Patent application number | Description | Published |
20140096068 | DEVICE AND METHOD FOR SECURE USER INTERFACE GESTURE PROCESSING USING PROCESSOR GRAPHICS - A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment. | 04-03-2014 |
20140123235 | Allocating Memory Access Control Policies - Enabling access control caches for co-processors to be charged using a VMX-nonroot instruction. As a result a transition to VMX-root is not needed, saving the cycles involved in such a transition. | 05-01-2014 |
20140157349 | Verified Sensor Data Processing - Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well. | 06-05-2014 |
20140157404 | VIRTUALIZING A HARDWARE MONOTONIC COUNTER - Embodiments of an invention for virtualizing a hardware monotonic counter are disclosed. In one embodiment, an apparatus includes a hardware monotonic counter, virtualization logic, a first non-volatile storage location, and a second non-volatile storage location. The virtualization logic is to create a virtual monotonic counter from the hardware monotonic counter. The first non-volatile storage location is to store an indicator that the count of the hardware monotonic counter has changed. The second non-volatile storage location is to store an indicator that the count of the virtual monotonic counter has changed. | 06-05-2014 |
20140157410 | Secure Environment for Graphics Processing Units - In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments. | 06-05-2014 |
20140181925 | Privacy Enhanced Key Management For A Web Service Provider Using A Converged Security Engine - In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed. | 06-26-2014 |
20140189356 | METHOD OF RESTRICTING CORPORATE DIGITAL INFORMATION WITHIN CORPORATE BOUNDARY - A method of enforcing a virtual corporate boundary may include a client device requesting sensitive content from a network site on a server device responsive to a user's interaction with the client device. The server device can determine whether the user and/or client device are permitted to access the sensitive content. A secure element on the client device can establish a session key between the server device and the client device. The server device can render the sensitive content and send it to the client device, which can display the content to the user. | 07-03-2014 |
20140189807 | METHODS, SYSTEMS AND APPARATUS TO FACILITATE CLIENT-BASED AUTHENTICATION - Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider. | 07-03-2014 |
20140205085 | PREVENTING PATTERN RECOGNITION IN ELECTRONIC CODE BOOK ENCRYPTION - In general, in one aspect, noise is injected into a bitmap associated with content to be presented on a display to create a noisy bitmap. The noisy bitmap is encrypted using electronic code book (ECB) encryption. The resulting ciphertext does not include recognizable patterns from the content as is typical with ECB encryption. The injection of noise may include modifying pixel values for at least a subset of pixels in the bitmap. The pixel values may be modified by using a counter, a known modification pattern, or a random number generator. The bitmap may be analyzed to determine how the bitmap can be modified to maximize the randomness of the bitmap while ensuring that the noisy bitmap is visually perceptually similar when presented. The noise may be injected into a block of pixels prior to the block being encrypted. | 07-24-2014 |
20140282868 | Method And Apparatus To Effect Re-Authentication - A system is provided to determine whether to re-authenticate a user based on identification parameter measurements of low power sensors. According to an embodiment of the invention, a system may include a processor that includes analysis logic to determine whether to re-authenticate the user based on parameter values received from at least one of one or more agents. The system may also include authentication logic to re-authenticate the user that includes a confirmation of whether the user is authenticated based on input received from one or more authentication sensors. Other embodiments are described and claimed. | 09-18-2014 |
20140282893 | REDUCING AUTHENTICATION CONFIDENCE OVER TIME BASED ON USER HISTORY - Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes. | 09-18-2014 |
20140282945 | TECHNOLOGIES FOR SECURE STORAGE AND USE OF BIOMETRIC AUTHENTICATION INFORMATION - Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment. | 09-18-2014 |
20140304649 | TRUSTED USER INTERACTION - In one embodiment a controller comprises a memory module, and logic configured to receive a request for trusted input from a user, define, on a region of a display device coupled to the secure controller, a dialog box, lock the dialog box such that input/output operations conducted in the dialog box are visible only to the secure controller, present, in the dialog box, one or more anti-spoof indicators and at least one input mechanism, receive a user input from the at least one input mechanism and process the user input in the secure controller. Other embodiments may be described. | 10-09-2014 |
20140366111 | CONTINUOUS AUTHENTICATION CONFIDENCE MODULE - Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session. | 12-11-2014 |
20140366128 | ADAPTIVE AUTHENTICATION SYSTEMS AND METHODS - An embodiment includes a method executed by at least one processor comprising: determining a first environmental factor for a mobile communications device; determining a first security authentication level based on the determined first environmental factor; and allowing access to a first module of the mobile communications device based on the first security authentication level. Other embodiments are described herein. | 12-11-2014 |
20150057839 | CONFIGURING USER CUSTOMIZABLE OPERATIONAL FEATURES OF A VEHICLE - Embodiments of apparatus and methods for configuring user customizable operational features of a vehicle are described. In embodiments, an apparatus may include a communication module configured to be disposed in the vehicle, and communicate with a mobile device a user. The apparatus may further include a controller configured to be disposed in the vehicle and coupled with the communication module, to obtain from the mobile device, one or more preferences of the user for one or more user customizable features of the vehicle, and adjust the one or more user customizable operational features of the vehicle based at least in part on the one or more preferences of the user obtained. Other embodiments may be described and/or claimed. | 02-26-2015 |
20150070134 | AUTHENTICATION SYSTEM USING WEARABLE DEVICE - A wearable device (“WD”) stores a token after its wearer completes a successful strong authentication on a primary protected device (“primary PD”). Other protected devices (“secondary PDs”) recognize the stored token as representing a strong authentication and grant the user access while the user continues to wear the WD within a “digital leash-length” proximity. The WD constantly monitors whether the user continues to wear the device. Upon sensing that the user has removed the WD, the WD deletes, disables, or invalidates the token, The user must then repeat the strong authentication to gain further access to the protected devices. | 03-12-2015 |
20150086012 | SECURE VIDEO OUPUT PATH - Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a processing core communicatively coupled to the architecturally protected memory, the processing core comprising a processing logic configured to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory; wherein the processing logic is further configured to provide a secure video output path by generating an output surface bitmap encrypted with a first encryption key and storing an encrypted first encryption key in an external memory, wherein the encrypted first encryption key is produced by encrypting the first encryption key with a second encryption key. | 03-26-2015 |