| CPC G06Q 20/3829 (2013.01) [G06F 16/182 (2019.01); G06Q 2220/00 (2013.01)] | 17 Claims |
|
1. An apparatus, comprising:
a device including at least one memory having processor-executable code stored therein, and at least one processor that is adapted to execute the processor-executable code, wherein the processor-executable code includes processor-executable instructions that, in response to execution, enable the device to perform actions, including:
receiving a first claim that is associated with a first application, wherein the first claim is a document that is signed with a claim signature and that includes first evidence that is associated with a first policy, and further includes an expected set of at least one binary measurement associated with the first application, wherein the first evidence is cryptographically verifiable evidence that is associated with the first application;
using a first trusted execution environment (TEE) to:
provide a distributed ledger;
verify the first claim, wherein verifying the first claim includes verifying the expected set of at least one binary measurement associated with the first application, verifying the claim signature, and, based at least on the first evidence, verifying that the first application meets the first policy; and
upon successful verification of the first claim:
append the first claim to the distributed ledger; and
generate a first ledger countersignature that is associated with the first claim, wherein the first ledger countersignature includes a signature of a root of a tree of the distributed ledger.
|