A hardware secure element is described. The hardware secure element includes a microprocessor and a memory, such as a non-volatile memory. The memory stores a plurality of software routines executable by the microprocessor. Each software routine starts at a respective memory start address. The hardware secure element also includes a receiver circuit and a hardware message handler module. The receiver circuit is configured to receive command data that includes a command. The hardware message handler module is configured to determine a software routine to be executed by the microprocessor as a function of the command, and also configured to provide address data to the microprocessor that indicates the software routine to be executed.

A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.

The invention relates to a method for tightly coupling context to a secure pin and securely storing an asset in hardware. The method comprises a step of sending the context to a secure element, a step of ensuring that the context is shown to a user, and a step of acquiring user consent by performing an authentication check. Further, the method comprises a step of combining an authentication result with the secured context, and a step of performing an operation on the context with the asset if the authentication was successful.

A method includes generating a behavioral state for an endpoint device based on actor identities and corresponding subject identities for a plurality of operations wherein for each operation, a respective actor represented by a respective actor identity performs the operation upon a respective subject represented by a respective subject identity. Performance of a later operation by an actor with an actor identity upon a subject with a subject identity is recorded and the actor identity and the subject identity are used to determine that the performance of the later operation does not match the behavioral state and indicates a security risk.

A method and system for performing computational jobs securely on a shared computing resource. Data files for the computational job are encrypted on a secure system and the encrypted data files are stored in a data store on the shared computing resource. A key distribution server is established using a secure enclave on a front end of the shared computing resource. Cryptographic keys and application binaries are transferred to the enclave of the shared computing resource using a session key. The computational job is run using an application launcher on compute nodes of an untrusted execution environment of the shared computing resource, the application launcher obtaining the application binaries and the cryptographic keys from the key distribution server.

An apparatus includes an authentication arrangement for a communication connection, using a communication protocol, between two data processing devices of the apparatus. The data processing devices each have an interface unit for the communication connection and a computation unit. The interface units each have an encryption/decryption device, where the encryption/decryption device is at least partially produced by hardware for encrypting at least some of the user data to be transmitted via the communication connection as part of the authentication arrangement. The encryption/decryption device can be applied in a communication layer of the communication protocol to the user data prepared for the physical user data transmission or to the physically received user data. Each data processing device has a security unit, implemented as dedicated hardware that the computation unit cannot access and/or in a manner logically isolated from the computation unit. The security unit produces a trusted execution environment, of the authentication arrangement with a hardware-encoded key information, on the basis of which the user data are encrypted by the encryption/decryption device.

The present disclosure provides a verification method, a verification device, an electronic device and a computer readable storage medium. The verification method includes: determining whether the movable component is triggered; when the movable component is triggered, moving the infrared camera and the structured light projector toward the outside of the housing along with the bracket to extend from the housing, and initializing the infrared camera and the structured light projector; obtaining an infrared image by the infrared camera; determining whether a human face exists in the infrared image; if yes, determining whether the human face matches the face template of the authorized user, obtaining a laser pattern by the structured light projector and the infrared camera, obtaining a depth image according to the laser pattern, and determining whether the depth image matches the depth template of the authorized user; when both match, determining that the verification is passed.

A blockchain-based trusted platform enhances trustworthiness of data generated by application programs that provide services, such as legal services. Included is an application layer having at least one blockchain-based application program configured to perform steps to provide a service, and a trusted service layer having a trusted timing module, a trusted identity module, and a trusted computing module. For each step of at least some of a plurality of steps, the application program is configured to obtain a verified time stamp from the trusted timing module and a verified identity from the trusted identity module, and/or obtain a computation result based on a processing of blockchain data using the trusted computing module. The trusted computing module records information about a corresponding step that is performed by the application program and the verified time stamp, the verified identity, and/or the computation result in a blockchain.

A method for initializing a computer system, which includes a Central Processing Unit (CPU), a Trusted Root Device and a Trusted Platform Module (TPM), includes authenticating a boot code of the CPU using the Trusted Root Device, and booting the CPU using the authenticated boot code. A challenge-response transaction, in which the TPM authenticates the Trusted Root Device, is initiated by the CPU following booting of the CPU. Only in response to successful authentication of the Trusted Root Device using the challenge-response transaction, a resource used in operating the computer system is released from the TPM.

Embodiments of the present invention are directed to an improved system and method of producing, recording and reporting boot integrity measurements of an Internet of Things (IoT) computing device to resource (such as an on-chip software module, an external software module, a printer, a network router, or a server), so the resource can confirm that the IoT computing device can be trusted before access to the resource is granted. Embodiments provide a new and less expensive architecture for reliably collecting and relaying device state information to support trust-sensitive applications. Embodiments leverage crypto-acceleration modules found on many existing microprocessors and microcontroller-based IoT devices, while introducing little additional overhead or additional circuitry. Embodiments provide a Root of Trust module comprising integrated internal control logic that functions as a secure on-chip wrapper for cryptographic primitive modules, which provide secure storage and reporting of the host's platform integrity measurements.