Abstract: In an embodiment, at least one non-transitory computer readable storage medium includes instructions that when executed enable a system to: request, by an authentication logic of the system during a multi-factor authentication of a user of the system to obtain access to a first service, a token to be sent from a second system associated with the first service to a third system associated with the user; receive, in the authentication logic, the token from the third system without user involvement via a secure channel; and send the token from the authentication logic to the second system to authenticate the user. Other embodiments are described and claimed.

Abstract: A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional.

Abstract: A platform including a security system is described. The security system comprises, in one embodiment, a multi-state system having a plurality of modes, available whenever the platform has a source of power. The modes comprise an unarmed mode, in which the security system is not protecting the platform, an armed mode, in which the platform is protected, the armed mode reached from the unarmed mode, after an arming command, and a suspecting mode, in which the platform is suspecting theft, the suspecting mode reached from the armed mode, when a risk behavior is detected.

Abstract: Technologies for securely provisioning a personal computing device for enterprise connectivity includes a trusted computing device for wirelessly communicating with the personal computing device, generating a key pair for the personal computing device, generating a certificate signing request, sending the certificate signing request on behalf of the personal computing device, receiving an access certificate for enterprise connectivity, and securely exporting the access certificate and a private key of the key pair to the personal computing device.

Abstract: In an embodiment, at least one non-transitory computer readable storage medium includes instructions that when executed enable a system to: request, by an authentication logic of the system during a multi-factor authentication of a user of the system to obtain access to a first service, a token to be sent from a second system associated with the first service to a third system associated with the user; receive, in the authentication logic, the token from the third system without user involvement via a secure channel; and send the token from the authentication logic to the second system to authenticate the user. Other embodiments are described and claimed.

Abstract: Embodiments of apparatuses, methods for partitioning systems, and partitionable and partitioned systems are disclosed. In one embodiment, a system includes processors and a partition manager. The partition manager is to allocate a subset of the processors to a first partition and another subset of the processors to a second partition. The first partition is to execute first operating system level software and the second partition is to execute second operating system level software.

Abstract: A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions.

Abstract: A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions.

Abstract: Embodiments of apparatuses and methods for memory event notification are disclosed. In one embodiment, a processor includes address translation hardware and memory event hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory event hardware is to detect an access to a registered portion of memory.

Abstract: A system reserves and manages a hidden service partition through components of the hardware platform of a computing device. The hidden partition is not accessible by way of a host operating system on the computing device. A hardware platform controller provisions a portion of nonvolatile storage through configuration settings of the hardware platform controller. When the host system requests settings related to storage in the system, the request is routed through the interfaces of the hardware platform, and the hardware platform controller reports in accordance with the configuration settings, hiding the service partition. The hidden partition is dynamically modifiable through secure remote access to the hardware platform controller, not through the host system such as operating system or BIOS.

Abstract: In accordance with some embodiments, software may be downloaded to an end point, even when that said end point is not fully functional. An indication that software is available for distribution may be stored in a dedicated location within a non-volatile memory. That location may be checked for software to download, for example, on each boot up. The software may then be downloaded and verified. Thereafter, the location is marked to indicate that the software has already been downloaded.

Abstract: A method and device for providing a secure scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an in-band processor configured to execute an operating system and at least one host driver, communication circuitry configured to communicate with a remote server, and an out-of-band (OOB) processor capable of communicating with the remote server using the communication circuitry irrespective of the state of the operating system. The OOB processor may be configured to receive a block read request from the remote server, instruct the at least one host driver to send a storage command to a data storage device, receive data retrieved from the data storage device and authentication metadata generated by the data storage device, and transmit the data and the authentication metadata to the remote server.

Abstract: A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional.

Abstract: Technologies for securely provisioning a personal computing device for enterprise connectivity includes a trusted computing device for wirelessly communicating with the personal computing device, generating a key pair for the personal computing device, generating a certificate signing request, sending the certificate signing request on behalf of the personal computing device, receiving an access certificate for enterprise connectivity, and securely exporting the access certificate and a private key of the key pair to the personal computing device.

Abstract: A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional.

Abstract: In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.

Abstract: A platform including a security system is described. The security system comprises, in one embodiment, a multi-state system having a plurality of modes, available whenever the platform has a source of power. The modes comprise an unarmed mode, in which the security system is not protecting the platform, an armed mode, in which the platform is protected, the armed mode reached from the unarmed mode, after an arming command, and a suspecting mode, in which the platform is suspecting theft, the suspecting mode reached from the armed mode, when a risk behavior is detected.

Abstract: In one embodiment of the invention, a server may send encrypted material to a client. The client processor may decrypt and process the material, encrypt the results, and send the results back to the server. This sequence of events may occur while the execution or processing of the material is restricted to the client processor. Any material outside the client processor, such as material located in system memory, will be encrypted.

Abstract: Embodiments of apparatuses, methods for partitioning systems, and partitionable and partitioned systems are disclosed. In one embodiment, a system includes processors and a partition manager. The partition manager is to allocate a subset of the processors to a first partition and another subset of the processors to a second partition. The first partition is to execute first operating system level software and the second partition is to execute second operating system level software. The first operating system level software is to manage the processors in the first partition as resources individually accessible to the first operating system level software, and the second operating system level software is to manage the processors in the second partition as resources individually accessible to the second operating system level software.

Abstract: A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions.