Abstract: The present invention discloses a method, a system and a computer-readable medium so that a user, by using a mobile device containing an interface, can perform the signature of documents by a digital handwritten signature, this signature states that full legal value and documentation can be signed from Fin Tech companies, banks, insurers, customs and foreign trade agencies, marketers, lessors, and companies with legal certainty needs in mobile and virtual environments, where the mobile device through the interface notifies at least one user that they have a document to sign, document signature processing is performed by verifying the identity of the user by an identification document, and finally processes the signature and verifies the user's identity to the check, by facial biometry, a photo obtained by the mobile device with the photograph of the user identification document.

Abstract: Systems and methods are provided for validating components of an Information Handling System (IHS). During factory provisioning of the IHS, an owner certificate is stored that specifies an identity of a motherboard installed during manufacture of the IHS. The owner certificate is signed by a certificate authority of an owner of the IHS that retains capabilities for specifying the use of boot code provided by successive renters of the IHS. A renter certificate is also stored that specifies an identity of a chassis to which the motherboard is installed during manufacture of the IHS. Upon a transfer of control or ownership of the IHS, boot code operations by the security processor identify a motherboard and chassis in use by the IHS and utilize the motherboard and chassis certificates to validate that the identified motherboard and chassis are the same motherboard and chassis installed during manufacture of the IHS.

Abstract: An example method for execution on a system on a chip (SoC) having a plurality of subsystems includes receiving, by a storage controller from a subsystem of the plurality of subsystems, a command to fetch, from a local memory, task descriptor data comprising access parameters for accessing a storage device, the access parameters including a storage device address; obtaining, by an encryption engine of the SoC, the command to fetch the task descriptor data; determining, by the encryption engine based on an access rule, whether the subsystem has sufficient privilege to access the storage device address; in response to determining that the subsystem has sufficient privilege to access the storage device, encrypting, source data in the local memory according to an encryption key associated with the subsystem; and providing the encrypted source data to the storage controller for writing to the storage device at the storage device address.

Abstract: An encryption key management method includes: receiving a data registration request from a supplier terminal, determining a data identifier associated with the content data, encrypting a master key with a public key of the supplier terminal, and providing the supplier terminal with the master key encrypted with the public key of the supplier terminal, the data identifier, and a key update count value; receiving a subscription application related to the data identifier from a first subscriber terminal, encrypting the master key with a public key of the first subscriber terminal, and providing the first subscriber terminal with the master key encrypted with the public key of the first subscriber terminal and the key update count value; receiving encrypted content data encrypted with the symmetric key and a hash for the content data from the supplier terminal; and transmitting the encrypted content data and the hash to the first subscriber terminal.

Abstract: Methods, systems, devices and apparatuses for preventing use of fraudulent and/or counterfeit embedded devices. The anti-cloning system includes a first device configured to be coupled to or receive a first embedded device. The first embedded device has a first unique identity value. The anti-cloning system includes a controller. The controller is coupled to the first device. The controller has a controller memory. The controller memory is configured to store a public verification key. The controller has a controller processor. The controller processor is coupled to the controller memory and configured to verify the first unique identity value using the public verification key. The controller processor is configured to allow or permit the first device to operate and use the first embedded device when the first unique identity value is verified.

Abstract: One embodiment provides a method, including: receiving, from a user at a collaboration platform, a request to perform a computation; generating a workflow comprising a sequence of steps for performing the computation; identifying potential data sources comprising the type of data and able to assist in performing at least one of the sequence of steps of the workflow; selecting computation data sources that collaborate to perform the computation, wherein the selecting is performed dynamically and based upon characteristics of a network created by the collaboration platform and between the computation data sources; and facilitating performance of the computation by the computation data sources using data of the computation data sources, wherein during performance of the computation the computation data sources collaborate within the network to perform the workflow while maintaining individual privacy of the data of the computation data sources and providing proof verifying a trustworthiness of the computation.

Abstract: A method for dynamic immutable security personalization for enterprise products. Specifically, the disclosed method describes how a computer processor (e.g., baseboard management controller) of an enterprise product can personalize security requirements in trusted facilities, along the supply chain route of the enterprise product, so that trusted assumptions concerning the enterprise product can be made. Further, through dynamic immutable security personalization, these trusted assumptions are allowed to change over time (e.g., from being less restrictive to more restrictive) as changing enterprise product configuration states are captured while the enterprise product traverses the supply chain route.

Abstract: An input unit receives an input of data, as learning purpose data and determination target data, in which requests made to a server by a user are represented in a time series. Then, a shaping unit shapes the received data. A classifying unit classifies the shaped data for each user who made the requests. Then, a learning unit extracts, from the classified learning purpose data, consecutive n requests as feature values of the learning purpose data, performs learning by using the feature values of the learning purpose data, and creates a profile for each user. A determination unit extracts, from the classified determination target data, consecutive n requests as feature values of the determination target data and performs determination of the determination target data based on the feature values of the determination target data and based on the profiles created by the learning unit.

Abstract: The present invention overcomes problem of pseudonymous Blockchain transactions that preclude the identification of an individual or institutional identity that rely solely on a Blockchain address of a recipient in a Blockchain transaction. A system and method is provided that verifies transfers in an on-chain Blockchain Bitcoin transaction by using a sequence of Blockchain Bitcoin transactions that establish and confirm an identity of one or more parties to the transaction.

Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.

Abstract: Connectionless trusted computing base recovery is described. An example of a system includes one or more processors to process data; hardware including a hardware RoT (root of trust); and firmware including a firmware TCB (trusted computing base), the firmware including the credentials including one or more certificates and one or more keys, wherein the one or more processors are to determine that the firmware TCB is compromised and that the hardware RoT is intact; issue new credentials by the hardware RoT to mutable firmware based on a version number or security version number (SVN) of the firmware; and revoke old versions of the credentials for the firmware.

Abstract: According to one example, a system includes a first computing device that determines data for transmittal to a second computing device, and determines transmittal mapping data. The first computing device also breaks the data into one or more portions, and, for each of the one or more portions of the data, the first computing device replaces the respective portion of the data with a transmittal token included in the transmittal mapping data. The first computing device also transmits the transmittal tokens for receipt by the second computing device.

Abstract: A data processing apparatus includes a requester, a completer and a cache. Data is transferred between the requester and the cache and between the cache and the completer. The cache implements a cache eviction policy. The completer determines an eviction cost associated with evicting the data from the cache and notifies the cache of the eviction cost. The cache eviction policy implemented by the cache is based, at least in part, on the cost of evicting the data from the cache. The eviction cost may be determined, for example, based on properties or usage of a memory system of the completer.

Abstract: An example operation includes one or more of establishing, by a first blockchain trust anchor node, a trusted connection to a trust anchor node of a second blockchain, detecting, by the first blockchain trust anchor node, changes of the first blockchain, and executing a smart contract to reflect the detected changes on the second blockchain.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with multiple hardware devices of the IHS. The BMC includes executable instructions for transmitting a broadcast message to the hardware devices in which the broadcast message has a block of data including a digital signature of the BMC. Each of the hardware devices that receive the broadcast message are configured to transmit a broadcast acknowledgment message to the BMC. Using the block of data, the BMC and hardware devices may perform a mutual consensus procedure with other using a cryptographic hash function of the block of data.

Abstract: A method for securely terminating a distributed trusted execution environment (TEE) spanning a plurality of work accelerators. After wiping sensitive data from the memory of its accelerator, a root of trust for each accelerator is configured to receive confirmation that the data has been wiped from the processor memory in relevant other accelerators prior to moving on to the next stage at which the TEE on its associated accelerator is terminated. Since the data has been wiped from the other accelerators, even if a third party were to inject malicious code into the accelerator, they would be unable to read out the secret data from the other accelerators since the data has been wiped from those other accelerators. In this way, a mechanism is provided for ensuring that when the distributed TEE is terminated, malicious third parties are unable to read out confidential data from the accelerators.

Abstract: A method for securely terminating a distributed trusted execution environment spanning a plurality of work accelerators. Each accelerator is configured to self-isolate upon determining that the distributed TEE is to be terminated across the system of accelerators. The data is also wiped from the processor memory of each accelerator, such that the data cannot be read out from the processor memory once the accelerator's links are re-enabled. The self-isolation is performed on each accelerator prior to the step of terminating the TEE on that accelerator. An accelerator only re-enables its links to other accelerators once the data is wiped from its processor memory such that the secret data is removed from the accelerator memory.

Abstract: The present disclosure describes secured interprocess communication (IPC). The operating system traps application-level IPC calls to an IPC agent, which handles the IPC call. The IPC agent executes in a trusted execution environment so that communications between the applications involved in the IPC are secure. Since processing of IPC by the IPC agent bypasses the operating system, IPC remains secure despite any attacks against the operating system code.

Abstract: Techniques are described for providing secure and direct communication between two parties. In some examples, a business server (e.g., a first party), may send a request to a social networking system. The request may include an identifier associated with an end user (e.g., a second party) and an indication of one or more types of information to be requested from the user. In some examples, the user may submit user information to the business server. The user information may include sensitive and/or personal information of the user. The user information may be input by the user into an application associated with the social networking system. The user information may be sent securely and directly from the application on the user's device to the business server and is not accessible by the social networking system.

Abstract: An object of the disclosure is to simplify security enhancements based on trusted computing. For this, a first data processing apparatus configured to operate in accordance with one or more platform configuration is provided. The first data processing apparatus includes an attestation processor, a network interface, and a data storage device for storing validation data. The attestation processor is configured to establish attestation data that is indicative of a current platform configuration. The validation data facilitates a validity check of integrity data, which includes the attestation data. The first data processing apparatus is configured to provide the integrity and validation data.