Abstract: In an embodiment, a system includes a processor that includes private key decryption logic to decrypt an encrypted private key received from a consuming device to produce a private key, and symmetric key decryption logic to receive the private key from the private key decryption logic and to decrypt an encrypted symmetric key received from the consuming device using the private key. The system also includes a dynamic random access memory (DRAM) coupled to the processor. Other embodiments are described and claimed.

Abstract: Methods and apparatus to securely share data are disclosed. An example includes generating, at a first device of a first user of cloud services, an archive file representative of a drive of the first device; encrypting, via a processor, the archive file to form an encrypted archive file; and conveying the encrypted archive file to a cloud service provider, the encrypted archive file to be decrypted by a second device of a second user of the cloud services, the decrypted archive file to be mounted to an operating system of the second device.

Abstract: A method and apparatus for network security elements using endpoint resources. An embodiment of a method includes receiving a request for access to a network at an endpoint server. The method further includes detecting that the request for access to the network includes a request that is unauthorized. The request for access to the network is directed to a network security element.

Abstract: Technologies for de-duplicating encrypted content include fragmenting a file into blocks on a computing device, encrypting each block, and storing each encrypted block on a content data server with associated keyed hashes and member identifications. The computing device additionally transmits each encrypted block with an associated member encryption key and member identification to a key server. As part of the de-duplication process, the content data server stores only one copy of the encrypted data for a particular associated keyed hash, and the key server similarly associates a single member encryption key with the keyed hash. To retrieve the file, the computing device receives the encrypted blocks with their associated keyed hashes and member identifications from the content data server and receives the corresponding member decryption key from the key server. The computing device decrypts each block using the member decryption keys and combines to blocks to generate the file.

Abstract: An item of value comprises an assembly of parts. The parts comprise a component that has value independent of the item, and an assembly security system that is operable to communicate with a central security system via a wide area network. The component comprises a component security system that is operable to communicate with the assembly security system. The assembly security system is operable to perform operations comprising (a) saving component data that identifies the component as part of the item; (b) after saving the component data, monitoring the component, via the component security system, to automatically determine whether the component has left a predetermined zone of proximity, relative to the item; and (c) in response to determining that the component has left the predetermined zone of proximity, automatically notifying the central security system that the component has left the predetermined zone of proximity. Other embodiments are described and claimed.

Abstract: Systems and methods may provide for determining a composite false match rate for a plurality of authentication factors in a client device environment. Additionally, the composite false match rate can be mapped to a score, wherein an attestation message is generated based on the score. In one example, the score is associated with one or more of a standardized range and a standardized level.

Abstract: A method and apparatus for network security elements using endpoint resources. An embodiment of a method includes receiving a request for access to a network at an endpoint server. The method further includes detecting that the request for access to the network includes a request that is unauthorized. The request for access to the network is directed to a network security element.

Abstract: A technique allows detection of covert malware that attempts to hide network traffic. By monitoring network traffic both in a secure trusted environment and in an operating system environment, then comparing the monitor data, attempts to hide network traffic can be detected, allowing the possibility of performing rehabilitative actions on the computer system to locate and remove the malware hiding the network traffic.

Abstract: Embodiments of methods, apparatuses, and storage mediums associated with eye movement based knowledge demonstration, having a particular application to authentication, are disclosed. In embodiments, a computing device may determine whether a received input of a pattern of eye movements is consistent with an expected pattern of eye movements of a user when the user attempts to visually locate a piece of information embedded in a display. In embodiments, the expected pattern of eye movements may include patterns related to fixations and/or other statistical patterns, however, may not be limited to such patterns. In applications, determining consistency or correlation with the expected pattern of eye movements may identify the user by simultaneously verifying at least factors of authentication—that of biometric criteria related to a user's pattern of eye movements and a password or other information known to the user.

Abstract: Technologies for de-duplicating encrypted content include fragmenting a file into blocks on a computing device, encrypting each block, and storing each encrypted block on a content data server with associated keyed hashes and member identifications. The computing device additionally transmits each encrypted block with an associated member encryption key and member identification to a key server. As part of the de-duplication process, the content data server stores only one copy of the encrypted data for a particular associated keyed hash, and the key server similarly associates a single member encryption key with the keyed hash. To retrieve the file, the computing device receives the encrypted blocks with their associated keyed hashes and member identifications from the content data server and receives the corresponding member decryption key from the key server. The computing device decrypts each block using the member decryption keys and combines to blocks to generate the file.

Abstract: An embodiment of the invention allows a user to back-up/store data to a cloud-based storage system and synchronize that data on the user's devices coupled to the storage system. The devices have secure out-of-band cryptoprocessors that conceal a private key. The private key corresponds to a public key that is used to encrypt a session key and information, both of which are passed to and through cloud based storage, all while remaining encrypted. The encrypted material is communicated from the cloud to another of the user's devices where the encrypted material is decrypted within a secure out-of-band cryptoprocessor (using the private key that corresponds to the aforementioned public key) located within the device. The embodiment allows for secure provisioning of the private key to the devices. The private key is only decrypted within the cryptoprocessor so the private key is not “in the open”. Other embodiments are described herein.

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for secure user authentication with improved OTP verification. The device may include an attribute collection module configured to collect attributes associated with the device; a client trust module configured to identify a user of the device, associate a user ID with the user and transmit the user ID and the collected attributes to a trust broker system; the client trust module further configured to receive a device ID from the trust broker system, the device ID associated with a pairing of the user ID and the attributes; and a client OTP generation module configured to generate an OTP and further configured to transmit the OTP and the device ID to an authentication server.

Abstract: A system establishes secure communications between first and second electronic devices. The first device stores secured content to be accessed by second device based on identification information of the first device. The identification information of the first device may be manually input into the second device, and the second device may perform an initial pairing operation with the first device based on this manually entered information. The identification information stored from initial pairing may allow secure automatic pairing.

Abstract: Systems and methods are described herein for avoiding interfering with 5 GHZ frequency band signals with a peer-to-peer wireless local area network connection. A peer-to-peer client is notified of radar signals in proximity to the client over a master-to-client wireless local area connection with an enterprise access point. If the notification includes a non-interfering radar channel, the peer-to-peer client resets the peer-to-peer channel to the non-interfering radar channel. If the notification does not provide a non-interfering radar channel, the peer-to-peer client resets the peer-to-peer network connection to a non-dynamic frequency selection channel and may disconnect the Wi-Fi connection with the enterprise access point.

Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for maintaining trusted time at a client computing device including, for example, executing a computer program within a client device; initiating a call from the computer program to a secure time service of the client device requesting a trusted time stamp; retrieving, via the secure time service of the client device, a protected time from protected clock hardware of the client device; generating, at the secure time service of the client device, the trusted time stamp by signing the protected time retrieved from the protected clock hardware of the client device; and returning the trusted time stamp to the computer program. Other related embodiments are disclosed.

Abstract: A computing device may configure one or more applications on the computing device for a specific user in response to identifying that the specific user is operating the device and may make relevant content available to such applications. The identification of the specific user may be performed using a signal from one or more user identification sensors.

Abstract: Systems and methods may provide for establishing an out-of-band (OOB) channel between a local wireless interface and a remote backend receiver, and receiving information from a peripheral device via the local wireless interface. Additionally, the information may be sent to the backend receiver via the OOB channel, wherein the OOB channel bypasses a local operating system. In one example, a secure Bluetooth stack is used to receive the information from the peripheral device.

Abstract: A system establishes secure communications between first and second electronic devices. The first device stores secured content to be accessed by second device based on identification information of the first device. The identification information of the first device may be manually input into the second device, and the second device may perform an initial pairing operation with the first device based on this manually entered information. The identification information stored from initial pairing may allow secure automatic pairing.

Abstract: Systems and methods may provide for determining a composite false match rate for a plurality of authentication factors in a client device environment. Additionally, the composite false match rate can be mapped to a score, wherein an attestation message is generated based on the score. In one example, the score is associated with one or more of a standardized range and a standardized level.

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.