Abstract: In one example an apparatus comprises a memory and a processor to receive, in an edge node of a secure network, a first file, determine that the first file is addressed to a recipient outside the secure network, and in response to a determination that the first file is addressed to a destination outside the secure network, to generate a watermark that identifies a transmitter of the document, a recipient of the document, and comprises a digital signature of the first file, embed the watermark in the first file to generate a watermarked file, and pass the watermarked file to an input/output system for transmission out of the secure network. Other examples may be described.

Abstract: Private delivery drones and methods are disclosed. An example drone includes a first communication interface to receive a first input from a sender representing a delivery area for a payload, a second communication interface to receive a second input from a recipient representing a visual marker of the recipient, the visual marker unknown to the sender, a drone controller to, when the drone reaches the delivery area, visually identify a location in the delivery area to deliver the payload based on the visual marker, and a carrier to deliver the payload to the location.

Abstract: Described herein are architectures, platforms and methods for offloading process or application from a near field communication (NFC) master device for proxy delegation to a proxy NFC device.

Abstract: Methods and apparatus relating to protecting Artificial Intelligence (AI) payloads running in Graphics Processing Unit (GPU) against main Central Processing Unit (CPU) residing adversaries are described. In an embodiment, memory stores data corresponding to one or more Artificial Intelligence (AI) tasks. The memory comprises at least a shared memory partition and a Graphics Processing Unit (GPU) only memory partition. Logic circuitry performs one or more operations in a protected environment to cause transmission of the stored data from the shared memory partition of the memory to the GPU only memory partition of the memory. The shared memory partition is accessible by both a GPU and a Central Processing Unit (CPU), and the GPU only memory partition is only accessible by the GPU. Other embodiments are also disclosed and claimed.

Abstract: In embodiments, apparatuses, methods, and storage media may be described for identifying a quick response (QR) image. A QR control code (QRCC) may be identified in the QR image based on a QR tag in the image. Based on the QRCC, a control command of an apparatus may be identified. Other embodiments may be described and/or claimed.

Abstract: There is disclosed in an example, a computing apparatus, including: a trusted execution environment (TEE); and one or more logic elements providing a collaboration engine within the TEE, operable to: receive a change to a secured document via a trusted channel; apply a change to the secured document; log the change to a ledger; and display the document to a client device via a protected audio-video path (PAVP). There is also disclosed a method of providing a collaboration engine, and a computer-readable medium having stored thereon executable instructions for providing a collaboration engine.

Abstract: The present disclosure is directed to systems and methods for the selective introduction of low-level pseudo-random noise into at least a portion of the weights used in a neural network model to increase the robustness of the neural network and provide a stochastic transformation defense against perturbation type attacks. Random number generation circuitry provides a plurality of pseudo-random values. Combiner circuitry combines the pseudo-random values with a defined number of least significant bits/digits in at least some of the weights used to provide a neural network model implemented by neural network circuitry. In some instances, selection circuitry selects pseudo-random values for combination with the network weights based on a defined pseudo-random value probability distribution.

Abstract: Providing optical watermark signals for a visual authentication session by performing at least the following: receive, at an anti-spoof engine, an instruction to perform visual authentication operations for a visual authentication session, generate, with the anti-spoof engine, an optical watermark signal based on receiving the instruction, wherein the optical watermark signal includes at least one optical identifier to authenticate images captured during the visual authentication session, obtain, with the anti-spoof engine, an image source that includes captured images of the visual authentication session, determine, with the anti-spoof engine, whether the image source includes a reflected optical watermark signal, and compare, with the anti-spoof engine, whether the reflected optical watermark signal matches the generated optical watermark signal based on the determination that the image source includes the reflected optical watermark signal.

Abstract: An example display device for securing graphics outputs includes: a checker to check whether a secure output marker is located in a pre-determined position in graphical information of a digital image; a verifier to verify whether first data in the secure output marker matches actual data in a trusted output area of the digital image; and autonomous indicator control logic to activate a hardware-based trusted output indicator when the first data matches the actual data, the autonomous indicator control logic not accessible by computing applications executing on a system in communication with the display device.

Abstract: A system and apparatus for data confidentiality in a distributed ledger are disclosed. The system and apparatus preserve qualities of distributed ledgers, such as transparency, integrity, and redundancy, while also providing confidentiality, scalability, and security not previously available in distributed ledgers. The system includes a data confidentiality module that exploits a trusted execution environment for both transaction processing and key synchronization. The apparatus accessing the distributed ledger provides for new nodes joining the network, sending transactions to the ledger by existing nodes, securely processing the transaction using the trusted execution environment, securing transmission to the logic layer for application of business logic, reading and writing data to local storage, and reading encrypted transactions.

Abstract: There is disclosed in one example a computing apparatus to broker purchase of an item or service between a consumer and seller, including: a hardware platform including a processor; and a memory, including executable instructions to instruct the hardware platform to: receive an encrypted payload including a request from a consumer to purchase the item or service, the encrypted payload including information about the consumer; without exposing the information about the consumer to the seller, determine, based on the seller's availability to sell the item or service and the seller's preferences for selling the item or service, that the request matches the seller's availability and preferences; and send a notification that the seller will sell the item or service.

Abstract: Providing secure graphics outputs by performing at least the following: receive secure output data corresponding to a digital image, obtain one or more security keys, create a secure output marker for the secure output data, wherein the secure output marker comprises location information corresponding to a trusted output area of the digital image and data information that represents data content found within the trusted output area of the digital image, encrypt the secure output marker using the one or more security keys, embed the secure output marker within the graphics image to create a trusted graphics image; and render the trusted graphics image for exposure onto the display device.

Abstract: A circuit includes a first communication interface configured to receive first sensor data from a stationary sensor. The first sensor data include a result of a first sensing of a local environment of the stationary sensor performed by the stationary sensor. The circuit may further include a second communication interface configured to receive second sensor data from an unmanned aerial vehicle. The second sensor data include a result of a second sensing of at least a portion of the local environment of the stationary sensor performed by a sensor of the unmanned aerial vehicle. The circuit may further include one or a plurality of processors configured to compare the first sensor data and the second sensor data and to classify the at least one stationary sensor based on a result of the comparison.

Abstract: An embodiment of a semiconductor package apparatus may include technology to perform run-time analysis of inputs and outputs of a machine learning model of an inference engine, detect an activity indicative of an attempt to retrieve the machine learning model based on the run-time analysis, and perform one or more preventive actions upon detection of the activity indicative of the attempted model retrieval. Other embodiments are disclosed and claimed.

Abstract: According to various examples, an automated delivery device is described including a transportation system configured to move a package to a package recipient location, a package drop-off mechanism configured to drop off the package at the package recipient location, a communication system configured to communicate with a recipient camera device at the package recipient location and a controller configured to instruct the recipient camera device via the transceiver to verify package delivery based on an image of the delivered package.

Abstract: Methods, apparatus, systems and articles of manufacture to protect sensitive information in video collaboration systems are disclosed. A disclosed example method includes an analytics engine to recognize a feature in a first frame of a first video stream, a policy enforcer to apply an obscuration policy to the recognized feature to identify whether to mask the recognized feature, and a masker to obscure the recognized feature in the first frame to form a second frame in a second video stream.

Abstract: The present disclosure is directed to systems and methods for mitigating or eliminating the effectiveness of a side channel attack, such as a Meltdown or Spectre type attack by selectively introducing a variable, but controlled, quantity of uncertainty into the externally accessible system parameters visible and useful to the attacker. The systems and methods described herein provide perturbation circuitry that includes perturbation selector circuitry and perturbation block circuitry. The perturbation selector circuitry detects a potential attack by monitoring the performance/timing data generated by the processor. Upon detecting an attack, the perturbation selector circuitry determines a variable quantity of uncertainty to introduce to the externally accessible system data. The perturbation block circuitry adds the determined uncertainty into the externally accessible system data. The added uncertainty may be based on the frequency or interval of the event occurrences indicative of an attack.

Abstract: After a heuristic event counter in a processor has triggered a performance monitoring interrupt (PMI) when the processor was executing a target program in user mode, and after the processor has switched to kernel mode in response to the PMI, a heuristic event handler automatically performs preliminary analysis in kernel mode, without switching back to user mode, to determine whether heavyweight code analysis is warranted. The preliminary analysis comprises (a) obtaining an instruction pointer (IP) for the target program from a last branch record (LBR) buffer in the processor, (b) using transaction hardware in the processor to determine whether the IP from LBR buffer points to a readable page in memory, and (c) determining that heavyweight code analysis is not warranted in response to a determination that the page pointed to by the IP from LBR buffer is not readable. Other embodiments are described and claimed.

Abstract: Technologies are provided in embodiments for using compiling techniques to harden software programs from branching exploits. One example includes program instructions for execution to obtain a first encoded instruction of a software program, the first encoded instruction including a first opcode in a first field to be performed when the first encoded instruction is executed, identify a vulnerable value in a second field within the first encoded instruction, where the vulnerable value includes a second opcode, determine that the first encoded instruction can be replaced with one or more alternative encoded instructions that do not contain the vulnerable value, and replace the first encoded instruction with the one or more alternative encoded instructions.

Abstract: The disclosed embodiments generally relate to detecting malware through detection of micro-architectural changes (morphing events) when executing a code at a hardware level (e.g., CPU). An exemplary embodiment relates to a computer system having: a memory circuitry comprising an executable code; a central processing unit (CPU) in communication with the memory circuitry and configured to execute the code; a performance monitoring unit (PMU) associated with the CPU, the PMU configured to detect and count one or more morphing events associated with execution of the code and to determine if the counted number of morphine events exceed a threshold value; and a co-processor configured to initiate a memory scan of the memory circuitry to identify a malware in the code.