A secured system includes at least one semiconductor chip comprising information processing circuitry. An array of contact pads is disposed on a surface of the chip and is electrically coupled to the information processing circuitry. The secured system includes one or more semiconductor chiplets. Each chiplet comprises at least a portion of at least one hardware trusted platform module that cryptographically secures the information processing circuitry. An array of electrically conductive microsprings is disposed on a surface of the chiplet and is electrically coupled between the hardware trusted platform module and the contact pads.

A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

The technology disclosed herein enables resource sharing for trusted execution environments. An example method can include: establishing a first trusted execution environment (TEE) in a first computing device; establishing, by the first TEE, a set of shell TEEs, where each shell TEE is configured in view of one or more configuration parameters associated with the set of shell TEEs; receiving, by the first TEE, a request from a tenant computing device to establish a second TEE; determining, by the first TEE, whether the configuration parameters associated with the set of shell TEEs satisfy one or more request parameters for the second TEE; and responsive to determining that the configuration parameters associated with the set of shell TEEs satisfy the one or more request parameters for the second TEE, establishing, by the first TEE, the second TEE to satisfy the request, wherein the second TEE is selected from the set of shell TEEs, and causing, by the first TEE, the second TEE to communicate with tenant computing device.

A Digital Transaction Processing Unit (DTPU) operable to host one or more transaction applications, each transaction application for digitally transacting with a Digital Transaction Device (DTD), the DTPU further operable to be reversibly placed into a disabled state such that the DTPU is inoperable for a digital transaction with a DTD.

An apparatus for a Digital Payment Device (DPD) operable for a digital transaction with a Digital Transaction Device (DTD), the apparatus being operable to provide transaction application identifier information for communication from the DPD to the DTD in a digital transaction, the apparatus including: an application selection module; on the DPD, a Digital Transaction Processing Unit (DTPU) operable to host one or more Personalized Digital Transaction Packages (PDTPs), each PDTP associated with at least one transaction application having a transaction application identifier; the DPD being operable to select at least one hosted PDTP to be operable for a digital transaction with the DTD; wherein the apparatus is operable to receive one or more commands to cause the application selection module to be set with a transaction application identifier for each transaction application associated with the selected at least one PDTP, such that the application selection module is operable to include, in the transaction application identifier information, the transaction application identifier for each transaction application associated with the selected at least one PDTP.

A Digital Transaction Processing Unit (DTPU) including one or more transaction applications operable for a digital transaction with a Digital Transaction Device (DTD), each of the one or more transaction applications being associated with identifying information, the identifying information being capable of identifying a subset of at least one transaction application within the one or more transaction applications, wherein the DTPU is operable, when conducting a transaction with the DTD, to communicate to the DTD the identifying information associated with one of the one or more transaction applications involved in the transaction.

A provisioning agent for provisioning a Digital Payment Device (DPD) which includes a Digital Transaction Processing Unit (DTPU) operable to host one or more transaction applications, the DTPU being further operable to adopt at least one transaction application selected from the one or more transaction applications, the DPD operable for a digital transaction with a Digital Transaction Device (DTD) using the adopted at least one transaction application, the provisioning agent being operable to provide provisioning data to the DPD, the DPD further including apparatus operable to receive the provisioning data, the provisioning data being operable to provide one or more functions to the DPD, the provisioning agent being operable to: prepare one or more first digital objects, receive one or more second digital objects from a second provisioning agent, include at least one of the one or more first digital objects and at least one of the one or more second digital objects in the provisioning data.

A Digital Payment Device (DPD) including a Digital Transaction Processing Unit (DTPU), wherein the DPD includes a first cryptographic key stored in a secure storage area of the DPD, wherein the first cryptographic key matches a second cryptographic key stored on the DTPU, the second cryptographic key being associated with a security domain of the DTPU, wherein the first cryptographic key enables encryption for a digital object, such that the digital object is authenticatable against the second cryptographic key.

A Digital Transaction Processing Unit (DTPU) operable to host one or more transaction applications for digitally transacting with a Digital Transaction Device (DTD), the DTPU including a security hierarchy for hosting the one or more transaction applications, wherein the security hierarchy is configured to host at least one transaction application for transacting in contact digital transactions.

A Digital Transaction Processing Unit (DTPU) operable to host one or more containers, the DTPU further operable to host one or more transaction applications operable for digital transactions with a Digital Transaction Device (DTD), each transaction application derived from one of the one or more containers for installation on the DTPU, wherein the DTPU is operable to reversibly place at least one of the one or more containers into an inactive state such that the at least one container is inoperable to be used to install a transaction application on the DTPU.