An electronic device and method are disclosed for managing a non-fungible token (NFT). The electronic device includes: a memory configured to store computer-executable instructions, and a processor. The processor implements the method, including: generating, a NFT for target content in response to receiving a request to register the target content from a first external electronic device, generating, for the NFT, a certification authority (CA) signature indicating that the NFT is generated by the server, and transmitting, via a communication circuitry, the NFT to the first external electronic device, wherein an ownership signature is added to the NFT, together with the CA signature, the ownership signature based on a private key of a user to which ownership of the NFT is assigned.

The disclosed technology teaches confirming delegation of authorization from an authorization server (AS) by a client to a service, including an AS issuing an OAuth2 access token in the form of a Macaroon (MAT), optionally with caveats, including a root signature, and providing the MAT to a client. Included is the client modifying the OA2 access token by appending caveats that narrow authorization, and by applying a message authentication code (MAC) chaining algorithm to generate an updated signature to include in the resulting MAT with caveats (MATwC), the client delegating authorization to a service by forwarding the MATwC to the service and the service using the MATwC to access a resource server (RS), the RS passing the MATwC to the AS, and the AS determining authenticity of the MATwC as a bearer token and evaluating scope of authorization from the MAT as narrowed by the caveats, and reporting results.

Apparatuses, systems, methods, and software are disclosed for authorization delegation. In a participant device a derivative key is generated in dependence on a received key. An authenticity check value for a delegation information block is generated in dependence on the delegation information block and the received key. The derivative key is derived in dependence on the delegation information block and the received key. An extended certificate chain is created comprising a received certificate chain appended with a local certificate, which comprises the delegation information block and the authenticity check value.

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.

A network node may include one or more processors. The one or more processors may receive a message that is associated with one or more signatures and one or more second signatures. The one or more signatures may have been validated by a particular node. The one or more processors may determine that the particular node is a trusted node. The network node may be configured not to validate signatures that have been validated by a trusted node. The one or more processors may determine that the one or more signatures have been validated by the particular node. The one or more processors may sign or provide the message, without validating the one or more signatures, based on determining that the one or more signatures have been validated by the particular node.

A modified measured boot approach is utilized for establishing a secure communication link between two devices. Each device may execute a respective boot process until the device reaches the stage responsible for establishing the communication link with the other device. Each device may exchange its respective self-signed certificate and extend its certificate chain with the self-signed certificate received from the other device. Each device can then generate a new pair of keys based on its extended certificate chain that includes the identity of the other device, and exchange the public key of the new key pair with the other device. A secure link can be established using the public key of the other device as a based key for a key exchange protocol. A central management entity can attest the measurements of the boot stages for each device using the corresponding public key.

A method for verification of a data value via a Merkle root includes: storing, in a memory of a processing server, a Merkle root; receiving at least a data value, a nonce, and a plurality of hash path values; generating a combined value by combining the data value and the nonce; generating a first hash value via application of a hashing algorithm to the combined value; generating a subsequent hash value via application of the hashing algorithm to a combination of the first hash value and a first of the plurality of hash path values; repeating generation of the subsequent hash value using a combination of the next hash path value of the plurality of hash path values and the most recent subsequent hash value; and verifying the data value based on a comparison of the Merkle root and the last generated subsequent hash value.

A blockchain-based data processing method and apparatus, a computer device, and a computer-readable storage medium. The method includes: obtaining a data authorization request transmitted by an authorization terminal, the data authorization request including a data authorization certificate associated with an authorizer; performing authorization verification on the authorizer according to the data authorization request to obtain a first verification result; signing the data authorization certificate according to a private key of a first blockchain in a case that the first verification result is a valid result to obtain a first certificate signature, determining the first certificate signature as a to-be-uploaded signature, and performing uploading on the data authorization certificate carrying the to-be-uploaded signature; and transmitting the data authorization certificate to a second blockchain, and providing a query permission to a query terminal in a case that signature verification on the to-be-uploaded signature by the second blockchain succeeds.

A system for making digital signatures includes plural signers determining cleartext bits to sign in response to a hash of a pre-image known to the respective signer and message. Another system uses one-way functions and a plurality of authentication paths per signature. A key information distribution system uses physical media, physical media revealing means, and changing the configuration of the physical media revealing means to reveal secret indicia to observers.

Various systems and methods for configuring a pluggable computing device are described herein. A pluggable computing device may be configured to be compatible with a pluggable host system using a default communication channel to obtain configuration settings and configure a programmable logic device on the pluggable computing device. The pluggable computing device may perform chain of trust processing on the pluggable host system. The pluggable computing device may be disposed on a compute card, which may include a heat sink in a particular configuration.