Techniques are described for securely managing computing resources in a computing environment comprising a computing service provider and a remote computing network. The remote computing network includes computing and network devices configured to extend computing resources of the computing service provider to remote users of the computing service provider. The network devices include a trusted network device that includes a root of trust. The trusted network device detects that a new device is communicatively coupled to a port on the trusted network device. The trusted network device determines that the new device is not authorized to access computing resources at the remote computing network. The port is isolated at the trusted network device.

A chipset for an end device comprises at least a Secure Processor into which a one-time programmable memory storage is integrated, wherein in the chipset at least an end-device serial number of the end device is stored, wherein in the one-time programmable memory information is stored for securing the end-device serial number against tampering.

A method of using an interexchange to process states of subsystems tracked by disparate block chains. The method comprises locating a first block comprising current state information associated with a first process stored in a first block chain by an interexchange application executing on a computer system, wherein the first process is performed by a first subsystem, reading the current state information of the first process by the interexchange application from the located first block, transcoding a representation of the current state information by the interexchange application to a representation associated with a second block chain, creating a block by the interexchange application, wherein the created block stores the transcoded representation of the current state information in a data field of the created block that the predefined block structure associates to the transcoded current state information, and attaching the created block to the second block chain.

Embodiments of the present specification disclose trusted data transmission methods, apparatuses, and devices. One method comprising: identifying a data use request of a data requestor; identifying authorization information of a data owner; generating a data use authorization claim based on the authorization information, wherein the data use authorization claim indicates that the data owner authorizes the data requestor to use data; obtaining initial data based on the data use authorization claim; verifying the initial data to obtain target data that is successfully verified, wherein the target data comprises a data validity claim indicating a validity of the target data; and sending the target data to the data requestor.

A secure cellular communication system comprises a modified smartphone mated with a security pack. A Cryptographic module within the security pack encrypts all cellular outgoing data and decrypts cellular incoming data. The modified smartphone is modified to rout all cellular outgoing data and incoming data via the Cryptographic module within the security pack. The cellular MODEM may reside within the security pack while the phone's cellular MODEM is disabled, or the phone's cellular MODEM may be used.

Disclosed herein are methods, systems, and apparatus, for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes establishing, by a key management (KM) TEE of a KM node, a trust relationship with a plurality of KM TEEs in a plurality of KM nodes based on performing mutual attestations with the plurality of KM TEEs; initiating a consensus process with the plurality of KM TEEs for reaching consensus on providing one or more encryption keys to a service TEE of the KM node; in response to reaching the consensus with the plurality of KM TEEs, initiating a local attestation process with a service TEE in the KM node; determining that the local attestation process is successful; and in response to determining that the local attestation process is successful, providing one or more encryption keys to the TEE executing on the computing device.

Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

A method including a security chip receiving a cryptographic operation request; the security chip acquiring a measurement result, wherein the measurement result is a result of measuring a dynamic measurement module in a cryptographic operation module by using a platform measurement root; and the security chip starting a cryptographic operation when determining that the measurement result is identical to a pre-stored standard value. The present disclosure solves a technical problem of failure to guarantee a dynamic trust for measurement code when starting dynamic measurement of a cryptographic operation.

Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network The secure circuit is configured to store infomation that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the fast key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.

An HSM cluster includes a set of hardware security modules that maintain a set of cryptographic keys that are synchronized across the HSM cluster. Individual applications running on client computer systems access the HSM cluster using HSM cluster clients running on the client computer systems. The HSMs are accessed via a set of HSM cluster servers that monitor the synchronization of the cryptographic keys. Synchronization of the HSMs is maintained by the HSM cluster clients. The HSM cluster clients replicate key-addition and key-deletion operations across the HSM cluster. When a new key is created by a particular HSM, a prefix associated with the particular HSM is added to the identifier associated with the new key to avoid key-namespace collisions. If the set of cryptographic keys becomes unsynchronized across the HSM cluster, applications may continue read-only cryptographic operations while the HSM cluster is resynchronized by the HSM cluster clients.