An external trusted time source is implemented over a network for conditional access system (CAS)/digital rights management (DRM) client devices. A client device includes untrusted software and a trusted execution environment (TEE) for processing an entitlement management message (EMM) that includes an epoch sequence number (ESN) transmitted from an EMM server using a first network connection. A remaining client key set (CKS) lifetime value is stored and updated in the TEE based on the ESN processed.

A system of devices receives and stores documents based on confidential information redacted from the documents. An electronic document is analyzed to identify character blocks having confidential information. The confidential information can be in different formats within the document. Redaction rules are applied to the character blocks to identify confidential categories for the confidential information within the blocks. The confidential information is redacted based on the rules such that the confidential information is removed from the document. A new electronic document is generated with the information redacted such that it is not viewable or printable. The two documents with different levels of confidential information is then stored on separate devices within the system. The documents are transferred when a device is removed from the system according to various criteria.

In some embodiments, securing device commands includes a first electronic device receiving a command authorization request message from a second electronic device, including a device command to be performed by the second electronic device, a command argument, and a first message authentication code (MAC) generated by applying a hash function to the device command, the command argument and a first counter value. The first electronic device generates a second MAC by applying the hash function to the device command, the command argument and a second counter value synchronized with the first counter value. The first electronic device compares the first MAC and the second MAC to authenticate the device command and transmit a command approval message or a command denial message. The command approval message causes the second electronic device to perform the device command and the command denial message causes the second electronic device to reject the device command.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes transmitting a timestamp request for a to-be-timestamped block of a blockchain at a time point to a trust time server by a ledger server in a blockchain-based centralized ledger system that stores data in the blockchain, the trust time server being associated with a trust time authority and independent from the blockchain-based centralized ledger system, the blockchain including a plurality of blocks storing transaction data, and disregarding the timestamp request in response to determining that a predetermined time period has lapsed after the time point and that there has been no reply to the timestamp request from the trust time server.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes transmitting individual timestamp requests for to-be-timestamped blocks in a blockchain to a trust time server independent from a blockchain-based centralized ledger system that stores data in the blockchain, the blockchain including a plurality of blocks storing transaction data, receiving respective timestamps and associated signatures for the to-be-timestamped blocks from the trust time server, and storing information of the respective timestamps and associated signatures for the to-be-timestamped blocks in respective timestamped blocks in the blockchain, any adjacent two of the timestamped blocks in the blockchain being anchored with each other.

A system and method for providing a secure database access from an application program implemented on a client device located in a first to a database located in a second zone, which is outside of the first zone, applying a traditional database access application programming interface, wherein implementing an database access driver on the client device in the first zone and implementing an access proxy in a second zone, which is connected to the database, performing an authentication of a user of the application program via an authentication agent located on the database access driver and an authentication server, delivering a credential from the authentication server to the database access driver in case of a successful authentication, and enabling database access to the user of the application program, if the credential is accepted by the database access proxy.

A computer-implemented method for managing a real-time clock having a drift and being embedded in a portable tamper-resistant device, which receives applicative data when performing a banking transaction with another device. comprises a step of extracting a time from the applicative data, the method also includes a step of compensating the drift by updating the real-time clock based on said time.

Apparatuses, methods and storage media associated with managing a computing platform in view of an expiration date are described herein. In embodiments, an apparatus may include a computing platform that includes one or more processors to execute applications; and a trusted execution environment that includes a tamper-proof storage to store an expiration date of the computing platform, and a firmware module to be operated in a secure system management mode to regulate operation of the computing platform in view of at least whether a current date is earlier than the expiration date. Other embodiments may be described or claimed.

A method provides trusted timing services to an enclave of a computer having memory and a trusted hardware timer. The computer executes a privileged management program and an untrusted operating system. The privileged management program has access to the memory and the trusted hardware timer, has higher privileges than the untrusted operating system, and exposes a system call to the enclave for requesting the trusted timing services. The method includes: receiving, by the privileged management program, a request for timing services from the enclave, via the system call; reserving, by the privileged management program, a memory region of the memory for tracking time; and writing, by the privileged management program, at least one value of the trusted hardware timer into the memory region.

A method for providing an anti-rollback secure timer service includes determining, at a device which includes a processor providing a trusted execution environment (TEE), a trusted memory, and a real time clock (RTC) accessible through an operating system of the device, an initial reference time value, by a secure timer application running in the TEE, the initial reference time value determined based on an initial value of the RTC obtained during booting of the device and a time delta value. The method further includes determining an updated reference time value based on the initial reference time value, a second value of the RTC, and a previously stored old reference time value, determining an updated time delta value based on the second value of the RTC and the updated reference time value, and storing the updated time delta value and the updated reference time value in the trusted memory.