Disclosed herein are methods, systems, and apparatus for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node participating in a blockchain network, a request to execute one or more software instructions in a service TEE hosted by the blockchain node, wherein the request is encrypted by a public key associated with the service TEE; decrypting the request with a first private key associated with the service TEE, wherein the first private key is paired with the public key; in response to decrypting the request, executing the one or more software instructions to produce an execution result; encrypting the execution result with a client encryption key associated with the service TEE to produce an encrypted result; and signing the encrypted result using a second private key associated with the TEE to produce a signed encrypted result.

A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a storage device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the storage device; using the symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; precluding the computer from running any part of the application program that has not been first encrypted with the symmetric private key; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.

A device boots in a secure manner that allows measurements reflecting which components are loaded during booting to be generated. Measurements of such components, as well as of a device management agent and the security state of the device, are also obtained. The device management agent accesses an attestation service for an enterprise, which is a collection of resources managed by a management service. The device management agent provides the obtained measurements to the attestation service, which evaluates the measurements and based on the evaluation determines whether the device is verified for use in the enterprise. The management service uses this verification to ensure that the device management agent is running in a secure manner, is accurately providing indications of the state of the device to the management service, and is implementing policy received from the management service.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

A device includes a processor having a trusted security zone and trusted memory communicatively coupled to the trusted security zone to form a trusted execution environment (TEE) in which trusted applications operate. The trusted memory has a common repository. The device includes memory storing instructions that cause the processor to effectuate operations. The operations include receiving, from a first trusted application of the trusted applications, a first application data and storing the first application data in the common repository. The operations include determining that a second trusted application of the trusted applications has permission to access the first application data based on a policy module of the TEE and allowing the second trusted application to access the first application data.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, a global state of a blockchain stored in the TEE to locate the data; and executing, by the virtual machine, the one or more software instructions based on the data.

This application discloses a method and an apparatus for determining a trust status of a TPM, and a storage medium, and pertains to the field of data security technologies. The method includes: sending, by a verifier (102), an unsealing request to a host (101), so that the host (101) unseals current PCR values in the TPM based on a seal key handle carried in the unsealing request, and sends verification information to the verifier (102) based on the unseal verification key obtained after the unsealing. Therefore, any verifier (102) that establishes an encrypted channel with the host (101) can determine the trust status of the TPM in the host (101) based on a second verification key transmitted on the encrypted channel, and there is no need to pre-deploy a remote attestation server to determine the trust status of the TPM.

A sequence mining platform (SMP) comprises a processor, at least one machine-accessible storage medium responsive to the processor, and a sequence manager in the machine-accessible storage medium. The sequence manager is configured to use processing resources to determine a sequence of nucleobases in a nucleic acid. The storage medium also comprises a blockchain manager to (a) collect transaction data for one or more transactions for a blockchain which requires a proof of work (POW) for each new block; and (b) include at least some of the transaction data in a new block for the blockchain. The storage medium also comprises a sequence mining module (SMM) to use the determined sequence of nucleobases from the sequence manager to create a POW for the new block. In one embodiment, the SMM enables an entity which controls the SMP to receive transaction rewards and sequencing rewards. Other embodiments are described and claimed.

A method of outsourcing an operation with encryption is provided. A method may include encrypting data at trusted execution environment (TEE) to generate a first ciphertext. The method may also include conveying the first ciphertext to a graphics processing unit (GPU). Further, the method may include performing, at the GPU, at least one somewhat homomorphic encryption (SHE) evaluation operation on the first ciphertext to generate a second ciphertext. Moreover, the method may include conveying the second ciphertext to the TEE. In addition, the method may include decrypting, at the TEE, the second ciphertext to generate a function.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, an internal cache hash table stored in the TEE to determine whether the data are included in the internal cache hash table; and in response to determining that the data is included in the internal cache hash table, executing, by the virtual machine, the one or more software instructions by retrieving the data from the internal cache hash table.