Abstract: The management of web page content includes maintaining an auditable log of trust verification relating to the web page content. The management further includes an attestation of a source of the web page content. The attestation relates to a security practice of the source, computer code provided by the source, a reputation of the source, and a history of the source. A modified version of a Verkle Tree is then applied to the auditable log and the attestation of the source.

Abstract: A process for transmitting a file from a sender device to a receiver device includes generating a random symmetric session key for the sender device, and randomly selecting a private ephemeral key for the sender device. The private ephemeral key is associated with a corresponding first public key. A public ephemeral key is randomly selected for the receiving device. The public ephemeral key is associated with a corresponding first private key. A random value is generated, an encrypted session key is calculated, and the file is encrypted using symmetric encryption. The sender device includes a first public X509 certificate comprising a second public key and a corresponding second private key that is signed by a service provider, and the receiver device includes a second public X509 certificate comprising a third public key and a corresponding third private key.

Abstract: An electronic device is provided that includes a memory storing program instructions, and one or more processors. The one or more processors, when executing the program instructions, are configured to generate an agent public key, and generate a key font based on the agent public key. The one or more processors are also configured to communicate the key font to an operating system, and obtain a key message based on the key font from an application. The one or more processors are also configured to respond to the key message on a bus based on the key message.

Abstract: In one aspect, an apparatus may include at least one processor and storage accessible to the at least one processor. The storage may include instructions executable by the at least one processor to identify a live physical attribute of a device, where the live physical attribute may be related to the device's orientation or another aspect of the device. The instructions may also be executable to visually present, in virtual space, a representation of the device. The representation may be presented according to the live physical attribute of the device.

Abstract: A computer implemented method for providing a communication path is provided. The method includes to determine, with a receiving device, a shared secret based on a receiving device private key and an electronic device public key communicated to the receiving device over a network, and determine, with the electronic device, the shared secret based on an electronic device private key and a receiving device public key communicated to the electronic device over the network. The method also includes to determine, with the receiving device, an identifier of the receiving device based on the shared secret, and determine, with the electronic device, a time-based one-time password (TOTP) based on the shared secret. The method also includes to obtain a token based on the TOTP, communicate the token from the electronic device to the receiving device based on the identifier, and provide a communication path between the receiving device and electronic device based on the token.

Abstract: An electronic device is provided that includes a display, a processor, and a data storage device having executable instructions accessible by the processor. Responsive to execution of the instructions, the processor displays a user desktop related to a user, creates a virtual meeting that is configured to be attended by communication through a network by at least one network based electronic device, generates a shared desktop related to the virtual meeting that is configured to be shared with the at least one network based electronic device via the network, and displays the shared desktop during the virtual meeting.

Abstract: Methods, apparatus, and computer program products for adding devices to a network via a zero-knowledge protocol are disclosed. One method includes implementing, by a processor, a zero-knowledge protocol configured to establish digital trust relationships between the processor and computing devices attempting to join a network and adding each computing device to the network that successfully establishes a respective digital trust relationship with the processor via the zero-knowledge protocol.

Abstract: Methods, apparatus, and computer program products for computing device digital certificates that include a geographic extension are disclosed herein. One method includes a processor managing a digital certificate for a first computing device, in which the digital certificate includes a geographic extension, and populating the geographic extension with a distance value that enables the digital certificate to be validated via the populated geographic extension. Apparatus and computer program products that include hardware and/or software that can perform the methods for computing device digital certificates that include a geographic extension are also disclosed herein.

Abstract: In one aspect, a device may include at least one processor and storage accessible to the at least one processor. The storage may include instructions executable by the at least one processor to identify a time-based one-time password (TOTP) associated with an activity such as a transaction. The instructions may also be executable to authenticate the transaction via the TOTP using a public key associated with a first party to the transaction and using one or more of data related to a name of the first party to the transaction, data related to an amount of the transaction, data related to a date of the transaction, and/or data related to an account number associated with the transaction. Based on the authentication, the instructions may then be executable to process the transaction.

Abstract: Various disclosed embodiments include illustrative apparatuses, methods, and program products. In an illustrative embodiment, an apparatus includes a processor, a network interface, and a memory that stores code executable by the processor. The code receives signed keys from a computing device over a network via the network interface. The signed keys include a key signed by a mobile device associated with the computing device and the signed keys were generated responsive to a first key agreement protocol configured to provide one of forward secrecy protection and time-based expiration. The code authenticates the received signed keys responsive to prior knowledge of public keys associated with at least one of the computing device and the mobile device according to a second key agreement protocol configured to provide one of forward secrecy protection and time-based expiration and code that initiates a communication between the processor and the device responsive to the received signed keys being authenticated.

Abstract: Various disclosed embodiments include illustrative apparatuses, methods, and program products. In an illustrative embodiment, an apparatus includes a processor, a network interface, and a memory that stores code executable by the processor. The code receives signed keys from a computing device over a network via the network interface. The signed keys include a key signed by a mobile device associated with the computing device and the signed keys were generated responsive to a first key agreement protocol configured to provide one of forward secrecy protection and time-based expiration. The code authenticates the received signed keys responsive to prior knowledge of public keys associated with at least one of the computing device and the mobile device according to a second key agreement protocol configured to provide one of forward secrecy protection and time-based expiration and code that initiates a communication between the processor and the device responsive to the received signed keys being authenticated.

Abstract: One embodiment provides a method, including: receiving, at a server from a device, a request for device authentication across an unsecure network, the request including a device registration token; generating, at the server, a shared registration key utilizing the device registration token; verifying, at the server, the device registration token by comparing the device registration token to a function of the shared registration key; and producing, at the server and responsive to verifying the device registration token, a one-time activation token and sending the one-time activation token to the device. Other aspects are described and claimed.

Abstract: Apparatuses, methods, systems, and program products are disclosed for distributed license encryption and distribution. An apparatus includes a processor and a memory that stores code executable by the processor. The code is executable to select a license token from a pool of available license tokens associated with available digital licenses in response to a license request from a first device. The license token includes information identifying second devices where segments of a digital license associated with the license token are stored. The segments are encrypted using encryption keys for one or more participants. The code is executable to re-encrypt the segments of the digital license for the selected license token using an encryption key for the first device and send the license token to the first device where it is used to request the segments from the second devices, decrypt the segments, and reconstruct the digital license.

Abstract: Apparatus, methods, and computer program products for managing power sharing in electronic devices are disclosed. One apparatus includes a processor and a memory that stores code executable by the processor to determine, in real-time, whether one or more first electronic devices that are compatible with a second electronic device that is low on power are within a predetermined geographic distance of the second electronic device and, in response to determining that one or more first electronic devices that are compatible with the second electronic device are within the predetermined geographic distance of the second electronic device, transmit a request to the one or more first electronic devices inquiring whether any of the one or more first electronic devices are willing to share power with the second electronic device. Methods and computer program products that include and/or perform the operations of the apparatus are also disclosed.

Abstract: Methods, apparatus, and program products that can predict misconfigurations in a computing system using machine learning are disclosed herein. One method includes labeling one or more graph nodes or link nodes of a data graph of a computing system that includes one or more security vulnerabilities with a node label or link label, respectively, in which each node label represents the first security vulnerabilities associated with a particular graph node and each link label represents the second security vulnerabilities associated with a particular link node. The method further includes utilizing the graph node(s) or the link node(s) to train a machine learning algorithm to predict one or more misconfigurations in the computing system based on the security vulnerabilities and determining one or more modifications to the computing system for mitigating the one or more misconfigurations. Apparatus and program products that include and/or perform the methods are also disclosed herein.

Abstract: A system includes a binary tree having leaf hashes. The leaf hashes include a device privacy protected index and a set of zero-knowledge commitments relating to a computer device. The system calculates the device privacy protected index using a verifiable random function such that a device entity path in the binary tree cannot reveal any information about any other device in the binary tree, and associates the set of zero-knowledge commitments with the device privacy protected index. The system then generates a privacy-protected attestation for the computer device using the device privacy protected index and the set of zero-knowledge commitments.

Abstract: A computer implemented method for providing a communication path is provided. The method includes to determine, with a receiving device, a shared secret based on a receiving device private key and an electronic device public key communicated to the receiving device over a network, and determine, with the electronic device, the shared secret based on an electronic device private key and a receiving device public key communicated to the electronic device over the network. The method also includes to determine, with the receiving device, an identifier of the receiving device based on the shared secret, and determine, with the electronic device, a time-based one-time password (TOTP) based on the shared secret. The method also includes to obtain a token based on the TOTP, communicate the token from the electronic device to the receiving device based on the identifier, and provide a communication path between the receiving device and electronic device based on the token.

Abstract: An electronic device is provided that includes a display, a processor, and a data storage device having executable instructions accessible by the processor. Responsive to execution of the instructions, the processor displays a user desktop related to a user, creates a virtual meeting that is configured to be attended by communication through a network by at least one network based electronic device, generates a shared desktop related to the virtual meeting that is configured to be shared with the at least one network based electronic device via the network, and displays the shared desktop during the virtual meeting.

Abstract: Methods that can verify a password utilizing commitments are provided. One method includes receiving from a client device and storing, by a processor, an initial commitment representing a password for a user account without storing the actual password on the apparatus, receiving, from the client device, a subsequent commitment, and verifying that the subsequent commitment represents the password for the user account based on a difference between the initial commitment and the subsequent commitment. Systems and apparatus that can include, perform, and/or implement the methods are also provided.

Abstract: In one aspect, a device may include a processor and storage with instructions executable to identify a ranking of different chunks of a new update file, with the different ranks associated with different hashing algorithms. The instructions may also be executable to determine whether a respective newly-received hash for a respective chunk of the new update file is different from a respective prior hash of a prior software version for the same respective chunk. Responsive to the respective newly-received hash being different from the respective prior hash for the same chunk, the instructions may be executable to attempt to validate the respective chunk using the respective hashing algorithm associated with the respective rank for the respective chunk. Responsive to the respective newly-received hash being the same as the respective prior hash for the same respective chunk, the instructions may be executable to decline to attempt to validate the respective chunk.