Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.

Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.

Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.

Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.

Abstract: Systems, methods, apparatus, and articles of manufacture to prevent unauthorized release of information associated with a function as a service are disclosed. A system disclosed herein operates on in-use information. The system includes a function as a service of a service provider that operates on encrypted data. The encrypted data includes encrypted in-use data. The system also includes a trusted execution environment (TEE) to operate within a cloud-based environment of a cloud provider. The function as a service operates on the encrypted data within the TEE, and the TEE protects service provider information from access by the cloud provider. The encrypted in-use data and the service provider information form at least a portion of the in-use information.

Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.

Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.

Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processor. In one embodiments, a key provisioner/tester apparatus may include a memory device to receive a unique hardware key generated by a first logic of a processor. The key provisioner/tester apparatus may further include a cipher device to permanently store an encrypted first key in nonvolatile memory of the processor, detect whether the stored encrypted first key is valid, and to isolate at least one of the first logic and the nonvolatile memory of the processor from all sources that are exterior to the processor in response to detecting that the stored encrypted first key is valid.

Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.

Abstract: Generally, this disclosure describes a method and system for automated check-out and drop-off return of products using a mobile device. A method may include purchasing at least one product of a plurality of products wherein each product is located at a respective associated product location in a store that sells the plurality of products and a point of sale of each purchased product corresponds to the respective associated product location.

Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processor/apparatus. In one embodiment, the apparatus includes a physically unclonable functions (PUF) circuit to generate a hardware key based on at least one manufacturing variation of the apparatus and a nonvolatile memory coupled to the PUF circuit, the nonvolatile memory to store an encrypted key, the encrypted key comprising a first key encrypted using the hardware key. The apparatus further includes a hardware cipher component coupled to the nonvolatile memory and the PUF circuit, the hardware cipher component to decrypt the encrypted key stored in the nonvolatile memory with at least the hardware key to generate a decrypted copy of the first key and fixed logic circuitry coupled to the PUF circuit and the hardware cipher component, the fixed logic circuitry to verify that the decrypted copy of the first key is valid.

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processor. In one embodiments, a key provisioner/tester apparatus may include a memory device to receive a unique hardware key generated by a first logic of a processor. The key provisioner/tester apparatus may further include a cipher device to permanently store an encrypted first key in nonvolatile memory of the processor, detect whether the stored encrypted first key is valid, and to isolate at least one of the first logic and the nonvolatile memory of the processor from all sources that are exterior to the processor in response to detecting that the stored encrypted first key is valid.

Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encrypted key may be stored in a memory of the processor. The encrypted key may be validated. The integrity of the key may be protected by communicatively isolating at least one component of the processor.

Abstract: An apparatus for aggregating secured credentials is described herein. The apparatus includes a processor and a memory. The memory includes code causing the processor to provision a plurality of secured credentials on the apparatus. The code causes the processor to isolate the secured credentials from each other in the memory. The code also causes the processor to emulate a selected secured credential from the secured credentials for a transaction.

Abstract: A processor of an aspect includes root key generation logic to generate a root key. The root key generation logic includes a source of static and entropic bits. The processor also includes key derivation logic coupled with the root key generation logic. The key derivation logic is to derive one or more keys from the root key. The processor also includes cryptographic primitive logic coupled with the root key generation logic. The cryptographic primitive logic is to perform cryptographic operations. The processor also includes a security boundary containing the root key generation logic, the key derivation logic, and the cryptographic primitive logic. Other processors, methods, and systems are also disclosed.

Abstract: Dark-bit masking technologies for physically unclonable function (PUF) components are described. A computing system includes a processor core and a secure key manager component coupled to the processor core. The secure key manager includes the PUF component, and a dark-bit masking circuit coupled to the PUF component. The dark-bit masking circuit is to measure a PUF value of the PUF component multiple times during a dark-bit window to detect whether the PUF value of the PUF component is a dark bit. The dark bit indicates that the PUF value of the PUF component is unstable during the dark-bit window. The dark-bit masking circuit is to output the PUF value as an output PUF bit of the PUF component when the PUF value is not the dark bit and set the output PUF bit to be a specified value when the PUF value of the PUF component is the dark bit.

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract: Dark-bit masking technologies for physically unclonable function (PUF) components are described. A computing system includes a processor core and a secure key manager component coupled to the processor core. The secure key manager includes the PUF component, and a dark-bit masking circuit coupled to the PUF component. The dark-bit masking circuit is to measure a PUF value of the PUF component multiple times during a dark-bit window to detect whether the PUF value of the PUF component is a dark bit. The dark bit indicates that the PUF value of the PUF component is unstable during the dark-bit window. The dark-bit masking circuit is to output the PUF value as an output PUF bit of the PUF component when the PUF value is not the dark bit and set the output PUF bit to be a specified value when the PUF value of the PUF component is the dark bit.