Abstract: A framework for providing cluster-wide cryptographic operations, including: signing, sealing, binding, unsealing, and unbinding. The framework includes an interface module (a.k.a., HAT agent) on each of a plurality of nodes in the cluster. Each HAT agent is configured to respond to an application's request for a cluster crypto operation by communication with other HAT agents in the cluster and utilizing a trusted platform module local to the node where the HAT agent resides.

Abstract: A method for detecting a particular data traffic in a communication network having a plurality of nodes comprises: maintaining a list of detecting scans to be applied to an incoming data traffic; receiving the incoming data traffic; and applying a subset of the detecting scans in the list to the incoming data traffic. A network node for detecting a particular traffic in a communication network having a plurality of nodes comprises: a list of detecting scans to be applied to an incoming data traffic; an input for receiving the incoming data traffic; and an inspection chain, which applies a subset of detecting scans in the list to the incoming data traffic.

Abstract: A method and communication node for providing secure communications and services in a High Availability (HA) cluster. The communication node comprises an Operating System (OS) that detects an unavailability of a first service application process and switches a second service application process from the first state to the second state, the second service application being selected for taking over service currently provided from the first service application process, the first state and the second state each being associated to a set of rights in the cluster. The OS generates a private key for the second service application process based on its second state. The set of rights associated to the second state allows the OS to replace the first service application process with the second service application process for providing secure communications between the second service application and other service application processes in the HA cluster.

Abstract: A method and communication node that for generate a unique service application process biometric identifier for a service application service application process requesting resources and services to another service application service application process in a High Availability (HA) cluster. The method and communication node further authenticate the requesting service application service application process using the unique service application process biometric identifier and thus allowing communication between the first service application process and the second service application process.

Abstract: A method for maintaining a current view of a cluster's membership comprising the steps of maintaining a list of member nodes and updating the list when a modification thereto is noticed by a first node by receiving a first update message from the first node in a second node, thereafter, sending a second update message from the second node to a third node to propagate the modification and sending to the first node a first confirm message from the second or the third node. A node member of a cluster capable of maintaining a first list of neighboring nodes, maintaining a second list of neighboring nodes sharing a current view therewith and ensuring that the first list matches the second by exchanging messages with neighboring nodes, wherein each message comprises topology information. Upon confirmation that both lists match, the node being capable of sending a confirmation message toward neighboring nodes.

Abstract: A system and method for managing trusted platform module (TPM) keys utilized in a cluster of computing nodes. A cluster-level management unit communicates with a local TPM agent in each node in the cluster. The cluster-level management unit has access to a database of protection groups, wherein each protection group comprises one active node which creates a TPM key and at least one standby node which stores a backup copy of the TPM key for the active node. The local TPM agent in the active node automatically initiates a migration process for automatically migrating the backup copy of the TPM key to the at least one standby node. The system maintains coherency of the TPM keys by also deleting the backup copy of the TPM key in the standby node when the key is deleted by the active node.

Abstract: A node member of a cluster in a network comprising a plurality of nodes and a method related to the capabilities of the node, which is capable of maintaining a stable view of the cluster's membership, maintaining a list of neighboring nodes sharing a same updated view of the cluster's membership and receiving a confirmation message from a second node confirming that a new view received therein should replace the stable view and become a new stable view. The node is further capable of verifying that the new view is up to date in comparison to the same view and, if the new view is not up to date, discarding the confirmation message.

Abstract: A method and computer operated software application for digitally signing a portion of an electronic file, and for verifying such a digital signature. A portion of the file to be signed is extracted based on a computation of one or more functions, and the file portion is used for being either directly digitally signed, or for calculating a Message Digest value (MD1) and for digitally signing the MD1 value with a private key of the signer. The so-formed digital signature is appended to the file. During verification, the digital signature is removed from the file, decrypted using the signer's public key, which is known to the verifier, and the portion of the file, or respectively MD1 is obtained. The portion of the file used for the signature is again obtained and used for a similar a computation based on the one or more functions, which are also known to the verifier, for calculating a corresponding portion of the file, or another Message Digest value (MD2).