An in-vehicle computer generates a message authentication code about its own log using its own signature key and thereby transmits a log annotated with its message authentication code to a vehicle information collection device. The vehicle information collection device generates the signature key of the in-vehicle computer, verifies the message authentication code, which is included in the log annotated with its message authentication code received from the in-vehicle computer, using generated signature key, and thereby stores the log relating to the successfully verified message authentication code on storage media.

A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or core is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole. According to another feature, secure transaction processing is facilitated by storing cryptographic key materials in secure and trusted computing environments associated with the computing nodes to facilitate construction mining proofs during the validation of a block.

An Identity Based Behavior Measurement Architecture (such as the BMA) and related technologies are described herein. In an exemplary embodiment, the BMA can be derived from an IMA and use an identity model to express a deterministic measurement value for platform behavior.

A security system and method for the Internet of Things integrates a multitude of devices and protocols. The security system includes an OAS security gateway that protects the local IoT devices from external network-based attacks through remote attestation requests to a remote attestation server. The remote attestation message is used by the remote attestation server to analyze the software execution history of the local IoT device, so as to detect malware or insecure software. A cryptographic chip operatively integrates in the security gateway. The security system also performs data packet encryption and decryption of communications between the local IoT devices and remote user devices with an encryption engine. A service virtualization engine converts incompatible communication protocols between the IoT device and the remote user device. A network traffic sanitization engine filters data packet communications between the local IoT device and the remote attestation server.

Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network. The secure circuit is configured to store information that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the first key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.

Private delivery drones and methods are disclosed. An example drone includes a first communication interface to receive a first input from a sender representing a delivery area for a payload, a second communication interface to receive a second input from a recipient representing a visual marker of the recipient, the visual marker unknown to the sender, a drone controller to, when the drone reaches the delivery area, visually identify a location in the delivery area to deliver the payload based on the visual marker, and a carrier to deliver the payload to the location.

Methods, systems and devices for using charged particle beams (CPBs) to write different die-specific, non-volatile, electronically readable data to different dies on a substrate. CPBs can fully write die-specific data within the chip interconnect structure during the device fabrication process, at high resolution and within a small area, allowing one or multiple usefully-sized values to be securely written to service device functions. CPBs can write die-specific data in areas readable or unreadable through a (or any) communications bus. Die-specific data can be used for, e.g.: encryption keys; communications addresses; manufacturing information (including die identification numbers); random number generator improvements; or single, nested, or compartmentalized security codes. Die-specific data and locations for writing die-specific data can be kept in encrypted form when not being written to the substrate to conditionally or permanently prevent any knowledge of said data and locations.

Methods and systems for providing a user with re-registration for an event by presenting a previously used credential to a preceding occurrence of the event. The method includes: providing a registrant with a credential relating to an authorization for a first event from a microprocessor based computer system; and terminating the credential's ability to authorize the registrant for the first event. The microprocessor based computer system then receives a representation of the credential issues to the registrant and automatically registers the participant for a second event.

Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.

A encrypted verification system and method includes detecting an attempt to access a service requiring multi-factor authentication from a first user computing device, requesting a trusted platform module (TPM) public key of a second user computing device, the second user computing device being coupled to the first user computing device, generating a nonce in response to receiving the TPM public key of the second user computing device, sending the nonce for signature by a TPM private key of the second user computing device, receiving a signed nonce, wherein the signed nonce is signed by the TPM private key and decrypted using the TPM public key of the second user computing device, and determining that a value of the signed nonce matches a value of the nonce to authenticate the first user computing device and allowing access to the service.