| CPC H04L 9/3236 (2013.01) [H04L 9/0819 (2013.01); H04L 9/3247 (2013.01)] | 20 Claims |
|
1. An apparatus, comprising:
a device including at least one memory having processor-executable code stored therein, and at least one processor that is adapted to execute the processor-executable code, wherein the processor-executable code includes processor-executable instructions that, in response to execution, enable the device to perform actions, including:
obtaining first evidence that is associated with a first policy, wherein the first evidence includes data that includes cryptographically verifiable evidence that is associated with initial source code in accordance with the first policy, wherein the initial source code is source code for a code transparency service (CTS);
providing an initial binary based on the initial source code;
executing the initial binary in a first trusted execution environment (TEE) such that a first CTS instance begins operation, wherein the first CTS instance is configured to enforce at least one guarantee associated with code approved by the first CTS instance, and wherein the at least one guarantee is associated with code transparency; and
using the first TEE to:
provide a first ledger;
store the first evidence on the first ledger;
provide at least one measurement that is associated with the initial binary;
generate a first service key that is associated with first CTS instance, wherein the first service key is used by the first CTS instance for at least one cryptographic function; and
provide TEE attestation of the at least one measurement, the first evidence, and the first service key.
|