公开(公告)号：US20220303181A1

公开(公告)日：2022-09-22

申请号：US17713139

申请日：2022-04-04

Applicant: Intel Corporation

Inventor： Keith Nolan ,  Mark Kelly ,  Michael Nolan ,  Davide Carboni ,  John Brady ,  Niall Cahill ,  Ned M. Smith ,  Gregory Burns

IPC: H04L41/0806 ,  H04L67/10 ,  H04L67/12 ,  H04W4/70 ,  G06F16/182 ,  H04L9/08 ,  H04L9/32 ,  H04L45/00 ,  H04L67/104 ,  H04L69/18 ,  H04W4/08 ,  H04W84/22 ,  H04L41/12 ,  H04L69/22 ,  H04L67/1087 ,  H04W12/69 ,  H04L61/4505 ,  H04L61/5069 ,  H04L67/562

Abstract: Methods, apparatus, and articles of manufacture for decentralized data storage and processing for IoT devices are disclosed. An example apparatus includes memory; and a processor to cause storage of a contract in an off-chain datastore; generate a hash value of the contract; cause storage of the hash value on a blockchain to be accessible to multiple nodes in an IoT network; and cause storage of a transaction on the blockchain, the transaction corresponding to an objective of the contract based on data sensed by an IoT device in the IoT network.

公开(公告)号：US20220303123A1

公开(公告)日：2022-09-22

申请号：US16650439

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Eduardo Cabre ,  Nathan Heldt-Sheller ,  Ned M. Smith

IPC: H04L9/08 ,  G06F21/57

Abstract: Various systems and methods for establishing security profiles for Internet of Things (IoT) devices and trusted platforms, including in OCF specification device deployments, are discussed herein. In an example, a technique for onboarding a subject device for use with a security profile, includes: receiving a request to perform an owner transfer method of a device associated with a device platform; verifying attestation evidence associated with the subject device, the attestation evidence being signed by a certificate produced using a manufacturer-embedded key, with the key provided from a trusted hardware component of the device platform; and performing device provisioning of the subject device, based on the attestation evidence, as the device provisioning causes the subject device to use a security profile tied to manufacturer-embedded keys.

公开(公告)号：US20220286354A1

公开(公告)日：2022-09-08

申请号：US17702463

申请日：2022-03-23

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Keith Nolan ,  Mark Kelly ,  Michael Nolan ,  John Brady ,  Thiago Macieira ,  Zheng Zhang ,  Glen J. Anderson ,  Igor Muttik

IPC: H04L41/0806 ,  H04L67/10 ,  H04L67/12 ,  H04W4/70 ,  G06F16/182 ,  H04L9/08 ,  H04L9/32 ,  H04L45/00 ,  H04L67/104 ,  H04L69/18 ,  H04W4/08 ,  H04W84/22 ,  H04L41/12 ,  H04L69/22 ,  H04L67/1087 ,  H04W12/69 ,  H04L61/4505 ,  H04L61/5069 ,  H04L67/562

Abstract: A trusted communications environment includes a primary participant with a group creator and a distributed ledger, and a secondary participant with communication credentials. An Internet of Things (IoT) network includes a trusted execution environment with a chain history for a blockchain, a root-of-trust for chaining, and a root-of-trust for archives. An IoT network includes an IoT device with a communication system, an onboarding tool, a device discoverer, a trust builder, a shared domain creator, and a shared resource directory. An IoT network includes an IoT device with a communication system, a policy decision engine, a policy repository, a policy enforcement engine, and a peer monitor. An IoT network includes an IoT device with a host environment and a trusted reliability engine to apply a failover action if the host environment fails. An IoT network includes an IoT server including secure booter/measurer, trust anchor, authenticator, key manager, and key generator.

公开(公告)号：US11438422B2

公开(公告)日：2022-09-06

申请号：US17424116

申请日：2020-02-14

Applicant: Intel Corporation

Inventor： David J. McCall ,  Nathan Heldt-Sheller ,  Ned M. Smith

IPC: G06F15/16 ,  H04L67/141 ,  H04L9/40 ,  H04L67/12 ,  G16Y40/50

Abstract: Systems and methods for device to device communications in an Internet of Things (IoT) setting, via associated cloud services, are described. In an example, a procedure performed by a first IoT device, associated with a first domain or ecosystem, to communicate with a second IoT device, associated with a second domain or ecosystem, includes: obtaining communication information to communicate with a second service associated with the second device; providing the communication information to a first service associated with the first device; obtain service validation information, in response to the first service initiating the validation procedure with the second service; and providing the service validation information to the first service. This service validation information is used to enable a validated connection between the first service and the second service, to then communicate data or commands between the first device and the second device via the first and second remote services.

公开(公告)号：US11412052B2

公开(公告)日：2022-08-09

申请号：US16235137

申请日：2018-12-28

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Patrick Bohan ,  Kshitij Arun Doshi ,  Brinda Ganesh ,  Andrew J. Herdrich ,  Monica Kenguva ,  Karthik Kumar ,  Patrick G Kutch ,  Felipe Pastor Beneyto ,  Rashmin Patel ,  Suraj Prabhakaran ,  Ned M. Smith ,  Petar Torre ,  Alexander Vul

IPC: H04L67/148 ,  H04L43/0811 ,  H04L67/10 ,  H04L41/5019 ,  H04L67/00 ,  H04L41/5003 ,  H04L47/70 ,  H04W4/40 ,  H04W4/70 ,  G06F9/48

Abstract: An architecture to perform resource management among multiple network nodes and associated resources is disclosed. Example resource management techniques include those relating to: proactive reservation of edge computing resources; deadline-driven resource allocation; speculative edge QoS pre-allocation; and automatic QoS migration across edge computing nodes. In a specific example, a technique for service migration includes: identifying a service operated with computing resources in an edge computing system, involving computing capabilities for a connected edge device with an identified service level; identifying a mobility condition for the service, based on a change in network connectivity with the connected edge device; and performing a migration of the service to another edge computing system based on the identified mobility condition, to enable the service to be continued at the second edge computing apparatus to provide computing capabilities for the connected edge device with the identified service level.

公开(公告)号：US20220248226A1

公开(公告)日：2022-08-04

申请号：US17670915

申请日：2022-02-14

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Nathan Heldt-Sheller

IPC: H04W12/08 ,  H04W4/38 ,  G06F21/62 ,  H04L41/0893 ,  H04L9/40

Abstract: Various systems and methods for dynamic access policy provisioning in a connected device framework are described herein. In an example, the techniques for policy provisioning may include resource update access policy automation, directory resource access policy automation, or hidden resources access policy automation, as monitored and operated with an access management service (AMS). In an example, the AMS monitors resources to receive a notification when they change. If the change observed is an addition or deletion of a resource object, the AMS responds by performing security analysis of devices hosting the new resource(s), which may further result in device onboarding actions. The AMS may further respond by evaluating link semantics to determine which other devices and resources may need updated access control list (ACL) policies.

公开(公告)号：US11386420B2

公开(公告)日：2022-07-12

申请号：US15859213

申请日：2017-12-29

Applicant: INTEL CORPORATION

Inventor： Michael Nolan ,  Davide Carboni ,  Ned M. Smith

IPC: G06Q20/36 ,  G06Q20/40

Abstract: Methods and systems are provided for a contextual authentication of an electronic wallet (e-wallet). An example apparatus includes a wallet application configured to confirm a context for use of an e-wallet, wherein the context is defined by a multifactor authentication (MFA) policy. A multifactor authentication application is configured to access a context sensor to provide input to the wallet application for the MFA policy.

公开(公告)号：US11374776B2

公开(公告)日：2022-06-28

申请号：US16722820

申请日：2019-12-20

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Timothy Verrall

IPC: H04L67/141 ,  H04L41/14 ,  H04L47/70 ,  H04L67/12 ,  G06F8/41 ,  G06F9/38 ,  G06F9/445 ,  G06F9/48 ,  G06F9/50 ,  G06F11/34 ,  H04L67/10 ,  G16Y40/10 ,  H04L9/32 ,  H04L9/40 ,  G06F12/14 ,  H04L9/08 ,  G06F9/455 ,  G06F16/18 ,  G06F16/23 ,  G06F11/10 ,  H04L9/06 ,  H04L41/0893 ,  H04L41/5009 ,  H04L41/5025 ,  H04L43/08 ,  H04L67/1008 ,  G06F9/54 ,  G06F21/60 ,  H04L9/00 ,  H04L41/0896 ,  H04L41/142 ,  H04L41/5051

Abstract: Systems and techniques for adaptive dataflow transformation in edge computing environments are described herein. A transformation compatibility indication may be received from a device. A set of transformations available for use by the device connected to the network may be determined based on the transformation compatibility indicator. The set of transformations may be transmitted to the device. A value may be determined for an operating metric for an edge computing node of the network. The edge computing node may provide a service to the device via the network. A transformation request may be transmitted to the device based on the value. The transformation request may cause the device to execute a transformation of the set of transformations to transform a dataflow of the service. The adaptive dataflow transformations may be continuous with changing predicted values of operating metrics.

公开(公告)号：US11372684B2

公开(公告)日：2022-06-28

申请号：US17220763

申请日：2021-04-01

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Changzheng Wei ,  Songwu Shen ,  Ziye Yang ,  Junyuan Wang ,  Weigang Li ,  Wenqian Yu

IPC: G06F9/50 ,  G06F21/76 ,  G06F21/60

Abstract: Technologies for hybrid acceleration of code include a computing device (100) having a processor (120), a field-programmable gate array (FPGA) (130), and an application-specific integrated circuit (ASIC) (132). The computing device (100) offloads a service request, such as a cryptographic request or a packet processing request, to the FPGA (130). The FPGA (130) performs one or more algorithmic tasks of an algorithm to perform the service request. The FPGA (130) determines one or more primitive tasks associated with an algorithm task and encapsulates each primitive task in a buffer that is accessible by the ASIC (132). The ASIC (132) performs the primitive tasks in response to encapsulation in the buffer, and the FPGA (130) returns results of the algorithm. The primitive operations may include cryptographic primitives such as modular exponentiation, modular multiplicative inverse, and modular multiplication. The results may be returned to the processor (120) or a network interface controller of the computing device (100).

公开(公告)号：US11366906B2

公开(公告)日：2022-06-21

申请号：US16665656

申请日：2019-10-28

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Steven L. Grobman ,  Craig T. Owen

IPC: G06F21/57 ,  G06F9/4401 ,  G06F9/455 ,  G06F21/53 ,  G06F21/74 ,  G06F21/88 ,  H04L9/40

Abstract: A method, apparatus, system, and computer program product for domain-authenticated control of platform resources. Resources under the control of the platform are managed in accordance with access control rules that are centrally managed by a directory service. Security policies are uniformly applied by requiring authorization of the user's access to platform resources including hard drives, flash memory, sensors, network controllers and power state controllers.