Patents by Inventor Uri Blumenthal
Uri Blumenthal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11449586Abstract: An aspect of authenticating a user via a processing system includes receiving, at an input device of the processing system, an input gesture corresponding to an explicit assertion of user intent with respect to a function to be performed on the processing system; and simultaneously authorizing and authenticating the user, with respect to the function, from data acquired from the input gesture.Type: GrantFiled: August 6, 2018Date of Patent: September 20, 2022Assignee: Massachusetts Institute of TechnologyInventors: John Darby Mitchell, Uri Blumenthal, Benjamin Woodbury Fuller, Robert Kevin Cunningham
-
Publication number: 20200026835Abstract: An aspect of authenticating a user via a processing system includes receiving, at an input device of the processing system, an input gesture corresponding to an explicit assertion of user intent with respect to a function to be performed on the processing system; and simultaneously authorizing and authenticating the user, with respect to the function, from data acquired from the input gesture.Type: ApplicationFiled: August 6, 2018Publication date: January 23, 2020Applicant: Massachusetts Institute of TechnologyInventors: John Darby Mitchell, Uri Blumenthal, Benjamin Woodbury Fuller, Robert Kevin Cunningham
-
Patent number: 9979749Abstract: A method and apparatus for network security elements using endpoint resources. An embodiment of a method includes receiving a request for access to a network at an endpoint server. The method further includes detecting that the request for access to the network includes a request that is unauthorized. The request for access to the network is directed to a network security element.Type: GrantFiled: February 3, 2015Date of Patent: May 22, 2018Assignee: INTEL CORPORATIONInventors: Omer Ben-Shalom, Uri Blumenthal
-
Patent number: 9547772Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.Type: GrantFiled: July 3, 2014Date of Patent: January 17, 2017Assignee: Intel CorporationInventors: David M Durham, Hormuzd M Khosravi, Uri Blumenthal, Men Long
-
Patent number: 9361471Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.Type: GrantFiled: December 1, 2014Date of Patent: June 7, 2016Assignee: Intel CorporationInventors: David M. Durham, Hormuzd M. Khosravi, Uri Blumenthal, Men Long
-
Patent number: 9245141Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.Type: GrantFiled: December 1, 2014Date of Patent: January 26, 2016Assignee: Intel CorporationInventors: David M. Durham, Hormuzd M. Khosravi, Uri Blumenthal, Men Long
-
Publication number: 20150244739Abstract: A method and apparatus for network security elements using endpoint resources. An embodiment of a method includes receiving a request for access to a network at an endpoint server. The method further includes detecting that the request for access to the network includes a request that is unauthorized. The request for access to the network is directed to a network security element.Type: ApplicationFiled: February 3, 2015Publication date: August 27, 2015Inventors: Omer Ben-Shalom, Uri Blumenthal
-
Publication number: 20150134952Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.Type: ApplicationFiled: December 1, 2014Publication date: May 14, 2015Applicant: INTEL CORPORATIONInventors: David M. Durham, Hormuzd M. Khosravi, Uri Blumenthal, Men Long
-
Publication number: 20150074419Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.Type: ApplicationFiled: July 3, 2014Publication date: March 12, 2015Applicant: Intel CorporationInventors: David M. Durham, Hormuzd M. Khosravi, Uri Blumenthal, Men Long
-
Patent number: 8949986Abstract: A method and apparatus for network security elements using endpoint resources. An embodiment of a method includes receiving a request for access to a network at an endpoint server. The method further includes detecting that the request for access to the network includes a request that is unauthorized. The request for access to the network is directed to a network security element.Type: GrantFiled: December 29, 2006Date of Patent: February 3, 2015Assignee: Intel CorporationInventors: Omer Ben-Shalom, Uri Blumenthal
-
Patent number: 8839450Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.Type: GrantFiled: August 2, 2007Date of Patent: September 16, 2014Assignee: Intel CorporationInventors: David Durham, Hormuzd Khosravi, Uri Blumenthal, Men Long
-
Patent number: 8499151Abstract: Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.Type: GrantFiled: March 5, 2012Date of Patent: July 30, 2013Assignee: Intel CorporationInventors: David Durham, Hormuzd M. Khosravi, Uri Blumenthal, Men Long
-
Patent number: 8438618Abstract: Active management technology (AMT) may be provisioned in a client device automatically, which may provide a secure connection between the provisioning server and the client device. The client device comprising the active management technology may support zero-touch provisioning and one-touch provisioning.Type: GrantFiled: December 21, 2007Date of Patent: May 7, 2013Assignee: Intel CorporationInventors: Avigdor Eldar, Howard C. Herbert, Purushottam Goel, Uri Blumenthal, David Hines, Carey Smith
-
Patent number: 8281402Abstract: According to embodiments of the present invention, host platform device includes an embedded firmware agent that may detect an attempt by the host platform device to fully connect to a network. The firmware agent may restrict traffic between the host platform device and the network to bootstrap traffic, test the device to determine device vulnerability, may temporarily stop access to other peripheral devices, and transmit a report of the device vulnerability to a remote policy server. After the test(s) are performed, the firmware agent may receive an indication from the remote policy server as to whether the device is permitted to fully connect to the network and, if so, whether there are any further restrictions on traffic flow, for example, and if the peripheral device access may be allowed.Type: GrantFiled: May 16, 2006Date of Patent: October 2, 2012Assignee: Intel CorporationInventors: Ravi Sahita, Uday Savagaonkar, Hormuzd Khosravi, Uri Blumenthal
-
Publication number: 20120226903Abstract: Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.Type: ApplicationFiled: March 5, 2012Publication date: September 6, 2012Inventors: David Durham, Hormuzd M. Khosravi, Uri Blumenthal, Men Long
-
Patent number: 8205238Abstract: Transport agnostic, secure communication protocol for transmitting host platform posture information to the Network Access Control Server or PDP (Policy Decision Point) and for receiving policy information to be enforced on the trusted host platform and respective applications for data processing and communication are described herein.Type: GrantFiled: March 30, 2006Date of Patent: June 19, 2012Assignee: Intel CorporationInventors: Uri Blumenthal, Hormuzd Khosravi, Karanvir Grewal
-
Patent number: 8132018Abstract: Apparatus, system, and method having a first counter to record a number of invalid authentication requests, a first timer to set a first time period based on a value of the first counter, and an authentication module associated with the first counter and the first timer to receive an initial authentication request that includes a username and when said username is invalid, the module is to invalidate any subsequent authentication requests under the username during the first time period regardless of whether the subsequent requests includes a valid username. The system further includes a communication medium. The method includes receiving an authentication request with new information in a first session, validating the new information, and caching the validated new information in the first session.Type: GrantFiled: June 30, 2005Date of Patent: March 6, 2012Assignee: Intel CorporationInventors: Avigdor Eldar, Itamar Sharoni, Tsippy Mendelson, Uri Blumenthal
-
Patent number: 8132003Abstract: Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material.Type: GrantFiled: September 28, 2007Date of Patent: March 6, 2012Assignee: Intel CorporationInventors: David Durham, Hormuzd M. Khosravi, Uri Blumenthal, Men Long
-
Patent number: 7593717Abstract: A method is provided for determining a private key for a first network based on at least one security value associated with a second network. The method further includes establishing a plurality of sessions between a mobile terminal and the first network based on the private key.Type: GrantFiled: September 12, 2003Date of Patent: September 22, 2009Assignee: Alcatel-Lucent USA Inc.Inventors: Michael Marcovici, Semyon B. Mizikovsky, Sarvar M. Patel, Uri Blumenthal
-
Publication number: 20090165099Abstract: Active management technology (AMT) may be provisioned in a client device automatically, which may provide a secure connection between the provisioning server and the client device. The client device comprising the active management technology may support zero-touch provisioning and one-touch provisioning.Type: ApplicationFiled: December 21, 2007Publication date: June 25, 2009Inventors: Avigdor Eldar, Howard C. Herbert, Purushottam Goel, Uri Blumenthal, David Hines, Carey Smith