Systems and methods for providing cryptographic services. A cryptography service obtains a request to provision a computing device to perform cryptographic operations. The cryptography service generates executable code for a protected execution environment. The computing device obtains and executes the executable code. The computing device fulfills requests for cryptographic operations in the protected execution environment.

A method for securely executing an item of software. One or more security modules are executed by a computer and a computer executes the item of software. The execution of the item of software includes, at at least one point during execution of the item of software at which a predetermined function is to be performed, attempting to perform the predetermined function. The attempt to perform the predetermined function including sending, to an address system, a request for an address of instructions for carrying out the predetermined function, the request including an identifier of the predetermined function; receiving, from the address system in response to the request, an address generated by the address system based, at least in part, on (a) the identifier and (b) verification data provided to the address system from at least one of the one or more security modules; and continuing execution of the item of software at the address received from the address system.

A content owner registers with an identity authority by providing information about the content owner and a public key of a public/private key pair. The content owner registers content to the identity authority and signs the multiple segments of the content with the private key of the public/private key pair. A system that receives the signed content determines an indicated content owner of the received media content and communicates with the identity authority to confirm that the media content was produced by the indicated content owner. The receiving system requests the public key of the content owner from the identity authority and uses the public key to verify the signature of each media content segment. Accordingly, the receiving system is able to determine if the media content was manipulated after being distributed by the content owner.

A communication device. The communication device comprises a central processing unit (CPU), a graphics processing unit (GPU), and a non-transitory memory comprising executable instructions for a sharing application that when executed by at least one of the CPU or the GPU, causes the sharing application to transmit an executable of a trusted application to an endpoint communication device, begin execution of the sharing application in a trusted security execution zone (TSZ) execution mode for sharing media content, instantiate a trustlet application that begins execution by the CPU or the GPU in the TSZ execution mode, display a unit of media content on the communication device, determine whether the unit of media content comprises confidential information, and in response to a determination the unit of media content comprises confidential information, transmit commands to the trusted application to control one or more functions at the endpoint communication device.

A computer system comprising a processor and a memory for storing instructions, that when executed by the processor performs a copy protection method. The copy protection method comprises executing a software loop of a first software application in a first operating system. A first call is executed in the software loop to a code portion. A decrypted code portion of the first software application is executed in a second operating system in response to the first call. The code portion is decrypted in response to a successful validation of the first software application.

Herein disclosed are approaches for protecting sensitive information within a fingerprint authentication system that can be snooped and utilized to access the device, secured information, or a secured application. The approaches can utilize encryption keys and hash functions that are unique to the device in which the fingerprint authentication is being performed to protect the sensitive information that can be snooped.

A document management system processes application programming interface (API) requests received from entities. The document management system processes the API requests to perform operations such as modifying a document, executing a document, or sending a set of documents to another entity. The document management system enforces API limits on API requests received from entities and processed by the document management system. The document management system allows an entity to request a modification to an API limit to a target API limit and determines whether to approve the requested modification. The document management system determines whether to approve the requested API limits based on a comparison with other entities that are similar to the entity based on past API requests received from the other entities.

An example hardware accelerator for a computer system includes a programmable device and further includes kernel logic configured in a programmable fabric of the programmable device, and an intellectual property (IP) checker circuit in the kernel logic. The IP checker circuit is configured to obtain a device identifier (ID) of the programmable device and a signed whitelist, the signed whitelist including a list of device IDs and a signature, verify the signature of the signed whitelist, compare the device ID against the list of device IDs, and selectively assert or deassert an enable of the kernel logic in response to presence or absence, respectively, of the device ID in the list of device IDs and verification of the signature.

A system and method for sharing content data between networked devices in communication with a server processor circuit via a data network is disclosed. The method involves, in response to a request received at the server from a first networked device to upload content data, causing the content data to be written to a storage location at a content storage address. The method also involves causing the server processor circuit to store the content storage address in a database managed by the server. The method further involves causing the server processor circuit to associate an access key with the content storage address in the database and to determine and store an expiry for the access key in the database, the expiry facilitating a determination as to whether the access key remains actively associated with the content data or has expired and is no longer associated with the content data. The method also involves receiving a content access request at the server from a second networked device to access the content data uploaded by the first networked device, the content access request including a request access key. The method further involves causing the server processor circuit to perform a database query and if there is an unexpired access key in the database that matches the request access key, authorizing the second networked device to access the content data.

According to one embodiment, an information processing apparatus is applied to an embedded system in an electric device and includes a first circuit. The first circuit is configured to request a server different from the information processing apparatus to determine whether a debug or software change is possible in response to external access.