Abstract: Systems and methods for detecting and handling attacks on processes executing within a trusted execution environment (TEE) are disclosed. In one implementation, a processing device may detect by a first process an event indicating that a first process executing in a TEE of a host computer system is under attack from a second process executing on the host computer system. the processing device may set a flag within a memory region of the TEE indicating that the first process is under attack. The processing device may further perform, in view of an attack response policy associated with the first process, an action responsive to detecting the event.

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses cryptographic keys that are based on temporal data. An example method may include: determining temporal data of a computing device; transforming the temporal data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate temporal data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed temporal data; and using the cryptographic key to enable access to a protected resource.

Abstract: Message decryption dependent on third-party confirmation of a condition precedent is disclosed. A message is encrypted with a message encryption key to form an encrypted message. A message decryption key that is configured to decrypt the encrypted message is encrypted with a key of a first entity to which the message is to be disclosed upon occurrence of a condition precedent to form an encrypted message decryption key. The encrypted message decryption key is encrypted with a key of a second entity configured to confirm the occurrence of the condition precedent to form a double encrypted message decryption key. A condition identifier that identifies the condition precedent is generated. The encrypted message, the double encrypted message decryption key, and the condition identifier are sent to the first entity.

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses a cryptographic keys that are based on proximity data. An example method may include: determining proximity data of a computing device; transforming the proximity data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate proximity data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed proximity data; and using the cryptographic key to enable access to a protected resource.

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses a cryptographic keys that are based on location data. An example method may include: determining location data of a computing device; transforming the location data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate location data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed location data; and using the cryptographic key to enable access to a protected resource.

Abstract: Systems and methods for detecting and handling attacks on processes executing within a trusted execution environment (TEE) are disclosed. In one implementation, a processing device may detect by a first process an event indicating that a first process executing in a TEE of a host computer system is under attack from a second process executing on the host computer system. the processing device may set a flag within a memory region of the TEE indicating that the first process is under attack. The processing device may further perform, in view of an attack response policy associated with the first process, an action responsive to detecting the event.

Abstract: The technology disclosed herein may enable a client to access a protected resource using cryptographic keys that are based on contextual data of a device. An example method may include: determining contextual data of a computing device; transforming the contextual data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate contextual data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed contextual data; and using the cryptographic key to enable access to a protected resource.

Abstract: Message decryption dependent on third-party confirmation of a condition precedent is disclosed. A message is encrypted with a message encryption key to form an encrypted message. A message decryption key that is configured to decrypt the encrypted message is encrypted with a key of a first entity to which the message is to be disclosed upon occurrence of a condition precedent to form an encrypted message decryption key. The encrypted message decryption key is encrypted with a key of a second entity configured to confirm the occurrence of the condition precedent to form a double encrypted message decryption key. A condition identifier that identifies the condition precedent is generated. The encrypted message, the double encrypted message decryption key, and the condition identifier are sent to the first entity.

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses a cryptographic keys that are based on proximity data. An example method may include: determining proximity data of a computing device; transforming the proximity data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate proximity data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed proximity data; and using the cryptographic key to enable access to a protected resource.

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses a cryptographic keys that are based on location data. An example method may include: determining location data of a computing device; transforming the location data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate location data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed location data; and using the cryptographic key to enable access to a protected resource.

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses cryptographic keys that are based on temporal data. An example method may include: determining temporal data of a computing device; transforming the temporal data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate temporal data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed temporal data; and using the cryptographic key to enable access to a protected resource.

Abstract: The technology disclosed herein may enable a client to access a protected resource using cryptographic keys that are based on contextual data of a device. An example method may include: determining contextual data of a computing device; transforming the contextual data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate contextual data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed contextual data; and using the cryptographic key to enable access to a protected resource.