公开(公告)号：EP3238115A4

公开(公告)日：2018-05-23

申请号：EP15873951

申请日：2015-11-20

Applicant: INTEL CORP

Inventor： SMITH NED ,  HELDT-SHELLER NATHAN ,  SHELLER MICAH J ,  WELLS KEVIN C ,  SCURFIELD HANNAH L ,  GOSS NATHANIEL J ,  PANDIAN SINDHU ,  NEEDHAM BRAD H

IPC: G06F21/31 ,  G06F21/30 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W88/02

CPC classification number: G06F21/31 ,  G06F21/41 ,  G06F21/53 ,  G06F21/88 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2147 ,  H04L9/3226 ,  H04L63/0815 ,  H04L2209/127 ,  H04L2209/805 ,  H04W12/06 ,  H04W88/02

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

公开(公告)号：EP3087522A4

公开(公告)日：2017-08-09

申请号：EP13900018

申请日：2013-12-23

Applicant: INTEL CORP

Inventor： CORRION BRADLEY W ,  SHELLER MICAH J ,  TRIPP JEFFREY M

IPC: G06F21/30 ,  G06F3/048

CPC classification number: G06F21/36 ,  G06F3/04845 ,  G06F3/04886 ,  G06F21/31 ,  G06F21/552 ,  G06F21/56 ,  G06F2221/034 ,  H04L63/083

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate secure screen input. An example disclosed system includes a user interface (UI) manager to generate a UI comprising a quantity of ordinal entry points, each one of the quantity of ordinal entry points comprising a repeating selectable pattern, an ordinal sequence generator to generate an initial randomized combination of the quantity of ordinal entry points, the randomized combination stored in a trusted execution environment, and an offset calculator to calculate a password entry value by comparing an offset value and direction value retrieved from the UI with the initial randomized combination of the quantity of ordinal entry points.

Abstract translation: 公开了方法，装置，系统和制造物品以促进屏幕输入的安全。 一个示例公开的系统包括：用户界面（UI）管理器，用于生成包括一定数量的序数入口点的UI，所述多个序数入口点中的每一个包括重复的可选模式;序数序列生成器，用于生成初始随机化的 所述序数入口点的数量，所述随机化组合存储在可信执行环境中，以及偏移计算器，用于通过将从所述UI检索的偏移值和方向值与所述序数量的初始随机化组合相比较来计算密码输入值 点。

公开(公告)号：EP2973164A4

公开(公告)日：2016-09-07

申请号：EP13877983

申请日：2013-03-15

Applicant: INTEL CORP

Inventor： SMITH NED M ,  CAHILL CONOR P ,  SHELLER MICAH J ,  MARTIN JASON

IPC: G06F21/36 ,  G06F15/16 ,  G06F21/32 ,  H04L29/06

CPC classification number: H04L63/06 ,  G06F21/32 ,  G06F21/62 ,  G06F21/78 ,  H04L63/0861

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

Abstract translation: 一般来说，本发明描述用于安全地存储和使用生物测定认证信息，颜色的技术：作为生物特征参考模板这样。 在一些实施方案中，技术包括客户机设备没有存储一个或多个生物特征参考模板在其存储器中。 客户端设备可以在认证设备搜索模板转移到。 可在验证空调转印做了认证装置包括用于模板的合适的受保护的环境，并且将在可接受的临时存储策略执行。 因此，该技术可以包括在认证装置也被配置为临时存储在它们的受保护的环境从客户端设备接收到的生物特征参考模板。 在生物认证或终止事件发生后，认证设备可能会删除从保护环境的生物特征参考模板。

公开(公告)号：EP2936371A4

公开(公告)日：2016-06-08

申请号：EP13865259

申请日：2013-12-03

Applicant: INTEL CORP

Inventor： SMITH NED M ,  CAHILL CONOR P ,  MOORE VICTORIA C ,  MARTIN JASON ,  SHELLER MICAH J

IPC: G06F21/30 ,  G06F21/33 ,  G06F21/60

CPC classification number: H04L9/0861 ,  G06F21/31 ,  G06F21/33 ,  G06F21/45 ,  H04L9/3234 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/1466 ,  H04L2209/127 ,  H04L2463/082

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

Abstract translation: ，实施例的处理器的安全引擎包括在身份提供逻辑以生成密钥配对关联系统用户的第一密钥对和服务提供商没有经由网络提供的web服务，并且具有耦合到所述系统中的第二系统， 来执行安全通信与所述第二系统，以使所述第二系统，以验证做身份提供逻辑在信赖的执行环境中执行，并且响应于所述验证​​，以第一密钥对第一密钥发送到第二系统。 该键可以使得第二系统以验证断言由身份提供逻辑传送做了用户已被认证的系统gemäß到一个多因素认证。 其他实施例中描述并要求保护。

公开(公告)号：EP3238371A4

公开(公告)日：2018-07-04

申请号：EP15873938

申请日：2015-11-19

Applicant: INTEL CORP

Inventor： CHHABRA JASMEET ,  SMITH NED ,  SHELLER MICAH J ,  HELDT-SHELLER NATHAN

IPC: H04L9/32 ,  G06F21/31 ,  G06F21/32 ,  G06F21/53 ,  G06F21/57 ,  G06N99/00 ,  H04L12/26 ,  H04L29/06 ,  H04W12/06 ,  H04W12/12

CPC classification number: G06F21/577 ,  G06F21/31 ,  G06F21/316 ,  G06F21/32 ,  G06F21/53 ,  G06F2221/034 ,  G06F2221/2115 ,  G06N99/005 ,  H04L63/083 ,  H04L63/0861 ,  H04L2463/082 ,  H04W12/06 ,  H04W12/12

Abstract: Technologies for information security include a computing device with one or more sensors. The computing device may authenticate a user and, after successful authentication, analyze sensor data to determine whether it is likely that the user authenticated under duress. If so, the computing device performs a security operation such as generating an alert or presenting false but plausible data to the user. Additionally or alternatively, the computing device, within a trusted execution environment, may monitor sensor data and apply a machine-learning classifier to the sensor data to identify an elevated risk of malicious attack. For example, the classifier may identify potential user identification fraud. The computing device may trigger a security response if elevated risk of attack is detected. For example, the trusted execution environment may trigger increased authentication requirements or increased anti-theft monitoring for the computing device. Other embodiments are described and claimed.

公开(公告)号：EP3235297A4

公开(公告)日：2018-05-16

申请号：EP15870610

申请日：2015-11-20

Applicant: INTEL CORP

Inventor： SMITH NED M ,  SHELLER MICAH J ,  HELDT-SHELLER NATHAN

IPC: H04W48/04 ,  H04W4/06 ,  H04W12/06 ,  H04W88/02

CPC classification number: H04W4/021 ,  H04W12/08

Abstract: Various embodiments are generally directed to the provision and use of geometric location based security systems that use multiple beacons for determining a location. A beacon transmitted from an ultrasound broadcast as well as one or more different wireless broadcasts can be used to geo-locate a device and provide access controls based on the geo-location.

公开(公告)号：EP3084668A4

公开(公告)日：2017-08-23

申请号：EP13899881

申请日：2013-12-19

Applicant: INTEL CORP

Inventor： SMITH NED M ,  HELDT-SHELLER NATHAN ,  LAL RESHMA ,  SHELLER MICAH J ,  HOEKSTRA MATTHEW E

IPC: G06F21/10

CPC classification number: H04L63/10 ,  G06F21/10 ,  G06F2221/0708 ,  H04L67/42

Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.

Abstract translation: 描述了在客户端设备上支持和实现多种数字版权管理协议的技术。 在一些实施例中，这些技术包括具有可用于识别用于保护要从内容提供商或传感器接收的数字信息的多个数字权利管理协议中的一个的体系结构飞地的客户端设备。 如果在客户端上存在支持DRM协议的先前存在的SIPE，则架构区域选择先前存在的安全信息处理环境（SIPE）来处理所述数字信息。 如果客户端上不存在支持DRM协议的先前存在的SIPE，则架构区域可以在客户端上通用新的支持DRM协议的SIPE。 数字信息的传输然后可以适当地被引导到选择的预先存在的SIPE或新的SIPE。