摘要:
Technologies for utilizing trusted messaging include a local computing device including a message client and a local trusted message module established in a trusted execution environment. The local trusted message module performs attestation of a remote computing device based on communication with a corresponding remote trusted message module established in a trusted execution environment of the remote computing device. The local trusted message module further exchanges, with the remote trusted message module, cryptographic keys in response to successful attestation of the remote computing device. The message client forwards outgoing messages to the local trusted message module and receives incoming messages from the local trusted message module. To securely transmit an outgoing message to the remote computing device, the local trusted message module receives the outgoing message from the message client, encrypts the outgoing message, and cryptographically signs the outgoing message, prior to transmittal to the remote trusted message module of the remote computing device. To securely receive an incoming message from the remote computing device, the local trusted message module receives the incoming message from the remote trusted message module of the remote computing device, decrypts the incoming message, and verifies a cryptographic signature of the incoming message, based on the exchanged cryptographic keys and prior to transmittal of the incoming message to the message client.
摘要:
Various embodiments are generally directed to use of a keyboard as a biometric authentication device. In one embodiment, for example, an apparatus comprises a processor circuit executing a sequence of instructions causing the processor circuit to receive a signal indicative of a keypress of at least one key of a keyboard communicatively coupled to the apparatus, and indicative of at least one physical characteristic associated with the keypress; compare the at least one physical characteristic to at least one stored physical characteristic associated with at least one authorized user of the apparatus; and determine if the keypress is associated with at least one authorized user of the apparatus based on the comparison. Other embodiments are described and claimed herein.
摘要:
The present disclosure is directed to content protection for Data as a Service (DaaS). A device may receive encrypted data from a content provider via DaaS, the encrypted data comprising at least content for presentation on the device. For example, the content provider may utilize a secure multiplex transform (SMT) module in a trusted execution environment (TEE) module to generate encoded data from the content and digital rights management (DRM) data and to generate the encrypted data from the encoded data. The device may also comprise a TEE module including a secure demultiplex transform (SDT) module to decrypt the encoded data from the encrypted data and to decode the content and DRM data from the encoded data. The SMT and SDT modules may interact via a secure communication session to validate security, distribute decryption key(s), etc. In one embodiment, a trust broker may perform TEE module validation and key distribution.
摘要:
The present disclosure is directed to secure vehicular data management with enhanced privacy. A vehicle may comprise at least a vehicular control architecture (VCA) for controlling operation of the vehicle and a device. The VCA may record operational data identifying at least one vehicle operator and vehicular operational data recorded during operation of the vehicle by the at least one vehicle operator. The device may include at least a communication module and a trusted execution environment (TEE) including a privacy enforcement module (PEM). The PEM may receive the operational data from the VCA via the communication module, may generate filtered data by filtering the operational data based on privacy settings and may cause the filtered data to be transmitted via the communication module. The filtered data may be transmitted to at least one data consumer. The privacy settings may be configured in the PEM by the at least one operator.
摘要:
A manageability engine or adjunct processor on a computer platform may receive a request for activation and use of features embedded within that platform from a service provider authorized by the manageability engine's manufacturer. The manageability engine may initiate a request for authority through the service provider to a permit server. The permit server may provide, through the service provider, proof of the service provider's authority, together with a certificate identifying the service provider. Then the manageability engine may enable activation of the features on the platform coupled to the manageability engine, but only by the one particular service provider who has been authorized.
摘要:
In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a non-volatile storage that is configured with full disk encryption (FDE), and storing the PBA image in a memory. Then a callback protocol can be performed between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image, the PBA image is executed if the integrity is confirmed, and otherwise it is deleted. Other embodiments are described and claimed.
摘要:
In accordance with some embodiments, software may be downloaded to an end point, even when that said end point is not fully functional. An indication that software is available for distribution may be stored in a dedicated location within a non-volatile memory. That location may be checked for software to download, for example, on each boot up. The software may then be downloaded and verified. Thereafter, the location is marked to indicate that the software has already been downloaded.
摘要:
Generally, this disclosure describes a system including a privacy aware DHCP service and a user device. The user device includes a trusted execution environment including a client privacy agent configured to request a first Internet Protocol (IP) address from a DHCP service and to determine a device privacy score based, at least in part, on a DHCP policy; memory comprising secure storage configured to store the first IP address; and communication circuitry configured to establish at least one connection between the user device and at least one entity over a network using the first IP address. The client privacy agent is configured to monitor communication activity over the connection(s), to update the device privacy score based, at least in part, on the communication activity, and to close the connection(s) if the device privacy score is outside an acceptable privacy score range, the acceptable privacy range bounded by a privacy threshold.
摘要:
Embodiments of the present disclosure are directed toward publication and/or removal of attributes in a multi-user computing environment. In some embodiments, a consumer information manager (CIM) associated with a user of a multi-user computing system may receive a notification, from a dimension authority (DA), of a decrease in a population count of users of the computing system who have published an attribute within the computing system, and may determine whether the user has published the attribute. In response to receiving the notification of the decrease and determining that the user has published the attribute, the CIM may determine a likelihood that continued publication of the attribute will enable identification of the user, compare the likelihood to a threshold, and, when the likelihood exceeds the threshold, remove the attribute from publication. Other embodiments may be disclosed and/or claimed.
摘要:
In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.