Establishing secure communications by sending a server certificate message, the certificate message including a first certificate associated with a first encryption algorithm and a second certificate associated with a second encryption algorithm, the first certificate and second certificate bound to each other, signing a first message associated with client-server communications using a first private key, the first private key associated with the first certificate, signing a second message associated with the client-server communications using a second private key, the second private key associated with the second certificate, the second message including the signed first message, and sending a server certificate verify message, the server certificate verify message comprising the signed first message and the signed second message.

A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.

A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.

The present disclosure provides systems, methods, and computer-readable storage media having functionality to prove immutability of blockchains without accessing user data. A user may submit data for storage to a data management server and the data management server may generate one or more data records corresponding to the data at a database and one or more blocks at a blockchain, each block corresponding to of the data records. Block information associated with the generated blocks may be transmitted to a remote computing device for storage at a database. Prior to storing the block information, the remote computing device may sign the data using a private key or other cryptographic technique. To validate a block, raw block information may be retrieved from the blockchain and compared to the signed block information. If the signed block information matches the raw block information, the block may be determined to be valid (e.g., unchanged).

The present disclosure provides systems, methods, and computer-readable storage media having functionality to prove immutability of blockchains without accessing user data. A user may submit data for storage to a data management server and the data management server may generate one or more data records corresponding to the data at a database and one or more blocks at a blockchain, each block corresponding to of the data records. Block information associated with the generated blocks may be transmitted to a remote computing device for storage at a database. Prior to storing the block information, the remote computing device may sign the data using a private key or other cryptographic technique. To validate a block, raw block information may be retrieved from the blockchain and compared to the signed block information. If the signed block information matches the raw block information, the block may be determined to be valid (e.g., unchanged).

A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

The present disclosure relates to methods of mining a block of a distributed ledger. The methods include: receiving a block to be mined, the block including a header hash and a plurality of transactions; creating a first signature based on a first function, where inputs to the first function include the header hash and the plurality of transactions; and creating a second signature based on a second function, where an input to the second function is the first signature. In one example, the second function is a multiplicative inverse function and the method further includes creating the second signature that is a multiplicative inverse value of the first signature with respect to a first irreducible polynomial. The method additionally includes creating a chain of signatures, where each of the signatures is a multiplicative inverse value of a previous output with respect to a respective irreducible polynomial.

Embodiments of this application disclose a data processing method. The method includes obtaining data that need to be verified from a target trusted computing node; obtaining first ledger data corresponding to the data that need to be verified, the first ledger data being obtained by signing a first message digest by using a private key of the target trusted computing node and being stored in the blockchain network by the target trusted computing node, and the first message digest being obtained by performing message digest calculation on raw data; decrypting the first ledger data by using a public key of the target trusted computing node to obtain the first message digest; performing message digest calculation on the data that need to be verified to obtain a second message digest; and determining a verification result according to the first message digest and the second message digest.

Embodiments of this application disclose a data processing method. The method includes obtaining data that need to be verified from a target trusted computing node; obtaining first ledger data corresponding to the data that need to be verified, the first ledger data being obtained by signing a first message digest by using a private key of the target trusted computing node and being stored in the blockchain network by the target trusted computing node, and the first message digest being obtained by performing message digest calculation on raw data; decrypting the first ledger data by using a public key of the target trusted computing node to obtain the first message digest; performing message digest calculation on the data that need to be verified to obtain a second message digest; and determining a verification result according to the first message digest and the second message digest.

This disclosure relates to a method for vertical federated learning. In multiple participation nodes deployed in a multi-way tree topology, an upper-layer participation node corresponds to k lower-layer participation nodes. After the upper-layer participation node and the k lower-layer participation nodes exchange public keys with each other, the upper-layer participation node performs secure two-party joint computation with the lower-layer participation nodes with a first public key and second public keys as encryption parameters to obtain k two-party joint outputs of a federated model. Further, the upper-layer participation node aggregates the k two-party joint outputs to obtain a first joint model output corresponding to the federated model. As such, a multi-way tree topology deployment-based vertical federated learning architecture is provided, improving the equality of each participation node in a vertical federated learning process.