A security code module is provided that a developer may include in an application. The application, when downloaded onto a mobile communications device, includes the security code module. The security code module then initiates a request to a server to determine the status of the mobile communications device. When the status indicates that the mobile communications device is not in the possession of the registered owner, a security component on the server performs an action in response.

Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.

The embodiments herein are directed to a technique for providing secure communication between nodes of a network environment or within a node of the network using a verified virtual trusted platform module (TPM) of each node. The verified virtual TPM illustratively emulates a hardware TPM device to provide software key management of cryptographic keys used to provide the secure communication over a computer network of the network environment. Illustratively, the verified virtual TPM is configured to enforce a security policy of a trusted code base (TCB) that includes the virtual TPM. Trustedness denotes a predetermined level of confidence that the security property is demonstrated by the verified virtual TPM. The predetermined level of confidence is based on an assurance (i.e., grounds) that the verified virtual TPM demonstrates the security property. Trustedness of the virtual TPM may be verified by subjecting the virtual TPM to enhanced verification analysis configured to ensure conformance to an operational model with an appropriate level of confidence over an appropriate range of activity. The operational model may then be configured to analyze conformance to the security property. A combination of conformance by the virtual TPM to the operational model and to the security property provides assurance (i.e., grounds) for the level of confidence and, thus, verifies trustedness.

The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a first node is endorsed. During endorsement of a first node, a pre-determined type of blockchain or other security protocol code to be authorized and a pre-determined membership list are stored in a trusted execution environment (TEE) of the first node. A determination is made as to whether the membership lists and pre-determined blockchain or other security protocol code to be authorized from the proposed members match. If so, TEE attestation is used to verify that nodes associated with prospective members of the consortium store the pre-determined type of blockchain or other security protocol code to be authorized. Upon TEE attestation being successful, a consortium network is bootstrapped such that the prospective members become members of the consortium network.

A method for executing a cryptographic operation is provided comprising acts comprising: (i) sampling a first polynomial, wherein one or more (e.g., one, some and/or all) coefficients of the first polynomial are determined; (ii) sampling a second polynomial, wherein a selection of k coefficients of the second polynomial is determined; (iii) multiplying the first polynomial with the second polynomial to determine a result; and (iv) using the result of the multiplication in the cryptographic operation. A security device arranged to perform one, some and/or all of the acts is provided.

A trusted deployment and communications gateway for deployment, trusted execution, and secure communications system includes a trusted platform for deployment of trusted applications. The trusted platform may include a secure user profile comprising user data specifications that is stored in a secure storage location of the trusted platform, a kernel development engine configured to receive various application program instructions within a trusted environment, a testing and signing module configured to generate signed application program instructions in response to determining that the application program instructions do not violate one or more of the data specifications, a compiler configured to compile the signed application program instructions to generate a signed application kernel, and a kernel store configured to store the signed application kernels that are executable in the trusted platform.

A secure communications system that includes a trusted platform for securing user data and managing manifestation of user data to third parties in response to requests. The trusted platform may include a platform execution environment that coordinates with a trusted execution environment (TEE) for individual secure user profiles to manage requests for access. In some examples, partners may deploy partner programs to the TEE of a secure user profile for execution against secured user data in the secure user profile. All transactions in the trusted platform may be recorded in a ledger to provide an auditable history for all platform activity. All communication within the trusted platform may be by a secure communications protocol with a security gateway.

Radio-assisted tamper protection in a HSM electronic device. Radio signals received from one or more network elements on a network are used for determining values of a set of network parameters that identify the electronic device in a predefined state. A tamper detection state signal may be generated responsive to the detected tampering state. The electronic device may be inhibited from operation in response to the tamper detection state signal.

A system which provides remote attestation of a cloud infrastructure comprises a plurality of attestation servers, a virtual machine (VM), and a VM scheduler arranged to register the VM for attestation and deploy the VM to a VM host within the cloud. More than one of the plurality of attestation servers are selected and mapped to the deployed VM, and each of the more than one mapped attestation servers is arranged to collect perform remote attestations of the deployed VM and its VM host. Performing remote attestations comprises transmitting a request for trust evidence to the VM and VM host, receiving, storing trust evidence transmitted by the VM and VM host and transmitting VM and VM host trust evidence to a cloud user.

A device includes a root of trust and a controller to perform a device function of the device using the root of trust. The root of trust is designed to control and/or observe the controller at least partially for the performance of the device function.