A method of checking the authenticity of the content of a non-volatile memory of an electronic device including a microcontroller and an embedded secure element includes starting the microcontroller with instructions stored in a first non-reprogrammable memory area associated with the microcontroller, starting the secure element, executing, with the secure element, a signature verification on the content of a second reprogrammable non-volatile memory area associated with the microcontroller, and if the signature is verified, using the secure element to send the first key to the microcontroller.

Controlling execution of software is provided. In response to receiving an input to execute a software module on a data processing system, a set of measurements are performed on the software module performing a process to prepare the software module for execution on the data processing system. In response to determining that the set of measurements meets a predetermined criterion, an authorization to proceed with the process of preparing the software module for execution on the data processing system is requested from a trusted third party computer. In response to receiving the authorization to proceed with the process of preparing the software module for execution on the data processing system from the trusted third party computer, the software module is executed.

This invention is directed to an encryption communication system for preventing leakage of a common key and improving the confidentiality of communication information. The encryption communication system uses a pair of a first private portion and a first public portion and a pair of a second private portion and a second public portion in a key predistribution system (KPS) The encryption communication system comprises a ciphertext generator that generates a ciphertext by generating, in a first security chip (TPM) of a first communication apparatus, a first common key by the first private portion held in the first security chip using the second public portion transmitted from a second communication apparatus as a communication partner, and encrypting a plaintext using the first common key in the first security chip, and a decryptor that generates a plaintext by generating, in a second security chip of the second communication apparatus, a second common key by the second private portion held in the second security chip using the first public portion transmitted from the first communication apparatus as a communication partner, and decrypting the ciphertext received from the first communication apparatus using the second common key in the second security chip.

Trusted client security factor-based authorizations at a server. The techniques allow the server to authorize client requested operations to access a protected resource or service based on trusted client security factors that are obtained at client machines and provided to the server.

A system and method enabling an entity to prove its identity and provide authentic documents/data/information therein at any time required based upon data retrieved from an independent cryptographically verifiable source (ICVS) through a secured channel is disclosed. The system enables a virtual and secure browser on a user computing device allowing a user to login and retrieve authentic information pertaining to the user from the ICVS in a verifiable and untamperable manner. The retrieved information is bounded with origination information of the ICVS and the bounded information is provided to relying entities as authentic information for verification. Also, cryptographic value of the authentic information can be stored in an immutable storage such as blockchain, so that the cryptographic value is used by the relying-party to validate integrity of the authentic information.

A hub device of a network receives a data model that includes a secure portion that is encrypted and one or more unsecure portions. The hub device deploys the one or more unsecure portions of the data model to respective edge devices of the network. The hub device decrypts the secure portion of the data model. The edge devices collect data (e.g., from sensors) and process the data using the unsecure portions of the data model. The edge devices send the processed data to the hub device. The hub device performs operations on the received processed data using the decrypted secure portion of the data model in a secure execution environment (e.g., a TPM or other secure module). The secure portion of the data model generates a result, which is then transmitted to an endpoint.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieving data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data that includes encrypted data, the encrypted data including access data that is encrypted using a service public key of a key management node; selecting a relay system node from a plurality of relay system nodes that share a service private key of the key management node; transmitting the request to the relay system node; receiving a response provided from the relay system node, the response including result data and a digital signature, wherein the digital signature is generated based on the result data and the service private key of the key management node; and transmitting the response to a client.

The present invention relates a method, the method comprising: based on a data element (50), generating M data element shares (52), wherein M is an integer greater than 1; providing each of M encryption keys (42) to a first data processing unit (10); the first data processing unit (10) encrypting each of the M data element shares (52) with an encryption key (42), respectively, and thus generating M encrypted data element shares (55), wherein each of the encryption keys (42) corresponds to a decryption key (45), respectively. The present invention also relates to a determining method to determine the data element. The present invention also relates to corresponding computer programs, data processing units and systems.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.