This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

Today an individual attending an event must undertake a second registration and purchasing sequence in order to attend a subsequent occurrence of the event. However, by the time they remember to re-register their interest may have waned or the event is sold out. In other instances, they forget even though the event does not sell out. Accordingly, it would be beneficial to provide registrants of an event with a means to re-register for the next occurrence of the event in a manner that was quick, simple, independent of execution of the registration/purchase steps with a service provider, and independent of completion of service provider support for the next event. Further, it would be beneficial to leverage the credential provided to the registrant for the current event in progress or just completed in the re-registration of the registrant for the next event. It would be further beneficial for said method to leverage the technology and devices of portable electronic devices associated with the registrant.

The present invention provides a microcode signature security management system based on a Trustzone technology, and belongs to the field of data security storage. The microcode signature security management system comprises the steps of: starting a normal operating system after the hardware equipment is started; acquiring the signature-encrypted microcode file and outputting the signature-encrypted microcode file and a switching signal by the normal operating system; receiving the switching signal and starting the monitor mode by the microprocessor to start a secure operating system; receiving the signature-encrypted microcode file, performing signature verification on the signature-encrypted microcode file, loading the file when the signature verification passes, otherwise outputting microcode error information when the signature verification fails by the secure operating system. The present invention has beneficial effects that the security of microcode is ensured on the basis of a secure operating system (secure os) safety environment to which a system layer is inaccessible. A cryptography tool measure is adopted, so that the security, integrity and correctness of loaded microcode are ensured, and the risk of breaking, modifying and replacing an existing microcode management mechanism is lowered.

A Digital Payment Device (DPD) including a Digital Transaction Processing Unit (DTPU), a Microcontroller Unit (MCU), and a command generation unit, wherein the command generation unit is operable to generate a DTPU command capable of being authenticated against a targeted security domain of the DTPU, the DTPU command including a payload capable of being executed by the DTPU; and the MCU is operable to communicate the DTPU command to the DTPU for execution by the DTPU.

In some examples, a secure compliance protocol may include a virtual computing instance (VCI) deployed on a hypervisor and may be provisioned with hardware computing resources. In some examples the VCI may also include a cryptoprocessor to provide cryptoprocessing to securely communicate with a plurality of nodes, and a plurality of agents to generate a plurality of compliance proofs; the VCI may communicate with a server corresponding to a node of the plurality of nodes; and receive a time stamp corresponding to at least one compliance proof based on a metric of a connected device.

A secure bus for pre-placement of device capabilities across a set of cryptoprocessors may be provided. A first cryptoprocessor may receive a key corresponding to a second cryptoprocessor and it may receive an object in response to the object being instantiated on the second cryptoprocessor. Next, the first cryptoprocessor may use the key to determine that the second cryptoprocessor signed the object. The first cryptoprocessor may then store the object in the first cryptoprocessor in response to determining that the second cryptoprocessor signed the object. Then the first cryptoprocessor may receive a request for the object and provide a response to the request.

The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a first node is endorsed. During endorsement of a first node, a pre-determined type of blockchain or other security protocol code to be authorized and a pre-determined membership list are stored in a trusted execution environment (TEE) of the first node. A determination is made as to whether the membership lists and pre-determined blockchain or other security protocol code to be authorized from the proposed members match. If so, TEE attestation is used to verify that nodes associated with prospective members of the consortium store the pre-determined type of blockchain or other security protocol code to be authorized. Upon TEE attestation being successful, a consortium network is bootstrapped such that the prospective members become members of the consortium network.

Sensitive information can be managed using a trusted platform module. For example, a system can encrypt target information using a cryptographic key to generate encrypted data. The system can also receive an encrypted key from a trusted platform module, where the encrypted key is a version of the cryptographic key that is encrypted using a public key stored in the trusted platform module. The system can then transmit the encrypted data and the encrypted key to a remote computing system, for example to store the encrypted data and the encrypted key on the remote computing system. Using these techniques, the target information may be secured and stored in remote locations.

In some examples, a secure compliance protocol may include a virtual computing instance (VCI) deployed on a hypervisor and may be provisioned with hardware computing resources. In some examples the VCI may also include a cryptoprocessor to provide cryptoprocessing to securely communicate with a plurality of nodes, and a plurality of agents to generate a plurality of compliance proofs; the VCI may communicate with a server corresponding to a node of the plurality of nodes; and receive a time stamp corresponding to at least one compliance proof based on a metric of a connected device.

The invention relates to distributed ledger technologies such as consensus-based blockchains. A blockchain transaction may include digital resources that are encumbered by a locking script that encodes a set of conditions that must be fulfilled before the encumbered resources may be used (e.g., transferring ownership/control of encumbered resources). A worker (e.g., a computer system) performs one or more computations to generate a proof, which is encoded as part of an unlocking script. A verification algorithm may utilize the proof, a verification key, and additional data such as a cryptographic material associated with the worker (e.g., a digital signature) to verify that digital assets of the transaction should be transferred. As a result of the validation of this transaction, any third party is able to check the contract was executed corrected rather than re-executing the contract, thus saving computational power.