A method of starting-up a computer system includes accessing a second storage area of a storage in which program data are stored; loading and executing the program data from a second storage area; mounting an external storage medium connected to the computer system, wherein a file system key that decrypts a file system data is stored on an external storage medium, wherein the file system key is encrypted on the external storage medium; loading the encrypted file system key from the external storage medium into the computer system; decrypting the encrypted file system key by a key stored in the second storage area; setting the decrypted file system key in a cryptographic module established by the start-up process; and decrypting and loading file system data of the encrypted file system by the cryptographic modules by the set file system key, whereby the computer system is started up completely.

A computer system is provided that includes devices configured to acquire input data. The system further includes a remote node (RN) configured to receive a first packet from a control node (CN). The first packet includes a packet header including a master timestamp, first control data and a CRC. The RN is also configured to verify integrity of the first control data based on the received CRC, generate and transmit to the CN a second packet. The second packet includes a packet header which includes a remote timestamp. The system also includes a CN connected with the RN via high-speed serial interfaces. The CN is configured to receive the second packet, determine status of the first packet based on the control data included in the second packet and configured to retransmit the first packet or generate and transmit a third packet based on the determined status of the first packet.

A method of starting-up a computer system includes accessing a second storage area of a storage in which program data are stored; loading and executing the program data from a second storage area; mounting an external storage medium connected to the computer system, wherein a file system key that decrypts a file system data is stored on an external storage medium, wherein the file system key is encrypted on the external storage medium; loading the encrypted file system key from the external storage medium into the computer system; decrypting the encrypted file system key by a key stored in the second storage area; setting the decrypted file system key in a cryptographic module established by the start-up process; and decrypting and loading file system data of the encrypted file system by the cryptographic modules by the set file system key, whereby the computer system is started up completely.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes transmitting a timestamp request for a to-be-timestamped block of a blockchain at a time point to a trust time server by a ledger server in a blockchain-based centralized ledger system that stores data in the blockchain, the trust time server being associated with a trust time authority and independent from the blockchain-based centralized ledger system, the blockchain including a plurality of blocks storing transaction data, and disregarding the timestamp request in response to determining that a predetermined time period has lapsed after the time point and that there has been no reply to the timestamp request from the trust time server.

In some embodiments, securing device commands includes a first electronic device receiving a command authorization request message from a second electronic device, including a device command to be performed by the second electronic device, a command argument, and a first message authentication code (MAC) generated by applying a hash function to the device command, the command argument and a first counter value. The first electronic device generates a second MAC by applying the hash function to the device command, the command argument and a second counter value synchronized with the first counter value. The first electronic device compares the first MAC and the second MAC to authenticate the device command and transmit a command approval message or a command denial message. The command approval message causes the second electronic device to perform the device command and the command denial message causes the second electronic device to reject the device command.

A clock glitch detection circuit includes a detection circuit and a logic circuit. The detection circuit is configured to receive a clock input signal and a clock output signal and determines whether the clock input signal and the clock output signal are in phase, so as to output a first detection signal and a second detection signal. The logic circuit is coupled to the detection circuit and configured to receive the first detection signal and the second detection signal. The logic circuit determines whether the first detection signal and the second detection signal are in phase, so as to generate a glitch detection signal. The glitch detection signal is configured to indicate whether clock glitch occurs in the clock input signal.

A mechanism for securing a mobile app for execution on a mobile device. The mechanism includes loading a non-trusted portion of the mobile app from a non-trusted application provider onto the mobile device, operating a key provisioning server to generate keys associated with a trusted execution environment, transmitting the keys associated with the trusted execution environment to the mobile device and to a key directory server, authenticate the mobile device, and upon authenticating the mobile device, transmitting a trusted portion of the mobile app including a trusted application to the mobile device, and installing the trusted portion of the mobile app on the mobile device thereby providing a trusted execution environment. Other systems and methods are disclosed.

In general, this disclosure describes scalable, partitionable encryption engines. The partitionable encryption engines of this disclosure yield power savings, such as by controlling operation of partitioned sub-datapaths at reduced clock rates. An apparatus includes an interface configured to receive a block of encrypted data for decryption, and a decryption engine in communication with the interface. The decryption engine includes a plurality of decryption sub-datapaths, where each respective decryption sub-datapath has no data interdependency with any other decryption sub-datapath of the plurality of decryption sub-datapaths. The decryption engine is configured to selectively enable one or more decryption sub-datapaths of the plurality of decryption sub-datapaths to decrypt the block of encrypted data to form a decrypted block of data.

A system and method for providing a secure database access from an application program implemented on a client device located in a first to a database located in a second zone, which is outside of the first zone, applying a traditional database access application programming interface, wherein implementing an database access driver on the client device in the first zone and implementing an access proxy in a second zone, which is connected to the database, performing an authentication of a user of the application program via an authentication agent located on the database access driver and an authentication server, delivering a credential from the authentication server to the database access driver in case of a successful authentication, and enabling database access to the user of the application program, if the credential is accepted by the database access proxy.

Various embodiments relating to an electronic device are described, and according to an embodiment, the electronic device may comprise a communication module which performs wireless communication; at least one processor which is electrically connected to the communication module; and a memory which stores instructions which cause at least one processor to receive or transmit data via communication with an external electronic device using the communication module on the basis of a first operating system and to process the received data or data to be transmitted to the external electronic device using a designated key on the basis of a second operating system, at the time of execution thereof.