Abstract: Technologies for providing dynamic persistence of data in edge computing include a device including circuitry configured to determine multiple different logical domains of data storage resources for use in storing data from a client compute device at an edge of a network. Each logical domain has a different set of characteristics. The circuitry is also to configured to receive, from the client compute device, a request to persist data. The request includes a target persistence objective indicative of an objective to be satisfied in the storage of the data. Additionally, the circuitry is configured to select, as a function of the characteristics of the logical domains and the target persistence objective, a logical domain into which to persist the data and provide the data to the selected logical domain.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate information exchange using publish-subscribe with blockchain. An example apparatus includes a security manager to integrate a security service with an instruction execution flow in a distributed device environment. The security manager is to include a processor. The processor is to be configured to implement at least an executable hierarchical state machine to provide credential management and access management in conjunction with instruction execution according to an execution plan. The executable hierarchical state machine is to generate a security context for the execution plan to implement a guard condition governing a transition from a first state to a second state in accordance with the execution plan.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for data resiliency in an edge network environment. An example apparatus includes at least one memory, instructions in the apparatus, and processor circuitry to at least one of execute and/or instantiate the instructions to generate spectrum metadata based on spectrum data, determine a resiliency operation based on one or more resiliency requirements, generate a resiliency policy based on at least one of the resiliency operation or the one or more resiliency requirements, generate a resiliency operation map based on at least one of the resiliency policy or first identifiers of respective workloads associated with the network environment, the first identifiers including a second identifier, and, in response to identifying a FAFO event associated with the second identifier, execute the resiliency operation based on mapping the second identifier to the resiliency operation in the resiliency operation map.

Abstract: Technologies for determining a set of edge resources to offload a workload from a client compute device based on a brokering logic provided by a service provider include a device that includes circuitry that is in communication with edge resources. The circuitry is to receive a brokering logic from a service provider receive a request from a client compute device, wherein the request includes a function to be used to execute the request and one or more parameters associated with the client compute device, determine the one or more parameters, select, as a function of the one or more parameters and the brokering logic, a physical implementation to perform the function, wherein the physical implementation indicates a set of edge resources and a performance level for each edge resource of the set of edge resources, and perform, in response to a selection of the physical implementation, the request using the set of edge resources associated with the physical implementation.

Abstract: Technologies for providing a multi-tenant local breakout switching and dynamic load balancing include a network device to receive network traffic that includes a packet associated with a tenant. Upon a determination that the packet is encrypted, a secret key associated with the tenant is retrieved. The network device decrypts a payload from the packet using the secret key. The payload is indicative of one or more characteristics associated with network traffic. The network device evaluates the characteristics and determines whether the network traffic is associated with a workload requesting compute from a service hosted by a network platform. If so, the network device forwards the network traffic to the service.

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

Abstract: Technologies for fulfilling service requests in an edge architecture include an edge gateway device to receive a request from an edge device or an intermediate tier device of an edge network to perform a function of a service by an entity hosting the service. The edge gateway device is to identify one or more input data to fulfill the request by the service and request the one or more input data from an edge resource identified to provide the input data. The edge gateway device is to provide the input data to the entity associated with the request.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to control processing of telemetry data at an edge platform. An example apparatus includes an orchestrator interface to, responsive to an amount of resources allocated to an orchestrator to orchestrate a workload at the edge platform meeting a first threshold, transmit telemetry data associated with the orchestrator to a computer to obtain a first orchestration result at a first granularity; a resource management controller to determine a second orchestration result at a second granularity to orchestrate the workload at the edge platform, the second granularity finer than the first granularity; and a scheduler to schedule a workload assigned to the edge platform based on the second orchestration result.

Abstract: Technologies for providing dynamic selection of edge and local accelerator resources includes a device having circuitry to identify a function of an application to be accelerated, determine one or more properties of an accelerator resource available at the edge of a network where the device is located, and determine one or more properties of an accelerator resource available in the device. Additionally, the circuitry is to determine a set of acceleration selection factors associated with the function, wherein the acceleration factors are indicative of one or more objectives to be satisfied in the acceleration of the function. Further, the circuitry is to select, as a function of the one or more properties of the accelerator resource available at the edge, the one or more properties of the accelerator resource available in the device, and the acceleration selection factors, one or more of the accelerator resources to accelerate the function.

Abstract: An example apparatus includes: memory; instructions in the apparatus; and at least one processor to execute the instructions to: check for proof of trust information in one or more pre-determined positions in a trusted digital image, the proof of trust information including a secure output marker, the secure output marker indicative of information corresponding to a trusted output area of the trusted digital image; decrypt the secure output marker using one or more security keys from a trusted execution environment (TEE), the TEE isolated from a computing application; and enable activation of a trusted output indicator in response to a match between first data corresponding to the secure output marker and second data corresponding to the trusted output area of the trusted digital image.

Abstract: Dynamically identifying and utilizing an opportunistic device by performing at least the following within a discovery offloading module: receive an offloading alert message from a service device, wherein the offloading alert message indicates the service device is unable to provide one or more services to the client device, receive a discovery message from a candidate device, wherein the discovery message indicates the candidate device is capable of performing the services provided to the client device, select, using the dedicated execution environment, an opportunistic service device based on the discovery message from the candidate device; and trigger the restart of host execution instruction within the client device by obtaining the one or more services from the opportunistic service device, wherein the discovery offloading module operates independently from the host execution instructions within the client device.

Abstract: Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to coordinate and manage secure shipment of a package. An example shipment coordination apparatus includes an address generator and a verification engine. The example apparatus includes a shipping group coordinator to generate a group including a sender and a receiver based on a) a first digital address associated with the sender, b) a second digital address associated with the receiver, and c) at least one encryption key associated with at least one of the first digital address or the second digital address, the shipping group coordinator to initiate delivery instruction and manage receipt confirmation of a package at a second physical address corresponding to the second digital address based on verification of a token identifying the receiver and to provide messaging between the sender and the receiver in the group using a group encryption key to keep messages private in the group.

Abstract: An example display device for securing graphics outputs includes: a checker to check whether a secure output marker is located in a pre-determined position in graphical information of a digital image; a verifier to verify whether first data in the secure output marker matches actual data in a trusted output area of the digital image; and autonomous indicator control logic to activate a hardware-based trusted output indicator when the first data matches the actual data, the autonomous indicator control logic not accessible by computing applications executing on a system in communication with the display device.

Abstract: Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

Abstract: Methods, apparatus, systems, and articles of manufacture to protect proprietary functionality and/or other content in hardware and software are disclosed. An example computer apparatus includes; a first circuit including a first interface, the first circuit associated with a first domain; a second circuit including a second interface, the second circuit associated with a second domain; and a chip manager to generate a first authenticated interface for the first interface using a first token and to generate a second authenticated interface for the second interface using a second token to enable communication between the first authenticated interface and the second authenticated interface.

Abstract: Example methods, apparatus, systems and articles of manufacture (e.g., non-transitory physical storage media) to provide trust topology selection for distributed transaction processing in computing environments are disclosed herein. Example distributed transaction processing nodes disclosed herein include a distributed transaction application to process a transaction in a computing environment based on at least one of a centralized trust topology or a diffuse trust topology. Disclosed example distributed transaction processing nodes also include a trusted execution environment to protect first data associated with a centralized trust topology and to protect second data associated with a diffuse trust topology. Disclosed example distributed transaction processing nodes further include a trust topology selector to selectively configure the distributed transaction application to use the at least one of the centralized trust topology or the diffuse trust topology to process the transaction.

Abstract: Technologies for hybrid virtualization and secure enclave include a computing device and an edge orchestrator. The edge orchestrator securely provisions a container-enclave policy to the computing device. A VMM of the computing device constructs a platform services enclave that includes the container-enclave policy. The platform services enclave requests a local attestation report from an application enclave, and the application enclave generates the attestation report using secure enclave support of a compute engine of the computing device. The attestation report is indicative of a virtualization context of the application enclave, and may include a VM flag, a VMM flag, and a source address of the application enclave. The platform services enclave enforces the container-enclave policy based on the virtualization context of the application enclave. The platform services enclave may control access to functions of the computing device based on the virtualization context.

Abstract: Technologies for function as a service (FaaS) arbitration include an edge gateway, multiple endpoint devices, and multiple service providers. The edge gateway receives a registration request from a service provider that is indicative of an FaaS function identifier and a transform function. The edge gateway verifies an attestation received from the service provider and registers the service provider. The edge gateway receives a function execution request from an endpoint device that is indicative of the FaaS function identifier. The edge gateway selects the service provider based on the FaaS function identifier, programs an accelerator with the transform function, executes the transform function with the accelerator to transform the function execution request to a provider request, and submits the provider request to the service provider. The service provider may be selected based on an expected service level included in the function execution request. Other embodiments are described and claimed.