A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.

An electronic device and method of operating an electronic device are provided. The electronic device includes an integrated circuit including at least one key, at least one processor including the integrated circuit, and a memory operatively connected to the at least one processor. The memory stores instructions that, when executed, cause the at least one processor to obtain at least one piece of hardware information related to the electronic device, generate a signed certificate signing request including the at least one piece of hardware information, based on the at least one key, transmit the signed certificate signing request to an external electronic device, receive an attestation certificate generated based on the signed certificate signing request, from the external electronic device, and store the received attestation certificate in the memory.

In one embodiment, a computer-implemented method of a data processing (DP) accelerator obtaining a watermark of a watermark-enable artificial intelligence (AI) model includes receiving, by the DP accelerator, input data to the DP accelerator that causes the watermark-enabled AI model to extract the watermark from the watermark-enabled AI model; and providing the watermark of the watermark-enabled AI model to the host device. The DP accelerator can receive the model from the host device. The DP accelerator can further receive a command to digitally sign the watermark and call a security unit of the DP accelerator to digitally sign the watermark.

In a storage system that includes a plurality of storage devices configured into one or more write groups, quorum-aware secret sharing may include: encrypting a device key for each storage device using a master secret; generating a plurality of shares from the master secret such that a minimum number of storage devices required from each write group for a quorum to boot the storage system is not less than a minimum number of shares required to reconstruct the master secret; and storing the encrypted device key and a separate share of the plurality of shares in each storage device.

Methods and systems are provided for performing operations comprising: receiving, by a credential gateway from a client device, a request to obtain a digital credential for accessing a secure resource, the credential gateway being configured to coordinate an exchange of digital credentials associated with different secure resource types with a plurality of client devices; communicating the request to a server associated with the secure resource; receiving, by the credential gateway from the server associated with the secure resource, a data object that includes the digital credential; selecting, by the credential gateway, based on the data object, a security protocol from a plurality of security protocols; and providing, by the credential gateway, the digital credential to the client device in accordance with the selected security protocol.

Embodiments of systems and methods for managing control of a security processor in a supply chain are described. In some embodiments, a security processor may include: a core; and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: store a first public key usable to initiate a first secure boot process and unusable to initiate a second secure boot process; store a second public key usable to initiate the second secure boot process and unusable to initiate the first secure boot process; and in response to a first change of control or ownership of the security processor, render the first public key unusable to initiate the first secure boot process.

A hardware request of an application is detected. The Application executes on a virtualized computer system. It is determined that the hardware request includes a counter. The counter is to be performed by the virtualized computer system. The counter includes a counter value. The hardware request is intercepted before the it is processed by a hypervisor that hosts the virtualized computer system. The interception is based on the determining the hardware request includes the counter. The counter value is saved in a secure memory. The secure memory is obscured from the hypervisor. A scrambled counter value is generated. The hardware request is updated with the scrambled counter value. After the hardware request is updated it is provided to the hypervisor.

A system and a method for a supply-chain hardware integrity for electronics defense (SHIELD) dielet embedded over a component of a device, a radio frequency identification (RFID) probe system coupled to the SHIELD dielet, and a secure server system communicating with the RFID probe system that can enable security services is provided. Embodiments include a multi-function SHIELD software defined, hardware enabled security system that provides hardware identity, anti-tamper, encryption key generation and management, trusted platform module services, and cryptographic software security services for a device.

Methods, systems, and devices for public key protection techniques are described. An embedded multimedia card (eMMC) may be formatted to include a permanent write protect group that is configured to prevent disabling of write protection for data stored in the permanent write protect group. The eMMC may store a public key associated with a first host device in the permanent write protect group of the eMMC. A data package may be received from the host device and authenticated by using the public key stored in the permanent write protect group. The embedded memory controller may be configured to prevent modifying or writing data to a permanent write protect group.

This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.