Abstract: The disclosure generally relates to method, system and apparatus for multifactor authentication exchange using out of band communication to authenticate a user while defending against the man in the middle attack. In an exemplary method, the disclosed principles provide a multifactor authentication (MFA) exchange, which includes: receiving an authentication request through in-band communication from a first device associated with a user to authenticate the user, the authentication request including a first authentication factor to identify the user; generating a second authentication factor, the second authentication factor further comprising an authorization token; generating an encryption key to encrypt the authorization token and a redirect Uniform Resource Locator (URL) address; and communicating the second authentication factor, the encryption key and the redirect URL address to a second device associated with the user.

Abstract: Technologies for audiovisual communication include an audiovisual server and a number of audiovisual client devices, including a presenter device and a number of audience devices. Each audience device captures an audiovisual stream and transmits the audiovisual stream to the audiovisual server. Each audience device also captures sensor input data such as eye tracking data or facial expression data and transmits abstracted sensor input data to the audiovisual server. The abstracted sensor input data may be based on the captured audiovisual stream. The audiovisual server determines an interestingness rating associated with each audience device based on the sensor input data, and selects one or more audiovisual streams based on the interestingness ratings. The audiovisual server transmits the selected audiovisual streams to the presenter device. The audiovisual server may update the interestingness rating algorithm based on feedback from the presenter device or the audience devices.

Abstract: A circuit includes a first communication interface configured to receive first sensor data from a stationary sensor. The first sensor data include a result of a first sensing of a local environment of the stationary sensor performed by the stationary sensor. The circuit may further include a second communication interface configured to receive second sensor data from an unmanned aerial vehicle. The second sensor data include a result of a second sensing of at least a portion of the local environment of the stationary sensor performed by a sensor of the unmanned aerial vehicle. The circuit may further include one or a plurality of processors configured to compare the first sensor data and the second sensor data and to classify the at least one stationary sensor based on a result of the comparison.

Abstract: A method of preventing exploitation of a vulnerability of a computing system includes generating a deprivation token to cause disabling of a selected one or more features of a component of the computing system to prevent an exploit of a vulnerability affecting the selected one or more features; and publishing the derivation token to at least one of a computing system manufacturer computing system and an enterprise information technology (IT) computing system for distribution to affected computing systems.

Abstract: Technologies to facilitate supervision of an online identify include a gateway server to facilitate and monitor access to an online service by a user of a “child” client computer device. The gateway server may include an identity manager to receive a request for access to the online service from the client computing device, retrieve access information to the online service, and facilitate access to the online service for the client computing device using the access information. The access information is kept confidential from the user. The gateway server may also include an activity monitor module to control activity between the client computing device and the online service based on the set of policy rules of a policy database. The gateway server may transmit notifications of such activity to a “parental” client computing device for review and/or approval, which also may be used to update the policy database.

Abstract: Technologies for secure collective authorization include multiple computing devices in communication over a network. A computing device may perform a join protocol with a group leader to receive a group private key that is associated with an interface implemented by the computing device. The interface may be an instance of an object model implemented by the computing device or membership of the computing device in a subsystem. The computing device receives a request for attestation to the interface, selects the group private key for the interface, and sends an attestation in response to the request. Another computing device may receive the attestation and verify the attestation with a group public key corresponding to the group private key. The group private key may be an enhanced privacy identifier (EPID) private key, and the group public key may be an EPID public key. Other embodiments are described and claimed.

Abstract: Technologies for audiovisual communication include an audiovisual server and a number of audiovisual client devices, including a presenter device and a number of audience devices. Each audience device captures an audiovisual stream and transmits the audiovisual stream to the audiovisual server. Each audience device also captures sensor input data such as eye tracking data or facial expression data and transmits abstracted sensor input data to the audiovisual server. The abstracted sensor input data may be based on the captured audiovisual stream. The audiovisual server determines an interestingness rating associated with each audience device based on the sensor input data, and selects one or more audiovisual streams based on the interestingness ratings. The audiovisual server transmits the selected audiovisual streams to the presenter device. The audiovisual server may update the interestingness rating algorithm based on feedback from the presenter device or the audience devices.

Abstract: The present disclosure is directed to systems and methods for the selective introduction of low-level pseudo-random noise into at least a portion of the weights used in a neural network model to increase the robustness of the neural network and provide a stochastic transformation defense against perturbation type attacks. Random number generation circuitry provides a plurality of pseudo-random values. Combiner circuitry combines the pseudo-random values with a defined number of least significant bits/digits in at least some of the weights used to provide a neural network model implemented by neural network circuitry. In some instances, selection circuitry selects pseudo-random values for combination with the network weights based on a defined pseudo-random value probability distribution.

Abstract: A method of preventing exploitation of a vulnerability of a computing system includes generating a deprivation token to cause disabling of a selected one or more features of a component of the computing system to prevent an exploit of a vulnerability affecting the selected one or more features; and publishing the derivation token to at least one of a computing system manufacturer computing system and an enterprise information technology (IT) computing system for distribution to affected computing systems.

Abstract: A system and method of detecting and remediating attacks includes receiving operating system (OS) read/write data from an OS, the OS read/write data describing at least one of reads from and writes to a storage device over a file system interface of the OS; collecting storage device read/write data, the storage device read/write data describing at least one of reads from and writes to the storage device; comparing the OS read/write data to the storage device read/write data; and determining if there is a discrepancy between the OS read/write data and the storage device read/write data. If there is a discrepancy, determining if there is an anomaly detected between OS read/write data and the storage device read/write data. If there is an anomaly, causing a remediation action to be taken to stop a malware attack.

Abstract: Technologies for secure collective authorization include multiple computing devices in communication over a network. A computing device may perform a join protocol with a group leader to receive a group private key that is associated with an interface implemented by the computing device. The interface may be an instance of an object model implemented by the computing device or membership of the computing device in a subsystem. The computing device receives a request for attestation to the interface, selects the group private key for the interface, and sends an attestation in response to the request. Another computing device may receive the attestation and verify the attestation with a group public key corresponding to the group private key. The group private key may be an enhanced privacy identifier (EPID) private key, and the group public key may be an EPID public key. Other embodiments are described and claimed.

Abstract: The disclosure generally relates to method, system and apparatus for privacy enhancement mode for integrated cameras. In an exemplary embodiment, the disclosure allows a user of a device equipped with an integrated device to engage the device in the so-called privacy mode whereby while the camera is engaged, the device does not broadcast the user's images; rather the device uses the camera to detect, discern and determine the user's attributes. Such attributes may include one or more of movement, motion, mood, gesture and temperature of the user. The attributes may include specificities of the user's environment.

Abstract: Methods and apparatus for virtual enterprise secure networking. A Layer 2 (L2)-based secured network solution is provided using resources of a computer platform to connect an operating system to a secured backend overlay network (e.g., enterprise, service provider or ‘zero trust network service’) in a way that does not require changes in the operating system and connection manager or alteration of network infrastructure (e.g., wireless access point) in the location where a client may reside. Under an aspect of the solution, the computer platform itself (e.g., platform hardware/Firmware/drivers) provides part of the role of the authenticator in an Institute of Electrical and Electronics Engineers (IEEE) 802.1X scheme either directly by simulation of an Access Point (AP) or as a pass through to the overlay network core. This replaces the traditional access point/switch authenticator role.

Abstract: Technologies for audiovisual communication include an audiovisual server and a number of audiovisual client devices, including a presenter device and a number of audience devices. Each audience device captures an audiovisual stream and transmits the audiovisual stream to the audiovisual server. Each audience device also captures sensor input data such as eye tracking data or facial expression data and transmits abstracted sensor input data to the audiovisual server. The abstracted sensor input data may be based on the captured audiovisual stream. The audiovisual server determines an interestingness rating associated with each audience device based on the sensor input data, and selects one or more audiovisual streams based on the interestingness ratings. The audiovisual server transmits the selected audiovisual streams to the presenter device. The audiovisual server may update the interestingness rating algorithm based on feedback from the presenter device or the audience devices.

Abstract: Various embodiments are generally directed to techniques for library behavior verification, such as by generating executables for software with indications of permitted behaviors by the library. Some embodiments are particularly directed to monitoring library behavior and performing one or more protective actions based on abnormal or unpermitted library behavior. In many embodiments, libraries and library manifests may be validated based on one or more signatures. In various embodiments, library behavior data comprising a set of permitted behaviors for the library may be determined based on the library manifest. In various such embodiments, a compiler may embed indications of the permitted library behavior in executables.

Abstract: Systems, apparatuses and methods may provide for encryption based technology. Data may be encrypted locally with a graphics processor with encryption engines. The graphics processor components may be verified with a root-of-trust and based on collection of claims. The graphics processor may further be able to modify encrypted data from a non-pageable format to a pageable format. The graphics processor may further process data associated with a virtual machine based on a key that is known by the virtual machine and the graphics processor.

Abstract: Methods, apparatuses and system provide for technology that interleaves a plurality of verification commands with a plurality of copy commands in a command buffer, wherein each copy command includes a message authentication code (MAC) derived from a master session key, wherein one or more of the plurality of verification commands corresponds to a copy command in the plurality of copy commands, and wherein a verification command at an end of the command buffer corresponds to contents of the command buffer. The technology may also add a MAC generation command to the command buffer, wherein the MAC generation command references an address of a compute result.

Abstract: Adversarial sample protection for machine learning is described. An example of a storage medium includes instructions for initiating processing of examples for training of an inference engine in a system; dynamically selecting a subset of defensive preprocessing methods from a repository of defensive preprocessing methods for a current iteration of processing, wherein a subset of defensive preprocessing methods is selected for each iteration of processing; performing training of the inference engine with a plurality of examples, wherein the training of the inference engine include operation of the selected subset of defensive preprocessing methods; and performing an inference operation with the inference engine, including utilizing the selected subset of preprocessing defenses for the current iteration of processing.

Abstract: Machine learning fraud resiliency using perceptual descriptors is described. An example of a computer-readable storage medium includes instructions for accessing multiple examples in a training dataset for a classifier system; calculating one or more perceptual hashes for each of the examples; generating clusters of perceptual hashes for the multiple examples based on the calculation of the one or more perceptual hashes for each of the plurality of examples; obtaining an inference sample for classification by the classifier system; generating a first classification result for the inference sample utilizing a neural network classifier and generating a second classification result utilizing the generated clusters of perceptual hashes; comparing the first classification result with the second classification result; and, upon a determination that the first classification result does not match the second classification result, determining a suspicion of an adversarial attack.

Abstract: An apparatus is disclosed. The apparatus comprises one or more processors to receive trained model update data from each of a plurality of collaborators, execute an auxiliary machine learning model to the trained model update data to generate a risk score for trained model update data associated with each collaborator, apply one or more policies based on the risk scores to generate adjusted trained model update data associated with each collaborator.