Abstract: Technologies for hybrid virtualization and secure enclave include a computing device and an edge orchestrator. The edge orchestrator securely provisions a container-enclave policy to the computing device. A VMM of the computing device constructs a platform services enclave that includes the container-enclave policy. The platform services enclave requests a local attestation report from an application enclave, and the application enclave generates the attestation report using secure enclave support of a compute engine of the computing device. The attestation report is indicative of a virtualization context of the application enclave, and may include a VM flag, a VMM flag, and a source address of the application enclave. The platform services enclave enforces the container-enclave policy based on the virtualization context of the application enclave. The platform services enclave may control access to functions of the computing device based on the virtualization context.

Abstract: Technologies for determining a set of edge resources to offload a workload from a client compute device based on a brokering logic provided by a service provider include a device that includes circuitry that is in communication with edge resources. The circuitry is to receive a brokering logic from a service provider receive a request from a client compute device, wherein the request includes a function to be used to execute the request and one or more parameters associated with the client compute device, determine the one or more parameters, select, as a function of the one or more parameters and the brokering logic, a physical implementation to perform the function, wherein the physical implementation indicates a set of edge resources and a performance level for each edge resource of the set of edge resources, and perform, in response to a selection of the physical implementation, the request using the set of edge resources associated with the physical implementation.

Abstract: Technologies for providing selective offload of execution of an application to the edge include a device that includes circuitry to determine whether a section of an application to be executed by the device is available to be offloaded. Additionally, the circuitry is to determine one or more characteristics of an edge resource available to execute the section. Further, the circuitry is to determine, as a function of the one or more characteristics and a target performance objective associated with the section, whether to offload the section to the edge resource and offload, in response to a determination to offload the section, the section to the edge resource.

Abstract: Technologies for providing dynamic selection of edge and local accelerator resources includes a device having circuitry to identify a function of an application to be accelerated, determine one or more properties of an accelerator resource available at the edge of a network where the device is located, and determine one or more properties of an accelerator resource available in the device. Additionally, the circuitry is to determine a set of acceleration selection factors associated with the function, wherein the acceleration factors are indicative of one or more objectives to be satisfied in the acceleration of the function. Further, the circuitry is to select, as a function of the one or more properties of the accelerator resource available at the edge, the one or more properties of the accelerator resource available in the device, and the acceleration selection factors, one or more of the accelerator resources to accelerate the function.

Abstract: Technologies for function as a service (FaaS) arbitration include an edge gateway, multiple endpoint devices, and multiple service providers. The edge gateway receives a registration request from a service provider that is indicative of an FaaS function identifier and a transform function. The edge gateway verifies an attestation received from the service provider and registers the service provider. The edge gateway receives a function execution request from an endpoint device that is indicative of the FaaS function identifier. The edge gateway selects the service provider based on the FaaS function identifier, programs an accelerator with the transform function, executes the transform function with the accelerator to transform the function execution request to a provider request, and submits the provider request to the service provider. The service provider may be selected based on an expected service level included in the function execution request. Other embodiments are described and claimed.

Abstract: Technologies for providing a multi-tenant local breakout switching and dynamic load balancing include a network device to receive network traffic that includes a packet associated with a tenant. Upon a determination that the packet is encrypted, a secret key associated with the tenant is retrieved. The network device decrypts a payload from the packet using the secret key. The payload is indicative of one or more characteristics associated with network traffic. The network device evaluates the characteristics and determines whether the network traffic is associated with a workload requesting compute from a service hosted by a network platform. If so, the network device forwards the network traffic to the service.

Abstract: An example display device for securing graphics outputs includes: a checker to check whether a secure output marker is located in a pre-determined position in graphical information of a digital image; a verifier to verify whether first data in the secure output marker matches actual data in a trusted output area of the digital image; and autonomous indicator control logic to activate a hardware-based trusted output indicator when the first data matches the actual data, the autonomous indicator control logic not accessible by computing applications executing on a system in communication with the display device.

Abstract: A system for supporting Enhanced Privacy Identification (EPID) is provided. The system may include a host processor operable to communicate with a remote requestor, where the host processor needs to perform signature revocation checking in accordance with EPID. To perform signature revocation checking, the host processor has to perform either a sign or verify operation. The host processor may offload the sign/verify operation onto one or more associated hardware acceleration coprocessors. A programmable coprocessor may be dynamically configured to perform the desired number of sign/verify functions in accordance with the requirements of the current workload.

Abstract: Providing secure graphics outputs by performing at least the following: receive secure output data corresponding to a digital image, obtain one or more security keys, create a secure output marker for the secure output data, wherein the secure output marker comprises location information corresponding to a trusted output area of the digital image and data information that represents data content found within the trusted output area of the digital image, encrypt the secure output marker using the one or more security keys, embed the secure output marker within the graphics image to create a trusted graphics image; and render the trusted graphics image for exposure onto the display device.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate information exchange using publish-subscribe with blockchain. An example apparatus includes a security manager to integrate a security service with an instruction execution flow in a distributed device environment. The security manager is to include a processor. The processor is to be configured to implement at least an executable hierarchical state machine to provide credential management and access management in conjunction with instruction execution according to an execution plan. The executable hierarchical state machine is to generate a security context for the execution plan to implement a guard condition governing a transition from a first state to a second state in accordance with the execution plan.

Abstract: A system, method, and computer readable medium for measuring limb range of motion. The method includes initializing a scanning area. A classifier trained to recognize limbs is loaded into memory. A frame representing a 3D point cloud having at least one limb of a person in motion is captured. A box fitting algorithm is performed on the captured at least one limb to enable the classifier to identify the at least one limb. One or more boxes generated from the box fitting algorithm are sliced into a plurality of 2D point clouds to measure and record the circumference of each 2D point cloud to obtain limb range of motion parameters. The limb range of motion parameters are a maximum and a minimum size of the at least one limb as a function of soft tissue expansion and contraction of the limb while under pressure, force, and/or motion.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to coordinate and manage secure shipment of a package. An example shipment coordination apparatus includes an address generator and a verification engine. The example apparatus includes a shipping group coordinator to generate a group including a sender and a receiver based on a) a first digital address associated with the sender, b) a second digital address associated with the receiver, and c) at least one encryption key associated with at least one of the first digital address or the second digital address, the shipping group coordinator to initiate delivery instruction and manage receipt confirmation of a package at a second physical address corresponding to the second digital address based on verification of a token identifying the receiver and to provide messaging between the sender and the receiver in the group using a group encryption key to keep messages private in the group.

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

Abstract: Example methods, apparatus, systems and articles of manufacture (e.g., non-transitory physical storage media) to provide trust topology selection for distributed transaction processing in computing environments are disclosed herein. Example distributed transaction processing nodes disclosed herein include a distributed transaction application to process a transaction in a computing environment based on at least one of a centralized trust topology or a diffuse trust topology. Disclosed example distributed transaction processing nodes also include a trusted execution environment to protect first data associated with a centralized trust topology and to protect second data associated with a diffuse trust topology. Disclosed example distributed transaction processing nodes further include a trust topology selector to selectively configure the distributed transaction application to use the at least one of the centralized trust topology or the diffuse trust topology to process the transaction.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive untrusted input data at an enclave in an electronic device, isolate the untrusted input data from at least a portion of the enclave, communicate at least a portion of the untrusted data to an integrity verification module using an attestation channel, and receive data integrity verification of the untrusted input data from the integrity verification module. The integrity verification module can perform data integrity attestation functions to verify the untrusted data and the data integrity attestation functions include a data attestation policy and a whitelist.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques generating one or more polynomial elements for a polynomial function using a node value of a pseudo random number generator tree as a seed value, the polynomial function comprising a secret value and the polynomial elements, and the pseudo random number generator tree at least partially matching at least one other pseudo random number generator tree on another device, generating a plurality of share values based on the one or more polynomial elements and the polynomial function and distributing a share value of the plurality of share values to a device.

Abstract: In one embodiment a controller comprises logic to receive, via a near field communication link, an identification packet generated by a remote authentication provider, associate an electronic signature with the identification packet, transmit the identification packet to a remote authentication provider, receive an authorization from the remote authentication provider, receive login information associated with the identification packet, and initiate a login procedure using the login information. Other embodiments may be described.

Abstract: Systems and methods may provide implementing one or more device locking procedures to block access to a device. In one example, the method may include receiving an indication that a user is no longer present, initiating a timing mechanism to set a period to issue a first device lock instruction to lock a peripheral device, relaying timing information from the timing mechanism to a controller module associated with the peripheral device; and locking the peripheral device upon expiration of the period.

Abstract: The present disclosure provides for MRC training. MRC training can include providing a hot add notification to a UEFI BIOS FW, receiving, at an MRC agent of the FIMC and from the UEFI BIOS FW, the MRC training request, and performing, at the MRC agent in response to the MRC training request, an MRC training independent of an SMM associated with the apparatus.

Abstract: Technologies for verification include storage with private keys, wherein each private key is associated with a group affiliation. The storage also includes characteristic information about an apparatus. The technologies also include a wireless interface configured to receive a request from a reader for verification of membership of the apparatus within a group affiliation. The technologies further include a controller with programmable logic for configuring the controller to determine whether to verify membership of the apparatus within a given group affiliation. The controller is also configured to verify membership of the apparatus within the given group affiliation by signing data with a private key associated with the given group affiliation. The signed data is sent to the reader. Membership within the given group affiliation conveys a subset of the characteristic information.