Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a broadcast query from a network element, receive information from a plurality of devices, process the information, and generate an integrated group response, wherein the integrated group response summarizes the information about the plurality of devices and removes identification information that could allow data to be linked to a specific device from the plurality of devices. The integrated group response can be communicated back to the network element in response to the query.

Abstract: An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.

Abstract: An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.

Abstract: An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.

Abstract: Various systems and methods for providing a mechanism for multi-modal user authentication are described herein. An authentication system for multi-modal user authentication includes a memory including image data captured by a camera array, the image data including a hand of a user; and an image processor to: determine a hand geometry of the hand based on the image data; determine a palm print of the hand based on the image data; determine a gesture performed by the hand based on the image data; and determine a bio-behavioral movement sequence performed by the hand based on the image data; and an authentication module to construct a user biometric template using the hand geometry, palm print, gesture, and bio-behavioral movement sequence.

Abstract: In an embodiment, at least one non-transitory computer readable storage medium includes instructions that when executed enable a system to: request, by an authentication logic of the system during a multi-factor authentication of a user of the system to obtain access to a first service, a token to be sent from a second system associated with the first service to a third system associated with the user; receive, in the authentication logic, the token from the third system without user involvement via a secure channel; and send the token from the authentication logic to the second system to authenticate the user. Other embodiments are described and claimed.

Abstract: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.

Abstract: Systems, apparatuses and methods may provide for generating, at a computing device, a challenge message in response to a recovery request and conducting a verification of one or more responses to the challenge message based on an encryption key stored in a hardware-based trusted execution environment (TEE) of the computing device. Additionally, an authentication template associated with a multifactor authentication service may be unlocked if the verification is successful.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a broadcast query from a network element, receive information from a plurality of devices, process the information, and generate an integrated group response, wherein the integrated group response summarizes the information about the plurality of devices and removes identification information that could allow data to be linked to a specific device from the plurality of devices. The integrated group response can be communicated back to the network element in response to the query.

Abstract: Techniques for connecting using NFC communications are provided. Specifically, methods are presented, that when taken alone or together, provide a device or group of devices with a secure way of transferring data from a wireless device to a reader. The present disclosure includes a method that provides a wireless device with network connectivity options that enable a more secure means for using NFC communications for completing a secure transaction using a secondary code.

Abstract: An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.

Abstract: A method for managing a reference template for authentication includes generating the reference template using gait data collected during a training period. A user is authenticated utilizing the reference template. A universal background model (UBM) is generated using gait data collected after the training period. The reference template is updated using the UBM.

Abstract: In an embodiment, at least one non-transitory computer readable storage medium includes instructions that when executed enable a system to: request, by an authentication logic of the system during a multi-factor authentication of a user of the system to obtain access to a first service, a token to be sent from a second system associated with the first service to a third system associated with the user; receive, in the authentication logic, the token from the third system without user involvement via a secure channel; and send the token from the authentication logic to the second system to authenticate the user. Other embodiments are described and claimed.

Abstract: Techniques for connecting using NFC communications are provided. Specifically, methods are presented, that when taken alone or together, provide a device or group of devices with a secure way of transferring data from a wireless device to a reader. The present disclosure includes a method that provides a wireless device with network connectivity options that enable a more secure means for using NFC communications for completing a secure transaction using a secondary code.

Abstract: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.

Abstract: In an embodiment, an apparatus includes a security engine to operate in a trusted execution environment to perform security operations and to authenticate a user of the apparatus, and a pairing logic to receive an indication of discovery of a peer device and to determine whether the user of the apparatus corresponds to a user of the peer device, and if so to enable a pairing with the peer device according to a first security ring if the correspondence is determined, and to enable the pairing with the peer device according to a second security ring if no correspondence is detected and the user of the apparatus is authenticated. Other embodiments are described and claimed.

Abstract: An embodiment of the invention allows a user to back-up/store data to a cloud-based storage system and synchronize that data on the user's devices coupled to the storage system. The devices have secure out-of-band cryptoprocessors that conceal a private key. The private key corresponds to a public key that is used to encrypt a session key and information, both of which are passed to and through cloud based storage, all while remaining encrypted. The encrypted material is communicated from the cloud to another of the user's devices where the encrypted material is decrypted within a secure out-of-band cryptoprocessor (using the private key that corresponds to the aforementioned public key) located within the device. The embodiment allows for secure provisioning of the private key to the devices. The private key is only decrypted within the cryptoprocessor so the private key is not “in the open”. Other embodiments are described herein.

Abstract: An embodiment of the invention allows a user to back-up/store data to a cloud-based storage system and synchronize that data on the user's devices coupled to the storage system. The devices have secure out-of-band cryptoprocessors that conceal a private key. The private key corresponds to a public key that is used to encrypt a session key and information, both of which are passed to and through cloud based storage, all while remaining encrypted. The encrypted material is communicated from the cloud to another of the user's devices where the encrypted material is decrypted within a secure out-of-band cryptoprocessor (using the private key that corresponds to the aforementioned public key) located within the device. The embodiment allows for secure provisioning of the private key to the devices. The private key is only decrypted within the cryptoprocessor so the private key is not “in the open”. Other embodiments are described herein.