Abstract: Sequences to synchronize devices and related methods are disclosed herein including an access address generator to cryptographically generate a first bit sequence, an access address selector to read a first portion of the first bit sequence and read a second portion of the first bit sequence, the second portion different than the first portion, an access address analyzer to identify a first access address from a first section of the first portion based on a first criteria, the first criteria a function of a first autocorrelation function and identify a second access address from a second section of the second portion based on a second criteria, the second criteria a function of a second autocorrelation function.

Abstract: In accordance with some embodiments, an apparatus that enables trusted location tracking includes a housing arranged to hold a user equipment, one or more devices, a local communication device, and a controller at least partially supported by the housing. The apparatus obtains, via the one or more devices, a first set of data characterizing a location of the user equipment. The apparatus further establishes, via the location communication device, a local communication channel with the user equipment. The apparatus also obtains through the local communication channel a second set of data characterizing the location of the user equipment. The apparatus also determines a trust score characterizing the second set of data based on the first set of data. The apparatus additionally triggers an alert in accordance with a determination that the trust score is below a threshold.

Abstract: A device implementing a system for anonymizing user data provided for server-side operations includes a processor configured to receive user input including a search term, wherein first and second data structures are stored on the device, the first data structure including user interest data items that correspond to prior user activity, the second data structure including topic data items mapped to the user interest data items, the topic data items being broader than the user interest data items. The processor accesses the second data structure to obtain one or more topic data items. The processor transmits, to a server, the search term and one or more topic data items for obtaining a query suggestion or search result. The processor receives, from the server, the query suggestion or search result, the query suggestion or search result having been obtained based on the search term and one or more topic data items.

Abstract: The disclosed technologies include receiving a request from a second computing device to verify ownership of a blockchain address. A challenge content is generated and sent to the requestor. A signature is received comprising a hash of the challenge content generated using a private key. A public key corresponding to the private key is obtained, and the signature is validated using the public key. In response to validating the signature, a characteristic is associated with a user associated with the blockchain address.

Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.

Abstract: Methods, apparatus, and systems are provided to secure access to an account of a user. The account may have a system administrator. The user may have a credential for accessing the secure data on the account. The methods, apparatus, and systems involve setting a universal reset credential associated with the account, denying the system administrator of the account permission to change the first credential of the access feature, and permitting the system administrator to reset the access feature from the first credential to the universal reset credential.

Abstract: A proxy computer system provides a proxy service for a client to utilize a third-party network service by parsing content retrieved from a third-party network service to identify a link specifying a hostname with multiple subdomains of the third-party network service and substituting the hostname of the link with a mapped hostname that is mapped internally within the proxy service to the hostname of the link and is compatible with a wildcard proxy service certificate to enable the client to securely access a resource associated with the link without a compatible certificate for the hostname with multiple subdomains of the third-party network service.

Abstract: This disclosure describes systems, methods, and devices related to security for multi-link operations. A multi-link device (MLD) may establish a first communication link between a first device of the MLD and a first device of a second MLD, and a second communication link between a second device of the MLD and a second device of the second MLD. The MLD may generate a group-addressed message. The MLD may protect the group-addressed message using a first key or a first integrity key. The MLD may protect the group-addressed message using a second key or a second integrity key. The MLD may send, using the first communication link, the group-addressed message protected using the first key or the first integrity key, and may send, using the second communication link, the group-addressed message protected using the second key or the second integrity key.

Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.

Abstract: A threat detection system for detecting malware can automatically decide, without manual expert-level interaction, the best set of features on which to train a classifier, which can result in the automatic creation of a signature-less malware detection engine. The system can use a combination of execution graphs, anomaly detection and automatic feature pruning. Execution graphs can provide a much richer structure of runtime execution behavior than conventional flat execution trace files, allowing the capture of interdependencies while preserving attribution (e.g., D happened because of A followed by B followed by C). Performing anomaly detection on this runtime execution behavior can provide higher order knowledge as to what behaviors are anomalous or not among the sample files. During training the system can automatically prune the features on which a classifier is trained based on this higher order knowledge without any manual intervention until a desired level of accuracy is achieved.

Abstract: A memory control unit of a memory device includes at least one hardware processor; and memory storing instructions that cause the at least one hardware processor to perform operations comprising: generating a scrambler seed and a logical block address (LBA) for a block of write data received by the memory control unit from a host device; generating a flash translation layer (FTL) to map the LBA to a physical address (PA); scrambling the block of data using the scrambler seed; encrypting the scrambler seed, the LBA, and the PA in the FTL using an encryption key; initiating writing a scrambled block of data and encrypted LBA and scrambler seed to a memory array; and decrypting the FTL using an incorrect encryption key in response to an erase command received by the memory control unit from the host device.

Abstract: A wireless sensor preferably has a case which is intrinsically safe and has no exposed parts which can become not intrinsically safe due to the passage of time or through contact with chemicals typically encountered in a location where the wireless sensor is used. It preferably has no integral visual display other than lights, and it preferably includes at least one signal light. The sensor preferably includes a wireless transceiver for allowing remote read and remote control of the sensor. The sensor preferably includes piezoelectric pressure detectors for allowing a user to locally interact with the sensor by pressing on the case. Data can be automatically harvested from the sensors by a portable electronic data-retrieving device which is usually geographically remote from the sensors when the portable electronic data-retrieving device and the sensors are in range of a wireless system which allows them to communicate when they are geographically proximate each other.

Abstract: Disclosed are various embodiments for certificate-based authentication in radio-based networks. In one embodiment, a request for service from a radio-based network is received from a client device. The request for service includes a secure certificate. The radio-based network includes a radio access network and an associated core network. The authenticity of the secure certificate is validated based at least in part on a certificate signature in the secure certificate signed by a certificate authority. It is determined that an entity identified in the secure certificate is permitted to access the radio-based network. Radio-based network access is provided to the client device in response to determining that the entity is permitted to access the radio-based network.

Abstract: A system and method for authenticating an application that employs cryptographic keys and functions is provided with white box cryptography employed to secure the application, and to secure communications with the application. The white box includes a transformation of the application and the keys. A secure channel between the white box and a crypto token is used for communications. In some cases, the transformed keys can be employed in authenticating the white box to the crypto token. The presence of a valid crypto token can be periodically determined. In the presence of a valid crypto token, the white box can provide a verifiable message to a remote server. The remote server can verify the message and initiate a service.

Abstract: In embodiments of the present disclosure, there is provided a method for authenticating an access point. In the method, a request for joining a network is received from an access point. A neighbor authentication notification is transmitted to the access point for obtaining an authentication code from a neighbor access point that is connected in the network in accordance with a determination that the access point is verified. The authentication code that is generated by the neighbor access point is received from the access point. The access point is accepted to join the network in accordance with a determination that the authentication code is valid. Embodiments of the present disclosure present a safe and effective way for authenticating the access point that is requesting to join the network, which provides enhanced authentication and increases the security level of the network.

Abstract: An electronic device includes a first communication device operable across a first medium of communication and a second communication device operable across a second medium of communication that is different from the first medium of communication. One or more processors operable with the first communication device and the second communication device obtain a client certificate digest from a prospective client device using the first communication device. Thereafter, the one or more processors receive a client certificate from a remote electronic device using the second communication device. The one or more processors then verifying that the prospective client device and the remote electronic device are the same device prior to establishing a secure communication session.

Abstract: The present disclosure includes apparatuses, methods, and systems for using a local ledger block chain for secure updates. An embodiment includes a memory, and circuitry configured to receive a global block to be added to a local ledger block chain for validating an update for data stored in the memory, where the global block to be added to the local ledger block chain includes a cryptographic hash of a current local block in the local ledger block chain, a cryptographic hash of the data stored in the memory to be updated, where the current local block in the local ledger block chain has a digital signature associated therewith that indicates the global block is from an authorized entity.

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.

Abstract: A method and apparatus of a device searches encrypted objects stored in a secure virtual storage space is described. In an exemplary embodiment, the device receives a search query that includes a set of tokens and encrypts the set of tokens. The device further creates a hashed set of encrypted tokens using a second hash function. In addition, the device sends the hashed set of encrypted tokens to a first search server as a query. Furthermore, the device receives, from the first search server, a first set of encrypted object names as a search result. The device additionally determines a set of client-side indexes to search by hashing at least some of the first set of encrypted object names using a first hash function. The device further decrypts the set of encrypted object names. The additionally searches the set of client-side indexes using the set of decrypted object names.