公开(公告)号：US11444846B2

公开(公告)日：2022-09-13

申请号：US16368980

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Kapil Sood ,  Tarun Viswanathan ,  Kshitij Doshi ,  Timothy Verrall ,  Ned M. Smith ,  Manish Dave ,  Alex Vul

IPC: H04L41/00 ,  H04L9/40 ,  H04L41/5003 ,  H04L41/0893 ,  G06F21/57

Abstract: Technologies for accelerated orchestration and attestation include multiple edge devices. An edge appliance device performs an attestation process with each of its components to generate component certificates. The edge appliance device generates an appliance certificate that is indicative of the component certificates and a current utilization of the edge appliance device and provides the appliance certificate to a relying party. The relying party may be an edge orchestrator device. The edge orchestrator device receives a workload scheduling request with a service level agreement requirement. The edge orchestrator device verifies the appliance certificate and determines whether the service level agreement requirement is satisfied based on the appliance certificate. If satisfied, the workload is scheduled to the edge appliance device. Attestation and generation of the appliance certificate by the edge appliance device may be performed by an accelerator of the edge appliance device. Other embodiments are described and claimed.

公开(公告)号：US11425111B2

公开(公告)日：2022-08-23

申请号：US16683410

申请日：2019-11-14

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  John J. Browne ,  Kapil Sood ,  Francesc Guim Bernat ,  Kshitij Arun Doshi ,  Rajesh Poornachandran ,  Tarun Viswanathan ,  Manish Dave

IPC: H04L9/40 ,  H04L41/5003 ,  H04W12/06

Abstract: Various approaches for implementing attestation using an attestation token are described. In an edge computing system deployment, an edge computing device includes an attestable feature (e.g., resource, service, entity, property, etc.) which is accessible from use of an attestation token, by the operations of: obtaining a first instance of a token that provides proof of attestation for an accessible feature of the edge computing device, with the token including data to indicate trust level designations for the feature as attested by an attestation provider; receiving, from a prospective user of the feature, a request to use the feature and a second instance of the token, with the second instance of the token originating from the attestation provider; and providing access to the feature based on a verification of the instances of the token, by using the verification to confirm attestation of the trust level designations for the feature.

公开(公告)号：US11354429B2

公开(公告)日：2022-06-07

申请号：US16922680

申请日：2020-07-07

Applicant: Intel Corporation

Inventor： Manish Dave ,  Vishwa Hassan ,  Bhaskar D. Gowda ,  Mrigank Shekhar

IPC: G06F21/60 ,  H04L67/10 ,  H04L9/40

Abstract: A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed.

公开(公告)号：US09507949B2

公开(公告)日：2016-11-29

申请号：US13631453

申请日：2012-09-28

Applicant: Intel Corporation

Inventor： Manish Dave ,  Vishwa Hassan ,  Bhaskar D. Gowda ,  Mrigank Shekhar

IPC: G06F7/04 ,  G06F21/60 ,  H04L29/06 ,  H04L29/08

CPC classification number: G06F21/604 ,  H04L63/0884 ,  H04L67/10

Abstract: A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed.

Abstract translation: 用于提供对分布式数据源的访问的设备和方法包括配置为将任意数量的数据源和客户端设备与云安全服务器帐户关联的云安全服务器。 云安全服务器为数据源和客户端设备分配信任级别。 客户机设备从云安全服务器请求数据。 云安全服务器对客户端设备进行身份验证，并验证客户端设备的信任级别和请求的数据。 如果验证，则云安全服务器将客户端设备和数据源之间的连接进行代理，客户端设备访问所请求的数据。 数据源可能包括云服务提供商和本地存储设备。 云安全服务器可以在有限的时间内为客户端设备分配信任级别，或者撤消分配给客户端设备的信任级别。 描述和要求保护其他实施例。

公开(公告)号：US08955045B2

公开(公告)日：2015-02-10

申请号：US13630095

申请日：2012-09-28

Applicant: Intel Corporation

Inventor： Ned Smith ,  Keith Shippy ,  Tobias Kohlenberg ,  Manish Dave ,  Omer Ben-Shalom ,  Mubashir Mian

IPC: G06F21/00

CPC classification number: G06F21/45 ,  H04L12/1822 ,  H04L63/08 ,  H04L63/105 ,  H04L2463/082

Abstract: Systems and methods may provide for determining a composite false match rate for a plurality of authentication factors in a client device environment. Additionally, the composite false match rate can be mapped to a score, wherein an attestation message is generated based on the score. In one example, the score is associated with one or more of a standardized range and a standardized level.

Abstract translation: 系统和方法可以提供用于在客户端设备环境中确定多个认证因素的复合假匹配率。 另外，可以将复合假匹配率映射到分数，其中基于分数生成认证消息。 在一个示例中，分数与标准化范围和标准化水平中的一个或多个相关联。

公开(公告)号：US20230045505A1

公开(公告)日：2023-02-09

申请号：US17891780

申请日：2022-08-19

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Kapil Sood ,  Tarun Viswanathan ,  Kshitij Doshi ,  Timothy Verrall ,  Ned M. Smith ,  Manish Dave ,  Alex Vul

IPC: H04L41/00 ,  H04L9/40 ,  H04L41/5003 ,  H04L41/0893 ,  G06F21/57

Abstract: Technologies for accelerated orchestration and attestation include multiple edge devices. An edge appliance device performs an attestation process with each of its components to generate component certificates. The edge appliance device generates an appliance certificate that is indicative of the component certificates and a current utilization of the edge appliance device and provides the appliance certificate to a relying party. The relying party may be an edge orchestrator device. The edge orchestrator device receives a workload scheduling request with a service level agreement requirement. The edge orchestrator device verifies the appliance certificate and determines whether the service level agreement requirement is satisfied based on the appliance certificate. If satisfied, the workload is scheduled to the edge appliance device. Attestation and generation of the appliance certificate by the edge appliance device may be performed by an accelerator of the edge appliance device. Other embodiments are described and claimed.

公开(公告)号：US10706162B2

公开(公告)日：2020-07-07

申请号：US15363157

申请日：2016-11-29

Applicant: Intel Corporation

Inventor： Manish Dave ,  Vishwa Hassan ,  Bhaskar D. Gowda ,  Mrigank Shekhar

IPC: G06F21/60 ,  H04L29/06 ,  H04L29/08

Abstract: A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed.

公开(公告)号：US20190230002A1

公开(公告)日：2019-07-25

申请号：US16368980

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Kapil Sood ,  Tarun Viswanathan ,  Kshitij Doshi ,  Timothy Verrall ,  Ned M. Smith ,  Manish Dave ,  Alex Vul

IPC: H04L12/24 ,  H04L29/06

Abstract: Technologies for accelerated orchestration and attestation include multiple edge devices. An edge appliance device performs an attestation process with each of its components to generate component certificates. The edge appliance device generates an appliance certificate that is indicative of the component certificates and a current utilization of the edge appliance device and provides the appliance certificate to a relying party. The relying party may be an edge orchestrator device. The edge orchestrator device receives a workload scheduling request with a service level agreement requirement. The edge orchestrator device verifies the appliance certificate and determines whether the service level agreement requirement is satisfied based on the appliance certificate. If satisfied, the workload is scheduled to the edge appliance device. Attestation and generation of the appliance certificate by the edge appliance device may be performed by an accelerator of the edge appliance device. Other embodiments are described and claimed.

公开(公告)号：US09578037B2

公开(公告)日：2017-02-21

申请号：US14951654

申请日：2015-11-25

Applicant: Intel Corporation

Inventor： Keith Shippy ,  Tobias Kohlenberg ,  Mubashir Mian ,  Ned Smith ,  Omer Ben-Shalom ,  Tarun Viswanathan ,  Dennis Morgan ,  Timothy Verrall ,  Manish Dave ,  Eran Birk

IPC: G06F17/00 ,  H04L29/06 ,  G06F21/31 ,  H04W12/06 ,  H04W88/02

CPC classification number: H04L63/105 ,  G06F21/316 ,  G06F2221/2105 ,  G06F2221/2113 ,  H04L63/08 ,  H04L2463/082 ,  H04W12/06 ,  H04W88/02

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.

Abstract translation: 系统和方法可以提供用于从设备的一个或多个解锁接口接收运行时间输入，并且基于运行时间输入从多个访问级别中选择关于设备的访问级别。 所选择的访问级别可以具有相关联的安全策略，其中可以基于相关联的安全策略来执行运行时输入的认证。 在一个示例中，如果认证成功，则使用一个或多个加密密钥来将设备关于所选择的访问级别放置在解锁状态。 如果认证不成功，另一方面，相对于所选择的访问级别，设备可以保持在锁定状态。