TECHNOLOGIES FOR LOGIN PATTERN BASED MULTI-FACTOR AUTHENTICATION
    1.
    发明申请
    TECHNOLOGIES FOR LOGIN PATTERN BASED MULTI-FACTOR AUTHENTICATION 审中-公开
    基于登录图案的多因素认证技术

    公开(公告)号:US20160180068A1

    公开(公告)日:2016-06-23

    申请号:US14580817

    申请日:2014-12-23

    IPC分类号: G06F21/32 H04L29/06

    摘要: Technologies for multi-factor authentication of a user include a computing device with one or more sensors. The computing device may authenticate the user by analyzing biometric and/or environmental sensor data to determine whether to allow the user access to a computing device. To do so, the computing device may determine reliability scores based on the environment during authentication for each biometric authentication factor used to authenticate the user. Additionally, the computing device may determine a login pattern based on sensor data collected during historical authentication attempts by the user over a period of time. The computing device may apply a machine-learning classification algorithm to determine classification rules, based on the login pattern, applied by the computing device to determine whether to allow the user access to the computing device. Other embodiments are described herein and claimed.

    摘要翻译: 用于用户的多因素认证的技术包括具有一个或多个传感器的计算设备。 计算设备可以通过分析生物特征和/或环境传感器数据来认证用户,以确定是否允许用户访问计算设备。 为了这样做,计算设备可以基于用于认证用户的每个生物认证因子的认证期间的环境来确定可靠性评分。 此外,计算设备可以基于用户在一段时间内的历史认证尝试期间收集的传感器数据来确定登录模式。 计算设备可以应用机器学习分类算法,以基于由计算设备应用的登录模式来确定是否允许用户访问计算设备的分类规则。 其他实施例在本文中被描述并被要求保护。

    METHOD AND DEVICE FOR SECURE COMMUNICATIONS OVER A NETWORK USING A HARDWARE SECURITY ENGINE
    2.
    发明申请
    METHOD AND DEVICE FOR SECURE COMMUNICATIONS OVER A NETWORK USING A HARDWARE SECURITY ENGINE 有权
    使用硬件安全引擎在网络上进行安全通信的方法和设备

    公开(公告)号:US20150039890A1

    公开(公告)日:2015-02-05

    申请号:US13997412

    申请日:2011-12-15

    IPC分类号: H04L9/08

    摘要: A method, device, and system for establishing a secure communication session with a server includes initiating a request for a secure communication session, such as a Secure Sockets Layer (SLL) communication session with a server using a nonce value generated in a security engine of a system-on-a-chip (SOC) of a client device. Additionally, a cryptographic key exchange is performed between the client and the server to generate a symmetric session key, which is stored in a secure storage of the security engine. The cryptographic key exchange may be, for example, a Rivest-Shamir-Adleman (RSA) key exchange or a Diffie-Hellman key exchange. Private keys and other data generated during the cryptographic key exchange may be generated and/or stored in the security engine.

    摘要翻译: 用于与服务器建立安全通信会话的方法,设备和系统包括:使用在安全引擎中生成的随机值发起与服务器的安全通信会话的安全套接层(SLL)通信会话的请求, 客户端设备的片上系统(SOC)。 此外,在客户机和服务器之间执行加密密钥交换以产生存储在安全引擎的安全存储器中的对称会话密钥。 加密密钥交换可以是例如Rivest-Shamir-Adleman(RSA)密钥交换或Diffie-Hellman密钥交换。 在密钥交换期间生成的私钥和其他数据可以被生成和/或存储在安全引擎中。

    Secure local boot using third party data store (3PDS) based ISO image
    3.
    发明授权
    Secure local boot using third party data store (3PDS) based ISO image 有权
    使用基于第三方数据存储(3PDS)的ISO映像进行本地启动

    公开(公告)号:US08751782B2

    公开(公告)日:2014-06-10

    申请号:US12970698

    申请日:2010-12-16

    CPC分类号: G06F21/572 G06F21/575

    摘要: In some embodiments, the invention involves a method and apparatus for secure/authenticated local boot of a host operating system on a computing platform using active management technology (AMT) with a third party data store (3PDS)-based ISO firmware image. A portion of non-volatile memory is hardware secured against access by the host processor and OS, and accessible only to the AMT. The AMT comprises an AT/ATAPI protocol emulator to access an ISO boot image from secured memory, while appearing to the host processor as a communication with an AT/ATAPI device. Other embodiments are described and claimed.

    摘要翻译: 在一些实施例中,本发明涉及一种用于使用基于第三方数据存储(3PDS)的ISO固件映像的主动管理技术(AMT)在计算平台上安全/认证的主机操作系统本地引导的方法和装置。 非易失性存储器的一部分是由主机处理器和OS访问的硬件安全的,并且只能由AMT访问。 AMT包括AT / ATAPI协议仿真器,用于从安全存储器访问ISO引导映像,同时作为与AT / ATAPI设备的通信向主机处理器呈现。 描述和要求保护其他实施例。

    Secure software licensing and provisioning using hardware based security engine
    6.
    发明授权
    Secure software licensing and provisioning using hardware based security engine 有权
    使用基于硬件的安全引擎来安全的软件许可和配置

    公开(公告)号:US08332631B2

    公开(公告)日:2012-12-11

    申请号:US12951853

    申请日:2010-11-22

    IPC分类号: G06F15/16 G06F12/00

    摘要: Provisioning a license and an application program from a first server to a computing platform over a network. The host application derives a symmetric key at least in part from a user password, and sends the license to a license management firmware component of a security engine, in a message signed by the symmetric key. The license management firmware component derives the symmetric key at least in part from the user password stored in a secure storage of the security engine, verifies the signature on the message using the symmetric key, verifies the first server's signature on the license, decrypts the license using a first private key of the license management firmware component corresponding to the first public key to obtain the second key, and sends the second key to the host application, which decrypts the application program using the second key.

    摘要翻译: 通过网络将许可证和应用程序从第一个服务器提供给计算平台。 主机应用至少部分地从用户密码中导出对称密钥,并将该许可证发送到由对称密钥签名的消息中的安全引擎的许可证管理固件组件。 许可证管理固件组件至少部分地从存储在安全引擎的安全存储器中的用户密码中导出对称密钥,使用对称密钥验证消息上的签名,验证许可证上的第一服务器的签名,解密许可证 使用与第一公钥相对应的许可证管理固件组件的第一私钥来获得第二密钥,并将第二密钥发送到使用第二密钥解密应用程序的主机应用。

    METHOD AND APPARATUS FOR SECURE SCAN OF DATA STORAGE DEVICE FROM REMOTE SERVER
    7.
    发明申请
    METHOD AND APPARATUS FOR SECURE SCAN OF DATA STORAGE DEVICE FROM REMOTE SERVER 有权
    用于从远程服务器安全数据存储设备扫描的方法和装置

    公开(公告)号:US20110289306A1

    公开(公告)日:2011-11-24

    申请号:US12785146

    申请日:2010-05-21

    IPC分类号: G06F15/177 H04L9/32

    摘要: A method and device for providing a secure scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an in-band processor configured to execute an operating system and at least one host driver, communication circuitry configured to communicate with a remote server, and an out-of-band (OOB) processor capable of communicating with the remote server using the communication circuitry irrespective of the state of the operating system. The OOB processor may be configured to receive a block read request from the remote server, instruct the at least one host driver to send a storage command to a data storage device, receive data retrieved from the data storage device and authentication metadata generated by the data storage device, and transmit the data and the authentication metadata to the remote server.

    摘要翻译: 公开了一种从远程服务器提供数据存储设备的安全扫描的方法和设备。 在一些实施例中,计算设备可以包括带内处理器,其被配置为执行操作系统和至少一个主机驱动器,被配置为与远程服务器通信的通信电路和能够与远程服务器通信的带外(OOB) 使用通信电路与远程服务器通信,而与操作系统的状态无关。 OOB处理器可以被配置为从远程服务器接收块读取请求,指示至少一个主机驱动程序向数据存储设备发送存储命令,接收从数据存储设备检索的数据和由数据生成的认证元数据 存储设备,并将数据和认证元数据传输到远程服务器。