A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a storage device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the storage device; using the symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; precluding the computer from running any part of the application program that has not been first encrypted with the symmetric private key; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.

Example of secure monitoring of modular applications and associated edge devices are described herein. In an example, an accreditation request is initiated to accredit at least one of a modular application and an edge device hosting the modular application. The edge device may a device coupling an IoT device to a cloud server. Based on initiating, accreditation information corresponding to at least one of the modular application and the edge device may be received. The accreditation information are generated by a hardware encryption device associated with the edge device. Further, an accreditation status of the modular application may be monitored during execution of the modular application to ascertain whether the modular application and the edge device have been tampered. In case tampering is detected, a remedial action to address the tampering may be performed.

A trusted deployment and communications gateway for deployment, trusted execution, and secure communications system includes a trusted platform for deployment of trusted applications. The trusted platform may include a secure user profile comprising user data specifications that is stored in a secure storage location of the trusted platform, a kernel development engine configured to receive various application program instructions within a trusted environment, a testing and signing module configured to generate signed application program instructions in response to determining that the application program instructions do not violate one or more of the data specifications, a compiler configured to compile the signed application program instructions to generate a signed application kernel, and a kernel store configured to store the signed application kernels that are executable in the trusted platform.

Disclosed herein are methods, systems, and apparatus, for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes establishing, by a key management (KM) TEE of a KM node, a trust relationship with a plurality of KM TEEs in a plurality of KM nodes based on performing mutual attestations with the plurality of KM TEEs; initiating a consensus process with the plurality of KM TEEs for reaching consensus on providing one or more encryption keys to a service TEE of the KM node; in response to reaching the consensus with the plurality of KM TEEs, initiating a local attestation process with a service TEE in the KM node; determining that the local attestation process is successful; and in response to determining that the local attestation process is successful, providing one or more encryption keys to the TEE executing on the computing device.

A system and method enabling an entity to prove its identity and provide authentic documents/data/information therein at any time required based upon data retrieved from an independent cryptographically verifiable source (ICVS) through a secured channel is disclosed. The system enables a virtual and secure browser on a user computing device allowing a user to login and retrieve authentic information pertaining to the user from the ICVS in a verifiable and untamperable manner. The retrieved information is bounded with origination information of the ICVS and the bounded information is provided to relying entities as authentic information for verification. Also, cryptographic value of the authentic information can be stored in an immutable storage such as blockchain, so that the cryptographic value is used by the relying-party to validate integrity of the authentic information.

According to one embodiment, a system receives, at a host system a public attestation key (PK_ATT) or a signed PK_ATT from a data processing (DP) accelerator over a bus. The system verifies the PK_ATT using a public root key (PK_RK) associated with the DP accelerator. In response to successfully verifying the PK_ATT, the system transmits a kernel identifier (ID) to the DP accelerator to request attesting a kernel object stored in the DP accelerator. In response to the system receives a kernel digest or a signed kernel digest corresponding to the kernel object form the DP accelerator, verifying the kernel digest using the PK_ATT. The system sends the verification results to the DP accelerator for the DP accelerator to access the kernel object based on the verification results.

A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The provider can provide the customer with expected information that the customer can verify through a request to an application programming interface (API) of the card, and after the customer verifies the information the customer can take logical ownership of the card and lock out the provider. The card can then function as a trusted but limited environment that is programmable by the customer. The customer can subsequently submit verification requests to the API to ensure that the host has not been unexpectedly modified or is otherwise operating as expected.

According to certain general aspects, the present embodiments relate generally to securing communication between ECUs. Example implementations can include a method of securely transmitting Controller Area Network (CAN) protocol frames via a CAN controller.

One embodiment provides a system for establishing a secure network. During operation, a server can distribute at least one symmetric encryption key among a plurality of hosts to enable the hosts to communicate securely with each other. Each host comprises at least a smart network interface card and a central processing unit (CPU) of each host computer supports remote attestation. Distributing the symmetric encryption key among the hosts can include performing a remote attestation operation to establish a trusted channel between the server and a protected region within the CPU of a respective host; and transmitting, over the trusted channel, the symmetric encryption key to the CPU of the respective host, which in turn forwards the symmetric encryption key to the smart network interface card of the respective host over a secure channel established between the protected region within the CPU and the smart network interface card.

Today an individual attending an event must undertake a second registration and purchasing sequence in order to attend a subsequent occurrence of the event. However, by the time they remember to re-register their interest may have waned or the event is sold out. In other instances, they forget even though the event does not sell out. Accordingly, it would be beneficial to provide registrants of an event with a means to re-register for the next occurrence of the event in a manner that was quick, simple, independent of execution of the registration/purchase steps with a service provider, and independent of completion of service provider support for the next event. Further, it would be beneficial to leverage the credential provided to the registrant for the current event in progress or just completed in the re-registration of the registrant for the next event. It would be further beneficial for said method to leverage the technology and devices of portable electronic devices associated with the registrant.