摘要:
A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.
摘要:
A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.
摘要:
Embodiments of methods, systems, and storage medium associated with providing access to encrypted data for authorized users are disclosed herein. In one instance, the method may include obtaining a derived value for an authenticated user based on user personalization data of the authenticated user, and generating a user-specific encryption key based on the derived value. The derived value may have entropy in excess of a predetermined level. The user-specific encryption key may enable the authenticated user to access the encrypted data stored at the storage device. Other embodiments may be described and/or claimed.
摘要:
Embodiments of methods, systems, and storage medium associated with providing access to encrypted data for authorized users are disclosed herein. In one instance, the method may include obtaining a derived value for an authenticated user based on user personalization data of the authenticated user, and generating a user-specific encryption key based on the derived value. The derived value may have entropy in excess of a predetermined level. The user-specific encryption key may enable the authenticated user to access the encrypted data stored at the storage device. Other embodiments may be described and/or claimed.
摘要:
Systems and techniques for securely managed location-and-tracking service (LTS) access are described herein. A trusted execution environment (TEE) may establish a connection to an LTS. The TEE may provide verification to the LTS that the connection origination from the TEE. The TEE may request an LTS location for the mobile device from the LTS using the connection. The TEE may provide the LTS location to applications of the mobile device.
摘要:
The present disclosure is related to managing a caching system based on object fetch costs, where the fetch cost are based on the access latency, cache misses, and time to reuse of individual objects. The caching system may be a multi-tiered caching system that includes multiple storage tiers, where an object management system determines whether to retain or evict an object from a cache of a particular storage tier based on the object's fetch cost. Additionally, eviction can include moving objects from a current storage tier to another storage tier based on the current storage tier and fetch costs.
摘要:
System and techniques for fault tolerant telemetry of distributed devices are described herein. A node includes a hardware component that receives telemetry from an entity resident on the node. The hardware component signs the telemetry with a cryptographic key to create signed telemetry and stores the signed telemetry in memory of the hardware component. Then, upon request from a remote entity, the hardware component provides the signed telemetry.
摘要:
Systems and techniques for transparent dynamic reassembly of computing resource compositions are described herein. An indication may be obtained of an error state of a component of a computing system. An offload command may be transmitted to component management software of the computing system. An indication may be received that workloads to be executed using the component have been suspended. An administrative mode command may be transmitted to the component. The administrative mode command may place the component in partial shutdown to prevent the component from receiving non-administrative workloads. Data of the component may be synchronized with a backup component. Workloads from the component may be transferred to the backup component. An offload release command may be transmitted to the software of the computing system.
摘要:
System and techniques for information centric network tunneling are described herein. At an ICN router, a data handle for data—that includes an indication of security metadata—is received. The security metadata is obtained based on the data handle and the data is cached based on the security metadata. An ICN node at an interface of the ICN router is tested for compatibility with the security metadata and a version of the data is transmitted to the ICN node based on the compatibility of the ICN node with the security metadata.
摘要:
System and techniques for decentralized key generation and management are described herein. An information centric network (ICN) node receives a first ICN interest packet for public encryption parameters of an identity based encryption (IBE) key generation center (KGC). Public encryption parameters for the KGC are received in a first ICN data packet in response to the first ICN interest packet. The public encryption parameters are cached and used to respond a second ICN interest packet for the public parameters. A third ICN data packet may be received from the KGC in response to a key generation request. Here, the third data packet includes an indication that the third ICN data packet is part of a one-time session. Then, the third ICN data packet is transmitted without caching the third ICN data packet content based on the indication.