公开(公告)号：US20200210589A1

公开(公告)日：2020-07-02

申请号：US16539385

申请日：2019-08-13

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Jesse Walker

IPC: G06F21/57 ,  H04L29/06 ,  G06F21/10 ,  G06F9/455 ,  G06F9/4401 ,  G06F21/53 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32

Abstract: Technologies for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture include a virtual network function (VNF) bootstrap service (VBS) in secure network communication with a VBS agent of a VNF instance. The VBS agent is configured to execute a secure VNF bootstrap capture protocol in the NFV network architecture. Accordingly, the VBS agent can be configured to register with the VBS via secure communications transmitted between the VBS and the VBS agent. The secure communications include transmitting a security quote from a TEE of a platform on which the VNF instance is instantiated and a security credential request to the VBS, as well as receiving a security credential in response to validating the security quote and the security credential request. Other embodiments are described and claimed.

公开(公告)号：US10701039B2

公开(公告)日：2020-06-30

申请号：US14866264

申请日：2015-09-25

Applicant: Intel Corporation

Inventor： Vinay Phegade ,  Huaiyu Liu ,  Jesse Walker

IPC: H04L29/06

Abstract: Various embodiments are generally directed to the providing for mutual authentication and secure distributed processing of multi-party data. In particular, an experiment may be submitted to include the distributed processing of private data owned by multiple distrustful entities. Private data providers may authorize the experiment and securely transfer the private data for processing by trusted computing nodes in a pool of trusted computing nodes.

公开(公告)号：US10326590B2

公开(公告)日：2019-06-18

申请号：US14670874

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Jesse Walker ,  Mats Agerstam ,  Ravi S. Subramaniam ,  Eduardo Cabre

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/14 ,  H04W12/04

Abstract: Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.

公开(公告)号：US10033534B2

公开(公告)日：2018-07-24

申请号：US14955255

申请日：2015-12-01

Applicant: INTEL CORPORATION

Inventor： Steffen Schulz ,  Rafael Misoczki ,  Manoj R. Sastry ,  Jesse Walker

IPC: H04L9/32 ,  G06F8/65 ,  H04L29/06 ,  H04L9/14 ,  H04L9/30 ,  G06F21/00

Abstract: In a method for validating software updates, a data processing system contains a current version of a software component. The data processing system saves at least first and second current advance keys (AKs). After saving the current AKs, the data processing system receives an update package for a new version of the software component. The data processing system extracts a digital signature and two or more new AKs from the update package. The data processing system uses at least one current AK to determine whether the digital signature is valid. In response to a determination that the digital signature is valid, the data processing system uses a software image from the update package to update the software component, and the data processing system saves the new AKs, for subsequent utilization as the current AKs. Other embodiments are described and claimed.

公开(公告)号：US20180139051A1

公开(公告)日：2018-05-17

申请号：US15351606

申请日：2016-11-15

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Manoj R. Sastry ,  Jesse Walker ,  Li Zhao ,  Rafael Misoczki

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08

CPC classification number: H04L9/3242 ,  H04L9/0637 ,  H04L9/0643

Abstract: Technologies for counter with CBC-MAC (CCM) mode encryption include a computing device that performs a CBC-MAC authentication operation on a message with an encryption key, using a 64-bit block cipher to generate a message authentication code. The computing device generates a first 64-bit authentication block including an 8-bit flag field and a length field of between 11 and 32 bits. The flag field indicates the length of the length field. Performing the CBC-MAC authentication operation includes formatting the message into one or more 64-bit authentication blocks. The computing device performs a counter mode encryption operation on the message with the encryption key using the 64-bit block cipher to generate a cipher text. Performing the counter mode encryption includes generating multiple 64-bit keystream blocks. The computing device generates an authentication tag based on the message authentication code and a first keystream block of keystream blocks. Other embodiments are described and claimed.

公开(公告)号：US09692699B2

公开(公告)日：2017-06-27

申请号：US14582977

申请日：2014-12-24

Applicant: INTEL CORPORATION

Inventor： Emily H. Qi ,  Jesse Walker

IPC: H04K1/00 ,  H04L9/00 ,  H04L9/32 ,  H04L12/743 ,  H04W12/08 ,  H04W12/12

CPC classification number: H04L61/1541 ,  H04L9/3242 ,  H04L45/7453 ,  H04L63/061 ,  H04L63/0876 ,  H04W12/04 ,  H04W12/08 ,  H04W12/12 ,  H04W48/16

Abstract: Some demonstrative embodiments include apparatuses, systems and/or methods of securing a service Identifier (ID). For example, a wireless device may include a Secure Service Identifier (SSID) processor to determine a SSID corresponding to a service, the SSID including an encrypted value being based on a service name key from a service provider of the service and a service name corresponding to the service; and a radio to transmit a wireless message including the SSID.

公开(公告)号：US09596085B2

公开(公告)日：2017-03-14

申请号：US14127218

申请日：2013-06-13

Applicant: Intel Corporation

Inventor： Gyan Prakash ,  Venkatesh Ramamurthy ,  Rajesh Poornachandran ,  Hong Li ,  Jesse Walker

IPC: G06F12/14 ,  H04L9/32 ,  G06F21/44

CPC classification number: H04L9/3226 ,  G06F21/44 ,  G06F2221/2129 ,  H04L9/3263

Abstract: An embodiment includes a method executed by at least one processor comprising: an out-of-band cryptoprocessor receiving security credentials from a battery, which is included in a mobile computing node that comprises the at least one processor, while the mobile computing node is engaged in at least one of (a) booting, and (b) exchanging the battery after booting and during run-time; the cryptoprocessor accessing an authentication key; and the cryptoprocessor successfully authenticating the battery, via out-of-band processing, based on the security credentials and the authentication key. In an embodiment the security credentials are included in a certificate. Other embodiments are described herein.

Abstract translation: 一个实施例包括由至少一个处理器执行的方法，包括：带外密码处理器，其接收来自电池的安全凭证，其包括在包括所述至少一个处理器的移动计算节点中，同时所述移动计算节点被接合 （a）引导中的至少一个，以及（b）在引导之后和运行期间更换电池; 密码处理器访问认证密钥; 并且密码处理器通过带外处理，基于安全证书和认证密钥来成功地认证电池。 在一个实施例中，安全证书包括在证书中。 本文描述了其它实施例。

公开(公告)号：US09225521B2

公开(公告)日：2015-12-29

申请号：US14507427

申请日：2014-10-06

Applicant: Intel Corporation

Inventor： Farhana Sheikh ,  Jesse Walker ,  Sanu K. Mathew ,  Ram K. Krishnamurthy

IPC: H04L9/00 ,  H04L9/08 ,  H04L9/06 ,  H04N1/32

CPC classification number: H04L9/0861 ,  H04L9/0618 ,  H04L9/0625 ,  H04L9/0631 ,  H04L9/0637 ,  H04L9/0643 ,  H04L9/0816 ,  H04L2209/125 ,  H04L2209/24 ,  H04N1/32277

Abstract: Described herein are an apparatus and method for Skein hashing. The apparatus comprises a block cipher operable to receive an input data and to generate a hashed output data by applying Unique Block Iteration (UBI) modes, the block cipher comprising at least two mix and permute logic units which are pipelined by registers; and a counter, coupled to the block cipher, to determine a sequence of the UBI modes and to cause the block cipher to process at least two input data simultaneously for generating the hashed output data.

Abstract translation: 这里描述了用于Skein散列的装置和方法。 该装置包括可以用于接收输入数据并通过应用唯一块迭代（UBI）模式来产生散列输出数据的块密码，所述块密码包括由寄存器流水线化的至少两个混合和置换逻辑单元; 以及耦合到所述块密码的计数器，以确定所述UBI模式的序列，并且使所述块密码同时处理至少两个输入数据以产生所述散列输出数据。

公开(公告)号：US09118639B2

公开(公告)日：2015-08-25

申请号：US13994451

申请日：2013-03-14

Applicant: Intel Corporation

Inventor： Vinay Phegade ,  Nilesh K Jain ,  Jesse Walker

IPC: H04L9/08 ,  H04L29/06 ,  G06F9/455

CPC classification number: H04L63/06 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L9/0825 ,  H04L9/0827 ,  H04L9/083

Abstract: Generally, this disclosure describes a system and method for trusted data processing in the public cloud. A system may include a cloud server including a trusted execution environment, the cloud server one of a plurality of cloud servers, a cloud storage device coupled to the cloud server, and a RKM server including a key server module, the RKM server configured to sign the key server module using a private key and a gateway server configured to provide the signed key server module to the cloud server, the trusted execution environment configured to verify the key server module using a public key related to the private key and to launch the key server module, the key server module configured to establish a secure communication channel between the gateway server and the key server module, and the gateway server configured to provide a cryptographic key to the key server module via the secure communication channel.

Abstract translation: 通常，本公开描述了在公共云中的可信数据处理的系统和方法。 系统可以包括包括可信执行环境的云服务器，云服务器中的多个云服务器之一，耦合到云服务器的云存储设备，以及包括密钥服务器模块的RKM服务器，所述RKM服务器被配置为签署 所述密钥服务器模块使用专用密钥和网关服务器，所述网关服务器被配置为向所述云服务器提供所签署的密钥服务器模块，所述可信执行环境被配置为使用与所述私钥相关联的公开密钥来验证所述密钥服务器模块，并且启动所述密钥 服务器模块，所述密钥服务器模块被配置为在所述网关服务器和所述密钥服务器模块之间建立安全通信信道，所述网关服务器被配置为经由所述安全通信信道向所述密钥服务器模块提供加密密钥。

公开(公告)号：US20150189509A1

公开(公告)日：2015-07-02

申请号：US14141477

申请日：2013-12-27

Applicant: Intel Corporation

Inventor： Farhana Asrar Sheikh ,  Patrick Koeberl ,  Jesse Walker ,  Hossein Alavi ,  Men Long ,  Ram Kumar Krishnamurthy ,  Alpa T. Narendra Trivedi

IPC: H04W12/08 ,  H04L29/06 ,  H04W24/04 ,  H04W88/06

CPC classification number: H04W12/08 ,  H04L63/10 ,  H04L67/025 ,  H04L67/04 ,  H04W24/04 ,  H04W88/06

Abstract: Some demonstrative embodiments include apparatuses, systems and/or methods of protecting domains of a multimode wireless radio transceiver. For example, an apparatus may include a protection domain controller (PDC) to restrict access of a configuration software to a protection domain of a plurality of protection domains of a multimode wireless radio transceiver based on a security level of the configuration software, wherein the protection domain includes one or more radio configuration parameters of the multimode wireless radio transceiver.

Abstract translation: 一些演示实施例包括保护多模无线电收发机的域的设备，系统和/或方法。 例如，设备可以包括保护域控制器（PDC），其基于配置软件的安全级别来限制配置软件到多模无线无线电收发器的多个保护域的保护域的访问，其中保护 域包括多模无线收发器的一个或多个无线电配置参数。