A method for authorizing I/O (input/output) commands in a storage cluster is provided. The method includes generating a token responsive to an authority initiating an I/O command, wherein the token is specific to assignment of the authority and a storage node of the storage cluster. The method includes verifying the I/O command using the token, wherein the token includes a signature confirming validity of the token and wherein the token is revocable.

A vehicular control apparatus is used in an onboard system provided with a plurality of information processors mutually connected via a communication bus, and includes a storage section for storing information, and an arithmetic section for executing a process based on the information stored in the storage section. The information contains first management information relating to a security abnormality as a communication data abnormality owing to security attack from outside the onboard system, and second management information relating to a safety abnormality as a communication data abnormality owing to an abnormality in the onboard system. The first management information contains first limit condition information indicating a first limit condition for executing a security coping with the security abnormality. The second management information contains second limit condition information indicating a second limit condition for executing a safety coping with the safety abnormality. Upon detection of the communication data abnormality in the onboard system, the arithmetic section determines a coping content to the detected communication data abnormality based on the first management information and the second management information.

Disclosed herein are methods, systems, and apparatus for processing blockchain-based guarantee information. One of the methods includes receiving a first cyphertext of a first digital document specifying a guarantee from a first computing device associated with at least a first guarantor and one or more zero-knowledge proofs (ZKPs) related to one or more values associated with the guarantee, and the first digital document specifies one or more predetermined conditions of executing the guarantee; verifying that the one or more ZKPs are correct; storing the first cyphertext to a blockchain based on performing a consensus algorithm; receiving a first message from a second computing device associated with a beneficiary or a representative of the beneficiary.

A method including receiving, at multiple cloud computing servers, multiple streaming data sets for the same sensing task each from a respective client device. The streaming data set from each client device comprises sensed data sensed by one or more sensors of said client device. The streaming data sets are encrypted. Each respective streaming data set from a respective client device is divided into multiple streaming data set portions, each to be received at a respective one of the cloud computing server. The method also includes processing, at each respective cloud computing server, the corresponding streaming data set portions received to generate a corresponding share of a result for the sensing task. The method also includes encrypting, at each respective one of the cloud computing servers, the corresponding share of the result; and facilitating creation or update of a blockchain based on the encrypted shares of the result.

A secret key value that is inaccessible to software is scrambled according to registers consisting of one-time programmable (OTP) bits. A first OTP register is used to change the scrambling of the secret key value whenever a lifecycle event occurs. A second OTP register is used to undo the change in the scrambling of the secret key. A third OTP register is used to affect a permanent change to the scrambling of the secret key. The scrambled values of the secret key (whether changed or unchanged) are used as seeds to produce keys for cryptographic operations by a device.

A computer-implemented method for providing a system-specific secret to a computing system having a plurality of computing components is disclosed. The method includes storing permanently a component-specific import key as part of a computing component and storing the component-specific import key in a manufacturing-side storage system. Upon a request for the system-specific secret for a computing system, the method includes identifying the computing component comprised in the computing system, retrieving a record relating to the identified computing component, determining the system-specific secret protected by a hardware security module and determining a system-specific auxiliary key. Furthermore, the method includes encrypting the system-specific auxiliary key with the retrieved component-specific import key, thereby creating a auxiliary key bundle, encrypting the system-specific secret and storing the auxiliary key bundle and a system record in a storage medium of the computing system.

Systems and methods are described for a cyber-physical vehicle management system generated by an Integrated Secure Device Manager (ISDM) Authority configured to manage licensing and approval of Cyber-Physical Vehicle (CPV)s, a public/private key pair and a unique ID for the Authority, create a self-signed Authority token signed by the private key, send the Authority token to a plurality of ISDM Node device configured to verify Module device authenticity and in communication with the Authority, store, by each Node, the Authority token, and mark, by each Node, the Authority token as trusted.

An example operation may include one or more of receiving a request associated with a key-value pair stored in a database, determining whether a state of the key-value pair has changed since a most recently received request, and in response to a determination that the state of the key-value pair has changed, generating a data block that includes a changed state of the key-value pair and adding the generated data block to a hash-linked chain of data blocks.

Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

The present technology discloses methods and systems for receiving a security profile request from an integrity verifier, the request including a nonce; requesting, from a trusted platform module, a new nonce, wherein the new nonce is generated at least in part by the nonce and a current timestamp from a clock in the trusted platform module; receiving, from the trusted platform module, the new nonce; requesting, from a cryptoprocessor, a set of platform configuration registers; receiving, from the cryptoprocessor, the set of platform configuration registers; and sending a response to the integrity verifier, the response including the new nonce and the set of platform configuration registers to verify a security status of the trusted platform module and the cryptoprocessor.