A computer implemented method to execute a software application in a network attached computing environment, the application being defined by a set of required software services to constitute the application, the required services being selected from services indicated in a component registry, the method including recording a block to a blockchain data structure, the new block identifying at least a subset of the set of required services; receiving one or more further blocks from the blockchain data structure, each of the further blocks referencing a service provider for providing one or more of the required services; and selecting one or more service providers identified in the blockchain and defining a specification for an application assembler component to assemble the software application, the specification identifying selected service providers.

A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

A method for controlling the functioning of a complex electronic component transferring data frames to physical ports, the method inserts, in each data frame to be transferred by the complex electronic component, a first signature determined at least from the source address included in the data frame and from an identifier of the physical port by means of which the data frame is transferred, and transfers the data frame in which the signature has been inserted, and a routing protection device associated with the physical port receives the data frame in which the signature was inserted, determines, from the identifier of the physical port and the source address, a second signature, compares the signatures, and performs a first operation if the first and second signatures are different and a second operation if the first and second signatures are identical.

A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Provisioning a requesting device is provided using extended identity attestation for the requesting device. A provisioning request is received at a device provisioning system. The provisioning request includes a registration identifier provided by the requesting device. A plurality of extended attestation components is accessed in an enrollment datastore of the device provisioning system. Each extended attestation component identifies an external computing system. One of the extended attestation components in the enrollment datastore is selected based on the received registration identifier. Execution of the device attestation is initiated at the external computing system identified by the selected extended attestation component to yield an attestation result. Satisfaction of a validity condition by the attestation result is detected. The requesting device is provisioned from the device provisioning system, responsive to detection that the attestation result satisfies the validity condition.

According to certain general aspects, the present embodiments relate generally to securing communication between ECUs. In some embodiments, this can be done by utilizing the excess space in the CAN protocols. According to certain other aspects, security features such as sender authentication and message originality can be implemented at the protocol level, reducing the delays associated with implementing security features at higher levels in the communication stack. Additionally, the complexity of the security configuration is minimized by implementing the security features in hardware.

There is provided a secured computer system, comprising a processing and memory unit (PMU) operatively connected to an input peripheral and an output peripheral. The PMU comprises a system memory comprising a protected memory and a shared memory, and a processor operatively coupled to the system memory, the processor including a set of instructions for enabling secure data storage and execution via the protected memory. The PMU further comprises an operating system and a group of modules executable by the operating system, each module in the group of modules having a designated secure region to be executed within the protected memory, the group of modules is configured to create authentication and share the input data securely via the shared memory accessible thereto using a composite key, the composite key generated within the group using data sharing mechanism between the designated secure regions enabled by the set of instructions.

Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.