The invention relates to a method for computer systems based on the ARM processor, for example mobile devices, wherein the ARM processor provides fully hardware isolated runtime environments for an operating system (OS) and Trusted Execution Environment (TEE) including an embedded trusted network security perimeter. The isolation is performed by hardware ARM Security Extensions added to ARMv6 processors and greater and controlled by TrustWall software. The invention therefore comprises an embedded network security perimeter running in TEE on one or more processor cores with dedicated memory and storage and used to secure all external network communications of the host device. The invention addresses network communications control and protection for Rich OS Execution Environments and describes minimal necessary and sufficient actions to prevent unauthorized access to or from external networks. The present invention uses hardware platform security capabilities which significantly increase protection of the embedded network security perimeter itself from targeted attacks, in contrast to existing, and representing an improvement of, end-point software firewalls. In addition, embodiments of the invention do not require any modification to the OS system code or network application software.

One aspect of the present invention discloses a device for content security. The device includes: an application execution unit configured to generate and control content in response to a content control command requested by a user; and a DRM agent configured to communicate with the application execution unit, to detect the content control command generated by the application execution unit, and to perform control on the content, and the DRM agent comprises a tracing module configured to insert security information into the content in order to prevent and trace content leakage.

Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with relying party circuitry, the first interface circuitry being configured to receive, from the relying party circuitry, an attestation request in respect of a processing operation requested by attester circuitry to be performed by the relying party circuitry; second interface circuitry to communicate with the attester circuitry, the second interface circuitry being configured to: transmit the attestation request to the attester circuitry; and receive, from the attester circuitry, evidence data associated with the processing operation, and third interface circuitry to communicate with verifier circuitry, the third interface circuitry being configured to: transmit the evidence data to the verifier circuitry; and receive, from the verifier circuitry, attestation result data indicative of a verification of the evidence data, wherein the first interface circuitry is configured to transmit the attestation result data to the relying party circuitry.

Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.

A first server exchanges with a second server a master (symmetric) key(s). The first server sends to the first application the master key(s). The second server generates dynamically a first derived key by using a generation parameter(s) and a first master key. The second server sends to the second application the first derived key and the generation parameter(s). The second application generates and sends to the first application a first (key possession) proof and the generation parameter(s). The first application verifies successfully by using the generation parameter(s), the first master key and the first proof, that the first proof has been generated by using the first derived key, generates and sends to the second application a second (key possession) proof. The second application verifies successfully that the second proof has been generated by using the first derived key, as a dynamically generated and proven shared key.

Systems and methods described herein relate to the execution of locking transactions in a blockchain system. In the context of smart contracts, it may be advantageous to have a public record (e.g., recorded on a blockchain) of a proof of correct execution of a circuit published by a worker and the verification key, thereby allowing anyone (e.g., nodes of the blockchain) to verify validity of the computation and proof. However, there are challenges to recording large blocks of data (e.g., large keys that may comprise multiple elliptic curve points) on the blockchain. For example, in a Bitcoin-based blockchain network, a protocol that utilizes standard transactions may be constrained to locking scripts and unlocking scripts that are collectively no t larger than a first predetermined size limit, and the size of a redeem script (if utilized) may be limited to being no more than a second predetermined size limit

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieving data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data that includes encrypted data, the encrypted data including access data that is encrypted using a service public key of a key management node; selecting a relay system node from a plurality of relay system nodes that share a service private key of the key management node; transmitting the request to the relay system node; receiving a response provided from the relay system node, the response including result data and a digital signature, wherein the digital signature is generated based on the result data and the service private key of the key management node; and transmitting the response to a client.

A private key management system (PKMS) that may include a first agent configured to receive a request from a client device; a distributed ledger shared between the first agent and multiple second agents such that the distributed ledger operates based on a consensus algorithm; a validation engine maintained by each of the first agent and the multiple second agents, the validation engine configured to query the distributed ledger to obtain data to verify the request; and a vault module maintained by each of the first agent and the multiple second agents, the vault module configured to perform a cryptography operation based on the request after the validation engine verifies the request.

Disclosed systems and methods implement a tracking system that tracks accesses to a TPM-secured key. In embodiments, the key may be encrypted using an encryption key, which is sealed using the TPM. A first value indicating an initial access state of the key is stored in a PCR of the TPM, and the encryption key is sealed against the PCR, so that it can be unsealed when contents of PCR match a next value derived from the first value. When the key is accessed, contents of the PCR is verified against an expected access state. If successfully verified, the PCR is extended hold the next value, the encryption key is unsealed, and the key decrypted. With each access, the encryption key is repeatedly resealed against the successive states stored in PCR. In this manner, the PCR may be used to track accesses and detect unauthorized accesses to the key.

As may be implemented in accordance with one or more aspects of the disclosure, an apparatus and/or method involves generating, using hash circuitry, successive hash values corresponding to operational states of an apparatus using, for respective ones of the hash values, a previous one of the hash values and a current operational sate of the apparatus. The hash values may be written into a register. In response to an attestation request, one of the hash values may be retrieved from the register and signed using cryptographic circuitry. The signed hash value may be communicated to a remote circuit, therein providing attestation of an operational state of the apparatus.