A method for controlling access to a resource in an electronic device including a secure element with a permanent memory having an OTP area. The method includes the following steps performed first when the secure element or the electronic device boots: checking presence of at least one of a secret data and an initialization value in the permanent memory and, in a negative event, generating an initialization value and storing it into the OTP area, in a positive event, if the permanent memory includes secret data, decrypting, within the secure element, the secret data by using an algorithm using a cryptographic key and, if the permanent memory further includes an initialization value, the initialization value, and checking the integrity of the secret data by using a signature stored in the permanent memory and, on successful completion, providing access to the resource.

A method including receiving, by a second user device, an authentication message indicating that the second user device is to authenticate a first user device with a service provider that provides a service to the first user device; determining, by the second user device, one or more authentication factors associated with authenticating the first user device with the service provider; encrypting, by the second user device, the one or more authentication factors based at least in part on utilizing an encryption key associated with a trusted device included in the first user device; and transmitting, by the second user device, one or more encrypted authentication factors to enable authentication of the first user device with the service provider is disclosed. Various other aspects are contemplated.

This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

In one illustrative example, a network cybersecurity procedure may be employed with use of at least one unmanned aerial vehicle (UAV), where the UAV includes an intermediary pairing device for providing a temporary connection between a first network (e.g. a private LAN) and a second network (e.g. the Internet). The network cybersecurity procedure may involve deploying the UAV in proximity to the first network, such that the intermediary pairing device pairs with a first pairing device via a first transceiver and with a second pairing device via a second transceiver. A temporary connection is established between the first network connected via the first pairing device and the second network connected via the second pairing device. Data is communicated between a first device (e.g. IoT device) or server of the first network and a second device or server of the second network over the temporary connection. During this time, the intermediary pairing device executes a cybersecurity service function. Once completed, the UAV may be withdrawn out of proximity of the first network. One or more features of the cybersecurity service function may be updated and the UAV redeployed. Multimodal data fusion techniques with use of a plurality of network and device sensors may be employed for device verification and/or anomaly detection.

The present disclosure provides a verification method, a verification device, an electronic device and a computer readable storage medium. The verification method includes: determining whether the movable component is triggered; when the movable component is triggered, moving the infrared camera and the structured light projector toward the outside of the housing along with the bracket to extend from the housing, and initializing the infrared camera and the structured light projector; obtaining an infrared image by the infrared camera; determining whether a human face exists in the infrared image; if yes, determining whether the human face matches the face template of the authorized user, obtaining a laser pattern by the structured light projector and the infrared camera, obtaining a depth image according to the laser pattern, and determining whether the depth image matches the depth template of the authorized user; when both match, determining that the verification is passed.

A data processing method based on an integrated chip is provided. The method includes providing computing information of a trusted computing chip to a high-speed encryption chip, and invoking the high-speed encryption chip to perform data encryption or trusted computing based on the computing information. As such, after these two types of chips are integrated, these two types of secure computing (the trusted computing and the data encryption) can share common computing information. Compared with using individual sets of computing information before integration, corresponding hardware and management costs are reduced. Moreover, the trusted computing chip is superior to the high-speed encryption chip in terms of functional integrity and reliability for data encryption functions. Storing the computing information by the trusted computing chip can improve the security of the data encryption. For trusted computing functions, the utilization of the computing power of the high-speed encryption chip is increased, and the computational efficiency of the trusted computing is improved.

Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.

This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

A method comprises generating a first block of a block chain and generating a second block of the block chain. The first block is associated with a first component of a storage device. The first block is generated when the first component is manufactured. The second block is associated with a second component of the storage device. The second block is generated when the second component is manufactured.

Controlling execution of software is provided. In response to receiving an input to execute a software module on a data processing system, a set of measurements are performed on the software module performing a process to prepare the software module for execution on the data processing system. In response to determining that the set of measurements meets a predetermined criterion, an authorization to proceed with the process of preparing the software module for execution on the data processing system is requested from a trusted third party computer. In response to receiving the authorization to proceed with the process of preparing the software module for execution on the data processing system from the trusted third party computer, the software module is executed.