Abstract: A technique allows for memory bounds checking for dynamically generated code by using transactional memory support in a processor. The memory bounds checking includes creating output code, identifying read-only memory regions in the output code and creating a map that is provided to a security monitoring thread. The security monitoring thread executes as a transaction and determines if a transactional conflict occurs to the read-only memory region during parallel execution of a monitored thread in the output code.

Abstract: System and techniques for multiple stream tuning are described herein. A plurality of content streams may be received. The plurality of content streams may be ranked. A user attention level may be scored as the user observes at least one content stream of the plurality of content streams. The user attention level and a rank for the at least one content stream may be compared to remaining ranks of the plurality of content streams to produce a difference. A stream action may be performed on a set of content streams from the plurality of content streams based on the difference.

Abstract: Measurement exchange networks and protocols to exchange measurements of a parameter amongst devices (e.g., IoT devices), select the best measurement(s), accuracy/precision-wise, and determine a process variable for a control system based on the selected best measurement(s). A device may select a peer-provided best measurement to output as the process variable in place of a local measurement, and/or compute the process variable from multiple best measurements (e.g., local and/or peer-provided measurements). Metadata may be used to select a measurement(s) and/or to increase reliability/trust of exchanged data. In this way, each device of an exchange group/network may obtain the highest measurement accuracy of all available collocated sensors with little or no additional processing or cloud connectivity.

Abstract: A collection of techniques allow for the detection of covert malware that attempts to hide its existence on a system by leveraging both trusted hardware event counters and the particular memory addresses (as well as the sequences of such addresses) of the instructions that are generating the suspected malicious activity. By monitoring the address distribution's specific patterns over time, one can build a behavioral model (i.e., “fingerprint”) of a particular process—and later attempt to match suspected malicious processes to the stored behavioral models. Whenever the actual measured behavior of a suspected malicious process fails to match said stored behavioral models, the system or system administrator may attempt to perform rehabilitative actions on the computer system to locate and remove the malware hiding on the system.

Abstract: Technologies for secure collective authorization include multiple computing devices in communication over a network. A computing device may perform a join protocol with a group leader to receive a group private key that is associated with an interface implemented by the computing device. The interface may be an instance of an object model implemented by the computing device or membership of the computing device in a subsystem. The computing device receives a request for attestation to the interface, selects the group private key for the interface, and sends an attestation in response to the request. Another computing device may receive the attestation and verify the attestation with a group public key corresponding to the group private key. The group private key may be an enhanced privacy identifier (EPID) private key, and the group public key may be an EPID public key. Other embodiments are described and claimed.

Abstract: A wearable device provides protection for personal identity information by fragmenting a key needed to release the personal identity information among members of a body area network of wearable devices. A shared secret algorithm is used to allow unlocking the personal identity information with fragmental keys from less than all of the wearable devices in the body area network. The wearable devices may also provide protection for other personal user data by employing a disconnect and erase protocol that causes wearable devices to drop connections with an external personal data space and erase locally stored personal information if a life pulse from a connectivity root device is not received within a configurable predefined period.

Abstract: A technique for cognitive protection of a system can include digital and analog sensors to measure or calculate operational parameters of a system. Digital sensors may be used to determine measured or primary operational parameters. The analog sensors are used to measure analog sensor information related to operation of the system. Analog sensor information that is measured may be used to calculate secondary operational parameters that includes the same operating parameters as the primary operational parameters. Lockstep analysis may be used to compare the primary operational parameters with the secondary operational parameters so as to determine a discrepancy in the operational parameters in the system.

Abstract: Technologies to facilitate supervision of an online identify include a gateway server to facilitate and monitor access to an online service by a user of a “child” client computer device. The gateway server may include an identity manager to receive a request for access to the online service from the client computing device, retrieve access information to the online service, and facilitate access to the online service for the client computing device using the access information. The access information is kept confidential from the user. The gateway server may also include an activity monitor module to control activity between the client computing device and the online service based on the set of policy rules of a policy database. The gateway server may transmit notifications of such activity to a “parental” client computing device for review and/or approval, which also may be used to update the policy database.

Abstract: In one embodiment, a system includes a hardware processor having at least one core to execute instructions; and a logic to generate a group public key for a subnet having a plurality of computing devices and generate a plurality of group private credentials for the plurality of computing devices, provide the group public key to the plurality of computing devices and provide each of the group private credentials to one of the plurality of computing devices, to enable communication between the plurality of computing devices of the subnet without validation messaging with the system. Other embodiments are described and claimed.

Abstract: A wearable device provides protection for personal identity information by fragmenting a key needed to release the personal identity information among members of a body area network of wearable devices. A shared secret algorithm is used to allow unlocking the personal identity information with fragmental keys from less than all of the wearable devices in the body area network. The wearable devices may also provide protection for other personal user data by employing a disconnect and erase protocol that causes wearable devices to drop connections with an external personal data space and erase locally stored personal information if a life pulse from a connectivity root device is not received within a configurable predefined period.

Abstract: In one embodiment, a computing device includes: a power receiving unit to receive energy wirelessly from a power transmitting unit via a receive coil; a load modulation logic to modulate a load coupled to the receive coil to cause a message to be transmitted to the power transmitting unit via a first channel coupled to the receive coil; and a wireless communication circuit to communicate with the power transmitting unit via a second channel. Other embodiments are described and claimed.

Abstract: Providing secure graphics outputs by performing at least the following: receive secure output data corresponding to a digital image, obtain one or more security keys, create a secure output marker for the secure output data, wherein the secure output marker comprises location information corresponding to a trusted output area of the digital image and data information that represents data content found within the trusted output area of the digital image, encrypt the secure output marker using the one or more security keys, embed the secure output marker within the graphics image to create a trusted graphics image; and render the trusted graphics image for exposure onto the display device.

Abstract: Systems and methods may provide for establishing an out-of-band (OOB) channel between a local wireless interface and a remote backend receiver, and receiving information from a peripheral device via the local wireless interface. Additionally, the information may be sent to the backend receiver via the OOB channel, wherein the OOB channel bypasses a local operating system. In one example, a secure Bluetooth stack is used to receive the information from the peripheral device.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a broadcast query from a network element, receive information from a plurality of devices, process the information, and generate an integrated group response, wherein the integrated group response summarizes the information about the plurality of devices and removes identification information that could allow data to be linked to a specific device from the plurality of devices. The integrated group response can be communicated back to the network element in response to the query.

Abstract: In embodiments, apparatuses, methods, and storage media may be described for identifying a quick response (QR) image. A QR control code (QRCC) may be identified in the QR image based on a QR tag in the image. Based on the QRCC, a control command of an apparatus may be identified. Other embodiments may be described and/or claimed.

Abstract: Measurement exchange networks and protocols to exchange measurements of a parameter amongst devices (e.g., IoT devices), select the best measurement(s), accuracy/precision-wise, and determine a process variable for a control system based on the selected best measurement(s). A device may select a peer-provided best measurement to output as the process variable in place of a local measurement, and/or compute the process variable from multiple best measurements (e.g., local and/or peer-provided measurements). Metadata may be used to select a measurement(s) and/or to increase reliability/trust of exchanged data. In this way, each device of an exchange group/network may obtain the highest measurement accuracy of all available collocated sensors with little or no additional processing or cloud connectivity.

Abstract: A technique for secure network storage includes generating, by a trusted execution environment in a first device, an encryption key and a certificate for a document, wherein the certificate comprises expiry information for the document and the encryption key, encrypting, by a general execution environment in the first device, the document with the encryption key, transmitting the encryption key to a remote key manager, and transmitting the document to a remote network storage device, wherein a second device is allowed to decrypt the document based on the expiry information.

Abstract: Systems and methods for power distribution allocation are provided. A system may establish a first wireless connection between the system and a first mobile device. The system may receive a first charge request from the first mobile device comprising first mobile device information, and may identify charging system policies based at least in part on the first charge request. The system may determine a first charge program for the first mobile device based at least in part on the first charge request and the one or more charging system policies, where the first charge program comprises a power allocation of the first mobile device with respect to other mobile devices connected to the charging system. The system may wirelessly charge the first mobile device, based at least in part on the first charge program.

Abstract: Providing detection of computing application malfunctions by performing at least the following: collecting a plurality of computing events that correspond to a computing application and a plurality of addresses associated with the plurality of computing events, generating an event trace that comprises the plurality of computing events and the plurality of addresses, constructing at least one sample fingerprint that represents a current behavior of the computing application using at least the event trace, comparing the at least one sample fingerprint with a behavior model that represents an expected operation of the computing application; and determining whether the computing application is malfunctioning based upon the comparison of the at least one sample fingerprint and the behavioral model.

Abstract: A destination data processing system (DPS) receives a key migration block from a source DPS. The key migration block includes an encrypted version of a primary key. The destination DPS receives user input that identifies (a) an authentication policy and (b) a context policy. The destination DPS collects authentication data from the user, based on the identified authentication policy. The destination DPS collects context data, based on the identified context policy. The destination DPS uses the authentication data and the context data to decrypt the key migration block. The authentication data may comprise multiple types of authentication data, possibly including biometric data. The user may also input an index, and the destination DPS may use the index to retrieve a number from a random number server. The destination DPS may use that number to decrypt the key migration block. Other embodiments are described and claimed.