Abstract: A method includes sending, to a compute device and via a private channel, a public key for asymmetric encryption. The method also includes concurrently authenticating the compute device and generating a traffic key for symmetric encryption, based at least in part on the public key. The method further includes sending a message to the compute device, the message being encrypted using the traffic key via the symmetric encryption.

Abstract: A method includes sending, to a compute device and via a private channel, a public key for asymmetric encryption. The method also includes concurrently authenticating the compute device and generating a traffic key for symmetric encryption, based at least in part on the public key. The method further includes sending a message to the compute device, the message being encrypted using the traffic key via the symmetric encryption.

Abstract: An apparatus includes a first communication interface communicable with a portion of a first network, a second communication interface communicable with a portion of a second network, and a memory. The apparatus is configured to be disposed between the portion of the first network and the portion of the second network. The portion of the first network and the portion of the second network are not otherwise coupled together. The apparatus is switchable between a first mode and a second mode. During the first mode, the apparatus is transparent to data transmission and is configured to store information representing the transmitted data. During the second mode, the apparatus is configured to block data transmission between the first network and the second network via the apparatus so as to form an enclaved network segment of the portion of the first network.

Abstract: A method includes sending, to a compute device and via a private channel, a public key for asymmetric encryption. The method also includes concurrently authenticating the compute device and generating a traffic key for symmetric encryption, based at least in part on the public key. The method further includes sending a message to the compute device, the message being encrypted using the traffic key via the symmetric encryption.

Abstract: A method includes sending, to a compute device and via a private channel, a public key for asymmetric encryption. The method also includes concurrently authenticating the compute device and generating a traffic key for symmetric encryption, based at least in part on the public key. The method further includes sending a message to the compute device, the message being encrypted using the traffic key via the symmetric encryption.

Abstract: A trustable community for a computer system includes multiple software components that have security interdependence. A trustable community attempts to stop malware from compromising one software component within the community by conditioning operation of the software component upon a determination of present trustworthiness of itself and other software components within the community. Present trustworthiness may be determined through hash checks and application of community rules defining conditions under which software components are trustworthy.

Abstract: A trusted enclave for a software system of a computer node provides relatively high assurance protection of a section of the software system. The trusted enclave attempts to stop malware from compromising parts of the software system within the trusted enclave. If a software system process outside the trusted enclave becomes compromised, the compromised process may be prevented from compromising software system resources within the trusted enclave. Compromise of a process or resource of the software system refers to, for example, malware access, alteration or control of the process or resource.