Abstract: Technologies for performing orientation-independent bioimpedance-based user authentication include a compute device. The compute device includes a plurality of electrodes usable to transmit an alternating current and measure a bioimpedance in a section of the body of a user. The compute device is to transmit, with a pair of the electrodes, an alternating current through the section of the body of the user, measure, with a pair of the electrodes, a bioimpedance of the section of the body to the transmitted alternating current, generate a tomographic image as a function of the measured bioimpedance, identify a position of a fiduciary marker in the tomographic image, rotate the tomographic image to a predefined orientation as a function of the position of the fiduciary marker, extract one or more biometric features from the rotated tomographic image, and perform authentication of the user as a function of the extracted one or more biometric features.

Abstract: The present invention relates to compounds of general formula (I). wherein A represents an optionally substituted heterocycle group, B represents an aryl or heteroaryl group and wherein X, R1, R2, R3, R4 and R5 are as defined in the description.

Abstract: A wearable device (“WD”) stores a token after its wearer completes a successful strong authentication on a primary protected device (“primary PD”). Other protected devices (“secondary PDs”) recognize the stored token as representing a strong authentication and grant the user access while the user continues to wear the WD within a “digital leash-length” proximity. The WD constantly monitors whether the user continues to wear the device. Upon sensing that the user has removed the WD, the WD deletes, disables, or invalidates the token, The user must then repeat the strong authentication to gain further access to the protected devices.

Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to maintain user authentications with common trusted devices. If a user is in possession of a first computing device (e.g., a smartphone), an unlocked state of the first trusted device is maintained if the user is using a nearby trusted device (e.g., a computer) within a certain amount of time. If the first trusted device is in a pocket or other container, a longer span of time is granted to the user to register an on-body state.

Abstract: In an example, a computing device may include a trusted execution environment (TEE) for executing signed and verified code. The device may receive a trusted binary object in a first form, but the object may need to be converted to a second format, either on-the-fly, or in advance. This may include, for example, a bytecode interpreter, script interpreter, runtime engine, compiler, just-in-time compiler, or other species of binary translator. The binary translator may be run from the TEE, and the output may then be signed by the TEE and treated as a new trusted binary.

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

Abstract: Systems and methods for providing trusted time service for the off-line mode of operation of a processing system. An example processing system comprises: a first processing device communicatively coupled to a real-time clock, the first processing device to modify an epoch value associated with the real-time clock responsive to detecting a reset of the real-time clock; and a second processing device to execute, in a first trusted execution environment, a first application to receive, from the first processing device, a first time value outputted by the real-time clock and a first epoch value associated with the real-time clock.

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to maintain user authentications with common trusted devices. If a user is in possession of a first computing device (e.g., a smartphone), an unlocked state of the first trusted device is maintained if the user is using a nearby trusted device (e.g., a computer) within a certain amount of time. If the first trusted device is in a pocket or other container, a longer span of time is granted to the user to register an on-body state.

Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

Abstract: In general, in one aspect, noise is injected into a bitmap associated with content to be presented on a display to create a noisy bitmap. The noisy bitmap is encrypted using electronic code book (ECB) encryption. The resulting ciphertext does not include recognizable patterns from the content as is typical with ECB encryption. The injection of noise may include modifying pixel values for at least a subset of pixels in the bitmap. The pixel values may be modified by using a counter, a known modification pattern, or a random number generator. The bitmap may be analyzed to determine how the bitmap can be modified to maximize the randomness of the bitmap while ensuring that the noisy bitmap is visually perceptually similar when presented. The noise may be injected into a block of pixels prior to the block being encrypted.

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

Abstract: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.

Abstract: In general, in one aspect, noise is injected into a bitmap associated with content to be presented on a display to create a noisy bitmap. The noisy bitmap is encrypted using electronic code book (ECB) encryption. The resulting ciphertext does not include recognizable patterns from the content as is typical with ECB encryption. The injection of noise may include modifying pixel values for at least a subset of pixels in the bitmap. The pixel values may be modified by using a counter, a known modification pattern, or a random number generator. The bitmap may be analyzed to determine how the bitmap can be modified to maximize the randomness of the bitmap while ensuring that the noisy bitmap is visually perceptually similar when presented. The noise may be injected into a block of pixels prior to the block being encrypted.

Abstract: In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.

Abstract: An embodiment includes a method executed by at least one processor comprising: initializing first and second secure enclaves each comprising a trusted software execution environment that prevents software executing outside the first and second secure enclaves from having access to software and data inside the first and second secure enclaves; the first secure enclave (a)(i) inspecting a policy, (a)(ii) authenticating the second secure enclave in response to inspecting the policy; and (a)(iii) communicating encrypted content to the second secure enclave in response to authenticating the second secure enclave; and the second secure enclave (b)(i) decrypting the encrypted content to produce decrypted content, and (b)(ii) inspecting the decrypted content. Other embodiments are described herein.