Abstract: In one embodiment, an apparatus includes a storage element, and a processing element configured to verify an asymmetric digital signature in order to authenticate a data item signed with the asymmetric digital signature, upon successful verification of the asymmetric digital signature, generate a symmetric MAC of the data item and store the symmetric digital in the storage element, and retrieve and verify the symmetric MAC in order to authenticate the data item.

Abstract: In one embodiment, an apparatus includes a storage element, and a processing element configured to verify an asymmetric digital signature in order to authenticate a data item signed with the asymmetric digital signature, upon successful verification of the asymmetric digital signature, generate a symmetric MAC of the data item and store the symmetric digital in the storage element, and retrieve and verify the symmetric MAC in order to authenticate the data item.

Abstract: A method for exporting sensitive information an integrated circuit, the method comprising: fabricating an integrated circuit, the integrated circuit having a register-transfer level “RTL” key fabricated in the integrated circuit, wherein the RTL key is a pre-determined cryptographic key; signing the sensitive information using the RTL key using a signature; and exporting the signed sensitive information and the signature for validation.

Abstract: An Integrated Circuit (IC) includes an on-chip non-volatile memory (NVM) and an on-chip processor. The on-chip NVM is configured to store a representation of a device-specific part of a security certificate assigned to the IC. The on-chip processor is configured to obtain a common part of the security certificate, to reconstruct the security certificate from the obtained common part and from the representation of the device-specific part stored in the on-chip NVM, and to perform a security operation using the reconstructed security certificate.

Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is configured to communicate with an NVM. The processor is configured to store in the NVM at least (i) data entries including data and (ii) mapping entries including mapping information that indicate physical addresses in which the data entries are stored in the NVM, and to verify authenticity of the data entries and of the mapping entries using a hierarchical authentication scheme in which (i) the data entries include first authentication information that authenticates the data, and (ii) the mapping entries include second authentication information that authenticates both the mapping information and the data entries.

Abstract: A communication device includes a modem and circuitry. The modem communicates with a cellular network that is linked to a data network to which one or more target servers are coupled. The circuitry is configured to hold a token that identifies the communication device for assignment to a selected service plan in a management server of the cellular network, to trigger, based on the token, an onboarding request to the management server for assigning the selected service plan to the communication device, and, after the selected service plan has been assigned to the communication device in the management server, to communicate with a target server, via the cellular network and over the data network, in accordance with the selected service plan.

Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is configured to communicate with an NVM. The processor is configured to store in the NVM at least (i) data entries including data and (ii) mapping entries including mapping information that indicate physical addresses in which the data entries are stored in the NVM, and to verify authenticity of the data entries and of the mapping entries using a hierarchical authentication scheme in which (i) the data entries include first authentication information that authenticates the data, and (ii) the mapping entries include second authentication information that authenticates both the mapping information and the data entries.

Abstract: An Integrated Circuit (IC) includes a nonvolatile storage element and a processor. The nonvolatile storage element is pre-programmed with a Root of Trust (RoT) secret. The processor is configured to receive via an unsecured link a data image that is securely protected based on the RoT secret, the data image containing at least an application program for generating user personal data. The processor is further configured to install the application program in response to verifying, using the RoT secret, that the received data image is trusted, to run the application program to generate the user personal data, securely within the IC, and to report the user personal data using a secured scheme.

Abstract: A communication device includes a modem and circuitry. The modem communicates with a cellular network that is linked to a data network to which one or more target servers are coupled. The circuitry is configured to hold a token that identifies the communication device for assignment to a selected service plan in a management server of the cellular network, to trigger, based on the token, an onboarding request to the management server for assigning the selected service plan to the communication device, and, after the selected service plan has been assigned to the communication device in the management server, to communicate with a target server, via the cellular network and over the data network, in accordance with the selected service plan.

Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.

Abstract: Technologies for communicating with local components of a computing device include intercepting a name resolution request from a host application, resolving a hostname included in the name resolution request to obtain a network address assigned to a target destination of the network packet, and transmitting the network address to the host application in response to the name resolution request. Such technologies may also include receiving the network packet from the host application destined for the network address, determining whether the target destination of the network packet includes a local component of the computing device based on the network address, and transmitting the network packet to the local component of the computing device via a platform network in response to the network packet being destined for the local component of the computing device.

Abstract: An Integrated Circuit (IC) includes an on-chip non-volatile memory (NVM) and an on-chip processor. The on-chip NVM is configured to store a representation of a device-specific part of a security certificate assigned to the IC. The on-chip processor is configured to obtain a common part of the security certificate, to reconstruct the security certificate from the obtained common part and from the representation of the device-specific part stored in the on-chip NVM, and to perform a security operation using the reconstructed security certificate.

Abstract: A method for exporting sensitive information an integrated circuit, the method comprising: fabricating an integrated circuit, the integrated circuit having a register-transfer level “RTL” key fabricated in the integrated circuit, wherein the RTL key is a pre-determined cryptographic key; signing the sensitive information using the RTL key using a signature; and exporting the signed sensitive information and the signature for validation.

Abstract: Described herein are architectures, platforms and methods for offloading process or application from a near field communication (NFC) master device for proxy delegation to a proxy NFC device.

Abstract: In an example, a DHN (DHN) is provided for enabling grantees to access digitally-controlled assets of a principal. The principal (level 0) establishes a digital testament (DT), identifying one or more grantees on levels 1-n. Each grantee receives a digital heritage certificate (DHC), which may be based on the PKI certificate definition. The DHC includes a “PREDECESSORS” field, identifying one or more predecessor certificates that must be revoked before the DHC is valid. All grantee DHCs have the principal's level 0, DHC as a predecessor certificate. Level n certificates may also be valid only if all certificates at level n?1, have been revoked. In practice, a DHC may be revoked when a user of the certificate passes away, so that nth generation grantees inherit only when generation n?1, has passed away.

Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.

Abstract: Technologies for communicating with local components of a computing device include intercepting a name resolution request from a host application, resolving a hostname included in the name resolution request to obtain a network address assigned to a target destination of the network packet, and transmitting the network address to the host application in response to the name resolution request. Such technologies may also include receiving the network packet from the host application destined for the network address, determining whether the target destination of the network packet includes a local component of the computing device based on the network address, and transmitting the network packet to the local component of the computing device via a platform network in response to the network packet being destined for the local component of the computing device.

Abstract: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.

Abstract: An apparatus may include a transceiver and a processor circuit coupled to the transceiver. The apparatus may also include a local packet data network access module operable on the processor circuit to schedule for transmission from the transceiver to a mobility management entity (MME) a request from a user equipment (UE) for access to a local network, to generate a request for authentication to be sent to the UE, and to receive authentication information sent in response to the request for authentication. Other embodiments are disclosed and claimed.

Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.