Abstract: Some demonstrative embodiments include apparatuses, systems and/or methods of securing a service Identifier (ID). For example, a wireless device may include a Secure Service Identifier (SSID) processor to determine a SSID corresponding to a service, the SSID including an encrypted value being based on a service name key from a service provider of the service and a service name corresponding to the service; and a radio to transmit a wireless message including the SSID.

Abstract: Some demonstrative embodiments include apparatuses, systems and/or methods of securing a service Identifier (ID). For example, a wireless device may include a Secure Service Identifier (SSID) processor to determine a SSID corresponding to a service, the SSID including an encrypted value being based on a service name key from a service provider of the service and a service name corresponding to the service; and a radio to transmit a wireless message including the SSID.

Abstract: Technologies for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture include a virtual network function (VNF) bootstrap service (VBS) in secure network communication with a VBS agent of a VNF instance. The VBS agent is configured to execute a secure VNF bootstrap capture protocol in the NFV network architecture. Accordingly, the VBS agent can be configured to register with the VBS via secure communications transmitted between the VBS and the VBS agent. The secure communications include transmitting a security quote from a TEE of a platform on which the VNF instance is instantiated and a security credential request to the VBS, as well as receiving a security credential in response to validating the security quote and the security credential request. Other embodiments are described and claimed.

Abstract: In a method for validating software updates, a data processing system contains a current version of a software component. The data processing system saves at least first and second current advance keys (AKs). After saving the current AKs, the data processing system receives an update package for a new version of the software component. The data processing system extracts a digital signature and two or more new AKs from the update package. The data processing system uses at least one current AK to determine whether the digital signature is valid. In response to a determination that the digital signature is valid, the data processing system uses a software image from the update package to update the software component, and the data processing system saves the new AKs, for subsequent utilization as the current AKs. Other embodiments are described and claimed.

Abstract: Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. A direct link comprising a new communication session is set up between first and second stations in a wireless local area network (WLAN) hosted by an access point (AP), the direct link comprising a new communication session. The AP generates a unique session key for the new communication session and transfers secured copies of the session key to each of the first and second stations in a manner under which only the first and second stations can obtain the session key. A security mechanism is then implemented on the unsecured direct link to secure the direct link between the first and second stations using a secure session key derived from the session key.

Abstract: Various embodiments are generally directed to the providing for mutual authentication and secure distributed processing of multi-party data. In particular, an experiment may be submitted to include the distributed processing of private data owned by multiple distrustful entities. Private data providers may authorize the experiment and securely transfer the private data for processing by trusted computing nodes in a pool of trusted computing nodes.

Abstract: An embodiment includes a method executed by at least one processor comprising: an out-of-band cryptoprocessor receiving security credentials from a battery, which is included in a mobile computing node that comprises the at least one processor, while the mobile computing node is engaged in at least one of (a) booting, and (b) exchanging the battery after booting and during run-time; the cryptoprocessor accessing an authentication key; and the cryptoprocessor successfully authenticating the battery, via out-of-band processing, based on the security credentials and the authentication key. In an embodiment the security credentials are included in a certificate. Other embodiments are described herein.

Abstract: Technologies for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture include a virtual network function (VNF) bootstrap service (VBS) in secure network communication with a VBS agent of a VNF instance. The VBS agent is configured to execute a secure VNF bootstrap capture protocol in the NFV network architecture. Accordingly, the VBS agent can be configured to register with the VBS via secure communications transmitted between the VBS and the VBS agent. The secure communications include transmitting a security quote from a TEE of a platform on which the VNF instance is instantiated and a security credential request to the VBS, as well as receiving a security credential in response to validating the security quote and the security credential request. Other embodiments are described and claimed.

Abstract: In one embodiment, an apparatus includes a calculation logic to receive a plurality of wait certificates, each associated with a validated block of transactions of a distributed ledger system, and to generate a local mean value based thereon; a timer generation logic to generate a wait time for a proof of wait associated with a first block of transactions of the distributed ledger system based at least in part on the local mean value; a timer logic to identify when the wait period has expired; and a certificate generation logic to generate a wait certificate for the first block of transactions responsive to expiration of the wait period, the wait certificate to validate the first block of transactions. Other embodiments are described and claimed.

Abstract: In one embodiment, a method includes: receiving, in a device, a first message to request transfer of ownership of the device from a current owner to a new owner, the device having a storage to store a first title including a device identifier for the device and an owner identifier for the current owner, the storage to further store a first root authorization key associated with the current owner; sending a second message from the device to the new owner, the second message including a hash value of the first title; and receiving a third message, in the device, the third message including a second title for the device, the second title generated by the new owner and including a new owner identifier, the second title comprising a concatenation of the first title, to enable ownership of the device to be transferred to the new owner.

Abstract: An embodiment provides a level of assurance regarding correct operation of software. An embodiment creates baseline and real-time measurements of software and compares the measurements to determine whether the software is operating correctly. An application provider may include “tracing elements” in target software application. While producing the application the trace elements are detected and provide trace events, which collectively provide a “baseline trace” indicating proper application execution. The provider supplies the application and the baseline trace to a user. The user operates the application in real-time to produce a “real-time trace” based on the application still having trace elements that produce trace events (which collectively form the “real-time” trace). A comparator compares the baseline and real-time traces. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. Other embodiments are included herein.

Abstract: Technologies for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture include a virtual network function (VNF) bootstrap service (VBS) in secure network communication with a VBS agent of a VNF instance. The VBS agent is configured to execute a secure VNF bootstrap capture protocol in the NFV network architecture. Accordingly, the VBS agent can be configured to register with the VBS via secure communications transmitted between the VBS and the VBS agent. The secure communications include transmitting a security quote from a TEE of a platform on which the VNF instance is instantiated and a security credential request to the VBS, as well as receiving a security credential in response to validating the security quote and the security credential request. Other embodiments are described and claimed.

Abstract: A close-range mutual authentication system is described. A method may comprise receiving encoded connection information at a close-range input device of a client mode electronic device from a server mode electronic device; decoding the encoded connection information into one or more connection elements; establishing a communication connection with the server mode electronic device utilizing the connection elements; receiving authentication information at the client mode electronic device via the communication connection; authenticating the server mode electronic device to the client mode electronic device utilizing the authentication information; and generating one or more authentication elements responsive to authentication of the server mode electronic device for presentation via a close-range output device of the client mode electronic device, the one or more authentication elements configured to confirm authentication of the client mode electronic device to the server mode electronic device.

Abstract: Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a plurality of processing devices communicatively coupled to the architecturally protected memory, each processing device comprising a first processing logic to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory, or preventing an unauthorized access to the architecturally protected memory; wherein each processing device further comprises a second processing logic to establish a secure communication channel with a second processing device of the processing system, employ the secure communication channel to synchronize a platform identity key representing the processing system, and transmit a platform manifest comprising the platform identity key to a certification system.

Abstract: In an embodiment, an apparatus includes a processor including a first core. The first core includes multi-biometric logic to output first biometric data wi (i=1 to n, n?2), each wi determined based on a corresponding one of first biometric input Mi (i=1 to n, n?2) received during a first time period. The apparatus also includes setup logic to transform a cryptographic key k via a transformation that uses the first biometric data wi, where transformation of the cryptographic key k results in output of helper data hi (i=1 to n). Other embodiments are described and claimed.

Abstract: Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure.

Abstract: Mobile device, client device and server associated with client-server authentication are described. In embodiments, the mobile device may comprise a camera and a token extractor. The token extractor may be coupled to the camera and configured to analyze an image, captured by the camera. The captured image may contain a barcode and may be displayed on a client device in response to a request of a server for access to a resource. The barcode may contain a token, which may be extracted by the token extractor to be used to gain access to a resource requested from a server. Other embodiments may be described and/or claimed.

Abstract: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

Abstract: Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.

Abstract: Some demonstrative embodiments include apparatuses, systems and/or methods of securing a service Identifier (ID). For example, a wireless device may include a Secure Service Identifier (SSID) processor to determine a SSID corresponding to a service, the SSID including an encrypted value being based on a service name key from a service provider of the service and a service name corresponding to the service; and a radio to transmit a wireless message including the SSID.