公开(公告)号：US20210374247A1

公开(公告)日：2021-12-02

申请号：US17399019

申请日：2021-08-10

Applicant: Intel Corporation

Inventor： Salmin Sultana ,  Lawrence Booth, JR. ,  Mic Bowman ,  Jason Martin ,  Micah Sheller

IPC: G06F21/57

Abstract: The present invention discloses a secure ML pipeline to improve the robustness of ML models against poisoning attacks and utilizing data provenance as a tool. Two components are added to the ML pipeline, a data quality pre-processor, which filters out untrusted training data based on provenance derived features and an audit post-processor, which localizes the malicious source based on training dataset analysis using data provenance.

公开(公告)号：US10802942B2

公开(公告)日：2020-10-13

申请号：US16235959

申请日：2018-12-28

Applicant: Intel Corporation

Inventor： Mats Agerstam ,  Bahareh Sadeghi ,  Jason Martin ,  Jeffrey Ota ,  Justin Gottschlich ,  Marcos Carranza ,  Maria Ramirez Loaiza ,  Alexander Heinecke ,  Mohammad Mejbah Ul Alam ,  Robert Colby ,  Sara Baghsorkhi ,  Shengtian Zhou

IPC: G06F11/34 ,  H04L12/24 ,  G06F11/00 ,  H04L29/06 ,  H04L29/08 ,  G06K9/62 ,  H04L12/66 ,  G06N20/00

Abstract: An apparatus includes a data interface to obtain first sensor data from a first sensor and second sensor data from a second sensor of a monitored system; a data analyzer to extract a feature based on analyzing the first and second sensor data using a model, the model trained based on historical sensor data, the model to determine the feature as a deviation between the first and second sensor data to predict a future malfunction of the monitored system; an anomaly detector to detect an anomaly in at least one of the first sensor data or the second sensor data based on the feature, the anomaly corresponding to the future malfunction of the monitored system; and a system applicator to modify operation of the monitored system based on the anomaly.

公开(公告)号：US20190163900A1

公开(公告)日：2019-05-30

申请号：US16246187

申请日：2019-01-11

Applicant: Intel Corporation

Inventor： Zheng Zhang ,  Jason Martin ,  Justin Gottschlich ,  Abhilasha Bhargav-Spantzel ,  Salmin Sultana ,  Li Chen ,  Wei Li ,  Priyam Biswas ,  Paul Carlson

IPC: G06F21/52 ,  G05B23/02 ,  G06N20/00 ,  G06F21/51

Abstract: Methods, systems, articles of manufacture and apparatus to detect process hijacking are disclosed herein. An example apparatus to detect control flow anomalies includes a parsing engine to compare a target instruction pointer (TIP) address to a dynamic link library (DLL) module list, and in response to detecting a match of the TIP address to a DLL in the DLL module list, set a first portion of a normalized TIP address to a value equal to an identifier of the DLL. The example apparatus disclosed herein also includes a DLL entry point analyzer to set a second portion of the normalized TIP address based on a comparison between the TIP address and an entry point of the DLL, and a model compliance engine to generate a flow validity decision based on a comparison between (a) the first and second portion of the normalized TIP address and (b) a control flow integrity model.

公开(公告)号：US20180097822A1

公开(公告)日：2018-04-05

申请号：US15283389

申请日：2016-10-01

Applicant: Intel Corporation

Inventor： Yonghong Huang ,  Jason Martin ,  Micah J. Sheller ,  Cory Cornelius ,  Shih-han Wang

IPC: H04L29/06 ,  G06N3/04 ,  G06N3/08

CPC classification number: H04L63/1408 ,  G06F21/562 ,  G06F21/57 ,  G06N99/005

Abstract: Technologies for analyzing a Uniform Resource Locator (URL) include a multi-stage URL analysis system. The multi-stage URL analysis system analyzes the URL using a multi-stage analysis. In the first stage, the multi-stage URL analysis system analyzes the URL using an ensemble lexical analysis. In the second stage, the multi-stage URL analysis system analyzes the URL based on third-party detection results. In the third stage, the multi-stage URL analysis system analyzes the URL based on metadata related to the URL. The multi-stage URL analysis system advances the stages of analysis if a malicious classification score determined by each stage does not satisfy a confidence threshold. The URL may also be selected for additional rigorous analysis using selection criteria not used in by the analysis stages.

公开(公告)号：US20170214526A1

公开(公告)日：2017-07-27

申请号：US15423975

申请日：2017-02-03

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Conor P. Cahill ,  Victoria C. Moore ,  Jason Martin ,  Micah J. Sheller

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0861 ,  G06F21/31 ,  G06F21/33 ,  G06F21/45 ,  H04L9/3234 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/1466 ,  H04L2209/127 ,  H04L2463/082

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

公开(公告)号：US09705892B2

公开(公告)日：2017-07-11

申请号：US14317579

申请日：2014-06-27

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Jason Martin ,  Daniel Nemiroff

IPC: H04L9/32 ,  G06F7/04 ,  H04L29/06

CPC classification number: H04L63/12 ,  H04L9/3226 ,  H04L9/3297 ,  H04L63/0428 ,  H04L2209/603

Abstract: Systems and methods for providing trusted time service for the off-line mode of operation of a processing system. An example processing system comprises: a first processing device communicatively coupled to a real-time clock, the first processing device to modify an epoch value associated with the real-time clock responsive to detecting a reset of the real-time clock; and a second processing device to execute, in a first trusted execution environment, a first application to receive, from the first processing device, a first time value outputted by the real-time clock and a first epoch value associated with the real-time clock.

公开(公告)号：US09590966B2

公开(公告)日：2017-03-07

申请号：US13840572

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Micah Sheller ,  Conor Cahill ,  Jason Martin ,  Brandon Baker

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  G06F21/57

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/57 ,  G06F2221/2101 ,  G06F2221/2113 ,  G06F2221/2137 ,  G06F2221/2151

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

Abstract translation: 在实施例中提供技术来管理认证确认分数。 实施例被配置为在绝对会话时间中识别客户端上的活动用户会话的间隔的开始时间和结束时间。 实施例还被配置为确定表示一组先前用户会话的第一子集的第一值，其中第一子集的先前用户会话活动至少等于开始时间。 实施例还可以确定表示先前用户会话集合的第二子集的第二值，其中第二子集的先前用户会话活动至少等于结束时间。 实施例还基于第一和第二值确定活动用户会话的认证置信度得分的衰减率。 在一些实施例中，该集合基于上下文属性。

公开(公告)号：US09465933B2

公开(公告)日：2016-10-11

申请号：US13690111

申请日：2012-11-30

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Reshma Lal ,  Jason Martin ,  Daniel Nemiroff

IPC: G06F21/00 ,  G06F21/50 ,  G06F21/54 ,  G06F21/71

CPC classification number: G06F21/50 ,  G06F21/54 ,  G06F21/71

Abstract: Embodiments of an invention for virtualizing a hardware monotonic counter are disclosed. In one embodiment, an apparatus includes a hardware monotonic counter, virtualization logic, a first non-volatile storage location, and a second non-volatile storage location. The virtualization logic is to create a virtual monotonic counter from the hardware monotonic counter. The first non-volatile storage location is to store an indicator that the count of the hardware monotonic counter has changed. The second non-volatile storage location is to store an indicator that the count of the virtual monotonic counter has changed.

Abstract translation: 公开了用于虚拟化硬件单调计数器的发明的实施例。 在一个实施例中，装置包括硬件单调计数器，虚拟化逻辑，第一非易失性存储位置和第二非易失性存储位置。 虚拟化逻辑是从硬件单调计数器创建一个虚拟单调计数器。 第一个非易失性存储位置是存储硬件单调计数器的计数改变的指示符。 第二非易失性存储位置是存储虚拟单调计数器的计数改变的指示符。

公开(公告)号：US20150350255A1

公开(公告)日：2015-12-03

申请号：US14825645

申请日：2015-08-13

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Jason Martin ,  Howard C. Herbert ,  Michael LeMay ,  Karanvir Ken S. Grewal ,  Keith L. Shippy ,  Geoffrey Strongin

IPC: H04L29/06 ,  G06K9/00 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06K9/00228 ,  H04L63/105 ,  H04L67/24

Abstract: Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well.

Abstract translation: 传感器数据可能会在安全的环境中进行过滤。 滤波可能会限制传感器数据的分布。 过滤可以修改传感器数据，例如，以防止识别拍摄图像中描绘的人，或阻止获取用户的精确位置。 过滤还可以添加或要求其他数据使用控制来访问数据。 也可以提供过滤器策略正在应用和正常工作的证明。

公开(公告)号：US09160730B2

公开(公告)日：2015-10-13

申请号：US13994016

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Micah J. Sheller ,  Conor P. Cahill ,  Jason Martin ,  Ned M. Smith ,  Brandon Baker

IPC: G06F7/04 ,  G06F17/30 ,  G06F15/16 ,  H04L29/06 ,  G06F21/31 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/316 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2139 ,  H04L63/0861 ,  H04L67/14 ,  H04L67/24

Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

Abstract translation: 通常，本公开描述了连续认证置信模块。 系统可以包括用户设备，包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块，被配置为响应于特定用户的初始认证来确定置信度得分，至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度得分，并且通知操作 系统，如果更新的置信度分数在会话关闭阈值的容限内，认证不再有效; 所述初始认证被配置为打开会话，所述置信度分数被配置为指示所述会话期间的当前认证强度。