Abstract: The Internet can be configured to provide communications to a large number of Internet-of-Things (IoT) devices. Devices can be designed to address the need for network layers, from central servers, through gateways, down to edge devices, to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Network protocols can be part of the fabric supporting human accessible services that operate regardless of location, time, or space. Innovations can include service delivery and associated infrastructure, such as hardware and software. Services may be provided in accordance with specified Quality of Service (QoS) terms. The use of IoT devices and networks can be included in a heterogeneous network of connectivity including wired and wireless technologies.

Abstract: A trusted communications environment includes a primary participant with a group creator and a distributed ledger, and a secondary participant with communication credentials. An Internet of Things (IoT) network includes a trusted execution environment with a chain history for a blockchain, a root-of-trust for chaining, and a root-of-trust for archives. An IoT network includes an IoT device with a communication system, an onboarding tool, a device discoverer, a trust builder, a shared domain creator, and a shared resource directory. An IoT network includes an IoT device with a communication system, a policy decision engine, a policy repository, a policy enforcement engine, and a peer monitor. An IoT network includes an IoT device with a host environment and a trusted reliability engine to apply a failover action if the host environment fails. An IoT network includes an IoT server including secure booter/measurer, trust anchor, authenticator, key manager, and key generator.

Abstract: Particular embodiments described herein provide for modular device assemblies and methods for enabling maintenance and servicing, particularly by an unmanned aerial vehicle. A device assembly comprises a plurality of modules, each module having control circuitry, a communications port and contact points to couple the modules. When the modules are coupled, the communications ports are connected to create a bus for communications between the modules. The modular device structure where modules are removable and replaceable allows for an unmanned aerial vehicle to perform maintenance on the device.

Abstract: A trusted communications environment includes a primary participant with a group creator and a distributed ledger, and a secondary participant with communication credentials. An Internet of Things (IoT) network includes a trusted execution environment with a chain history for a blockchain, a root-of-trust for chaining, and a root-of-trust for archives. An IoT network includes an IoT device with a communication system, an onboarding tool, a device discoverer, a trust builder, a shared domain creator, and a shared resource directory. An IoT network includes an IoT device with a communication system, a policy decision engine, a policy repository, a policy enforcement engine, and a peer monitor. An IoT network includes an IoT device with a host environment and a trusted reliability engine to apply a failover action if the host environment fails. An IoT network includes an IoT server including secure booter/measurer, trust anchor, authenticator, key manager, and key generator.

Abstract: Methods and apparatus for hardware based file/document expiry timer enforcement is disclosed. An example method includes instructing, by executing an instruction with a processor, a trusted execution environment to generate an encryption key and a certificate for a document, the certificate including expiry information for the document, the certificate associated with identification information of the document, and the expiry information indicative of a time period for which the encryption key is valid to decrypt the document; encrypting, by executing an instruction with the processor, the document using the encryption key; transmitting the certificate to a first remote network storage device; and transmitting the document to a second remote network storage device.

Abstract: Particular embodiments described herein provide for modular device assemblies and methods for enabling maintenance and servicing, particularly by an unmanned aerial vehicle. A device assembly comprises a plurality of modules, each module having control circuitry, a communications port and contact points to couple the modules. When the modules are coupled, the communications ports are connected to create a bus for communications between the modules. The modular device structure where modules are removable and replaceable allows for an unmanned aerial vehicle to perform maintenance on the device.

Abstract: An example apparatus includes: memory; instructions in the apparatus; and at least one processor to execute the instructions to: check for proof of trust information in one or more pre-determined positions in a trusted digital image, the proof of trust information including a secure output marker, the secure output marker indicative of information corresponding to a trusted output area of the trusted digital image; decrypt the secure output marker using one or more security keys from a trusted execution environment (TEE), the TEE isolated from a computing application; and enable activation of a trusted output indicator in response to a match between first data corresponding to the secure output marker and second data corresponding to the trusted output area of the trusted digital image.

Abstract: Providing optical watermark signals for a visual authentication session by performing at least the following: receive, at an anti-spoof engine, an instruction to perform visual authentication operations for a visual authentication session, generate, with the anti-spoof engine, an optical watermark signal based on receiving the instruction, wherein the optical watermark signal includes at least one optical identifier to authenticate images captured during the visual authentication session, obtain, with the anti-spoof engine, an image source that includes captured images of the visual authentication session, determine, with the anti-spoof engine, whether the image source includes a reflected optical watermark signal, and compare, with the anti-spoof engine, whether the reflected optical watermark signal matches the generated optical watermark signal based on the determination that the image source includes the reflected optical watermark signal.

Abstract: The Internet can be configured to provide communications to a large number of Internet-of-Things (IoT) devices. Devices can be designed to address the need for network layers, from central servers, through gateways, down to edge devices, to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Network protocols can be part of the fabric supporting human accessible services that operate regardless of location, time, or space. Innovations can include service delivery and associated infrastructure, such as hardware and software. Services may be provided in accordance with specified Quality of Service (QoS) terms. The use of IoT devices and networks can be included in a heterogeneous network of connectivity including wired and wireless technologies.

Abstract: A wearable device provides protection for personal identity information by fragmenting a key needed to release the personal identity information among members of a body area network of wearable devices. A shared secret algorithm is used to allow unlocking the personal identity information with fragmental keys from less than all of the wearable devices in the body area network. The wearable devices may also provide protection for other personal user data by employing a disconnect and erase protocol that causes wearable devices to drop connections with an external personal data space and erase locally stored personal information if a life pulse from a connectivity root device is not received within a configurable predefined period.

Abstract: A trusted communications environment includes a primary participant with a group creator and a distributed ledger, and a secondary participant with communication credentials. An Internet of Things (IoT) network includes a trusted execution environment with a chain history for a blockchain, a root-of-trust for chaining, and a root-of-trust for archives. An IoT network includes an IoT device with a communication system, an onboarding tool, a device discoverer, a trust builder, a shared domain creator, and a shared resource directory. An IoT network includes an IoT device with a communication system, a policy decision engine, a policy repository, a policy enforcement engine, and a peer monitor. An IoT network includes an IoT device with a host environment and a trusted reliability engine to apply a failover action if the host environment fails. An IoT network includes an IoT server including secure booter/measurer, trust anchor, authenticator, key manager, and key generator.

Abstract: The Internet can be configured to provide communications to a large number of Internet-of-Things (IoT) devices. Devices can be designed to address the need for network layers, from central servers, through gateways, down to edge devices, to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Network protocols can be part of the fabric supporting human accessible services that operate regardless of location, time, or space. Innovations can include service delivery and associated infrastructure, such as hardware and software. Services may be provided in accordance with specified Quality of Service (QoS) terms. The use of IoT devices and networks can be included in a heterogeneous network of connectivity including wired and wireless technologies.

Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for dynamic re-distribution of detection content and algorithms for exploit detection. An example apparatus includes at least one processor, and memory including instructions that, when executed, cause the at least one processor to deploy respective ones of a plurality of standard detection algorithms and content (SDACs) to respective ones of a first endpoint and a second endpoint, deploy a first set of enhanced detection algorithms and content (EDACs) to the first endpoint, deploy a second set of the EDACs to the second endpoint, the second set of EDACs different from the first set of EDACs, and in response to obtaining a notification indicative of an exploit attack from the first endpoint, distribute the first set of EDACs to the second endpoint to facilitate detection of the exploit attack at the second endpoint.

Abstract: A trusted communications environment includes a primary participant with a group creator and a distributed ledger, and a secondary participant with communication credentials. An Internet of Things (IoT) network includes a trusted execution environment with a chain history for a blockchain, a root-of-trust for chaining, and a root-of-trust for archives. An IoT network includes an IoT device with a communication system, an onboarding tool, a device discoverer, a trust builder, a shared domain creator, and a shared resource directory. An IoT network includes an IoT device with a communication system, a policy decision engine, a policy repository, a policy enforcement engine, and a peer monitor. An IoT network includes an IoT device with a host environment and a trusted reliability engine to apply a failover action if the host environment fails. An IoT network includes an IoT server including secure booter/measurer, trust anchor, authenticator, key manager, and key generator.

Abstract: Methods and apparatus for hardware based file/document expiry timer enforcement is disclosed. An example method includes instructing, by executing an instruction with a processor, a trusted execution environment to generate an encryption key and a certificate for a document, the certificate including expiry information for the document, the certificate associated with identification information of the document, and the expiry information indicative of a time period for which the encryption key is valid to decrypt the document; encrypting, by executing an instruction with the processor, the document using the encryption key; transmitting the certificate to a first remote network storage device; and transmitting the document to a second remote network storage device.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface to communicatively couple to a backup client; a storage to receive backup data from the client, including a plurality of versions and an associated reputation for each version, the associated reputation to indicate a probability that the version is valid; and instructions encoded within the memory to instruct the processor to: receive from the backup client a request to store a new version of the backup data; determine that the client has exceeded a backup threshold; identify a backup version having a lowest reputation for validity; and expunge the backup version having the lowest reputation for validity.

Abstract: An improved anti-malware protection system protects computers against exploits in a scripting language that may be run in a browser. The system comprises a recorder that records scripting language execution events, a trace generator that transforms the recorded scripting language execution events into an execution trace, and a security engine that scans the execution trace and advises a security software about exploits found in the execution trace. By hooking the recorder into a runtime application programming interface for the scripting language, the improved protection system can detect exploits dynamically without the need for a browser-dependent plugin. An optional plugin can be included to perform file-based analysis of the script in addition to the runtime analysis of the script. The system can provide an application programming interface that can be used by multiple security software programs from multiple vendors to create an enhanced security software product.

Abstract: An example apparatus includes: memory; instructions in the apparatus; and at least one processor to execute the instructions to: check for proof of trust information in one or more pre-determined positions in a trusted digital image, the proof of trust information including a secure output marker, the secure output marker indicative of information corresponding to a trusted output area of the trusted digital image; decrypt the secure output marker using one or more security keys from a trusted execution environment (TEE), the TEE isolated from a computing application; and enable activation of a trusted output indicator in response to a match between first data corresponding to the secure output marker and second data corresponding to the trusted output area of the trusted digital image.

Abstract: Methods and apparatus for hardware based file/document expiry timer enforcement is disclosed. An example method includes instructing, by executing an instruction with a processor, a trusted execution environment to generate an encryption key and a certificate for a document, the certificate including expiry information for the document, the certificate associated with identification information of the document, and the expiry information indicative of a time period for which the encryption key is valid to decrypt the document; encrypting, by executing an instruction with the processor, the document using the encryption key; transmitting the certificate to a first remote network storage device; and transmitting the document to a second remote network storage device.