Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein. An example apparatus includes at least one memory, and at least one processor to execute instructions to at least identify one or more non-sensitive parameters of a plurality of policy parameters and one or more sensitive parameters of the plurality of the policy parameters, the plurality of the policy parameters obtained from a computing device in response to a request from a cloud analytics server for the plurality of the policy parameters, encrypt the one or more sensitive parameters to generate encrypted parameter data in response to the identification of the one or more sensitive parameters, and transmit the encrypted parameter data to the cloud analytics server, the cloud analytics server to curry a security policy function based on one or more of the plurality of the policy parameters.

Abstract: In an example, there is disclosed a system and method for providing a service-oriented architecture, including request/response, over a publish/subscribe framework. In one embodiment, a system is disclosed for adding layers upon a publish/subscribe messaging framework for sophisticated messaging such as point-to-point (request/response) and the ability to query for available services, in a reliable, scalable manner.

Abstract: An apparatus includes a network interface and a processing unit. The network interface transmits a security payload. The processing unit determines a first partition of a queuing service for the security payload at a first time, at least in part based on a determination that an initial attempt to transmit the security payload failed. The processing unit also instructs a retrieval of the security payload from the first partition to perform a first retry attempt to transmit the security payload, at least in part based on a determination that a first retry interval since the first time has elapsed.

Abstract: In various embodiments, an intent-based query processing application processes search queries. The intent-based query processing application computes lexical similarity scores between a search query and a set of entities. The intent-based query processing application computes entity relevance scores based on the lexical similarity scores and user engagement scores associated with both the search query and the set of entities. The intent-based query processing application computes a first category relevance score associated with both the search query and a first category based on the entity relevance scores. The intent-based query processing application determines an intent associated with the search query based on the first category relevance score. The intent-based query processing application generates a response to the search query based on the intent.

Abstract: In various embodiments, structured pages are dynamically generated based on user inputs. In response to a user input such as a query, a page generating engine ranks content items according to relevance to the user input in order to generate a list of the content items that is ordered based on the relevance. The page generating engine further maps the content items to collections of content items that can be displayed together in a page. Then, the page generating engine generates a structured page that includes a subset of the collections and associated content items that are assigned to collections within the subset of collections based on relevance and/or coherence criteria. Thereafter, the structured page is transmitted to a client device for display via user interface.

Abstract: A disclosed example apparatus includes memory; and at least one processor to execute first instructions, the first instructions obtained from first encrypted firmware, the at least one processor to: encrypt handoff data with an original equipment manufacturer key to generate encrypted handoff data; decrypt second encrypted firmware based on the original equipment manufacturer key to generate second instructions; and provide access to the encrypted handoff data to the second instructions, the second instructions to perform initialization of a computer based on the handoff data obtained from the encrypted handoff data.

Abstract: An apparatus includes a network interface and a processing unit. The network interface transmits a security payload. The processing unit determines a first partition of a queuing service for the security payload at a first time, at least in part based on a determination that an initial attempt to transmit the security payload failed. The processing unit also instructs a retrieval of the security payload from the first partition to perform a first retry attempt to transmit the security payload, at least in part based on a determination that a first retry interval since the first time has elapsed.

Abstract: In an example, there is disclosed a system and method for providing a service-oriented architecture, including request/response, over a publish/subscribe framework. In one embodiment, a system is disclosed for adding layers upon a publish/subscribe messaging framework for sophisticated messaging such as point-to-point (request/response) and the ability to query for available services, in a reliable, scalable manner.

Abstract: There is disclosed in one example a data exchange layer (DXL) broker, including: a network interface to communicatively couple to a data exchange layer (DXL), the DXL including an enterprise service bus (ESB) configured to provide one-to-one device communications over a publish-subscribe fabric; hardware including at least a processor; and instructions encoded on one or more computer-readable mediums to instruct the processor to provide DXL broker software configured to: receive a DXL request message via the DXL, the request message directed to a DXL service; determine that the DXL service is available; and forward the request message to a DXL endpoint via the DXL.

Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein. An example apparatus includes at least one memory, and at least one processor to execute instructions to at least identify one or more non-sensitive parameters of a plurality of policy parameters and one or more sensitive parameters of the plurality of the policy parameters, the plurality of the policy parameters obtained from a computing device in response to a request from a cloud analytics server for the plurality of the policy parameters, encrypt the one or more sensitive parameters to generate encrypted parameter data in response to the identification of the one or more sensitive parameters, and transmit the encrypted parameter data to the cloud analytics server, the cloud analytics server to curry a security policy function based on one or more of the plurality of the policy parameters.

Abstract: A disclosed example apparatus includes memory; and at least one processor to execute first instructions, the first instructions obtained from first encrypted firmware, the at least one processor to: encrypt handoff data with an original equipment manufacturer key to generate encrypted handoff data; decrypt second encrypted firmware based on the original equipment manufacturer key to generate second instructions; and provide access to the encrypted handoff data to the second instructions, the second instructions to perform initialization of a computer based on the handoff data obtained from the encrypted handoff data.

Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein.

Abstract: A pre-boot initialization technique for a computing system allows for encrypting both a manufacturer and original equipment manufacturer firmware routines, as well as handing off data between the manufacturer and original equipment manufacturer firmware routines encrypted with a key provisioned in field programmable fuses with an original equipment manufacturer key. By encrypting the firmware routines and handoff data, security of the pre-boot initialization process is enhanced. Original equipment manufacturer updatable product data may also be encrypted with the original equipment manufacturer key. Additional security may be provided by using trusted input/output capabilities of a trusted execution environment to display information to and receive information from a user. Furthermore, multiple secure phases of configuration may be achieved using wireless credentials exchange components.

Abstract: A pre-boot initialization technique for a computing system allows for encrypting both a manufacturer and original equipment manufacturer firmware routines, as well as handing off data between the manufacturer and original equipment manufacturer firmware routines encrypted with a key provisioned in field programmable fuses with an original equipment manufacturer key. By encrypting the firmware routines and handoff data, security of the pre-boot initialization process is enhanced. Original equipment manufacturer updatable product data may also be encrypted with the original equipment manufacturer key. Additional security may be provided by using trusted input/output capabilities of a trusted execution environment to display information to and receive information from a user. Furthermore, multiple secure phases of configuration may be achieved using wireless credentials exchange components.

Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein.

Abstract: There is disclosed in one example a data exchange layer (DXL) broker, including: a hardware platform including a processor; and instructions encoded in a memory to instruct the processor to communicatively couple to a DXL fabric configured to operate a one to-many (1:N, N>1) publish-subscribe fabric; provide an interface to authenticate and register DXL endpoints with the DXL broker; and provide DXL messaging, including maintaining a routing table of registered DXL endpoints; receiving from a first registered DXL endpoint a one-to-one (1:1) request for an endpoint of the DXL fabric, wherein the endpoint is not a registered DXL endpoint of the broker; and publishing the 1:1 request to the DXL fabric.

Abstract: Technologies for privacy-safe security policy evaluation include a cloud analytics server, a trusted data access mediator (TDAM) device, and one or more client devices. The cloud analytics server curries a security policy function to generate a privacy-safe curried function set. The cloud analytics server requests parameter data from the TDAM device, which collects the parameter data, identifies sensitive parameter data, encrypts the sensitive parameter data, and transmits the encrypted sensitive parameter data to the cloud analytics server. The cloud analytics server evaluates one or more curried functions using non-sensitive parameters to generate one or more sensitive functions that each take a sensitive parameter. The cloud analytics server transmits the sensitive functions and the encrypted sensitive parameters to a client computing device, which decrypts the encrypted sensitive parameters and evaluates the sensitive functions with the sensitive parameters to return a security policy.

Abstract: There is disclosed in one example a data exchange layer (DXL) broker, including: a network interface to communicatively couple to a data exchange layer (DXL), the DXL including an enterprise service bus (ESB) configured to provide one-to-one device communications over a publish-subscribe fabric; hardware including at least a processor; and instructions encoded on one or more computer-readable mediums to instruct the processor to provide DXL broker software configured to: receive a DXL request message via the DXL, the request message directed to a DXL service; determine that the DXL service is available; and forward the request message to a DXL endpoint via the DXL.

Abstract: There is disclosed in one example a data exchange layer (DXL) broker, including: a hardware platform including a processor; and instructions encoded in a memory to instruct the processor to communicatively couple to a DXL fabric configured to operate a one to-many (1:N, N>1) publish-subscribe fabric; provide an interface to authenticate and register DXL endpoints with the DXL broker; and provide DXL messaging, including maintaining a routing table of registered DXL endpoints; receiving from a first registered DXL endpoint a one-to-one (1:1) request for an endpoint of the DXL fabric, wherein the endpoint is not a registered DXL endpoint of the broker; and publishing the 1:1 request to the DXL fabric.

Abstract: In an example, there is disclosed a method or system for merging multiple system trees of different resources based in multiple locations over a data exchange layer. In one embodiment, there is disclosed a system for merging assets of different types within one or more tree-based locations. For example, an end node may be represented in a single location, a single message broker may provide services for and be represented in multiple locations. The asset to asset relationships within merged trees may be used to ensure availability of services and visualization of the system for management purposes.