Obtaining a sealed secret. The method includes decrypting one or more BLOBs at a computing system from among a plurality of different BLOBs. Each of the BLOBs in the plurality of BLOBs contains the secret. Each of the BLOBs in the plurality of BLOBs is sealed to a different condition from among a plurality of conditions. A given condition is a reflection of a system state where the system state is indicative of whether or not the system can be trusted to receive the secret. The method further includes evaluating one or more of the conditions to determine if at least one of the one or more conditions is met. The method further includes, if at least one of the one or more conditions is met, then providing the secret to an external entity.

Approaches, techniques, and mechanisms are disclosed for provisioning programmable devices in a secure manner. The secure programming system can individually encrypt a target payload of data and code and then program the information into each individual one of the programmable devices targeted for a specific job. The secure programming system can create a customized payload package that can only be decrypted by a particular system or device having the correct security keys.

In an information processing apparatus having a hardware security module (HSM), an HSM function that makes it possible to encrypt and decrypt data using the encryption key of the HSM is able to be set to be enabled under the condition that the encryption key of the HSM is able to be backed up.

Architecture for embedding a cryptographic engine in a processor is disclosed. An ASIC processor is embedded with a programmable processing core, such as an FPGA, with the key register and I/O registers remaining in fixed logic.

A mechanism for performing a network boot sequence and provisioning a device may generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The device may be provisioned with software applications.

A Digital Transaction Processing Unit (DTPU) including one or more transaction applications operable for a digital transaction with a Digital Transaction Device (DTD), each of the one or more transaction applications being associated with identifying information, the identifying information being capable of identifying a subset of at least one transaction application within the one or more transaction applications, wherein the DTPU is operable, when conducting a transaction with the DTD, to communicate to the DTD the identifying information associated with one of the one or more transaction applications involved in the transaction.

The invention relates to distributed ledger technologies such as consensus-based blockchains. Computer-implemented methods for reducing arithmetic circuits derived from smart contracts are described. The invention is implemented using a blockchain network, which may be, for example, a Bitcoin blockchain. A set of conditions encoded in a first programming language is obtained. The set of conditions is converted into a programmatic set of conditions encoded in a second programming language. The programmatic set of conditions is precompiled into precompiled program code. The precompiled program code is transformed into an arithmetic circuit. The arithmetic circuit is reduced to form a reduced arithmetic circuit, and the reduced arithmetic circuit is stored.

Techniques are presented for using a processing resource to control access to a resource. Steps comprise generating an elliptic curve digital signature algorithm signature comprising a first signature component, r, and a second signature component, w, the generation step comprising: forming, by a node, a signing group with other nodes; obtaining, by the node, based on a secure random number: a) a multiplicative inverse of the secure random number; and b) the first signature component, r, wherein the first signature component is determined based on the secure random number and an elliptic curve generator point; determining, by the node, a partial signature; receiving partial signatures from other nodes of the signing group; generating the second component; and using the signature to control access to the and/or transfer of a resource over a computer-implemented network.

A method including determining, by a first user device, unavailability of a first biometric unit for verification of first biometric information; transmitting, by the first user device to an infrastructure device based on determining unavailability of the first biometric unit, a request for information regarding one or more second user devices available to assist with authenticating the first user device; receiving, by the first user device from the infrastructure device, the information regarding the one or more second user devices based on a determination that the one or more second user devices has a second biometric unit available for verification of second biometric information; and transmitting, by the first user device to the infrastructure device, a selection message for selecting a second user device from among the one or more second user devices to assist with authenticating the first user device is disclosed. Various other aspects are contemplated.

A Digital Transaction Processing Unit (DTPU) operable to host one or more transaction applications for digitally transacting with a Digital Transaction Device (DTD), the DTPU including a security hierarchy for hosting the one or more transaction applications, wherein the security hierarchy is configured to host at least one transaction application for transacting in contact digital transactions.