provide encrypted copy of a first client's template(s) to a plurality of second clients. The second clients may then decrypt the encrypted template(s) within a protected environment using an appropriate decryption key.

Abstract translation: 通常，本公开描述了用于将模板（诸如生物特征模板）恢复和/或同步到一个或多个客户端设备之间的技术。 在一些实施例中，一个或多个客户端设备可以向同步服务器注册，并将其参考模板的加密副本提供给服务器。 在恢复操作中，同步服务器可以向客户端提供客户端参考模板的加密副本，这可以在受保护的环境中解密它们。 在同步操作中，同步服务器可以向多个第二客户端提供第一客户端模板的加密副本。 然后，第二客户端可以使用适当的解密密钥来解密受保护环境中的加密模板。

公开(公告)号：EP3050020A4

公开(公告)日：2017-03-08

申请号：EP14847278

申请日：2014-08-29

Applicant: INTEL CORP

Inventor： SMITH NED M ,  HELDT-SHELLER NATHAN ,  WILLIS THOMAS G

IPC: G06Q50/10 ,  G06Q30/00 ,  G06Q30/02

CPC classification number: G06F21/6254 ,  G06Q30/00 ,  G06Q30/02 ,  G06Q30/0241

Abstract: Embodiments of the present disclosure are directed toward publication and/or removal of attributes in a multi-user computing environment. In some embodiments, a consumer information manager (CIM) associated with a user of a multi-user computing system may receive a notification, from a dimension authority (DA), of a decrease in a population count of users of the computing system who have published an attribute within the computing system, and may determine whether the user has published the attribute. In response to receiving the notification of the decrease and determining that the user has published the attribute, the CIM may determine a likelihood that continued publication of the attribute will enable identification of the user, compare the likelihood to a threshold, and, when the likelihood exceeds the threshold, remove the attribute from publication. Other embodiments may be disclosed and/or claimed.

公开(公告)号：EP2965195A4

公开(公告)日：2016-10-26

申请号：EP14760160

申请日：2014-02-28

Applicant: INTEL CORP

Inventor： SMITH NED M ,  MOORE VICTORIA C

IPC: G06F21/57 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/71

CPC classification number: G06F21/32 ,  G06F21/34 ,  G06F21/57 ,  G06F21/575 ,  G06F21/71 ,  G06F2221/2133 ,  G06F2221/2139

Abstract: An embodiment may include circuitry to be included, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute, at least in part, at least one host operating system (OS). The circuitry may perform, at least in part, at least one operation in isolation both from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may include user authorization determination and user presence determination. The authorization determination may be in response, at least in part, to indication of physical presence of at least one user in proximity to the host. The user presence determination may determine, at least in part, whether, after the indication has been provided, the physical presence of the at least one user in the proximity to the host has ceased.

公开(公告)号：EP2936371A4

公开(公告)日：2016-06-08

申请号：EP13865259

申请日：2013-12-03

Applicant: INTEL CORP

Inventor： SMITH NED M ,  CAHILL CONOR P ,  MOORE VICTORIA C ,  MARTIN JASON ,  SHELLER MICAH J

IPC: G06F21/30 ,  G06F21/33 ,  G06F21/60

CPC classification number: H04L9/0861 ,  G06F21/31 ,  G06F21/33 ,  G06F21/45 ,  H04L9/3234 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/1466 ,  H04L2209/127 ,  H04L2463/082

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

Abstract translation: ，实施例的处理器的安全引擎包括在身份提供逻辑以生成密钥配对关联系统用户的第一密钥对和服务提供商没有经由网络提供的web服务，并且具有耦合到所述系统中的第二系统， 来执行安全通信与所述第二系统，以使所述第二系统，以验证做身份提供逻辑在信赖的执行环境中执行，并且响应于所述验证​​，以第一密钥对第一密钥发送到第二系统。 该键可以使得第二系统以验证断言由身份提供逻辑传送做了用户已被认证的系统gemäß到一个多因素认证。 其他实施例中描述并要求保护。