An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.

Methods and systems for performing a computational operation on a server host are provided. Exemplary methods include: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the computational operation; decrypting, in a secure enclave, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in a memory space; performing the computational operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result.

The invention relates to a method for managing exchanges of data between: —a probe (1) comprising a memory containing a probe digital certificate including a probe public key, —a terminal (2) comprising a memory containing a terminal digital certificate including a terminal public key, —a remote platform (3) configured to: .sup.∘deliver the probe digital certificate to the probe and .sup.∘deliver the terminal digital certificate to the terminal, characterised in that the method comprises the implementation of an authentication procedure consisting of the following steps:—a first step in which the probe verifies the identity of the terminal from the terminal digital certificate; —a second step in which the terminal verifies the identity of the probe from the probe digital certificate, and—a third step in which the probe, the terminal and the platform each generate an identical session key from the probe and terminal public keys.

A method for remote attestation includes establishing, using a cryptographic protocol, a communication session between a first computing device and a second computing device. The communication session includes communications encrypted by an ephemeral session key. The method includes receiving, at the first communication device via the communication session, from the second computing device, an attestation request requesting the first computing device to provide an attestation report. The method includes generating, by the first computing device, the attestation report based on the ephemeral session key and sending, using the communication session, the attestation report to the second computing device.

A system and a method for a supply-chain hardware integrity for electronics defense (SHIELD) dielet embedded over a component of a device, a radio frequency identification (RFID) probe system coupled to the SHIELD dielet, and a secure server system communicating with the RFID probe system that can enable security services is provided. Embodiments include a multi-function SHIELD software defined, hardware enabled security system that provides hardware identity, anti-tamper, encryption key generation and management, trusted platform module services, and cryptographic software security services for a device.

A computer processing device for determining whether to allow or deny access to a database associated with the device is provided. The device is configured to determine the origin of data signed with a first key by comparing the key to one or more keys stored in a further database to identify the source of the data; search the database to determine one or more access rules associated with the source of the data, wherein the access rules define whether write access to the database is allowed or denied for the data; and allow or deny write access to the database based on the determined rule or rules.

Generating a private key recovery seed based on random words extracted from an input memory of a user and using the recovery seed to recover the private key. An input that is related to a specific memory of a user is received. The specific memory was previously entered and used to generate random words that are related to each other by being included in the specific memory. The random words are extracted from the received input. The random words are associated with a first private key recovery mechanism for recovering a private key. The random words are input into the first private key recovery mechanism to generate a recovery seed. The recovery seed is input into a second private key recovery mechanism. The second private key recovery mechanism generates a recovered private key upon performing a recovery operation on the private key recovery seed.

Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command.

A method (400) for accessing one or more service processes (222) of service (250) includes executing at least one service enclave (220) and executing an enclave sandbox (200) that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel (210) to the at least one service enclave interfacing with the one or more service processes, and communicate program calls (302) to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.