Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

The disclosure relates to systems, methods and devices for secure routing and recording of network data streams passing through a network switch. Specifically, the disclosure relates to systems, methods and devices for reversibly deconstructing networks' OSI L1-L7 in time and space, in the process of selectively recording network data streams for secure access, as well as providing external rule-based security auditing and functioning as a black-box in industry-specific applications.

Disclosed herein are methods, systems, and apparatus, for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes establishing, by a key management (KM) TEE of a KM node, a trust relationship with a plurality of KM TEEs in a plurality of KM nodes based on performing mutual attestations with the plurality of KM TEEs; initiating a consensus process with the plurality of KM TEEs for reaching consensus on providing one or more encryption keys to a service TEE of the KM node; in response to reaching the consensus with the plurality of KM TEEs, initiating a local attestation process with a service TEE in the KM node; determining that the local attestation process is successful; and in response to determining that the local attestation process is successful, providing one or more encryption keys to the TEE executing on the computing device.

A method of using an interexchange to process states of subsystems tracked by disparate block chains. The method comprises locating a first block comprising current state information associated with a first process stored in a first block chain by an interexchange application executing on a computer system, wherein the first process is performed by a first subsystem, reading the current state information of the first process by the interexchange application from the located first block, transcoding a representation of the current state information by the interexchange application to a representation associated with a second block chain, creating a block by the interexchange application, wherein the created block stores the transcoded representation of the current state information in a data field of the created block that the predefined block structure associates to the transcoded current state information, and attaching the created block to the second block chain.

The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a pre-determined type of blockchain or other security protocol code is stored in a trusted execution environment (TEE) of the processor. TEE attestation is used to verify that the blockchain or other security protocol code stored in the TEE is the pre-determined type of blockchain or other security protocol code. A blockchain or other transaction is received and processed. Based on the processing of the transaction, an official state of the transaction on a consortium network is directly updated for the network. The updated official state of the processed transaction is broadcasted to the consortium network.

A device and a method for authenticating an application in an execution environment in a trust zone are provided. The method includes executing a client application (CA) in a normal world, receiving, in the normal world, a request for receiving a service of a trusted application (TA) of a secure world from the CA, acquiring, when the request is received in the normal world, source information of the CA loaded in a memory of the device, acquiring, in the normal world, first hash information from the source information, providing, to the secure world, the first hash information together with signature information and a sub certificate included in the CA, and authenticating the CA based on the sub certificate and a root certificate of the TA in the secure world.

An example method of authenticating software executing in a computer system includes: receiving, from the computer system over a network at a server computer, a trusted platform module (TPM) quote, an event log, and a metadata database, the TPM quote provided by a TPM in the computer system, the event log including first checksums for the software executing in the computer system, and the metadata database including second checksums of binary files stored in packages from which the software is installed; establishing a root of trust in the computer system at the server computer based on the TPM quote and the event log; and determining, at the server computer in response to establishing the root of trust, integrity of the software executing in the computer system by comparing the first checksums with the second checksums.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieving data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data that includes encrypted data, the encrypted data including access data that is encrypted using a service public key of a key management node; selecting a relay system node from a plurality of relay system nodes that share a service private key of the key management node; transmitting the request to the relay system node; receiving a response provided from the relay system node, the response including result data and a digital signature, wherein the digital signature is generated based on the result data and the service private key of the key management node; and transmitting the response to a client.

The invention relates to distributed ledger technologies such as consensus-based blockchains. A blockchain transaction may include digital resources that are encumbered by a locking script that encodes a set of conditions that must be fulfilled before the encumbered resources may be used (e.g., transferring ownership/control of encumbered resources). A worker (e.g., a computer system) performs one or more computations to generate a proof, which is encoded as part of an unlocking script. A verification algorithm may utilize the proof, a verification key, and additional data such as a cryptographic material associated with the worker (e.g., a digital signature) to verify that digital assets of the transaction should be transferred. As a result of the validation of this transaction, any third party is able to check the contract was executed corrected rather than re-executing the contract, thus saving computational power.

One embodiment provides a system for establishing a secure network. During operation, a server can distribute at least one symmetric encryption key among a plurality of hosts to enable the hosts to communicate securely with each other. Each host comprises at least a smart network interface card and a central processing unit (CPU) of each host computer supports remote attestation. Distributing the symmetric encryption key among the hosts can include performing a remote attestation operation to establish a trusted channel between the server and a protected region within the CPU of a respective host; and transmitting, over the trusted channel, the symmetric encryption key to the CPU of the respective host, which in turn forwards the symmetric encryption key to the smart network interface card of the respective host over a secure channel established between the protected region within the CPU and the smart network interface card.