The present invention relates to a system for protecting sensitive data including at least one enclosing layer, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.

Techniques for establishing mutual authentication of software layers of an application are described. During initialization of the application, the software layers execute a binding algorithm to exchange secrets to bind the software layers to one another. During subsequent runtime of the software application, the software layers execute a runtime key derivation algorithm to combine the secrets shared during initialization with dynamic time information to generate a data encryption key. The software layers can then securely transfer data with each other by encrypting and decrypting data exchanged between the software layers using the dynamically generated data encryption key.

A device is configured with a trusted platform module (TPM) executing in a trusted execution environment (TEE). Software/firmware updates, user data, applications, etc. are pushed to the device as a payload. The payloads contain a sealed container (e.g., the software/firmware update, user data, applications, etc.), one or more policies, and one or more provisioning code segments corresponding to the one or more policies. The policies are checked by the TPM of the device. If the measurement of the one or more provisioning code segments satisfy the one or more policies, then the sealed container is unsealed by the TPM and released to the device.

A method including a security chip receiving a cryptographic operation request; the security chip acquiring a measurement result, wherein the measurement result is a result of measuring a dynamic measurement module in a cryptographic operation module by using a platform measurement root; and the security chip starting a cryptographic operation when determining that the measurement result is identical to a pre-stored standard value. The present disclosure solves a technical problem of failure to guarantee a dynamic trust for measurement code when starting dynamic measurement of a cryptographic operation.

A virtual cryptographic module is used to perform cryptographic operations. The virtual cryptographic module may include a fleet of cryptographic modules and a load balancer that determines when a cryptographic module should be added to or removed from the fleet. The fleet size may be adjusted based on detecting a set of conditions that includes the utilization level of the fleet. One or more cryptographic modules of the fleet may be used to fulfill requests to perform cryptographic operations. A cryptographic module may be a hardware security module (HSM).

A hub device of a network receives a data model that includes a secure portion that is encrypted and one or more unsecure portions. The hub device deploys the one or more unsecure portions of the data model to respective edge devices of the network. The hub device decrypts the secure portion of the data model. The edge devices collect data (e.g., from sensors) and process the data using the unsecure portions of the data model. The edge devices send the processed data to the hub device. The hub device performs operations on the received processed data using the decrypted secure portion of the data model in a secure execution environment (e.g., a TPM or other secure module). The secure portion of the data model generates a result, which is then transmitted to an endpoint.

An access control system includes a processor configured to provide a trusted execution environment isolated from a rich execution environment. A rich OS operates in the rich execution environment while a trusted OS operates in the trusted execution environment. An access monitoring module operates within the kernel of the rich OS and a trusted application operates in the trusted OS. The access monitoring module intercepts file requests directed at the file systems of the rich OS, and forwards the file requests to the trusted application. The trusted application then evaluates whether the file request is permitted and provides the access monitoring module with a response. The access monitoring module forwards the request to the file system only if the trusted application approves the request.

Various systems and methods for configuring a pluggable computing device are described herein. A pluggable computing device may be configured to be compatible with a pluggable host system using a default communication channel to obtain configuration settings and configure a programmable logic device on the pluggable computing device. The pluggable computing device may perform chain of trust processing on the pluggable host system. The pluggable computing device may be disposed on a compute card, which may include a heat sink in a particular configuration.

An example method of authenticating software executing in a computer system includes: receiving, from the computer system over a network at a server computer, a trusted platform module (TPM) quote, an event log, and a metadata database, the TPM quote provided by a TPM in the computer system, the event log including first checksums for the software executing in the computer system, and the metadata database including second checksums of binary files stored in packages from which the software is installed; establishing a root of trust in the computer system at the server computer based on the TPM quote and the event log; and determining, at the server computer in response to establishing the root of trust, integrity of the software executing in the computer system by comparing the first checksums with the second checksums.

Controlling execution of software is provided. In response to receiving an input to execute a software module on a data processing system, a set of measurements are performed on the software module performing a process to prepare the software module for execution on the data processing system. In response to determining that the set of measurements meets a predetermined criterion, an authorization to proceed with the process of preparing the software module for execution on the data processing system is requested from a trusted third party computer. In response to receiving the authorization to proceed with the process of preparing the software module for execution on the data processing system from the trusted third party computer, the software module is executed.