Abstract: The disclosure herein describes deploying a Virtual Secure Enclave (VSE) using a universal enclave binary and a Trusted Runtime (TR). A universal enclave binary is generated that includes a set of binaries of Instruction Set Architectures (ISAs) associated with Trusted Execution Environment (TEE) hardware backends. A TEE hardware backend is identified in association with a VSE-compatible device. A VSE that is compatible with the identified TEE hardware backend is generated on the VSE-compatible device and an ISA binary that matches the TEE hardware backend is selected from the universal enclave binary. The selected binary is linked to a runtime library of the TR and loads the linked binary into memory of the generated VSE. The execution of a trusted application is initiated in the generated VSE using a set of interfaces of the TR. The trusted application depends on the TR interfaces rather than the selected ISA binary.

Abstract: In one set of embodiments, a computer system can initialize a counter that is shared by a plurality of software processes, where each software process is programmed to increment the counter a predefined number of times. The computer system can further run the plurality of software processes concurrently. Upon completion of the plurality of software processes, the computer system can apply one or more functions to the shared counter and output the result as an entropy sample.

Abstract: In one set of embodiments, a computer system can allocate a memory buffer in a dynamic random access memory (DRAM), determine a plurality of DRAM rows covered by the memory buffer, and execute a Rowhammer attack against a target row in the plurality of DRAM rows, thereby yielding randomly flipped bits in one or more neighboring DRAM rows. The computer system can then compute a value based on the randomly flipped bits and output the value as an entropy sample.

Abstract: In one set of embodiments, a computer system can initiate a memory stress test on a memory subsystem of the computer system, where the memory subsystem including a dynamic random access memory (DRAM). Then, while the memory stress test is running, the computer system can execute a plurality of access operations for accessing the DRAM, measure the time taken to complete each access operation, combine the measured times to compute a value, and output the value as an entropy sample.

Abstract: A system and method for performing a scan of an input sequence in a parallel processor having a shared register file. A two dimensional matrix is generated, having a number of rows representing a number of threads and a number of columns based on the input sequence block size and the number of rows. One or more padding columns may be added to the matrix to avoid or reduce memory bank conflicts. A first traversal of the rows performs a reduction or a scan of each of the rows in parallel, storing the reduction values. The reduction values are used during a second traversal to propagate the reduction values. In a segmented scan, propagation is selectively performed based on flags representing segment boundaries.

Abstract: A digital certificate is employed to produce a digital signature for a digital construct. In the digital certificate is set forth a certificate validity period defining for the digital certificate a time period during which the digital certificate is to be honored as valid for producing digital signatures, and a signature validity period defining for each digital signature produced based on the digital certificate a time period during which the digital signature is to be honored as valid.

Abstract: To render digital content determined to be in an encrypted rights-protected form, each available license corresponding to the digital content to be rendered is identified, where each such license includes a decryption key (KD) for decrypting the digital content to be rendered, and where the decryption key (KD) in the license is encrypted according to a public key (PU) (PU(KD)). One of the identified licenses is selected and (KD) is obtained from the selected license by obtaining (PU(KD)) from the selected license and decrypting (PU(KD)) according to a private key (PR) corresponding to (PU) to produce (KD). The digital content is decrypted with (KD), and the decrypted digital content is provided for actual rendering.

Abstract: A digital certificate is employed to produce a digital signature for a digital construct. In the digital certificate is set forth a certificate validity period defining for the digital certificate a time period during which the digital certificate is to be honored as valid for producing digital signatures, and a signature validity period defining for each digital signature produced based on the digital certificate a time period during which the digital signature is to be honored as valid.

Abstract: An access control policy engine associated with a resource determines whether to allow a request to access same. The engine receives the request with an security token, retrieves the token determines a type thereof, and maps access decision information in the token to a common format as at least one security claim setting forth adequate information to determine a right of the requestor. Thereafter, the engine retrieves a set of rules for accessing the resource, applies the rules to the security claims to determine whether to allow the request from the requestor, and if the request is to be allowed, provides the requestor access to the resource in accordance with the request and the rights of the requestor as determined based on the security claims.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: In order to allow for security beyond revocation lists, a policy regarding when permissions may be granted (in the form of a rights document, e.g. a use license or a certificate) is enforced. When a request is made for a rights document, the requester submits an account certificate which includes certain metadata regarding the requester. This metadata is analyzed to determine whether it meets a specific policy before the request is granted. If the request is not granted, the cause of the rejection may be overcome, for example by updating or upgrading some system component (hardware or software) in the requesting system. In certain cases, such an update to overcome a policy-based rejection may be performed transparently to the user.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.