Subnoto: Electronic signatures rebuilt for modern security | Product Hunt

Subnoto is the only e-signature platform where your documents stay encrypted during server-side processing—not just in transit. Using confidential computing, we provide cryptographic proof that your contracts remain private and isolated, even from our own servers. No trust required. Perfect for individuals and organizations handling sensitive data who refuse to choose between convenience and privacy. GDPR & eIDAS compliant by design. Try it free: 10 signatures/month, no credit card needed.

Confidential Computing | Steffen L.

Meine Kollegen Axel Saß, Jens Freimann und Thomas Fricke haben ein White-Paper zum Thema Confidential Computing geschrieben. Was euch erwartet? Die traditionelle Datensicherheit konzentrierte sich auf Data-at-Rest (ruhende Daten) und Data-in-Transit (Daten während der Übertragung). Doch die entscheidende Lücke, Data-in-Use (Daten während der Verarbeitung im Arbeitsspeicher), blieb oft ungeschützt. Genau dieses Problem löst Confidential Computing (CC). Dies ist aktuell durchaus relevant: Der DORA Act fordert den Schutz von Data-in-Use. CC unterstützt zudem maßgeblich die Umsetzung von Zero-Trust-Architekturen. Das Paper beleuchtet ehrlich die Komplexität und die verbleibenden Risiken, wie Seitenkanalangriffe , Hardware-Schwachstellen und den notwendigen Firmware-Update-Prozess. Es liefert klare Empfehlungen, z.B. die Automatisierung mittels GitOps und die strikte Rollentrennung für Attestation-Administratoren. Confidential Computing ist kein Allheilmittel, aber ein wichtiger Baustein einer modernen Sicherheitsarchitektur, insbesondere wenn Daten bei Dritten verarbeitet werden (sog. Cloud). Es ist bereits produktionsreif, erfordert aber eine sorgfältige Planung und ein strukturiertes Vorgehen. Das auf deutsch verfasste Whitepaper findet ihr hier: https://lnkd.in/ewP9Vp5Y #ConfidentialComputing #Cybersecurity #ITSecurity #DORA #ZeroTrust #CloudSecurity

FOSDEM 2026 - Confidential computing devroom call for participation

帰ってきた IETF 124 Side Meeting 差分アップデート（2025年10月19日版） - Qiita

そろそろIETF124の開催が近づいてきてきましたね！ GMOコネクト 菅野（かんの）です。 10月14日に公開した「【徹底分析】IETF 124 Side Meeting まとめ」から、Trelloボード上の構成が複数更新されました。 本記事では、Trello公式ボード・...

Enabling Integrity Measurement for Secure Applications in the Enarx Framework - Journal of Network and Systems Management

The Cloud Computing paradigm has significantly spread thanks to the high-speed Internet connection, standardization of digital technology, and the wide adoption of mobile devices. As a result, several privacy-enhancing technologies have been developed, among which Confidential Computing aims to protect data in use. Among the various solutions proposed for Confidential Computing, the Trusted Execution Environments (TEE) is becoming increasingly adopted, even in industrial scenarios, providing a shielded area where data and code can be processed and stored. However, heterogeneous TEE technologies are now available, making trusted application development difficult for developers. To overcome the problem of developing and deploying applications caused by the deep differences between the currently available TEE technologies, the project Enarx has been proposed. Enarx permits application development for various TEE instances in the public cloud, being CPU-architecture independent and guaranteeing the security of applications from cloud providers. The Enarx logic loads an application attesting the hardware and the Enarx components but misses the integrity verification of the user-developed application. Therefore, the primary objective of our work is to propose an extension where Enarx can verify the user application’s trustworthiness deployed in underneath the TEE. The next objective is to integrate the extended Enarx framework with the Trust Monitor system, a centralized monitoring and reporting solution to assess the trustworthiness of a heterogeneous critical infrastructure, like the cloud environment. A validation phase has been conducted, proving the solution fulfils the defined goals in terms of functionalities and performance.