Systems, apparatuses, and methods for implementing trusted cluster attestation techniques are disclosed. A cluster includes multiple computing devices connected together and at least one cluster security module. The cluster security module collects measurement logs and attestations from N computing devices, with N being a positive integer greater than one. The cluster security module also maintains a log and calculates an attestation for its own hardware and/or software. The cluster security module combines the logs from the N computing device and the log of the cluster security module into an aggregate log, with N+1 logs combined into the aggregate log. Then, the cluster security module generates a single attestation for the cluster to represent the cluster as a whole. The cluster security module is configured to provide the single attestation and aggregate log to an external device responsive to receiving a challenge request from the external device.

An embodiment includes a processor coupled to memory to perform operations comprising: creating a first trusted execution environment (TXE), in protected non-privileged user address space of the memory, which makes a first measurement for at least one of first data and first executable code and which encrypts the first measurement with a persistent first hardware based encryption key while the first measurement is within the first TXE; creating a second TXE, in the non-privileged user address space, which makes a second measurement for at least one of second data and second executable code; creating a third TXE in the non-privileged user address space; creating a first secure communication channel between the first and third TXEs and a second secure communication channel between the second and third TXEs; and communicating the first measurement between the first and third TXEs via the first secure communication channel. Other embodiments are described herein.

An information handling system may include at least one processor and an information handling resource. The information handling system may be configured to enable memory-mapped input/output (MMIO) communication between a program executing on the at least one processor and the information handling resource via a sealed memory region based on a cryptographic trust relationship existing between the program and the information handling resource.

This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

Described are examples for authenticating a device including detecting an event related to communications with a trusted platform module (TPM) device, performing, in response to detecting the event, one or more security-related functions with the TPM device, such as generating and/or signing one or more digital certificates, which may be based on one or more keys on the TPM device.

The present disclosure relates to a method for resisting tampering in a HSM electronic device. The method comprises: receiving radio signals from a network element of at least one network. The received radio signals may be used for determining values of a set of network parameters that identify the electronic device in a predefined state within the at least one network. A tampering state of the electronic device may be detected using the parameter values. A tamper detection state signal may be generated responsive to the detected tampering state. And, operation of the electronic device may be inhibited responsive to the tamper detection state signal.

A subscriber identification system for identifying a subscriber in a communications network includes: a first circuit module in which at least a subscriber ID is stored, wherein the first circuit module comprises a first communications interface configured to receive a request signal for the subscriber ID and to transmit the subscriber ID in response to receiving the request signal; and a second circuit module in which at least a cryptographic key is stored, wherein the second circuit module comprises a second communications interface configured to receive an input parameter, wherein the second circuit module is configured to link the input parameter with the cryptographic key to obtain an output parameter, and wherein the second communications interface is configured to transmit the output parameter.

A small wearable recall device is provided to capture images triggered by a combination of a detection of a capture condition (e.g., changes in motion, temperature or light level) followed by a relatively stable period, as detected by an accelerometer. By triggering on the combination of a detected capture condition followed by a detected stability condition, a clearer image of the environment of an interesting event is expected to be captured. The small size of the recall device makes it possible to integrate it into common portable consumer products, such as MP3 players, purses, clothing, hats, backpacks, necklaces, collars, and other human-wearable products.

A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.

Exemplary features pertain to providing trusted platform module (TPM) support for ARM-based systems or other Reduced Instruction Set Computing (RISC) systems. In some examples, secure firmware (e.g., TrustZone firmware) operates as a shim between an unsecure high level operating system (HLOS) and a discrete TPM chip or other trusted execution environment component. The secure firmware reserves a portion of non-secure memory for use as a command response buffer (CRB) control block accessible by the HLOS. The secure firmware translates and relays TPM commands/responses between the HLOS and the TPM via the non-secure CRB memory. The system may also include various non-secure firmware components such as Advanced Configuration and Power Interface (ACPI) and Unified Extensible Firmware Interface (UEFI) components. Among other features, the exemplary system can expose the TPM to the HLOS via otherwise standard UEFI protocols and ACPI tables in a manner that is agnostic to the HLOS.