Abstract: Described are computing systems and methods as well as computer program products for enhancing the detection of abnormal online user behavior by incorporating time-series data of behavior-based user clusters into an entity graph for purposes of entity resolution. In various embodiments, graph analysis performed on a graph that includes nodes representing users, user attributes, and user clusters serves to determine groups of similar user entities, which may then be merged and/or further analyzed to detect abnormal behavior.

Abstract: Various embodiments are generally directed to the providing for mutual authentication and secure distributed processing of multi-party data. In particular, an experiment may be submitted to include the distributed processing of private data owned by multiple distrustful entities. Private data providers may authorize the experiment and securely transfer the private data for processing by trusted computing nodes in a pool of trusted computing nodes.

Abstract: Selective/controlled disclosure of user information to private workspaces of other users/invitees based on context/contextual relations, and a shared workspace or market to collaborate amongst the other users (e.g., to crowd-source gifts of interest to the recipient). Contextual disclosure may be based on common context or commonality under a set of conditions, such as a topic, which may include known topics of relationships amongst the users and/or undiscovered contexts. As an example, items of interest to each user are identified and clustered, keywords are assigned to the clusters indicative of topics/subjects of interests to the respective users, recipient keywords are compared to keywords of an invitee to identify common keywords as shared interests, and items of interest to the recipient that relate to the common keywords are disclosed to the invitee as a personalized wish-list. Keyword weighting and/or keyword/item level privacy designations may be provided to further control disclosure.

Abstract: Systems, methods, and apparatus to provide private information retrieval are disclosed. An example apparatus includes a protected data enclave to store a first portion of data such that entities other than the first trusted hardware processing unit are unable to access the first portion of the data. The example apparatus includes a request processor to determine that a data element specified in a first request from an entity is stored in a second trusted hardware processing unit. The request processor is to send an encrypted request for the data element to the second trusted hardware processing unit, and send an encrypted dummy request to a third trusted hardware processing unit. The request processor is to determine whether an encrypted dummy response has been received from the third trusted hardware processing unit, and whether an encrypted response including the data element has been received from the second trusted hardware processing unit.

Abstract: Systems, methods, and apparatus to provide private information retrieval are disclosed. An example apparatus includes a protected data enclave to store a first portion of data such that entities other than the first trusted hardware processing unit are unable to access the first portion of the data. The example apparatus includes a request processor to determine that a data element specified in a first request from an entity is stored in a second trusted hardware processing unit. The request processor is to send an encrypted request for the data element to the second trusted hardware processing unit, and send an encrypted dummy request to a third trusted hardware processing unit. The request processor is to determine whether an encrypted dummy response has been received from the third trusted hardware processing unit, and whether an encrypted response including the data element has been received from the second trusted hardware processing unit.

Abstract: In one embodiment a controller comprises logic configured to define, for display on a region of a display device coupled to the controller, a dialog box, lock the dialog box such that input/output operations conducted in the dialog box are visible to the secure controller and are not visible to an untrusted execution complex communicatively coupled to the secure controller, receive one or more authentication credentials based on a user input to the dialog box, and use the one or more authentication credentials to establish a secure communication session with a remote service. Other embodiments may be described.

Abstract: Systems, methods, and apparatus to provide private information retrieval. A disclosed example system includes a first trusted processing unit to store a first portion of data such that entities other than the first trusted processing unit are unable to access the first portion of the data in the first trusted processing unit; a second trusted processing unit to store a second portion of the data such that entities other than the second trusted processing unit are unable to access the second portion of the data in the second trusted processing unit; and a third trusted processing unit to: determine that a data element specified in a request is stored in the first trusted processing unit; request the data element from the first trusted processing unit; send a dummy request to the second trusted processing unit; and send the data element to a requester.

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract: Various embodiments are generally directed to the providing for mutual authentication and secure distributed processing of multi-party data. In particular, an experiment may be submitted to include the distributed processing of private data owned by multiple distrustful entities. Private data providers may authorize the experiment and securely transfer the private data for processing by trusted computing nodes in a pool of trusted computing nodes.

Abstract: In one embodiment a controller comprises logic configured to establish a pairing with a remote processor in a second electronic device, create a first secure communication channel with the remote processor, transmit a first portion of a processing task to the remote processor via the first secure channel, receive, via a second communication channel, an input from the first portion of the processing task, and complete at least a second portion of the processing task using the input. Other embodiments may be described.

Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.

Abstract: Systems, methods, and apparatus to provide private information retrieval. A disclosed example system includes a first trusted processing unit to store a first portion of data such that entities other than the first trusted processing unit are unable to access the first portion of the data in the first trusted processing unit; a second trusted processing unit to store a second portion of the data such that entities other than the second trusted processing unit are unable to access the second portion of the data in the second trusted processing unit; and a third trusted processing unit to: determine that a data element specified in a request is stored in the first trusted processing unit; request the data element from the first trusted processing unit; send a dummy request to the second trusted processing unit; and send the data element to a requester.

Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.

Abstract: In one embodiment a controller comprises logic configured to define, for display on a region of a display device coupled to the controller, a dialog box, lock the dialog box such that input/output operations conducted in the dialog box are visible to the secure controller and are not visible to an untrusted execution complex communicatively coupled to the secure controller, receive one or more authentication credentials based on a user input to the dialog box, and use the one or more authentication credentials to establish a secure communication session with a remote service. Other embodiments may be described.

Abstract: In one embodiment a controller comprises logic configured to receive, from an application executing on an untrusted execution complex of the electronic device, a request for a secure communication session with a remote service, verify a security credential received from the remote service, establish a secure communication connection between the secure controller and the remote service, establish a secure user interface, collect one or more authentication credentials from a user via the secure user interface, forward the one or more authentication credentials to the remote service, and conduct a secure communication session with the remote service. Other embodiments may be described.

Abstract: Selective/controlled disclosure of user information to private workspaces of other users/invitees based on context/contextual relations, and a shared workspace or market to collaborate amongst the other users (e.g., to crowd-source gifts of interest to the recipient). Contextual disclosure may be based on common context or commonality under a set of conditions, such as a topic, which may include known topics of relationships amongst the users and/or undiscovered contexts. As an example, items of interest to each user are identified and clustered, keywords are assigned to the clusters indicative of topics/subjects of interests to the respective users, recipient keywords are compared to keywords of an invitee to identify common keywords as shared interests, and items of interest to the recipient that relate to the common keywords are disclosed to the invitee as a personalized wish-list. Keyword weighting and/or keyword/item level privacy designations may be provided to further control disclosure.

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract: Systems, apparatus and methods are described including operations for securing display output data against malicious software attacks.

Abstract: Generally, this disclosure describes a system and method for trusted data processing in the public cloud. A system may include a cloud server including a trusted execution environment, the cloud server one of a plurality of cloud servers, a cloud storage device coupled to the cloud server, and a RKM server including a key server module, the RKM server configured to sign the key server module using a private key and a gateway server configured to provide the signed key server module to the cloud server, the trusted execution environment configured to verify the key server module using a public key related to the private key and to launch the key server module, the key server module configured to establish a secure communication channel between the gateway server and the key server module, and the gateway server configured to provide a cryptographic key to the key server module via the secure communication channel.