公开(公告)号：US09871779B2

公开(公告)日：2018-01-16

申请号：US14838731

申请日：2015-08-28

Applicant: Intel Corporation

Inventor： Micah J. Sheller ,  Conor P. Cahill ,  Jason Martin ,  Ned M. Smith ,  Brandon Baker

IPC: G06F21/31 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2139 ,  H04L63/0861 ,  H04L67/14 ,  H04L67/24

Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

公开(公告)号：US09590966B2

公开(公告)日：2017-03-07

申请号：US13840572

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Micah Sheller ,  Conor Cahill ,  Jason Martin ,  Brandon Baker

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  G06F21/57

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/57 ,  G06F2221/2101 ,  G06F2221/2113 ,  G06F2221/2137 ,  G06F2221/2151

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

Abstract translation: 在实施例中提供技术来管理认证确认分数。 实施例被配置为在绝对会话时间中识别客户端上的活动用户会话的间隔的开始时间和结束时间。 实施例还被配置为确定表示一组先前用户会话的第一子集的第一值，其中第一子集的先前用户会话活动至少等于开始时间。 实施例还可以确定表示先前用户会话集合的第二子集的第二值，其中第二子集的先前用户会话活动至少等于结束时间。 实施例还基于第一和第二值确定活动用户会话的认证置信度得分的衰减率。 在一些实施例中，该集合基于上下文属性。

公开(公告)号：US09160730B2

公开(公告)日：2015-10-13

申请号：US13994016

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Micah J. Sheller ,  Conor P. Cahill ,  Jason Martin ,  Ned M. Smith ,  Brandon Baker

IPC: G06F7/04 ,  G06F17/30 ,  G06F15/16 ,  H04L29/06 ,  G06F21/31 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2139 ,  H04L63/0861 ,  H04L67/14 ,  H04L67/24

Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

Abstract translation: 通常，本公开描述了连续认证置信模块。 系统可以包括用户设备，包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块，被配置为响应于特定用户的初始认证来确定置信度得分，至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度得分，并且通知操作 系统，如果更新的置信度分数在会话关闭阈值的容限内，认证不再有效; 所述初始认证被配置为打开会话，所述置信度分数被配置为指示所述会话期间的当前认证强度。

公开(公告)号：US10152350B2

公开(公告)日：2018-12-11

申请号：US15200820

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Somnath Chakrabarti ,  Mona Vij ,  Carlos V. Rozas ,  Brandon Baker ,  Vincent R. Scarlata ,  Francis X. McKeen ,  Simon P. Johnson

IPC: H04L29/06 ,  G06F21/00 ,  G06F9/48 ,  H04L9/08

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine that a secure domain has been created on a device, where keys are required to access the secure domain, obtain the keys that are required to access the secure domain from a network element, and encrypt the keys and store the encrypted keys on the device. In an example, only the secure domain can decrypt the encrypted keys and the device is a virtual machine.

公开(公告)号：US20180097809A1

公开(公告)日：2018-04-05

申请号：US15283208

申请日：2016-09-30

Applicant: Intel Corporation

Inventor： Somnath Chakrabarti ,  Mona Vij ,  Carlos V. Rozas ,  Brandon Baker ,  Vincent R. Scarlata ,  Malini K. Bhandaru ,  Ning Sun ,  Jun Nakajima ,  Francis X. McKeen ,  Simon P. Johnson

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L63/08 ,  H04L63/126 ,  H04L67/10

Abstract: Particular embodiments described herein provide for receiving a request from a first cloud component in a cloud network, wherein the request is to access a key and the key allows the first cloud component to access located trusted execution environment of a second cloud component in the cloud network and allow the request on the condition that the first cloud component is authenticated. A more specific example includes determining a type for the first cloud component, and comparing the determined type of the first cloud component with a component type associated with the key. The example may also include blocking the request if the determined type of the first cloud component does not match the component type associated with the key.

公开(公告)号：US20180007023A1

公开(公告)日：2018-01-04

申请号：US15200820

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Somnath Chakrabarti ,  Mona Vij ,  Carlos V. Rozas ,  Brandon Baker ,  Vincent R. Scarlata ,  Francis X. McKeen ,  Simon P. Johnson

IPC: H04L29/06 ,  G06F9/48 ,  H04L9/08

CPC classification number: G06F9/4856 ,  H04L9/0894 ,  H04L9/3226 ,  H04L63/10 ,  H04L63/20 ,  H04L2463/062

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine that a secure domain has been created on a device, where keys are required to access the secure domain, obtain the keys that are required to access the secure domain from a network element, and encrypt the keys and store the encrypted keys on the device. In an example, only the secure domain can decrypt the encrypted keys and the device is a virtual machine.

公开(公告)号：US20180183580A1

公开(公告)日：2018-06-28

申请号：US15391208

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Carlos V. Rozas ,  Simon P. Johnson ,  Francis X. McKeen ,  Mona Vij ,  Somnath Chakrabarti ,  Brandon Baker ,  Ittai Anati ,  Ilya Alexandrovich

IPC: H04L9/08 ,  H04L9/32 ,  G06F9/48

CPC classification number: G06F9/4856 ,  G06F21/53 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/0897 ,  H04L9/3247 ,  H04L9/3268

Abstract: A secure migration enclave is provided to identify a launch of a particular virtual machine on a host computing system, where the particular virtual machine is launched to include a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine. A root key for the particular virtual machine is generated using the secure migration enclave hosted on the host computing system for use in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation. The migration enclave registers the root key with a virtual machine registration service.

公开(公告)号：US09450931B2

公开(公告)日：2016-09-20

申请号：US13840572

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Micah Sheller ,  Conor Cahill ,  Jason Martin ,  Brandon Baker

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  G06F21/57

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

公开(公告)号：US10338957B2

公开(公告)日：2019-07-02

申请号：US15391208

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Carlos V. Rozas ,  Simon P. Johnson ,  Francis X. McKeen ,  Mona Vij ,  Somnath Chakrabarti ,  Brandon Baker ,  Ittai Anati ,  Ilya Alexandrovich

IPC: G06F9/48 ,  H04L9/08 ,  H04L9/32 ,  G06F21/53 ,  G06F21/60

Abstract: A secure migration enclave is provided to identify a launch of a particular virtual machine on a host computing system, where the particular virtual machine is launched to include a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine. A root key for the particular virtual machine is generated using the secure migration enclave hosted on the host computing system for use in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation. The migration enclave registers the root key with a virtual machine registration service.

公开(公告)号：US20180006809A1

公开(公告)日：2018-01-04

申请号：US15200604

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  Mona Vij ,  Brandon Baker ,  Mohan J. Kumar ,  Asit K. Mallick ,  Mark A. Gentry ,  Somnath Chakrabarti

IPC: H04L9/08 ,  H04L29/06 ,  G06F21/62

CPC classification number: H04L9/0816 ,  G06F21/6218 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/14 ,  H04L63/06

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to store data in a secure domain in a cloud network, create encryption keys, where each encryption key is to provide a different type of access to the data, and store the encryption keys in a secure domain key store in the cloud network. In an example, each encryption key provides access to a different version of the data. In another example, a counter engine stores the location of each version of the data in the cloud network.