Abstract: Technologies for verification include storage with private keys, wherein each private key is associated with a group affiliation. The storage also includes characteristic information about an apparatus. The technologies also include a wireless interface configured to receive a request from a reader for verification of membership of the apparatus within a group affiliation. The technologies further include a controller with programmable logic for configuring the controller to determine whether to verify membership of the apparatus within a given group affiliation. The controller is also configured to verify membership of the apparatus within the given group affiliation by signing data with a private key associated with the given group affiliation. The signed data is sent to the reader. Membership within the given group affiliation conveys a subset of the characteristic information.

Abstract: Technologies for verification include storage with private keys, wherein each private key is associated with a group affiliation. The storage also includes characteristic information about an apparatus. The technologies also include a wireless interface configured to receive a request from a reader for verification of membership of the apparatus within a group affiliation. The technologies further include a controller with programmable logic for configuring the controller to determine whether to verify membership of the apparatus within a given group affiliation. The controller is also configured to verify membership of the apparatus within the given group affiliation by signing data with a private key associated with the given group affiliation. The signed data is sent to the reader. Membership within the given group affiliation conveys a subset of the characteristic information.

Abstract: In one embodiment, a networked device includes a main platform having a processor, a memory and a basic input/output system (BIOS), and a management subsystem coupled to the main platform to provision the main platform irrespective of the presence of an operating system on the main platform.

Abstract: In one embodiment, a method includes receiving a decommission command from a management console, determining that the decommission command is authentic, and disabling the manageability functions of a management subsystem on a managed device.

Abstract: A computer system is disclosed. The computer system includes a storage device, a device controller and a chipset. The device controller includes lock registers having values that correspond to the ranges of locked sectors of the storage device. The lock registers verify if a storage device access request is targeted for ranges of sectors of the storage device that are locked. The chipset includes an embedded controller to authenticate the storage device access request and to manage configuration of the storage device.

Abstract: Embodiments of the invention are generally directed to systems, methods, and apparatuses for controlling a network connection based, at least in part, on dual-switching. In an embodiment, a tunnel proxy is coupled with a host execution environment. The tunnel proxy includes logic to provide a security protocol client and logic to provide a security protocol server. In one embodiment, the tunnel proxy provides a proxy for a policy decision point to the host execution environment. Other embodiments are described and claimed.

Abstract: Embodiments of the invention are generally directed to systems, apparatuses, and methods for a host software presence check from an isolated partition. In an embodiment, a presence verification component is located within an isolated partition. The isolated partition may be, for example, a service processor or a virtual partition implemented on a host platform. The presence verification component determines whether a host software agent is executing on the host platform. In one embodiment, the presence verification component initiates a remedial action, if the host software agent is not executing on the host platform. Other embodiments are described and claimed.

Abstract: Embodiments of the inventions are generally directed to methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control. In an embodiment, a platform includes a switch to control a network connection and an endpoint enforcement engine coupled with the switch. The endpoint enforcement engine may be capable of dynamically switching among a number of network access control modes responsive to an instruction received from the network connection.

Abstract: A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.

Abstract: In an embodiment of the present invention, a technique is provided for remote attestation. An interface maps a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode. The secure environment is associated with an isolated memory area accessible by at least one processor. The at least one processor operates in one of a normal execution mode and the isolated execution mode. A communication storage corresponding to the address space allows the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation.

Abstract: In one embodiment, a networked device includes a main platform having a processor, a memory and a basic input/output system (BIOS), and a management subsystem coupled to the main platform to provision the main platform irrespective of the presence of an operating system on the main platform.

Abstract: A method according to one embodiment may include: receiving a first encrypted signal at a server of a computing network, the first encrypted signal comprising firmware encrypted by a first encryption algorithm having a first complexity level; sending a second encrypted signal over the computing network to at least one managed client in response to the first encrypted signal, the second encrypted signal comprising the firmware encrypted by a second encryption algorithm having a second complexity level, wherein said first complexity level is greater than said second complexity level; and updating existing firmware of the at least one managed client in response to receipt of the second signal at the at least one managed client. Of course, many alternatives, variations, and modifications are possible without departing from this embodiment.

Abstract: In one embodiment, a method includes receiving a decommission command from a management console, determining that the decommission command is authentic, and disabling the manageability functions of a management subsystem on a managed device.

Abstract: Described is a computing platform comprising a host processing system to host an operating system, a communication adapter to transmit data to or and receive data from a data transmission medium, and a non-volatile storage. The computing platform may also comprise an agent executable independently of the operating system to enable read-only or read/write access to at least a portion of the non-volatile storage.

Abstract: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.

Abstract: An example processing system comprises a processor to execute in an isolated execution mode in a ring 0 operating mode. The processor also supports one or more higher ring operating modes, as well as a normal execution mode. The processing system also comprises memory, as well as a machine-accessible medium having instructions. When the processing system executes the instructions, the processing system configures the processor to run in the isolated execution mode, configures the processing system to establish an isolated memory area in the memory, and loads initialization software into the isolated memory area. The processing system may provide a manifest that represents the initialization software. The initialization software may be verified, based at least in part on the manifest.

Abstract: My device applies to acoustic guitars which have bridges glued to the guitar top. My device securely joins the bridge to the guitar top. Sometimes the tension of the strings pulling on the bridge separates it from the guitar top. My device attacks this problem by using a cross member support bar, which bears upon braces glued to the underside of the guitar top. Screws or other fasteners, threaded through the cross member support bar, guitar top, and bridge, joins them securely. The cross member support bar and fasteners may be installed during the original manufacturing process or added later after the musician has dislodged or separated the bridge partially or wholly from the guitar top. The effect of the cross member support bar, fastened to the bridge in the above manner, is to improve the sound of acoustic guitars.