Abstract: A vehicle diagnostic system includes a first diagnostic server including a diagnostic database having historical data matched with possible vehicle fixes, and configured to receive retrieved vehicle data and identify a most likely vehicle fix associated therewith. The first diagnostic server is associated with a first processing capability. The system additionally includes a second diagnostic server including a diagnostic algorithm operatively associated therewith and configured to identify a possible vehicle fix based on an assessment of the retrieved diagnostic data according to predefined criteria associated with the diagnostic algorithm. The second diagnostic server is associated with a second processing capability.

Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: Mechanisms are provided for calculating state of cryptographic objects and generating search filters for querying cryptographic objects based on the given state or on the given combination of unique states. The mechanism to calculate a state of a cryptographic object allows an application or system to resolve the current state of any cryptographic object with the following set of state altering date values: initial date, activation date, deactivation date, compromise date, and destroy date. A processing module may retrieve the state meta-data and calculate the current state of a given cryptographic object. The current state may be, for example, one of the following: unknown, pre-active, active, deactivated, compromised, destroyed, and destroyed-compromised. The mechanism to generate a search filter may generate a search query language (SQL) search filter to query for cryptographic objects using the state altering date values stored for each object.

Abstract: Mechanisms are provided for calculating state of cryptographic objects and generating search filters for querying cryptographic objects based on the given state or on the given combination of unique states. The mechanism to calculate a state of a cryptographic object allows an application or system to resolve the current state of any cryptographic object with the following set of state altering date values: initial date, activation date, deactivation date, compromise date, and destroy date. A processing module may retrieve the state meta-data and calculate the current state of a given cryptographic object. The current state may be, for example, one of the following: unknown, pre-active, active, deactivated, compromised, destroyed, and destroyed-compromised. The mechanism to generate a search filter may generate a search query language (SQL) search filter to query for cryptographic objects using the state altering date values stored for each object.

Abstract: Mechanisms are provided for calculating state of cryptographic objects and generating search filters for querying cryptographic objects based on the given state or on the given combination of unique states. The mechanism to calculate a state of a cryptographic object allows an application or system to resolve the current state of any cryptographic object with the following set of state altering date values: initial date, activation date, deactivation date, compromise date, and destroy date. A processing module may retrieve the state meta-data and calculate the current state of a given cryptographic object. The current state may be, for example, one of the following: unknown, pre-active, active, deactivated, compromised, destroyed, and destroyed-compromised. The mechanism to generate a search filter may generate a search query language (SQL) search filter to query for cryptographic objects using the state altering date values stored for each object.

Abstract: A method for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity.

Abstract: A system or computer usable program product for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity.

Abstract: Authentication with credentials in a Java messaging service (“JMS”), including providing pre-authenticated credentials for a Java security domain for a user application and creating a JMS connection for the user application, including accepting the pre-authenticated credentials in a JMS connection function and authenticating the user application for the JMS in dependence upon the pre-authenticated credentials. Typical embodiments of the present invention also include caching the pre-authenticated credentials in the user application. Many embodiments also include caching the pre-authenticated credentials in a middleware security application.

Abstract: A method for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity.

Abstract: A method, system or computer usable program product for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity.

Abstract: Mechanisms are provided for calculating state of cryptographic objects and generating search filters for querying cryptographic objects based on the given state or on the given combination of unique states. The mechanism to calculate a state of a cryptographic object allows an application or system to resolve the current state of any cryptographic object with the following set of state altering date values: initial date, activation date, deactivation date, compromise date, and destroy date. A processing module may retrieve the state meta-data and calculate the current state of a given cryptographic object. The current state may be, for example, one of the following: unknown, pre-active, active, deactivated, compromised, destroyed, and destroyed-compromised. The mechanism to generate a search filter may generate a search query language (SQL) search filter to query for cryptographic objects using the state altering date values stored for each object.

Abstract: A method and system is presented for supporting the establishment of a secure communication session within a data processing system. A certificate request command is sent from a server to a client. A certificate command is received at the server from the client in response to the certificate request command, and the certificate command is accompanied by a public key certificate and an attribute certificate that is digitally signed by a private key that is bound to the public key certificate. A secure communication session is established in response to successfully verifying the public key certificate. The attribute certificate contains credential information for an authentication operation or an authorization operation that is performed after establishment of the secure communication session.

Abstract: A system, apparatus and method for processing Personal InFormation EXchange Syntax (PFX) objects in a data processing system is presented. The PFX object may be formatted, i.e. may maintain a syntax, as defined by PKCS (Public Key Cryptography Standard) standards, and in particular PKCS #12. A PFX object utility allows a user to view and edit the contents of data objects embedded within a PFX object via a graphical user interface. Graphical objects represent the data objects embedded within a PFX object. A user may drag and drop objects onto other objects within the PFX object, and the PFX object utility automatically performs the necessary operations.

Abstract: A client generates a session key and a delegation ticket containing information for a requested delegation operation. The client generates a first copy of the session key and encrypts it using a public key of a proxy. The client generates a second copy of the session key and encrypts it using a public key of a server. The client then puts the encrypted session keys and delegation ticket into a first message that is sent to the proxy. The proxy extracts and decrypts its copy of the session key from the first message. The proxy then encrypts a proof-of-delegation data item with the session key and places it and the delegation ticket along with the encrypted copy of the session key for the server into a second message, which is sent to the server. The server extracts and decrypts its copy of the session key from the second message and uses the session key to obtain the proof-of-delegation data. Authority is successfully delegated to the proxy only if the server can verify the proof-of-delegation data.

Abstract: A method, an apparatus, a system, and a computer program product are presented for validating certificates. A certificate validation service receives a certificate validation request for a target certificate from a client, thereby allowing the client to offload certificate validation tasks into an online certificate validation service that is accessible and sharable by multiple components within a data processing system. In response to a determination that the target certificate is valid or invalid, the certificate validation service sends a certificate validation response with an indicating status value that the target certificate is valid or invalid. The certificate validation service is able to cache information about previously validated certificates and the associated certificate chains, thereby enhancing the efficiency of the service. Different certificate validation policies may be applied against target certificates based upon information associated with the target certificates.

Abstract: Authentication with credentials in a Java messaging service (“JMS”), including providing pre-authenticated credentials for a Java security domain for a user application and creating a JMS connection for the user application, including accepting the pre-authenticated credentials in a JMS connection function and authenticating the user application for the JMS in dependence upon the pre-authenticated credentials. Typical embodiments of the present invention also include caching the pre-authenticated credentials in the user application. Many embodiments also include caching the pre-authenticated credentials in a middleware security application.