公开(公告)号：EP3238115A4

公开(公告)日：2018-05-23

申请号：EP15873951

申请日：2015-11-20

Applicant: INTEL CORP

Inventor： SMITH NED ,  HELDT-SHELLER NATHAN ,  SHELLER MICAH J ,  WELLS KEVIN C ,  SCURFIELD HANNAH L ,  GOSS NATHANIEL J ,  PANDIAN SINDHU ,  NEEDHAM BRAD H

IPC: G06F21/31 ,  G06F21/30 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W88/02

CPC classification number: G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/06 ,  H04W88/02

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：EP3186918A4

公开(公告)日：2018-02-21

申请号：EP15836733

申请日：2015-06-08

Applicant: INTEL CORP

Inventor： SMITH NED M ,  DELEEUW WILLIAM C ,  WILLIS THOMAS G ,  GOSS NATHANIEL J

IPC: H04L9/14 ,  G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L9/32 ,  H04L12/58 ,  H04L29/06

CPC classification number: H04L9/3247 ,  G06F21/606 ,  G06F21/6245 ,  H04L9/0838 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/123

Abstract: Technologies for utilizing trusted messaging include a local computing device including a message client and a local trusted message module established in a trusted execution environment. The local trusted message module performs attestation of a remote computing device based on communication with a corresponding remote trusted message module established in a trusted execution environment of the remote computing device. The local trusted message module further exchanges, with the remote trusted message module, cryptographic keys in response to successful attestation of the remote computing device. The message client forwards outgoing messages to the local trusted message module and receives incoming messages from the local trusted message module. To securely transmit an outgoing message to the remote computing device, the local trusted message module receives the outgoing message from the message client, encrypts the outgoing message, and cryptographically signs the outgoing message, prior to transmittal to the remote trusted message module of the remote computing device. To securely receive an incoming message from the remote computing device, the local trusted message module receives the incoming message from the remote trusted message module of the remote computing device, decrypts the incoming message, and verifies a cryptographic signature of the incoming message, based on the exchanged cryptographic keys and prior to transmittal of the incoming message to the message client.