Abstract: In one embodiment, a hub logic is to provision a plurality of group private keys for a dynamic multipoint virtual private network (DMVPN) group associated with a function of a plurality of devices, provide a group public key for the DMVPN group to the plurality of devices and provision each of the plurality of group private keys to one of the plurality of devices, to enable one or more subsets of the plurality of devices to negotiate a traffic encryption key without interaction with a system having the hub logic. Other embodiments are described and claimed.

Abstract: Measurement exchange networks and protocols to exchange measurements of a parameter amongst devices (e.g., IoT devices), select the best measurement(s), accuracy/precision-wise, and determine a process variable for a control system based on the selected best measurement(s). A device may select a peer-provided best measurement to output as the process variable in place of a local measurement, and/or compute the process variable from multiple best measurements (e.g., local and/or peer-provided measurements). Metadata may be used to select a measurement(s) and/or to increase reliability/trust of exchanged data. In this way, each device of an exchange group/network may obtain the highest measurement accuracy of all available collocated sensors with little or no additional processing or cloud connectivity.

Abstract: Technologies for secure collective authorization include multiple computing devices in communication over a network. A computing device may perform a join protocol with a group leader to receive a group private key that is associated with an interface implemented by the computing device. The interface may be an instance of an object model implemented by the computing device or membership of the computing device in a subsystem. The computing device receives a request for attestation to the interface, selects the group private key for the interface, and sends an attestation in response to the request. Another computing device may receive the attestation and verify the attestation with a group public key corresponding to the group private key. The group private key may be an enhanced privacy identifier (EPID) private key, and the group public key may be an EPID public key. Other embodiments are described and claimed.

Abstract: Technologies to facilitate supervision of an online identify include a gateway server to facilitate and monitor access to an online service by a user of a “child” client computer device. The gateway server may include an identity manager to receive a request for access to the online service from the client computing device, retrieve access information to the online service, and facilitate access to the online service for the client computing device using the access information. The access information is kept confidential from the user. The gateway server may also include an activity monitor module to control activity between the client computing device and the online service based on the set of policy rules of a policy database. The gateway server may transmit notifications of such activity to a “parental” client computing device for review and/or approval, which also may be used to update the policy database.

Abstract: In one embodiment, a system includes a hardware processor having at least one core to execute instructions; and a logic to generate a group public key for a subnet having a plurality of computing devices and generate a plurality of group private credentials for the plurality of computing devices, provide the group public key to the plurality of computing devices and provide each of the group private credentials to one of the plurality of computing devices, to enable communication between the plurality of computing devices of the subnet without validation messaging with the system. Other embodiments are described and claimed.

Abstract: Systems and methods may provide for establishing an out-of-band (OOB) channel between a local wireless interface and a remote backend receiver, and receiving information from a peripheral device via the local wireless interface. Additionally, the information may be sent to the backend receiver via the OOB channel, wherein the OOB channel bypasses a local operating system. In one example, a secure Bluetooth stack is used to receive the information from the peripheral device.

Abstract: Measurement exchange networks and protocols to exchange measurements of a parameter amongst devices (e.g., IoT devices), select the best measurement(s), accuracy/precision-wise, and determine a process variable for a control system based on the selected best measurement(s). A device may select a peer-provided best measurement to output as the process variable in place of a local measurement, and/or compute the process variable from multiple best measurements (e.g., local and/or peer-provided measurements). Metadata may be used to select a measurement(s) and/or to increase reliability/trust of exchanged data. In this way, each device of an exchange group/network may obtain the highest measurement accuracy of all available collocated sensors with little or no additional processing or cloud connectivity.

Abstract: Technologies for managing a treatment program include a treatment management server, smart pills, and patient computing devices. The treatment management server is configured to generate treatment data usable by the smart pills to control a release of one or more drugs in patients. The treatment management server is also configured to transmit the treatment data to the smart pills, obtain physiological data associated with the patients, identify a preferred physiological response among the patients based on the physiological data, and identify the treatment data associated with the preferred physiological response. The smart pills are configured to obtain the treatment data, release one or more drugs into the patients based on the treatment data, sense physiological conditions in the patients, and transmit the physiological conditions to the treatment management server. The patient computing devices facilitate communication between the treatment management server and the smart pills.

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.

Abstract: A technique allows detection of covert malware that attempts to hide network traffic. By monitoring network traffic both in a secure trusted environment and in an operating system environment, then comparing the monitor data, attempts to hide network traffic can be detected, allowing the possibility of performing rehabilitative actions on the computer system to locate and remove the malware hiding the network traffic.

Abstract: Embodiments of methods, apparatuses, and storage mediums associated with eye movement based knowledge demonstration, having a particular application to authentication, are disclosed. In embodiments, a computing device may determine whether a received input of a pattern of eye movements is consistent with an expected pattern of eye movements of a user when the user attempts to visually locate a piece of information embedded in a display. In embodiments, the expected pattern of eye movements may include patterns related to fixations and/or other statistical patterns, however, may not be limited to such patterns. In applications, determining consistency or correlation with the expected pattern of eye movements may identify the user by simultaneously verifying at least factors of authentication—that of biometric criteria related to a user's pattern of eye movements and a password or other information known to the user.

Abstract: Technologies to facilitate supervision of an online identify include a gateway server to facilitate and monitor access to an online service by a user of a “child” client computer device. The gateway server may include an identity manager to receive a request for access to the online service from the client computing device, retrieve access information to the online service, and facilitate access to the online service for the client computing device using the access information. The access information is kept confidential from the user. The gateway server may also include an activity monitor module to control activity between the client computing device and the online service based on the set of policy rules of a policy database. The gateway server may transmit notifications of such activity to a “parental” client computing device for review and/or approval, which also may be used to update the policy database.

Abstract: In an example, there is disclosed a computing apparatus having one or more logic elements forming a non-encrypted flow processor engine; and one or more logic elements forming a service selection engine, wherein the one or more logic elements include a trusted execution environment (TEE), and wherein the service selection engine is operable to; receive from the flow processor engine an encrypted payload; determine that the encrypted payload satisfies at least one selection criterion; and provide a notification of satisfaction to the flow engine. There is further disclosed a method of performing the operations disclosed, and one or more computer-readable mediums having stored thereon executable instructions to perform the method.

Abstract: There is disclosed in an example, a computing apparatus, including: a trusted execution environment (TEE); and one or more logic elements providing a collaboration engine within the TEE, operable to: receive a change to a secured document via a trusted channel; apply a change to the secured document; log the change to a ledger; and display the document to a client device via a protected audio-video path (PAVP). There is also disclosed a method of providing a collaboration engine, and a computer-readable medium having stored thereon executable instructions for providing a collaboration engine.

Abstract: An embodiment includes a method executed by at least one processor of a first computing node comprising: generating a key pair including a first public key and a corresponding first private key; receiving an instance of a certificate, including a second public key, from a second computing node located remotely from the first computing node; associating the instance of the certificate with the key pair; receiving an additional instance of the certificate; verifying the additional instance of the certificate is associated with the key pair; and encrypting and exporting the first private key in response to verifying the additional instance of the certificate is associated with the key pair. Other embodiments are described herein.

Abstract: Methods, apparatus, systems and articles of manufacture detect spoofing attacks for video-based authentication are disclosed. Disclosed example method to perform video-based authentication include determining whether a sequence of input images provided to perform video-based authentication of a subject exhibits a first region having fluctuating pixel values. Such example methods also include determining that the sequence of input images is associated with a spoofing attack in response to determining that the sequence of input images exhibits the first region having fluctuating pixel values.

Abstract: Distributed systems for protecting networked computer assets from compromise are disclosed. The distributed system includes one or more enterprise event sources, such as endpoint(s). The system also includes a server, such as a Big Data Analytics server, and optionally a security management server such as a Security Information and Event Management server. The Big Data Analytics server processes data collected from the enterprise event sources and produces behavioral profile models for each endpoint (or group of similar endpoints). The profiles, models, and ontology analysis are provided to the endpoints. Endpoint analytics use the output from the analytics servers to detect deviations from the endpoint's behavioral profile.

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.

Abstract: Systems and methods are described herein for avoiding interfering with 5GHZ frequency band signals with a peer-to-peer wireless local area network connection. A peer-to-peer client is notified of radar signals in proximity to the client over a master-to-client wireless local area connection with an enterprise access point. If the notification includes a non-interfering radar channel, the peer-to-peer client resets the peer-to-peer channel to the non-interfering radar channel. If the notification does not provide a non-interfering radar channel, the peer-to-peer client resets the peer-to-peer network connection to a non-dynamic frequency selection channel and may disconnect the Wi-Fi connection with the enterprise access point.

Abstract: Various systems and methods for personal sensory drones are described herein. A personal sensory drone system includes a drone remote control system comprising: a task module to transmit a task to a drone swarm for the drone swarm to execute, the drone swarm including at least two drones; a transceiver to receive information from the drone swarm related to the task; and a user interface module to present a user interface based on the information received from the drone swarm.