Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, a global state of a blockchain stored in the TEE to locate the data; and executing, by the virtual machine, the one or more software instructions based on the data.

Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

A method for controlling the functioning of a complex electronic component transferring data frames to physical ports, the method inserts, in each data frame to be transferred by the complex electronic component, a first signature determined at least from the source address included in the data frame and from an identifier of the physical port by means of which the data frame is transferred, and transfers the data frame in which the signature has been inserted, and a routing protection device associated with the physical port receives the data frame in which the signature was inserted, determines, from the identifier of the physical port and the source address, a second signature, compares the signatures, and performs a first operation if the first and second signatures are different and a second operation if the first and second signatures are identical.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, an internal cache hash table stored in the TEE to determine whether the data are included in the internal cache hash table; and in response to determining that the data is included in the internal cache hash table, executing, by the virtual machine, the one or more software instructions by retrieving the data from the internal cache hash table.

Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

Various systems and methods for testing devices, issuing certificates, and managing certified devices, are discussed herein. A system is configured for using platform certificates to verify compliance and compatibility of a device when onboarding the device into an internet of things (IoT) network. The system may use an approved product list to verify compliance and compatibility for the device. When the device is certified, the system may use an onboarding tool to onboard the device into the IoT network.

An example non-transitory computer-readable medium includes instructions that, when executed by a processor, cause the processor to receive a request for data. The instructions also cause the processor to determine a region containing the data based on the metadata. The instructions cause the processor to traverse a tree in the metadata to determine key generation information relating a decryption key for the region to a root key.

A controller includes a host interface and a processor. The host interface is configured for communicating with a host. The processor is configured to receive from the host, via the host interface, instructions for execution in a Non-Volatile Memory (NVM), to identify among the instructions an instruction, which pertains to a secure monotonic counter and is intended for execution in an NVM having a secure monotonic counter embedded therein, and to execute the identified instruction, and respond to the host responsively to the instruction, instead of the NVM.

The invention relates to distributed ledger technologies such as consensus-based blockchains. Computer-implemented N methods for reducing arithmetic circuits derived from smart contracts are described. The invention is implemented using a blockchain network, which may be, for example, a Bitcoin blockchain. A set of conditions encoded in a first programming language is obtained. The set of conditions is converted into a programmatic set of conditions encoded in a second programming language. The programmatic set of conditions is precompiled into precompiled program code. The precompiled program code is transformed into an arithmetic circuit. The arithmetic circuit is reduced to form a reduced arithmetic circuit, and the reduced arithmetic circuit is stored.

A secure cellular communication system comprises a modified smartphone mated with a security pack. A Cryptographic module within the security pack encrypts all cellular outgoing data and decrypts cellular incoming data. The modified smartphone is modified to rout all cellular outgoing data and incoming data via the Cryptographic module within the security pack. The cellular MODEM may reside within the security pack while the phone's cellular MODEM is disabled, or the phone's cellular MODEM may be used.