Abstract: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

Abstract: Generally, this disclosure describes devices, methods and systems for securely providing context sensor data to mobile platform applications. The method may include configuring sensors to provide context data, the context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, the sensor driver configured to control the sensors; providing a trusted execution environment (TEE) operating on the mobile device, the TEE configured to host the sensor driver and restrict control and data access to the sensor driver and to the sensors; generating a request for the context data through the API, the request generated by an application associated with the mobile device; receiving, by the application, the requested context data and a validity indicator through the API; verifying, by the application, the requested context data based on the validity indicator; and adjusting a policy associated with the application based on the verified context data.

Abstract: A device, method, and system for generating online social community profiles includes collecting behavioral characteristics of community members of an online social community and aggregating the behavioral characteristics to generate a social community profile for the online social community. The social community profile may be used to elicit proposals from vendors, which may be voted on or responded to by the community members of the online social community.

Abstract: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key_MSB=AES128(base_key_1,client_ID),??(1) client_key_LSB=AES128(base_key_2,client_ID+pad),and??(2) client_key=client_key_MSB?client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.

Abstract: A close-range mutual authentication system is described. A method may comprise receiving encoded connection information at a close-range input device of a client mode electronic device from a server mode electronic device; decoding the encoded connection information into one or more connection elements; establishing a communication connection with the server mode electronic device utilizing the connection elements; receiving authentication information at the client mode electronic device via the communication connection; authenticating the server mode electronic device to the client mode electronic device utilizing the authentication information; and generating one or more authentication elements responsive to authentication of the server mode electronic device for presentation via a close-range output device of the client mode electronic device, the one or more authentication elements configured to confirm authentication of the client mode electronic device to the server mode electronic device.

Abstract: A machine-controlled method can include visually presenting to a first user a first user interface for a first transaction involving user-sensitive information, the first user interface having a first user interface layout, and performing processing based on user-sensitive information received by way of user interaction by the first user with the first user interface. The method can also include visually presenting to a second user a second user interface for receiving a second transaction involving user-sensitive information, the second user interface having a second user interface layout that is visually distinct from the first user interface layout and has a desired level of entropy.

Abstract: Apparatuses for peer-to-peer network setup are presented. In one embodiment, an apparatus comprises a wireless processing unit to communicate with a master device. The wireless processing unit is operable to receive encoded data in a two-dimensional (2D) barcode. The encoded data comprise at least user information associated with the master device including a user identifier, a device identifier, or both. The encoded data further comprise network information including a network identifier, a password, and a profile lifetime value. In one embodiment, the apparatus further comprises a display unit to display at least part of the user information and the network information to a user. The wireless processing unit is operable to initiate a peer-to-peer network setup with the master device based at least on a response from the user.

Abstract: A hardware-based digital random number generator is provided. The digital random number generator is a randomly behaving random number generator based on a set of nondeterministic behaviors. The nondeterministic behaviors include temporal asynchrony between subunits, entropy source “extra” bits, entropy measurement, autonomous deterministic random bit generator reseeding and consumption from a shared resource.

Abstract: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key—MSB=AES128(base_key_1, client_ID),??(1) client_key—LSB=AES128(base_key_2, client_ID+pad), and??(2) client_key=client_key_MSB?client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.

Abstract: A system and method for discovery and/or authentication of clients to a network, particularly a managed network, substantially without requiring the client and/or access device to transmit an unencrypted address or identification.

Abstract: Described herein are an apparatus and method for Skein hashing. The apparatus comprises a block cipher operable to receive an input data and to generate a hashed output data by applying Unique Block Iteration (UBI) modes, the block cipher comprising at least two mix and permute logic units which are pipelined by registers; and a counter, coupled to the block cipher, to determine a sequence of the UBI modes and to cause the block cipher to process at least two input data simultaneously for generating the hashed output data.

Abstract: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

Abstract: An embodiment of the present invention provides an apparatus, comprising a wireless station (STA) operable to communicate with a first access point (AP) and roam to a next access point (AP), wherein said next AP pre-caches a number of IP addresses from a backend Dynamic Host Configuration Protocol (DHCP) server; and wherein said wireless station (STA) gathers IP layer address and sub-network information from said next Access Point (AP) during roaming.

Abstract: Systems and methods of conducting collaborative sessions between mobile devices may provide for determining a time delay associated with a set of participating mobile devices, and determining a command execution time based at least in part on a clock of a managing device and the time delay. One or more control messages may be transmitted to the participating mobile devices, wherein the control messages include the command and the command execution time. Upon receiving a control message, each participating mobile device may determine a local execution time based at least in part on the command execution time and an offset of the clock of the managing device relative to a local clock. Execution of the command can therefore be coordinated across the set of participating mobile devices.

Abstract: A computer system includes a service partition, not directly accessible to a user, having a security agent to inspect data entering and exiting the computer system on a virtual private network (VPN) tunnel, and a service partition VPN unit to communicate with a VPN gateway. The computer system also includes a user partition, accessible to a user, having a user partition VPN unit to initiate construction of the VPN tunnel with the VPN gateway. Other embodiments are described and claimed.

Abstract: Embodiments provide techniques for device power management in wireless networks. For instance, an apparatus may include a power management module, and a transceiver module. The power management module determines a beacon interval and a wakeup interval. The transceiver module to send a transmission to one or more remote devices that includes the beacon interval and the wakeup interval. The beacon interval indicates a time interval between consecutive beacon transmissions of the apparatus, and the wakeup interval indicates a time interval between when the apparatus receives two consecutive beacons from a peer device.

Abstract: In a processor based system comprising a plurality of logical machines, selecting a logical machine of the system to serve as a host; the host communicating with a policy decision point (PDP) of a network to provision a data channel interconnecting the processor based system and the network and to provision a logical data channel interconnecting each logical machine of the system to the network.

Abstract: Embodiments provide techniques for device power management in wireless networks. For instance, an apparatus may include a power management module, and a transceiver module. The power management module determines a beacon interval and a wakeup interval. The transceiver module to send a transmission to one or more remote devices that includes the beacon interval and the wakeup interval. The beacon interval indicates a time interval between consecutive beacon transmissions of the apparatus, and the wakeup interval indicates a time interval between when the apparatus receives two consecutive beacons from a peer device.

Abstract: In a processor based system comprising a plurality of logical machines, selecting a logical machine of the system to serve as a host; the host communicating with a policy decision point (PDP) of a network to provision a data channel interconnecting the processor based system and the network and to provision a logical data channel interconnecting each logical machine of the system to the network.