Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to manage digital assets owned by a user and hosted by a first online service provider and a second online service provider. Provided herein is a gateway system comprising: a trusted authentication interface; one or more processors; and memory including instructions that, when executed, cause the one or more processors to at least: authenticate the user with the first and second online service providers using the trusted authentication interface; and instruct, via the trusted authentication interface, the first and second online service provider to take an action with respect to one or more of the digital assets, the first and second online service providers to trust the instructions from the trusted authentication interface without further authenticating the user.

Abstract: This disclosure describes systems and methods related to utilizing hardware assisted protection for media content. In some embodiments, a provided method comprises: receiving, from a content server and by a computing device processor of a secure enclave of a device, first encrypted media content; decrypting, by the computing device processor, the first encrypted media content using a first decryption key; generating, by the computing device processor, a second decryption key; encrypting, by the computing device processor, the first decrypted media content using the second key, thereby resulting in second encrypted media content; and sending, by the computing device processor and to one or more graphical processing units (GPUs) comprised in a graphics component of the device, the second encrypted media content and the second decryption key.

Abstract: There is disclosed in one example a social media server, including: a processor; a trusted input/output (IO) interface to communicatively couple to a consumer device; a network interface to communicatively couple to an enterprise; and a memory having stored thereon executable instructions to instruct the processor to provide a data loss prevention (DLP) engine to: receive via the trusted IO interface a signed and encrypted user posting for the social media service, the user posting including a signed user state report verifying that the user has passed a biometric screening; transmit content of the user posting to the enterprise via the network interface for DLP analysis; receive from the enterprise a notification that the user posting has passed DLP analysis; and accept the user posting.

Abstract: Systems and methods for phishing and brand protection of websites via copycat detection are disclosed herein. An example apparatus includes at least one processor, a display, and memory including instructions that, when executed, cause the at least one processor to determine a first hash of a first image in a webpage and a second hash of a second image in the webpage, the second image different from the first image, the first hash different from the second hash, generate a temporary page profile associated with the webpage based on the first hash and the second hash, fuzzy match the temporary page profile to a baseline page profile, and in response to a determination that the temporary page profile does not match the baseline page profile, generate an alert to be displayed via the display to indicate that fraud has been detected for the webpage.

Abstract: In an example, there is disclosed a computing apparatus, having a computing resource; a bespoke sensor for measuring at least one parameter of usage of the computing resource; and one or more logic elements providing a trusted compute meter (TCM) agent to: receive an external workload; provision a workload enclave; execute the external workload within the TCM enclave; and measure resource usage of the external workload via the bespoke sensor. There is also disclosed a computer-readable medium having stored thereon executable instructions for providing a TCM agent, and a method of providing a TCM agent.

Abstract: There is disclosed in one example a sentinel device, including: a hardware platform including at least a processor and configured to provide a trusted execution environment (TEE); and a security engine operable to instruct the hardware platform to: determine that an internet of things (IoT) device in a first realm R1 requires a secure communication channel with a second device in a second realm R2; query a key server for a service appliance key for the secure communication channel; establish a secure communication channel with the endpoint device using the service appliance key and the TEE; and provide a security service function within R1 including brokering communication via the secure communication channel between the IoT device and the second device.

Abstract: Apparatus, methods and systems to associate a flight plan of an unmanned aerial vehicle (e.g., a drone) with a cryptographic signature are disclosed herein. Some disclosed examples include one or more non-transitory computer-readable media including computer-executable instructions. The computer readable instructions, when executed by one or more processors, cause the one or more processors to compare a flight path over a geographic area of an unmanned aerial vehicle to a geographically identified no-fly zone. The flight path is included in a flight plan. The instructions also cause the vehicle to determine whether the flight path enters the geographically identified no-fly zone, and based on whether the flight path is determined to enter the geographically identified no-fly zone, associate the flight plan with a cryptographic signature.

Abstract: A circuit arrangement includes a preprocessing circuit configured to obtain context information related to a user location, a learning circuit configured to determine a predicted user movement based on context information related to a user location to obtain a predicted route and to determine predicted radio conditions along the predicted route, and a decision circuit configured to, based on the predicted radio conditions, identify one or more first areas expected to have a first type of radio conditions and one or more second areas expected to have a second type of radio conditions different from the first type of radio conditions and to control radio activity while traveling on the predicted route according to the one or more first areas and the one or more second areas.

Abstract: The present disclosure relates generally to computer security and human-computer interaction, and, more particularly, to systems and methods for providing improved user authentication and verification techniques by way of credential-less or near credential-less user input.

Abstract: Particular embodiments may include a system, apparatus, method, and/or machine readable storage medium for determining sensor usage by: detecting, at a level below an operating system executing on a computing device, one or more requests from an application to access one or more sensors associated with the computing device; determining, based on the one or more requests from the application to access the one or more sensors, that the application requested unexpected access to the one or more sensors; and performing a remedial action in response to the unexpected access requested by the application.

Abstract: The present disclosure relates generally to computer security and human-computer interaction, and, more particularly, to systems and methods for providing improved user authentication and verification techniques by way of credential-less or near credential-less user input.

Abstract: Methods apparatus, systems, and articles of manufacture for IoT and PoS anti-malware are disclosed. An example method includes detecting a combination of function calls. Whether the combination of function calls is a forbidden combination of function calls for the device is detected based on a limited intended functionality of the device. The forbidden combination of function calls includes a first function call and a second function call. The first function call is allowed in isolation from the second function call. The second function call is allowed in isolation from the first function call. In response to determining that the combination of function calls is forbidden for the device, a responsive action is performed.

Abstract: A method dynamically reconfigures a system on a chip (SOC) comprising multiple semiconductor intellectual property (IP) blocks. The method comprises, when booting a data processing system (DPS) comprising the SOC, automatically allocating different IP blocks to multiple different microsystems within the DPS, based on a static partitioning policy (SPP). The method also comprises, after booting the DPS, determining that reallocation of at least one of the IP blocks is desired, based on (a) monitored conditions of at least one of the microsystems and (b) a dynamic partitioning policy (DPP). The method also comprises, in response to determining that reallocation of at least one of the IP blocks is desired, automatically reallocating at least one of the IP blocks from one of the microsystems to another of the microsystems without resetting at least one of the microsystems. Other embodiments are described and claimed.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface to communicatively couple to a backup client; a storage to receive backup data from the client, including a plurality of versions and an associated reputation for each version, the associated reputation to indicate a probability that the version is valid; and instructions encoded within the memory to instruct the processor to: receive from the backup client a request to store a new version of the backup data; determine that the client has exceeded a backup threshold; identify a backup version having a lowest reputation for validity; and expunge the backup version having the lowest reputation for validity.

Abstract: Systems, devices and methods are disclosed to assist in configuring devices and policies to protect a regional network (e.g., home network) and its users. Users on the network are monitored to determine appropriate configuration settings and preferences by utilizing a combination of internally configured information and externally gathered information for each user. For example, externally gathered information may include information obtained about a user from one or more social media Internet sites. Automatically obtained information may be used to provide or augment policy information such that a user's preference relative to internet content (e.g., content blocking software configuration) may be achieved without requiring an administrator to individually prepare each users security profile and configuration.

Abstract: A circuit arrangement includes a preprocessing circuit configured to obtain context information related to a user location, a learning circuit configured to determine a predicted user movement based on context information related to a user location to obtain a predicted route and to determine predicted radio conditions along the predicted route, and a decision circuit configured to, based on the predicted radio conditions, identify one or more first areas expected to have a first type of radio conditions and one or more second areas expected to have a second type of radio conditions different from the first type of radio conditions and to control radio activity while traveling on the predicted route according to the one or more first areas and the one or more second areas.

Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein.

Abstract: A method to onboard a slave node to a high performance computing system that includes a fabric switch network that includes a fabric switch master and a group of slave nodes, wherein the fabric switch master is configured to route messages between slave nodes of the group comprising: receiving a fabric switch master address message, at an onboarding slave node, over an external network; providing an identification message, by the onboarding slave node, over the fabric switch network; receiving the identification message, at the fabric switch master, over the fabric switch network; providing the permission message, by the fabric switch master, over the fabric switch network; and receiving, a permission message, at the onboarding slave node, over the fabric switch network.

Abstract: Methods apparatus, systems, and articles of manufacture for IoT and PoS anti-malware are disclosed. An example method includes detecting a combination of function calls. Whether the combination of function calls is a forbidden combination of function calls for the device is detected based on a limited intended functionality of the device. The forbidden combination of function calls includes a first function call and a second function call. The first function call is allowed in isolation from the second function call. The second function call is allowed in isolation from the first function call. In response to determining that the combination of function calls is forbidden for the device, a responsive action is performed.