Abstract: Various systems and methods for Internet of Things (IoT) network sensor fusion are provided herein. A system for providing sensor collaboration includes: a sensor command circuit to access first-tier sensor data from a first-tier sensor associated with a user; a risk assessment circuit to use the first-tier sensor data to determine a risk rating, the risk rating representing a potential risk to the user; a user context circuit to determine a user context from the first-tier sensor data, wherein the user context circuit and the sensor command circuit are to selectively access second-tier sensor data from a second-tier sensor based on the user context; and a rule evaluation circuit to access a rule database to identify a rule corresponding to the risk rating and user context, and execute the rule when the rule is identified.

Abstract: Various systems and methods for Internet of Things (IoT) network sensor fusion are provided herein. A system for providing sensor collaboration includes: a sensor command circuit to access first-tier sensor data from a first-tier sensor associated with a user; a risk assessment circuit to use the first-tier sensor data to determine a risk rating, the risk rating representing a potential risk to the user; a user context circuit to determine a user context from the first-tier sensor data, wherein the user context circuit and the sensor command circuit are to selectively access second-tier sensor data from a second-tier sensor based on the user context; and a rule evaluation circuit to access a rule database to identify a rule corresponding to the risk rating and user context, and execute the rule when the rule is identified.

Abstract: In one embodiment, an apparatus includes: a bioimpedance sensor to generate bioimpedance information based on bioimpedance sample information from at least some of a plurality of electrodes to be adapted about a portion of a person; at least one biometric sensor to generate biometric information based on biometric sample information from at least some of the plurality of electrodes; at least one environmental sensor to generate environmental context data; and an integration circuit to receive the bioimpedance information, the biometric information and the environmental context data and to adjust the bioimpedance information based at least in part on a value of one or more of the biometric information and the environmental context data. Other embodiments are described and claimed.

Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to maintain user authentications with common trusted devices. If a user is in possession of a first computing device (e.g., a smartphone), an unlocked state of the first trusted device is maintained if the user is using a nearby trusted device (e.g., a computer) within a certain amount of time. If the first trusted device is in a pocket or other container, a longer span of time is granted to the user to register an on-body state.

Abstract: Various embodiments are generally directed to the provision and use of geometric location based security systems that use multiple beacons for determining a location. A beacon transmitted from an ultrasound broadcast as well as one or more different wireless broadcasts can be used to geo-locate a device and provide access controls based on the geo-location.

Abstract: Technologies for analyzing a Uniform Resource Locator (URL) include a multi-stage URL analysis system. The multi-stage URL analysis system analyzes the URL using a multi-stage analysis. In the first stage, the multi-stage URL analysis system analyzes the URL using an ensemble lexical analysis. In the second stage, the multi-stage URL analysis system analyzes the URL based on third-party detection results. In the third stage, the multi-stage URL analysis system analyzes the URL based on metadata related to the URL. The multi-stage URL analysis system advances the stages of analysis if a malicious classification score determined by each stage does not satisfy a confidence threshold. The URL may also be selected for additional rigorous analysis using selection criteria not used in by the analysis stages.

Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.

Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to maintain user authentications with common trusted devices. If a user is in possession of a first computing device (e.g., a smartphone), an unlocked state of the first trusted device is maintained if the user is using a nearby trusted device (e.g., a computer) within a certain amount of time. If the first trusted device is in a pocket or other container, a longer span of time is granted to the user to register an on-body state.

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

Abstract: Technologies for multi-factor authentication of a user include a computing device with one or more sensors. The computing device may authenticate the user by analyzing biometric and/or environmental sensor data to determine whether to allow the user access to a computing device. To do so, the computing device may determine reliability scores based on the environment during authentication for each biometric authentication factor used to authenticate the user. Additionally, the computing device may determine a login pattern based on sensor data collected during historical authentication attempts by the user over a period of time. The computing device may apply a machine-learning classification algorithm to determine classification rules, based on the login pattern, applied by the computing device to determine whether to allow the user access to the computing device. Other embodiments are described herein and claimed.

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

Abstract: Technologies for anonymizing sensor data of an Internet-of-Things (IOT) sensor cloud include receiving sensor data from an IOT sensor of the sensor cloud and determining a mapping for the sensor data that identifies one or more processes to be applied to the sensor data to convert the sensor data to synthetic data, which includes less personal identifiable characteristics of the user than the sensor data. The sensor data is synthesized using the determined mapping to generate the synthetic data, which is subsequently transmitted to a remote service for processing. Responses from the remote service may be de-synthetized to produce personalized responses for the user using the determined mapping.

Abstract: Technologies for information security include a computing device with one or more sensors. The computing device may authenticate a user and, after successful authentication, analyze sensor data to determine whether it is likely that the user authenticated under duress. If so, the computing device performs a security operation such as generating an alert or presenting false but plausible data to the user. Additionally or alternatively, the computing device, within a trusted execution environment, may monitor sensor data and apply a machine-learning classifier to the sensor data to identify an elevated risk of malicious attack. For example, the classifier may identify potential user identification fraud. The computing device may trigger a security response if elevated risk of attack is detected. For example, the trusted execution environment may trigger increased authentication requirements or increased anti-theft monitoring for the computing device. Other embodiments are described and claimed.

Abstract: In one embodiment, an apparatus includes: a bioimpedance sensor to generate bioimpedance information based on bioimpedance sample information from at least some of a plurality of electrodes to be adapted about a portion of a person; at least one biometric sensor to generate biometric information based on biometric sample information from at least some of the plurality of electrodes; at least one environmental sensor to generate environmental context data; and an integration circuit to receive the bioimpedance information, the biometric information and the environmental context data and to adjust the bioimpedance information based at least in part on a value of one or more of the biometric information and the environmental context data. Other embodiments are described and claimed.

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

Abstract: In an example, a computing device includes a trusted execution environment (TEE), including an enclave. The enclave may include both a binary translation engine (BTE) and an input verification engine (IVE). In one embodiment, the IVE receives a trusted binary as an input, and analyzes the trusted binary to identify functions, classes, and variables that perform input/output operations. To ensure the security of these interfaces, those operations may be performed within the enclave. The IVE tags the trusted binary and provides the binary to the BTE. The BTE then translates the trusted binary into a second format, including designating the tagged portion for execution within the enclave. The BTE may also sign the new binary in the second format and export it out of the enclave.

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

Abstract: Technologies for analyzing a Uniform Resource Locator (URL) include a multi-stage URL analysis system. The multi-stage URL analysis system analyzes the URL using a multi-stage analysis. In the first stage, the multi-stage URL analysis system analyzes the URL using an ensemble lexical analysis. In the second stage, the multi-stage URL analysis system analyzes the URL based on third-party detection results. In the third stage, the multi-stage URL analysis system analyzes the URL based on metadata related to the URL. The multi-stage URL analysis system advances the stages of analysis if a malicious classification score determined by each stage does not satisfy a confidence threshold. The URL may also be selected for additional rigorous analysis using selection criteria not used in by the analysis stages.