A packet forwarding method is disclosed. The method includes: After an edge node in a trusted domain receives an SRv6 packet whose destination address is a BSID, the edge node may verify the packet based on a BSID in the packet and a destination field in an SRH of the packet. If the packet passes the verification, the edge node forwards the packet. If the packet fails the verification, the edge node discards the packet. Not only a node outside the trusted domain is required to access the trusted domain by using the BSID, but also the packet entering the trusted domain needs to be verified with reference to the target field in the segment routing header.

A trusted execution environment obtains a secure guest image and metadata to be used to start a secure guest. The metadata includes multiple parts and a plurality of integrity measures. A first part of the metadata includes one or more integrity measures of the plurality of integrity measures, and a second part of the metadata includes customized confidential data of the secure guest and one or more other integrity measures of the plurality of integrity measures. The trusted execution environment is used to verify at least one select part of the metadata using at least one integrity measure of the plurality of integrity measures of the metadata. Based on successful verification of the at least one select part of the metadata, the trusted execution environment starts the secure guest using the secure guest image and at least a portion of the metadata.

An example operation may include one or more of receiving a request associated with a key-value pair stored in a database, determining whether a state of the key-value pair has changed since a most recently received request, and in response to a determination that the state of the key-value pair has changed, generating a data block that includes a changed state of the key-value pair and adding the generated data block to a hash-linked chain of data blocks.

Secure analytics using homomorphic and injective format-preserving encryption are disclosed herein. An example method includes encoding an analytic parameter set using a homomorphic encryption scheme as a set of homomorphic analytic vectors; transmitting the set of homomorphic analytic vectors to a server system; and receiving a homomorphic encrypted result from the server system, the server system having utilized the homomorphic encryption scheme and a first injective, format-preserving encryption scheme to evaluate the set of homomorphic analytic vectors over a datasource.

A security system that provides for secure communication from a remote system operating on an unsecure network without the need for encrypting the packets related to the communication. The packets for the communications are sent over the network in clear text, which are readable by any systems on the network, however, only the systems that are authorized are able to determine what packets are the correct packets and what packets are the imitation packets. Moreover, a remote secure network may be utilized such that any system operating on an unsecure network may send packets through the remote secure network in a randomized routing in order to aid in hiding the systems sending and receiving the packets and the relays through which the packets are being sent.

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable devices are provisioned with a job package created by a user on a host system and deployed on a device programmer. The secure programming system supports a hardware security module on the host system that can be accessed remotely from the device programmer using coordinated sets of template and mechanism dictionaries linked to a security API coupled to the hardware security module.

A system and method for efficiently managing an executable environment involving multiple code-sign certificate chains. The system and method include receiving, by one or more processors and from a client device, a request for information to verify an authorization of a code bundle, the code bundle associated with a first signed code segment and a second signed code segment. The system and method include generating, by one or more processors, a list of certificates associated with the code bundle. The system and method include transmitting, by the one or more processors and to the client device, a message comprising the list of certificates, the message causing the client device to verify the code bundle based on the list of certificates.

Disclosed herein is a method of managing tachograph data based on a blockchain network. The method of managing tachograph data based on a blockchain network includes: allocating, by a tachograph, the block number of a block to be generated for tachograph data collected while a vehicle is driving; generating a block by using a server seed allocated by a server and a seed count value, which is a variable whose value changes each time the tachograph generates a block in an offline state; and transmitting the block hash value and block data of the generated block to the server.

A firmware update shared key management method using a flash memory includes: a firmware data registration step of receiving, from a manufacturer server, at least one of information of a user device that is a firmware update target, and firmware information and registering the received information as firmware data; a firmware data management step of receiving a request from a firmware update server in which the registered firmware data is stored, and storing and managing the registered firmware data in a specific area of a flash memory included in the user device via a network; a shared key verification execution step of using a shared key to execute verification on a command communicating between the user device including the flash memory and the firmware update server that performs firmware update; and a firmware update execution step of performing firmware update of the user device through the firmware update server only when the encrypted command and the shared key pass the verification.

A device configured to identify a first digital document in a digital document repository, to identify a first graphical code that represents the first digital document, and to send the first graphical code to an approved user device. The device is further configured to obtain a second graphical code that represents a public encryption key for the organization and to extract the public encryption key for an organization from the second graphical code. The device is further configured to obtain a third graphical code from the approved user device. The third graphical code represents a second digital document comprising data and a digital signature that was signed using a private encryption key for the organization. The device is further configured to determine the third graphical code passes validation using the public encryption key for the organization and to store the second digital document in a digital document repository.