Eduardo Cabre1351 N Pleasant Dr UNIT 2080, Chandler, AZ 85225

2020037, Nov 26, 2020

Sep 28, 2018

16/957684

- Santa Clara CA, US
Edward Agis - San Jose CA, US
Eduardo Cabre - Chandler AZ, US
Jeremy Rover - Portland OR, US
David J. McCall - Dallas TX, US

H04W 12/06
H04L 9/32

Various systems and methods for testing devices, issuing certificates, and managing certified devices, are discussed herein. A system is configured for using platform certificates to verify compliance and compatibility of a device when onboarding the device into an internet of things (IoT) network. The system may use an approved product list to verify compliance and compatibility for the device. When the device is certified, the system may use an onboarding tool to onboard the device into the IoT network.

2019005, Feb 14, 2019

Oct 17, 2018

16/162776

- Santa Clara CA, US
Francis X. McKeen - Portland OR, US
Carlos V. Rozas - Portland OR, US
Simon P. Johnson - Beaverton OR, US
Bo Zhang - Raleigh NC, US
Piotr Zmijewski - Kartuzy, PL
Wesley H. Smith - Raleigh NC, US
Eduardo Cabre - Chandler AZ, US

Intel Corporation - Santa Clara CA

H04L 9/32
G06F 21/53
G09C 1/00
H04L 29/06
G06F 21/44
H04L 9/30
H04L 9/14
H04L 9/08

A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

2017036, Dec 21, 2017

Jul 2, 2016

15/201400

- Santa Clara CA, US
Francis X. McKeen - Portland OR, US
Carlos V. Rozas - Portland OR, US
Simon P, Johnson - Beaverton OR, US
Bo Zhang - Raleigh NC, US
Piotr Zmijewski - Kartuzy, PL
Wesley Hamilton Smith - Raleigh NC, US
Eduardo Cabre - Chandler AZ, US
Uday R. Savagaonkar - Redmond WA, US

Intel Corporation - Santa Clara CA

H04L 9/32
H04L 9/08
H04L 9/14
H04L 29/06

Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

2017035, Dec 7, 2017

Sep 29, 2016

15/279527

- Santa Clara CA, US
Francis X. McKeen - Portland OR, US
Carlos V. Rozas - Portland OR, US
Simon P. Johnson - Beaverton OR, US
Bo Zhang - Raleigh NC, US
Piotr Zmijewski - Gdansk, PL
Wesley H. Smith - Raleigh NC, US
Eduardo Cabre - Chandler AZ, US

H04L 9/32
H04L 9/14
H04L 9/30
H04L 29/06
H04L 9/08

A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

2016013, May 12, 2016

Mar 27, 2015

14/670874

Ned M. Smith - Beaverton OR, US
Jesse Walker - HIllsboro OR, US
Mats Agerstam - Portland OR, US
Ravi S. Subramaniam - San Jose CA, US
Eduardo Cabre - Chandler AZ, US

H04L 9/08
H04L 9/30
H04L 9/14

Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.