Abstract: Method and systems for securely and accurately authenticating a payment card by using biometric information associated with an authorized user is provided. The method may be implemented by providing a payment card that includes a processor; a display area coupled to the processor and configured to hide account information when the payment card has not been authenticated and to display the account information for a predetermined time interval when the payment card is authenticated; a sensor coupled to the processor and configured to capture biometric information of a user; and a communication interface coupled to the processor and configured to facilitate wireless communication with a mobile smart phone.

Abstract: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.

Abstract: Embodiments described herein are directed to transferring the ownership of a computing device from one entity to another entity. For example, a security processor is utilized to boot the computing device. During a boot session, the security processor loads and executes boot code, which determines whether specialized firmware authorized by the current owner indicates whether a transfer of ownership is to occur. In response to determining that the specialized firmware indicates that a transfer of ownership is to occur, the secure processor loads and executes the specialized firmware. The specialized firmware, when executed, causes the security processor to program a set of fuses with the public key of the new owner. Execution of the specialized firmware also causes the security processor to invalidate the public key of the original owner, which is stored in another set of fuses.

Abstract: Embodiments described herein are directed to firmware policy enforcement of a computing device. For example, a security processor of the computing device is utilized to boot the computing device. During a boot session, the security processor loads and executes specialized firmware. The specialized firmware, when executed, causes the security processor to determine whether other types of firmware to be executed on the computing device is in compliance with a policy specified by the specialized firmware. Based at least on a determination that the other firmware is in compliance with the policy, the security processor executes the other firmware. Based at least on a determination that the other firmware is not in compliance with the policy, the security processor performs a mitigation with respect to the other firmware.

Abstract: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.

Abstract: Methods, systems, apparatuses, and computer-readable storage mediums described herein enable executable code of a hardware security platform (HSP) circuit to communicate with a hypervisor in a separate processor. The hypervisor generates and manages virtual machines. The HSP code comprises trusted platform module (TPM) logic, that processes TPM commands received via the hypervisor, and in response to the processing, communicates security information (e.g., measurements, keys, authorization data) with the virtual machines via the hypervisor. The TPM logic receives security information related to a virtual machine from the hypervisor and stores the security information in non-volatile memory of the HSP circuit, where security information from a particular VM is distinguishable from security information from another VM in the HSP memory.

Abstract: Embodiments described herein are directed to firmware policy enforcement of a computing device. For example, a security processor of the computing device is utilized to boot the computing device. During a boot session, the security processor loads and executes specialized firmware. The specialized firmware, when executed, causes the security processor to determine whether other types of firmware to be executed on the computing device is in compliance with a policy specified by the specialized firmware. Based at least on a determination that the other firmware is in compliance with the policy, the security processor executes the other firmware. Based at least on a determination that the other firmware is not in compliance with the policy, the security processor performs a mitigation with respect to the other firmware.

Abstract: Embodiments described herein are directed to transferring the ownership of a computing device from one entity to another entity. For example, a security processor is utilized to boot the computing device. During a boot session, the security processor loads and executes boot code, which determines whether specialized firmware authorized by the current owner indicates whether a transfer of ownership is to occur. In response to determining that the specialized firmware indicates that a transfer of ownership is to occur, the secure processor loads and executes the specialized firmware. The specialized firmware, when executed, causes the security processor to program a set of fuses with the public key of the new owner. Execution of the specialized firmware also causes the security processor to invalidate the public key of the original owner, which is stored in another set of fuses.

Abstract: Method and systems for securely and accurately authenticating a payment card by using biometric information associated with an authorized user is provided. The method may be implemented by providing a payment card that includes a processor; a display area coupled to the processor and configured to hide account information when the payment card has not been authenticated and to display the account information for a predetermined time interval when the payment card is authenticated; a sensor coupled to the processor and configured to capture biometric information of a user; and a communication interface coupled to the processor and configured to facilitate wireless communication with a mobile smart phone.

Abstract: Techniques for termination for microring modulators are disclosed. In the illustrative embodiment, a microring modulator on a photonic integrated circuit (PIC) die is modulated by radiofrequency (RF) signals connected to electrodes across the microring modulator. A resistor is connected to each of the electrodes. The resistors both provide termination for the RF signals, preventing or reducing reflections, as well as forming part of a bias tee, allowing for a DC bias voltage to be applied across the electrodes.

Abstract: Embodiments herein relate to techniques for baseline wander (BLW) compensation. The technique may include identifying a data stream that is to be modulated by a ring modulator of an optical transmitter, wherein the data stream has a frequency operable to cause thermal-based BLW of an optical output of the optical transmitter. The technique may further include adjusting a time-varying direct current (DC) voltage bias of the ring modulator based on the frequency of the data stream. Other embodiments may be described and/or claimed.

Abstract: Accelerating photonic and opto-electronic technologies requires breaking current limits of modern chip-scale photonic devices. While electronics and computer technologies have benefited from “Moore's Law” scaling, photonic technologies are conventionally limited in scale by the wavelength of light. Recent sub-wavelength optical devices use nanostructures and plasmonic devices but still face fundamental performance limitations arising from metal-induced optical losses and resonance-induced narrow optical bandwidths. The present disclosure instead confines and guides light at deeply sub-wavelength dimensions while preserving low-loss and broadband operation. The wave nature of light is used while employing metal-free (all-dielectric) nanostructure geometries which effectively “pinch” light into ultra-small active volumes, for potentially about 100-1000× reduction in energy consumption of active photonic components such as phase-shifters.

Abstract: Integrity verification of a containerized application using a block device signature is described. For example, a container deployed to a host system is signed with a single block device signature. The operating system of the host system implements an integrity policy to verify the integrity of the container when the container is loaded into memory and when its program code executes. During such events, the operating system verifies whether the block device signature is valid. If the block device signature is determined to be valid, the operating system enables the program code to successfully execute. Otherwise, the program code is prevented from being executed. By doing so, certain program code or processes that are not properly signed are prevented from executing, thereby protecting the host system from such processes. Moreover, by using a single block device signature for a container, the enforcement of the integrity policy is greatly simplified.

Abstract: In one embodiment, an apparatus includes: a waveguide formed of a PN junction, the waveguide to propagate optical power, the PN junction having a P region adjacent to an N region; and a silicon monitor photodetector formed of the PN junction and in-line with the waveguide to measure the optical power. The silicon monitor photodetector may further be formed of a P-doped region adjacent to the P region and an N-doped region adjacent to the N region. Other embodiments are described and claimed.

Abstract: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.

Abstract: A method may include: forming a base layer on a substrate; forming a waveguide assembly on the base layer, where the waveguide assembly is surrounded by a cladding layer; forming a trench opening through the cladding layer and the base layer; forming an undercut void by etching the substrate through the trench opening, where the undercut void extends under the waveguide assembly and the base layer; and filling the trench opening with a filler to seal off the undercut void. Other embodiments are described and claimed.

Abstract: Embodiments include apparatuses, methods, and systems including a laser device having a 1×3 MMI coupler within a semiconductor layer. A front arm is coupled to the MMI coupler and terminated by a front reflector. In addition, a coarse tuning arm is coupled to the MMI coupler and terminated by a first back reflector for coarse wavelength tuning, a fine tuning arm is coupled to the MMI coupler and terminated by a second back reflector for fine wavelength tuning, and a SMSR and power tuning arm is coupled to the MMI coupler and terminated by a third back reflector. A gain region is above the front arm and above the semiconductor layer. Other embodiments may also be described and claimed.

Abstract: Embodiments of the present disclosure are directed toward techniques and configurations for a photonic apparatus with a photodetector with bias control to provide substantially constant responsivity. The apparatus includes a first photodetector, to receive an optical input and provide a corresponding electrical output; a second photodetector coupled with the first photodetector, wherein the second photodetector is free from receipt of the optical input; and circuitry coupled with the first and second photodetectors, to generate a bias voltage, based at least in part on a dark current generated by the second photodetector in an absence of the optical input, and provide the generated bias voltage to the first photodetector. The first photodetector is to provide a substantially constant ratio of the electrical output to optical input in response to the provision of the generated bias voltage. Additional embodiments may be described and claimed.

Abstract: Examples described herein generally relate to a computer device including a memory, and at least one processor configured to determine whether to allow execution of an application file on the computer device. The processor receives a command to execute a file. The processor determines whether the file is associated with a package reputation of an installation package. The processor determines a file reputation of the file. The processor determines whether to allow execution of the file based on a combination of the file reputation of the file and whether the file is associated with the good package reputation.

Abstract: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.