Abstract: In an example, there is disclosed a computing apparatus, comprising: a psychological state data interface to receive psychological state data; one or more logic elements, including at least one hardware element, comprising a verification engine to: receive a requested user action; receive a psychological state input via the psychological state data interface; analyze the psychological state input; and bar the requested user action at least partly responsive to the analyzing.

Abstract: In an example, there is disclosed a computing apparatus, having a computing resource; a bespoke sensor for measuring at least one parameter of usage of the computing resource; and one or more logic elements providing a trusted compute meter (TCM) agent to: receive an external workload; provision a workload enclave; execute the external workload within the TCM enclave; and measure resource usage of the external workload via the bespoke sensor. There is also disclosed a computer-readable medium having stored thereon executable instructions for providing a TCM agent, and a method of providing a TCM agent.

Abstract: A system, method, and computer program product are provided for a pre-deactivation grace period on a processing device (e.g., mobile device). In operation, a deactivation request is detected for a deactivation event. Further, the commencement of the deactivation event is delayed for a predetermined time period, in response to the deactivation request. Additionally, the deactivation event is commenced, after the predetermined time period. To return to full functionality of the processing device while in the deactivation grace period all that may be required is entry of a authentication information (e.g., password) that is weaker than a stronger authentication information initially used to log into the processing device.

Abstract: This disclosure describes systems and methods related to utilizing hardware assisted protection for media content. In some embodiments, a provided method comprises: receiving, from a content server and by a computing device processor of a secure enclave of a device, first encrypted media content; decrypting, by the computing device processor, the first encrypted media content using a first decryption key; generating, by the computing device processor, a second decryption key; encrypting, by the computing device processor, the first decrypted media content using the second key, thereby resulting in second encrypted media content; and sending, by the computing device processor and to one or more graphical processing units (GPUs) comprised in a graphics component of the device, the second encrypted media content and the second decryption key.

Abstract: In an example, there is disclosed a computing apparatus, including: a driver identity detector to detect the identity of a driver; and one or more logic elements providing a driver competency engine, operable to: detect the identity of the driver; evaluate the driver's operation of a vehicle; and build a driver competency profile based at least in part on the evaluating. The driver competency engine may further be operable to detect a context of the operation, such as environmental factors. There is also described a method of providing a driver competency engine, and one or more computer readable mediums having stored thereon executable instructions for providing a driver competency engine.

Abstract: In an example, a cross-view detection engine is disclosed for detecting malware behavior. Malware may attempt to avoid detection by remaining in volatile memory for as long as possible, and writing to disk only when necessary. To avoid detection, the malware may also provide a pseudo-driver at a file system level that performs legitimate-looking dummy operations. A firmware-level driver may simultaneously perform malicious operations. The cross-view detection engine detects this behavior by deconstructing call traces from the file system-level operations, and reconstructing call traces from firmware-level operations. If the traces do not match, the object may be flagged as suspicious.

Abstract: In an example, there is disclosed a computing apparatus, comprising: a trusted execution environment (TEE); and a security engine operable to: identify a key negotiation for an encrypted connection between a first device and a second device; request a service appliance key for the key negotiation; receive the service appliance key; and perform a service appliance function on traffic between the first device and the second device. There is also disclosed a method of providing the security engine, and a computer-readable medium having stored thereon executable instructions for providing the security engine.

Abstract: Certain embodiments herein relate to location verification for autonomous unmanned aerial vehicles (also referred to as “drones”). In some embodiments, an unmanned aerial vehicle engaged in autonomous flight may determine its location using a satellite-based navigation system. The location may be evaluated against location data obtained from one or more secondary factors, such as public broadcast beacons, cellular towers, wireless network identifiers, visual markers, or any combination thereof. If the location is determined to be invalid, the unmanned aerial vehicle may be instructed to take a mitigation action. Additionally, certain embodiments also include the verification of a flight plan for the unmanned aerial vehicle using secure no-fly logic to verify a flight plan does not violate no-fly zones. If the flight plan is verified, the flight plan may be signed using a cryptographic signature and provided to a navigation module that verifies the signature and executes the flight plan.

Abstract: This disclosure describes systems, methods, and computer-readable media related to phishing and brand protection via copycat detection. In some embodiments, a temporary page profile associated with a webpage may be generated. The temporary page profile may include an image component, a geometry component, a style component, and a link component. One or more baseline page profiles may be retrieved. The temporary page profile and the one or more baseline page profiles may be compared. It may be determined that the temporary page profile does not match the one or more baseline page profiles. An alert may be generated to display to a user indicating that fraud has been detected for the webpage.

Abstract: Technologies for providing access control for a network are disclosed. The method may include receiving a request from a user to access a network, receiving a plurality of data associated with the user, the plurality of data comprising a plurality of social data associated with the user's relationship to a social circle, identifying an electronic security policy based at least on the plurality of social data, and authenticating the user to the network if the electronic security policy permits authentication based at least on the plurality of social data.

Abstract: A system allows just-in-time checking of information about an email in which a hyperlink is embedded. Upon receipt of the email containing the hyperlink, the resource locator of the hyperlink is modified to allow checking the reputation of the email upon traversal of the hyperlink. At traversal of the hyperlink, the current reputation of the resource locator and the current reputation of the email are both determined, and one or more actions are performed responsive to the determination.

Abstract: A technique for cognitive protection of a system can include digital and analog sensors to measure or calculate operational parameters of a system. Digital sensors may be used to determine measured or primary operational parameters. The analog sensors are used to measure analog sensor information related to operation of the system. Analog sensor information that is measured may be used to calculate secondary operational parameters that includes the same operating parameters as the primary operational parameters. Lockstep analysis may be used to compare the primary operational parameters with the secondary operational parameters so as to determine a discrepancy in the operational parameters in the system.

Abstract: A system provides a way for a person to control access to digital assets, including financial accounts, through a common gateway that can interact on the person's behalf with service providers that manage the digital assets. Brokers may act as intermediaries between the gateway and the service providers, providing a common interface to the gateway and a specific interface to a service provider. Trigger events can cause the gateway to interact with the service providers, causing the service providers to take a desired action. The trigger events may include notification sent by the person, timed events, and other detected events.

Abstract: Prioritizing at least one flow class for an application on a software defined networking (SDN) controller includes registering flow classes for an application with a SDN controller, determining, with the SDN controller, a priority for each of the flow classes based on other installed applications and network services on the SDN controller, receiving, from the application, at least one flow modification rule using a priority key as the priority, and validating the at least one flow modification rule against registered parameters of at least one of the flow classes of the application to determine a flow of traffic based on the priority.

Abstract: Technologies for providing electronic security to a first network are disclosed. The system may include a user equipment, a gateway device configured to mediate communication between a first network and a second network for the user equipment, and an electronic security device communicatively coupled to the gateway device. The electronic security device may include a gateway interface module configured to assume an identity associated with the gateway device, a network interface module configured to present the identity to the second network, and a traffic inspection module configured to monitor traffic without substantially affecting a topology of the first network, wherein the electronic security device is configured to identify undesirable traffic; and implement a security policy.

Abstract: Modifying a priority for at least one flow class of an application includes registering flow classes for an application with a SDN controller, determining, with the SDN controller, a priority for each of the flow classes based on other installed applications and network services on the SDN controller, modifying, based on an event, the priority for at least one of the flow classes of the application by mapping a priority key associated with the priority to a new priority value, receiving, from the application, at least one flow modification rule using a priority key as the priority, and validating the at least one flow modification rule against registered parameters of at least one of the flow classes of the application to determine a flow of traffic based on the priority.

Abstract: A system allows just-in-time checking of information about an email in which a hyperlink is embedded. Upon receipt of the email containing the hyperlink, the resource locator of the hyperlink is modified to allow checking the reputation of the email upon traversal of the hyperlink. At traversal of the hyperlink, the current reputation of the resource locator and the current reputation of the email are both determined, and one or more actions are performed responsive to the determination.

Abstract: Systems, devices and methods to protect a regional network (e.g., home network) by monitoring devices connected to and attempting to connect to the regional network. Monitoring includes assessing and addressing security concerns regarding devices attempting to or available to connect to the regional network as well as monitoring configurations and activity of connected devices. Devices to monitor include: computers, Personal Digital Assistants (PDAs), laptops, tablets, home appliances, smartphones, smart televisions, and any other type of device in the logical proximity of the regional network.

Abstract: Technologies for monitoring vehicle traffic include a traffic analysis server that receives infrastructure data from infrastructure sensors positioned along a road segment of a road and vehicle data from one or more vehicles travelling along the road segment. The traffic analysis server determines whether anomalies are present in the traffic data through the road segment based on an expected traffic behavior for the road segment. The traffic analysis server determines the expected traffic behavior for the road segment in a particular time window based on a historical traffic pattern associated with the road segment, based on historical vehicle data and historical infrastructure data captured during a prior time window corresponding to the particular time window for that road segment. Other embodiments are described and claimed.

Abstract: Particular embodiments may include a system, apparatus, method, and/or machine readable storage medium for determining sensor usage by: detecting, at a level below an operating system executing on a computing device, one or more requests from an application to access one or more sensors associated with the computing device; determining, based on the one or more requests from the application to access the one or more sensors, that the application requested unexpected access to the one or more sensors; and performing a remedial action in response to the unexpected access requested by the application.