Abstract: Provided is a non-transitory machine-readable medium including machine-readable instructions. The machine-readable instructions cause, when executed on an apparatus, the apparatus to receive, by a trusted authority, a request for access to user data stored on a distributed network. The machine-readable instructions further cause the apparatus to search, by the trusted authority, an immutable ledger for an entry related to the user data. The machine-readable instructions further cause the apparatus to selectively decide, by the trusted authority and based on an access policy for the user data indicated by the entry, whether to grant access to the user data.

Abstract: It is provided an apparatus comprising interface circuitry, machine-readable instructions, and processing circuitry to execute the machine-readable instructions. The machine-readable instructions include instructions obtain data from a first party. The data being configured for training of a machine learning model of a second party. The machine-readable instructions further include instructions to generate metadata corresponding to the data, the metadata comprising an identifier of the data. The machine-readable instructions further include instructions to publish the data appended with the corresponding metadata. The machine-readable instructions further include instructions to transmit the metadata for storage to a trusted third-party.

Abstract: A method comprises generating, during a software build process conducted in a trusted build environment, a trusted log comprising a plurality of records of actions performed during the software build process and a plurality of identifiers of tools used to perform the actions, aggregating the plurality of records of actions and the plurality of identifiers into a build certificate file, generating a digital signature to be applied to the build certificate, and publishing the build certificate in association with one or more build artifacts generated by the software build process.

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

Abstract: A system and method of authenticating a development environment include receiving, by one or more processors associated with a source code repository, a development profile from a development environment. Sending the development profile to a trusted profile verifier to be registered as a trusted development profile. Receiving a pending source file commit request, where the pending source file commit request includes source code files and a current development profile. Facilitating verification of whether the current development profile matches the trusted development profile. When it is verified that the current development profile matches the trusted development profile, accepting the source code files.

Abstract: A method comprises generating, during a software build process conducted in a trusted build environment, a trusted log comprising a plurality of records of actions performed during the software build process and a plurality of identifiers of tools used to perform the actions, aggregating the plurality of records of actions and the plurality of identifiers into a build certificate file, generating a digital signature to be applied to the build certificate, and publishing the build certificate in association with one or more build artifacts generated by the software build process.

Abstract: A method comprises issuing a challenge to a target computing device, receiving, from the target computing device, a response to the challenge, the response comprising a self-attestation proof, a root of trust (RoT) certificate, and a set of current attestation measurements, and generating a signal indicative of a security status of the target based upon a determination of whether the set of current attestation measurements match a set of expected attestation measurements for the target computing device.

Abstract: A method comprises generating an original digital content, generating a first set of rules pertaining to permissible changes to the original digital content, generating a cryptographically signed certificate comprising the first set of rules and a hash of the original digital content, and publishing the original digital content and the associated cryptographically signed certificate.

Abstract: A method comprises discovering, in a controller device, one or more target devices that are in a pairing mode, generating, in the controller device, a first signal comprising a pattern, transmitting, from the controller device to a first remote device, the first signal comprising the pattern, receiving, in the controller device, a second signal from a second remote device, the second signal comprising a authentication code, and authenticating the one or more target devices when the first authentication signal and the second authentication signal match.

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.