公开(公告)号：US09749398B2

公开(公告)日：2017-08-29

申请号：US14584744

申请日：2014-12-29

Applicant: INTEL CORPORATION

Inventor： Hong Li

IPC: G06F15/16 ,  H04L29/08 ,  G06F9/50 ,  G06F21/41 ,  H04L29/06

CPC classification number: H04L67/10 ,  G06F9/5055 ,  G06F21/41 ,  H04L63/0815 ,  H04L63/102 ,  H04L67/327 ,  H04L67/42

Abstract: A Cloud federator may be used to allow seamless and transparent access by a Cloud Client to Cloud services. Federation may be provided on various terms, including as a subscription based real-time online service to Cloud Clients. The Cloud federator may automatically and transparently effect communication between the Cloud Client and Clouds and desired services of the Clouds, and automatically perform identity federation. A Service Abstraction Layer (SAL) may be implemented to simplify Client communication, and Clouds/Cloud services may elect to support the SAL to facilitate federation of their services.

公开(公告)号：US09749310B2

公开(公告)日：2017-08-29

申请号：US14670955

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Hong Li ,  Suman Sharma ,  John B. Vicente ,  Luis A. Gimenez ,  Carlton D. Ashley ,  Navneet Malpani

IPC: G06F21/44 ,  G06F21/41 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0815 ,  G06F21/41 ,  G06F21/44 ,  H04L63/10 ,  H04L67/02

Abstract: Technologies for remote device authentication include a client computing device, an identity provider, and an application server in communication over a network. The identity provider sends an authentication challenge to the client. A capability proxy of the client intercepts an authentication challenge response and retrieves one or more security assertions from a secure environment of the client computing device. The capability proxy may be an embedded web server providing an HTTP interface to platform features of the client. The client sends a resource access token based on the security assertions to the identity provider. The identity provider verifies the resource access token and authenticates the client computing device based on the resource access token in addition to user authentication factors such as username and password. The identity provider sends an authentication response to the client, which forwards the authentication response to the application server. Other embodiments are described and claimed.

公开(公告)号：US20170187697A1

公开(公告)日：2017-06-29

申请号：US15397224

申请日：2017-01-03

Applicant: Intel Corporation

Inventor： Hong Li ,  Tobias M. Kohlenberg ,  Lawrence Hurst

IPC: H04L29/06

CPC classification number: G06F21/46 ,  G06F21/45 ,  G06F21/554 ,  H04L63/06 ,  H04L63/083 ,  H04L67/10

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to manage password security. An example apparatus includes a password field identifier to: monitor a computing device to detect entry of password information for web services, the password field identifier to identify when the password information for a first one of the web services is new or is changing. When the password information is new or is changing, capture the entered password associated with the first one of the web services. The example apparatus further includes a password linkage monitor to store a hash value of the captured password in a password vault and associate the stored hash value of the captured password with the first one of the web services.

公开(公告)号：US09563768B2

公开(公告)日：2017-02-07

申请号：US14359437

申请日：2013-11-25

Applicant: Intel Corporation

Inventor： Hong Li ,  Tobias M. Kohlenberg ,  Lawrence Hurst

IPC: G06F21/46 ,  G06F21/45 ,  G06F21/55 ,  H04L29/06 ,  H04L29/08

CPC classification number: G06F21/46 ,  G06F21/45 ,  G06F21/554 ,  H04L63/06 ,  H04L63/083 ,  H04L67/10

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to manage password security. An example apparatus includes an alarm action engine to invoke a provisional transmission block in response to detecting entry of a candidate password, a password linkage monitor to retrieve a list of password hash values associated with previously used passwords, and to compare the list of password hash values to a hash of the candidate password, the alarm action engine to invoke a permanent block of the candidate password when a match condition occurs between the hash of the candidate password and a hash of one of the list of password hash values.

Abstract translation: 公开了方法，装置，系统和制品以管理密码安全。 示例性装置包括响应于检测到候选密码的输入而调用临时传输块的警报动作引擎，密码链接监视器以检索与先前使用的密码相关联的密码哈希值的列表，并且比较密码散列表 值作为候选密码的散列，当候选密码的散列和密码散列值列表的散列之间发生匹配条件时，报警动作引擎调用候选密码的永久块。

公开(公告)号：US09550495B2

公开(公告)日：2017-01-24

申请号：US14671755

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Igor Tatourian ,  Rita H. Wouhaybi ,  Hong Li

IPC: G05D1/00 ,  B60W30/14

CPC classification number: B60W30/188 ,  B60W10/06 ,  B60W30/143 ,  B60W50/0097 ,  B60W50/14 ,  B60W2420/52 ,  B60W2420/54 ,  B60W2530/00 ,  B60W2550/12 ,  B60W2550/14 ,  B60W2550/142 ,  B60W2550/408 ,  B60W2560/02

Abstract: Technologies for assisting vehicles with changing road conditions includes vehicle assistance data based on crowd-sourced road data received from a plurality of vehicles and/or infrastructure sensors. The crowd-sourced road data may be associated with a particular section of roadway and may be used to various characteristics of the roadway such as grade, surface, hazardous conditions, and so forth. The vehicle assistance data may be provided to an in-vehicle computing device to assist or facilitate traversal of the roadway.

Abstract translation: 用于协助车辆改变道路状况的技术包括基于从多个车辆和/或基础设施传感器接收的来自人群的道路数据的车辆辅助数据。 来自人群的道路数据可以与道路的特定部分相关联，并且可以用于道路的各种特征，例如坡度，表面，危险状况等。 车辆辅助数据可以被提供给车载计算设备以辅助或便于穿越道路。

公开(公告)号：US20160364566A1

公开(公告)日：2016-12-15

申请号：US15166952

申请日：2016-05-27

Applicant: Intel Corporation

Inventor： Hong Li ,  Prashant Dewan

IPC: G06F21/54 ,  G06F21/53 ,  H04L29/06

CPC classification number: G06F21/54 ,  G06F21/50 ,  G06F21/53 ,  H04L12/4625 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/145 ,  H04L63/20 ,  H04L65/105 ,  H04L67/02 ,  H04L67/1097

Abstract: Technologies for client-level web application runtime control and multi-factor security analysis by a computing device include receiving application code associated with a browser-based application from a web server. The computing device collects real-time data generated by at least one sensor of the computing device and performs a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code. Further, the computing device establishes a client-level web application runtime security policy associated with the browser-based application in response to performing the multi-factor security assessment and enforces the client-level web application runtime security policy.

Abstract translation: 用于由计算设备进行客户端Web应用运行时控制和多因素安全性分析的技术包括从web服务器接收与基于浏览器的应用相关联的应用代码。 计算设备收集由计算设备的至少一个传感器生成的实时数据，并且根据所收集的实时数据和应用代码执行基于浏览器的应用的多因素安全性评估。 此外，计算设备响应于执行多因素安全评估而建立与基于浏览器的应用相关联的客户端级Web应用运行时安全性策略，并且实施客户端级Web应用运行时安全策略。

公开(公告)号：US09449200B2

公开(公告)日：2016-09-20

申请号：US14229422

申请日：2014-03-28

Applicant: Intel Corporation

Inventor： Avi Priev ,  Alex Nayshtut ,  Hong Li ,  Shahar Porat

IPC: G06F21/86 ,  G06F21/88

CPC classification number: G06F21/88 ,  G06F21/86

Abstract: Methods, systems, apparatus and articles of manufacture are disclosed to secure devices. An example disclosed apparatus includes a platform detector to determine when the device is within a threshold proximity to a platform, a device locking manager to initiate a locking service for the device when within the threshold proximity, and a device tampering manager to initiate a tampering remedy in response to detecting an indication of tampering.

Abstract translation: 公开了方法，系统，装置和制品以保护装置。 一个示例公开的设备包括：平台检测器，用于确定设备何时位于与平台邻近的阈值内;设备锁定管理器，用于在阈值邻近范围内启动设备的锁定服务，以及设备篡改管理器启动篡改补救 响应于检测到篡改的指示。

公开(公告)号：US20160226906A1

公开(公告)日：2016-08-04

申请号：US14968178

申请日：2015-12-14

Applicant: Intel Corporation

Inventor： Hong Li ,  Alan D. Ross ,  Rita H. Wouhaybi ,  Tobias M. Kohlenberg

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/51 ,  H04L67/02

Abstract: Systems and methods may provide for detecting a browser request for web content. Additionally, interaction information associated with a plurality of sources may be determined in response to the browser request, and a risk profile may be generated based on the interaction. The risk profile may include at least a portion of the interaction information as well as recommended control actions to mitigate the identified risk. In one example, the risk profile is presented to a user associated with the browser request as well as to a security control module associated with the platform.

Abstract translation: 系统和方法可以提供用于检测对web内容的浏览器请求。 此外，可以响应于浏览器请求来确定与多个源相关联的交互信息，并且可以基于交互来生成风险简档。 风险简档可以包括交互信息的至少一部分以及推荐的控制动作以减轻所识别的风险。 在一个示例中，将风险简档呈现给与浏览器请求相关联的用户以及与该平台相关联的安全控制模块。

公开(公告)号：US20160085763A1

公开(公告)日：2016-03-24

申请号：US14495274

申请日：2014-09-24

Applicant: Intel Corporation

Inventor： Igor Tatourian ,  Rita H. Wouhaybi ,  Hong Li ,  Tobias M. Kohlenberg ,  Adam Jordan

IPC: G06F17/30 ,  H04L29/08

CPC classification number: H04L67/10 ,  G06F8/62 ,  H04L67/22

Abstract: Technologies are presented that optimize application management on a computing device through contextual application archival and retrieval. A method of managing applications may include: learning contextual relevancy of one or more applications installed on a computing device to a user of the device and determining whether an application is no longer contextually relevant to the user. If the application is no longer contextually relevant, the device may send a request to an application management service to obtain and/or maintain the application; create a placeholder for the application at the device; and remove the application from the device. The device may monitor contextual inputs for relevancy of the archived application. If contextual relevancy is determined, the device may send a request to the service to provide the archived application or a replacement of the archived application to the device; receive the requested application; install the requested application; and remove the placeholder.

Abstract translation: 提出了通过上下文应用程序归档和检索来优化计算设备上的应用程序管理的技术。 管理应用的方法可以包括：将安装在计算设备上的一个或多个应用的​​内容相关性学习到设备的用户并且确定应用是否不再与用户上下文相关。 如果应用程序不再具有内容相关性，则设备可以向应用管理服务发送请求以获得和/或维护应用; 在设备上创建应用程序的占位符; 并从设备中删除应用程序。 该设备可以监视与归档应用程序的相关性的上下文输入。 如果确定了上下文相关性，则设备可以向服务发送请求以提供归档的应用或将该归档的应用替换到该设备; 接收请求的应用程序; 安装请求的应用程序; 并删除占位符。

公开(公告)号：US09081940B2

公开(公告)日：2015-07-14

申请号：US13799360

申请日：2013-03-13

Applicant: Intel Corporation

Inventor： Brian Scott Trevor ,  Hong Li ,  Joseph Doolittle

IPC: G06F21/00 ,  G06F21/10 ,  G06F21/62

CPC classification number: G06F21/10 ,  G06F21/51 ,  G06F21/6218 ,  G06F2221/2119

Abstract: Embodiments for providing user transparent certificate verifications for web mashups and other composite applications are generally described herein. In some embodiments, a content buffer is provided for holding content until receiving verification results that allow the content to be presented in a browser user interface. A browser core receives an aggregation of content from a plurality of sources and performing local verification of digital certificates associated with the content received from the plurality of sources. A browser content interface intercepts content associated with verified digital certificates from the browser core to provide content associated with verified digital certificates to the content buffer for holding. An online certification module is arranged to receive untrusted certificates from the browser content interface and to perform verification of the received untrusted certificates using online certification services and/or local certificate store on the client device.

Abstract translation: 本文通常描述了为web混搭和其他复合应用提供用户透明证书验证的实施例。 在一些实施例中，提供内容缓冲器用于保存内容，直到接收允许在浏览器用户界面中呈现内容的验证结果为止。 浏览器核心从多个源接收内容的聚合，并执行与从多个源接收到的内容相关联的数字证书的本地验证。 浏览器内容接口拦截与来自浏览器核心的已验证数字证书相关联的内容，以将与验证的数字证书相关联的内容提供给用于保存的内容缓冲区。 在线认证模块被安排为从浏览器内容界面接收不受信任的证书，并使用客户端设备上的在线认证服务和/或本地证书存储来对接收到的不受信任的证书进行验证。