公开(公告)号：KR20200131830A

公开(公告)日：2020-11-24

申请号：KR20207026303

申请日：2019-03-12

Applicant: INTEL CORP

Inventor： SMITH NED M ,  MCCAHILL BEN ,  GUIM BERNAT FRANCESC ,  PASTOR BENEYTO FELIPE ,  KUMAR KARTHIK ,  VERRALL TIMOTHY

IPC: H04L12/24 ,  H04L29/08

Abstract: 예컨대에지클라우드또는다른에지컴퓨팅환경에서, 각각의에지서비스속성들및 연관된서비스레벨협정(SLA) 속성들의검증, 랭킹, 및식별을가능하게하는아키텍처가개시된다. 예에서, 에지서비스에대한서비스정보의관리및 사용은: 에지서비스에대한 SLA 정보를에지컴퓨팅환경에서호스팅되는에지서비스에액세스하기위한운영디바이스에제공하는단계 - 상기 SLA 정보는식별된 SLA에따라상기에지서비스의컴퓨팅기능들에대한위한평판정보를제공함 -; 상기식별된 SLA 하에서, 상기에지서비스의상기컴퓨팅기능들의사용을위한서비스요청을수신하는단계; 상기서비스요청에따라상기에지서비스의상기컴퓨팅기능들의수행을상기에지서비스에요청하는단계; 및상기서비스요청및 상기식별된 SLA의준수에따라상기에지서비스의상기컴퓨팅기능들의수행을추적하는단계를포함한다.

公开(公告)号：JP2011129105A

公开(公告)日：2011-06-30

申请号：JP2010252817

申请日：2010-11-11

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： KHOSRAVI HORMUZD M ,  ILLENDULA AJITH K ,  SMITH NED M ,  RASHEED YASSER ,  JORGENSEN BRYAN K ,  ZENTI TRACIE L

IPC: G06F9/445 ,  G06F11/00 ,  G06F13/00

CPC classification number: G06F8/61 ,  G06F8/65

Abstract: PROBLEM TO BE SOLVED: To provide efficient software distribution and update service regardless of the state or physical location of a computer even if the computer has already been shipped and is in use.
SOLUTION: The software distribution service SDS 20 queries a third party data store 3PDS and connects to a server 14, and downloads and installs a software client 18 or a barebones installer for the update software. The SDS verifies the downloaded package with the client 18 using a hash value stored in the 3PDS, as indicated in block 36. The SDS or the update server 14 (for example, a gateway 16) marks the appropriate region in the 3PDS with a flag, indicating that no further download is needed and that the download has been completed.
COPYRIGHT: (C)2011,JPO&INPIT

Abstract translation: 要解决的问题：即使计算机已经运输和使用，即使计算机的状态或物理位置，即使提供高效的软件分发和更新服务。

解决方案：软件分发服务SDS 20查询第三方数据存储3PDS并连接到服务器14，并下载并安装软件客户端18或更新软件的准系统安装程序。 如方框36所示，SDS使用存储在3PDS中的散列值，使用客户端18验证下载的包.SDS或更新服务器14（例如，网关16）用标志标记3PDS中的适当区域 ，表示不需要进一步下载，并且下载已经完成。 版权所有（C）2011，JPO＆INPIT

公开(公告)号：JP2011123875A

公开(公告)日：2011-06-23

申请号：JP2010242568

申请日：2010-10-28

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： KHOSRAVI HORMUZD M ,  ILLENDULA AJITH K ,  SMITH NED M ,  RASHEED YASSER ,  ZENTI TRACIE L ,  JORGENSEN BRYAN K

IPC: G06F13/14

CPC classification number: G06F9/4416 ,  G06F13/105 ,  G06F13/4027

Abstract: PROBLEM TO BE SOLVED: To use hardware to remotely provide a platform with a bus device ID, as well as software updates, software, and drivers.
SOLUTION: A management engine may be used to trap configuration cycles during a boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provide software to the platform even when the operating system is corrupted or non-functional.
COPYRIGHT: (C)2011,JPO&INPIT

Abstract translation: 要解决的问题：使用硬件远程提供具有总线设备ID的平台，以及软件更新，软件和驱动程序。 解决方案：管理引擎可用于在启动过程中捕获配置周期，此后可响应操作系统枚举。 结果，可以创建虚拟总线设备。 总线设备可用于向平台提供软件，即使操作系统损坏或不起作用。 版权所有（C）2011，JPO＆INPIT

公开(公告)号：JP2009089390A

公开(公告)日：2009-04-23

申请号：JP2008248778

申请日：2008-09-26

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： SMITH NED M ,  BRUTCH TASNEEM ,  WISEMAN WILLARD M ,  KUMAR ALOK ,  SCARLATA VINCENT R ,  SIDDIQI FARAZ A

IPC: H04L9/08 ,  G06F21/24 ,  H04L9/14

CPC classification number: G06F21/602 ,  G06F21/57 ,  H04L9/0825 ,  H04L9/0836 ,  H04L9/0897

Abstract: PROBLEM TO BE SOLVED: To solve the problem that conventional PCR bindings can yield very rigid protection of data, where any change to the software that executes on the system results in the inability to access the data.
SOLUTION: This disclosure describes methods for using the TPM's configuration binding capabilities to lock data to a configuration in a manner that is flexible enough to allow the software in that configuration to be upgraded, under a trusted upgrade service, without causing the processing system to lose access to the data. Additionally, a processing system can provide for recovery of data when the processing system is no longer able to get into the predefined safe and approved configuration, e.g., recovery from a failed upgrade is allowed.
COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：为了解决常规PCR绑定可以产生非常严格的数据保护的问题，在系统上执行的软件的任何改变导致无法访问数据。 解决方案：本公开描述了使用TPM的配置绑定功能以足够灵活的方式将数据锁定到配置的方式，以允许在可信升级服务下升级该配置中的软件，而不会导致处理 系统丢失访问数据。 此外，当处理系统不再能够进入预定义的安全和批准的配置时，处理系统可以提供数据的恢复，例如，允许从故障升级恢复。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：WO2016077017A3

公开(公告)日：2017-05-11

申请号：PCT/US2015055508

申请日：2015-10-14

Applicant: INTEL CORP

Inventor： SARANGDHAR NITIN V ,  NEMIROFF DANIEL ,  SMITH NED M ,  BRICKELL ERNIE ,  LI JIANGTAO

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3234 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3263 ,  H04L2209/127

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

Abstract translation: 该应用针对可信平台模块认证和利用匿名密钥系统进行认证。 一般而言，TPM认证和TPM认证可以通过使用匿名密钥系统（AKS）认证在利用集成TPM的设备中得到支持。 示例设备可以包括至少组合的AKS和TPM资源，其将AKS和TPM固件（FW）加载到运行时间环境中，该运行时间环境还可以至少包括操作系统（OS）加密模块，AKS服务模块和TPM认证和证明 （CA）模块。 对于TPM认证，CA模块可以与运行时环境中的其他模块交互以生成TPM证书，该证书由AKS证书签名，可以传输到认证平台进行验证。 对于TPM证明，CA模块可能会导致TPM证书与TPM和/或AKS证书一起提供给证明平台进行验证。

公开(公告)号：WO2017030619A3

公开(公告)日：2017-04-13

申请号：PCT/US2016034468

申请日：2016-05-26

Applicant: INTEL CORP

Inventor： SUN MINGQIU ,  POORNACHANDRAN RAJESH ,  ZIMMER VINCENT J ,  SMITH NED M ,  SELVARAJE GOPINATTH

IPC: G06F21/54 ,  G06F21/53 ,  G06F21/56

CPC classification number: G06F8/41 ,  G06F21/00 ,  G06F21/57

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

Abstract translation: 各种实施例通常涉及用于支持并入多个计算设备的多个安全控制器之中的任务例程的分布式执行的技术。 一种装置包括第一计算设备的第一处理器组件和第一安全控制器，其中第一安全控制器包括：选择组件，用于选择第二计算设备的第一安全控制器或第二安全控制器，以基于 比较所需的资源来编译任务例程和第一个安全控制器的可用资源; 以及编译组件，用于将所述任务例程编译成由所述第一处理器组件在所述第一安全控制器内执行的编译例程的第一版本，以及响应于所述第二处理器组件的选择而由所述第二处理器组件在所述第二安全控制器内执行的第二版本 第一个安全控制器。 描述和要求保护其他实施例。

公开(公告)号：WO2012009231A3

公开(公告)日：2012-03-29

申请号：PCT/US2011043411

申请日：2011-07-08

Applicant: INTEL CORP ,  SMITH NED M ,  GROBMAN STEVEN L ,  OWEN CRAIG T

Inventor： SMITH NED M ,  GROBMAN STEVEN L ,  OWEN CRAIG T

IPC: G06F21/22 ,  G06F21/20 ,  H04L9/32

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/74 ,  G06F21/88 ,  G06F2009/45587 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2145 ,  G06F2221/2147 ,  G06F2221/2149 ,  H04L63/061 ,  H04L63/102

Abstract: A method, apparatus, system, and computer program product for domain-authenticated control of platform resources. Resources under the control of the platform are managed in accordance with access control rules that are centrally managed by a directory service. Security policies are uniformly applied by requiring authorization of the user's access to platform resources including hard drives, flash memory, sensors, network controllers and power state controllers.

Abstract translation: 一种用于平台资源的域认证控制的方法，装置，系统和计算机程序产品。 平台控制下的资源按照由目录服务集中管理的访问控制规则进行管理。 通过要求用户访问平台资源（包括硬盘驱动器，闪存，传感器，网络控制器和电源状态控制器）的授权，统一应用安全策略。

公开(公告)号：WO2015187724A3

公开(公告)日：2017-05-18

申请号：PCT/US2015033822

申请日：2015-06-02

Applicant: INTEL CORP ,  DELEEUW WILLIAM C ,  SMITH NED M

Inventor： DELEEUW WILLIAM C ,  SMITH NED M

IPC: G06Q30/02 ,  G06Q50/10 ,  H04W4/02

CPC classification number: H04W64/00 ,  H04L67/18 ,  H04W4/02

Abstract: Apparatus, systems, and/or methods to temporally and spatially bound personal information. A pseudo random number corresponding to time based on a random number time seed and generate a pseudo random number corresponding to location based on a random number location seed may be generated. In addition, the pseudo random number corresponding to time may be mixed with the pseudo random number corresponding to location to generate a combined pseudo random number corresponding to a specific user at a specific location at a specific time. The combined pseudo random number may be used to store and/or read personal information in an anonymous manner.

Abstract translation: 用于暂时和空间绑定个人信息的设备，系统和/或方法。 可以生成与基于随机数时间种子的时间相对应的伪随机数并且基于随机数位置种子生成与位置相对应的伪随机数。 另外，可将与时间对应的伪随机数与对应于位置的伪随机数混合，以生成与特定时间的特定位置处的特定用户相对应的组合伪随机数。 组合的伪随机数可以用来以匿名方式存储和/或读取个人信息。

公开(公告)号：WO2012016086A3

公开(公告)日：2012-04-05

申请号：PCT/US2011045798

申请日：2011-07-28

Applicant: INTEL CORP ,  SMITH NED M ,  WISEMAN WILLARD M ,  SHANBHOGUE VEDVYAS ,  GRAWROCK DAVID W ,  STRONGIN GEOFFREY S

Inventor： SMITH NED M ,  WISEMAN WILLARD M ,  SHANBHOGUE VEDVYAS ,  GRAWROCK DAVID W ,  STRONGIN GEOFFREY S

IPC: G06F11/16 ,  G06F13/14

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器可以实施黑名单并根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种实施可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁步完整性协议未被验证的设备的列表。 描述并要求保护其他实施例。

公开(公告)号：WO2011084265A3

公开(公告)日：2011-12-01

申请号：PCT/US2010058228

申请日：2010-11-29

Applicant: INTEL CORP ,  SMITH NED M ,  MOORE VICTORIA C ,  GROBMAN STEVEN L

Inventor： SMITH NED M ,  MOORE VICTORIA C

IPC: G06F21/20

CPC classification number: G06F21/602 ,  G06F3/0623 ,  G06F3/0632 ,  G06F3/0671 ,  G06F21/305 ,  G06F21/74 ,  G06F21/78 ,  G06F21/85 ,  G06F2221/2147 ,  G06F2221/2149 ,  H04L9/0894 ,  H04L9/321 ,  H04L29/06979 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/083

Abstract: A method, apparatus, system, and computer program product for management of storage devices protected by encryption, user authentication, and password protection and auditing schemes in virtualized and non-virtualized environments.

Abstract translation: 一种用于管理由虚拟化和非虚拟化环境中的加密，用户认证以及密码保护和审计方案保护的存储设备的方法，装置，系统和计算机程序产品。