Abstract: Aspects of the present disclosure relate to an apparatus comprising TEE circuitry configured to maintain a list of trusted devices, and interface circuitry to provide communication between the TEE of the apparatus and TEE circuitry of a device communicatively coupled to the apparatus. The TEE circuitry of the apparatus is configured to perform, with the TEE circuitry of the device, a remote attestation in respect of the TEE circuitry of the device. Responsive to a positive outcome of the remote attestation, the device is added to the list of trusted devices. The TEE of the apparatus receives, from the TEE circuitry of the device, an indication of one or more further devices which are trusted by the device, and adds said one or more further devices to the list of trusted devices.

Abstract: A data processing system is provided, which comprises receiving circuitry for receiving, from a requester, a request to use decrypted data obtained by decrypting encrypted data. Trusted execution circuitry provides a trusted execution environment. The trusted execution circuitry is configured to: securely store a policy, acquire a key within the trusted execution environment, where the key is associated with the decrypted or encrypted data, and respond to the request based on the policy and one or more characteristics of the requester.

Abstract: Examples of the present disclosure relate to an apparatus comprising interface circuitry to interface with one or more peripheral devices, processing circuitry to execute software to communicate with a given peripheral device of the one or more peripheral devices, trusted execution environment circuitry communicatively coupled to the interface circuitry and the processing circuitry. The trusted execution circuitry is configured to: receive a transmission from one of the processing circuitry and the given peripheral device to the other one of the processing circuitry and the given peripheral device; and apply a control policy in respect of the received transmission and, based on the control policy, determine whether to forward the received transmission to said other one of the processing circuitry and the given peripheral device.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more processing devices to facilitate and/or support participation in computing activities by multiple parties having limited mutual trust. In one embodiment, computation may occur in a secure processing environment (SPE) while one or more untrusted parties reside outside of the SPE.

Abstract: Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with a first computing device and second interface circuitry to communicate with a second computing device. The first interface circuitry is configured to receive a handshake message from the first computing device. The second interface circuitry is configured to transmit the handshake message to the second computing device and to receive a handshake response message from the second computing device. The first interface circuitry is configured to transmit the handshake response message to the first computing device, whereby to establish a communication session between the first computing device and the second computing device.

Abstract: A data processing system is provided, which comprises receiving circuitry for receiving, from a requester, a request to use decrypted data obtained by decrypting encrypted data. Trusted execution circuitry provides a trusted execution environment. The trusted execution circuitry is configured to: securely store a policy, acquire a key within the trusted execution environment, where the key is associated with the decrypted or encrypted data, and respond to the request based on the policy and one or more characteristics of the requester.

Abstract: Aspects of the present disclosure relate to an apparatus comprising secure enclave circuitry and document owner circuitry. The document owner circuitry is configured to determine a document to be shared, generate a plurality of share data units, transmit each share data unit of the plurality of share data units to a corresponding shareholder device, and provision the secure enclave circuitry with data indicative of the document to be shared. The secure enclave circuitry is configured to receive putative share data units from at least one of the corresponding shareholder devices, determine whether the received putative share data units satisfy a sharing policy, and responsive to the received putative share data units satisfying the sharing policy and based on the data indicative of the document to be shared, provide the document to be shared to said at least one of the corresponding shareholder devices.

Abstract: There is provided a data processing system and method. The system includes challenge circuitry for issuing a challenge to a service device and for receiving a response to the challenge. Forwarding circuitry forwards at least part of the response to a selected one of a plurality of attestation systems and receives a success indication from the selected one of the plurality of attestation systems regarding whether the service device has been attested by the selected one of the plurality of attestation systems. Request circuitry receives a request to provide an attestation of the service device, and to provide the attestation in dependence on the success indication.

Abstract: A data processing apparatus comprises branch prediction circuitry adapted to store at least one branch prediction state entry in relation to a stream of instructions, input circuitry to receive at least one input to generate a new branch prediction state entry, wherein the at least one input comprises a plurality of bits; and coding circuitry adapted to perform an encoding operation to encode at least some of the plurality of bits based on a value associated with a current execution environment in which the stream of instructions is being executed. This guards against potential attacks which exploit the ability for branch prediction entries trained by one execution environment to be used by another execution environment as a basis for branch predictions.

Abstract: Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with a first computing device and second interface circuitry to communicate with a second computing device. The first interface circuitry is configured to receive a handshake message from the first computing device. The second interface circuitry is configured to transmit the handshake message to the second computing device and to receive a handshake response message from the second computing device. The first interface circuitry is configured to transmit the handshake response message to the first computing device, whereby to establish a communication session between the first computing device and the second computing device.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more processing devices to facilitate and/or support participation in computing activities by multiple parties having limited mutual trust. In one embodiment, computation may occur in a secure processing environment (SPE) while one or more untrusted parties reside outside of the SPE.

Abstract: A data processing apparatus comprises branch prediction circuitry adapted to store at least one branch prediction state entry in relation to a stream of instructions, input circuitry to receive at least one input to generate a new branch prediction state entry, wherein the at least one input comprises a plurality of bits; and coding circuitry adapted to perform an encoding operation to encode at least some of the plurality of bits based on a value associated with a current execution environment in which the stream of instructions is being executed. This guards against potential attacks which exploit the ability for branch prediction entries trained by one execution environment to be used by another execution environment as a basis for branch predictions.