A method for wrapped keys with access control predicates includes obtaining a cryptographic key for content. The method also includes encrypting the content using the cryptographic key and generating an encryption request. The encryption request requests that a third party cryptography service encrypts an encapsulation of the cryptographic key and an access control condition governing access to the content. The method also includes communicating the encryption request to the third party cryptography service. The encryption request includes the cryptographic key.

The present disclosure provides various embodiments of information handling systems and related methods to generate a cryptographic key, which may be used to cryptographically verify information handling system (IHS) platform components and track events associated with the platform components. In the embodiments disclosed herein, a wide variety of platform-related information may be collected from a plurality of system platform components and embedded into a single cryptographic key. Once a cryptographic key is generated, it may be decoded and/or compared with cryptographic key(s) subsequently generated by the IHS to securely verify the system platform components, determine if changes have been made to the system platform components, facilitate system diagnostics and/or perform additional functions.

The present disclosure relates to a cryptographic method comprising: multiplying a point belonging to a mathematical set with a group structure by a scalar by performing: the division of a scalar into a plurality of groups formed of a same number w of digits, w being greater than or equal to 2; and the execution, by a cryptographic circuit and for each group of digits, of a sequence of operations on point, the sequence of operations being identical for each group of digits, at least one of the operations executed for each of the groups of digits being a dummy operation.

Techniques for exporting remote cryptographic keys are provided. In one technique, a proxy server receives, from a secure enclave of a client device, a request for a cryptographic key. The request includes a key name for the cryptographic key. In response to receiving the request, the proxy server sends the request to a cryptographic device that stores the cryptographic key. The cryptographic device encrypts the cryptographic key based on an encryption key to generate a wrapped key. The proxy server receives the wrapped key from the cryptographic device and sends the wrapped key to the secure enclave of the client device.

A blockchain-based supervision system of hazardous chemical production includes: a collection layer, for collecting production data information, wherein a collection device in the collection layer sets a TEE to encrypt or hash the collected production data information; a data layer, for uplinking a hash certificate of the production data information through an alliance chain, wherein the collection layer communicates with the data layer; a blockchain, for deploying a file uplink contract and encrypting and storing a file on a privacy computing server after the file is connected to the trusted environment; and a privacy computing system, for forming a metadata market of the data from file description information, recording the metadata information of the collected data. A data user applies for the right of use to a production enterprise that produces the data, and after obtaining authorization, the data user performs various applications on the privacy computing system.

A communication apparatus includes a generation unit configured to generate a new pair of a public key and a secret key paired with the public key in a case where a predetermined condition is satisfied, a provision unit configured to externally provide information including at least the public key generated by the generation unit, a first reception unit configured to receive, from an external apparatus after the information is provided by the provision unit, an authentication request including information generated using at least the public key, a transmission unit configured to transmit, to the external apparatus, an authentication response as a response to the authentication request in a case where the authentication request is received, and a second reception unit configured to receive, from the external apparatus after the authentication response is transmitted to the external apparatus, configuration information including a communication parameter.

Systems and methods for managing cryptographic tokens within a hardware security module are disclosed. A parent cryptographic token contains a plurality of parent cryptographic objects, and a child cryptographic token contains a plurality of child cryptographic objects. The child cryptographic token is associated with the parent cryptographic token. A session established with the child token provides access to at least some of the plurality of child cryptographic objects and at least some the plurality of parent cryptographic objects.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based decentralized-identifier creation, are provided. One of the methods includes: obtaining a request for creating a decentralized identifier (DID), wherein the request comprises a public key of a cryptographic key pair; creating, based on the public key, a blockchain account associated with a blockchain; creating the DID based on information associated with the blockchain account; and returning a confirmation message comprising the created DID.

A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a remote server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the remote server, the electronic device credentials. The method further includes a step of registering, by the remote server, the electronic device. The method further includes a step of transmitting, from the remote server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Various embodiments provide a method and an apparatus for determining a trust status of a TPM, and a storage medium, and pertains to the field of data security technologies. In those embodiments, a verifier send an unsealing request to a host, so that the host unseals current PCR values in the TPM based on a seal key handle carried in the unsealing request, and sends verification information to the verifier based on the unseal verification key obtained after the unsealing. Therefore, any verifier that establishes an encrypted channel with the host can determine the trust status of the TPM in the host based on a second verification key transmitted on the encrypted channel, and there is no need to pre-deploy a remote attestation server to determine the trust status of the TPM.