Abstract: Techniques for real-time updating of encryption keys are disclosed. In the illustrative embodiment, an encrypted link is established between a local and remote processor over a point-to-point interconnect. The encrypted link is operated for some time until the encryption key should be updated. The local processor sends a key update message to the remote processor notifying the remote processor of the change. The remote processor prepares for the change and sends a key update confirmation message to the local processor. The local processor then sends a key switch message to the remote processor. The local processor pauses transmission of encrypted message while the remote processor completes use of the encrypted message. After a pause, the local processor continues sending encrypted messages with the updated encryption key.

Abstract: In some instances, a method for verifying communication paths is provided. The method comprises: obtaining, from a first user device, a request to access content associated with a relying party system, wherein the request indicates user credentials and a first session identifier (ID); obtaining one or more quick response (QR) codes and a second session ID associated with a first QR code of the one or more QR codes, wherein the relying party system generates and provides the first QR code to the first user device; and verifying the first session ID and the second session ID, wherein the relying party system grants the first user device access to the requested content based on the verification.

Abstract: A proof of authenticity of a website presentation includes a presentation being retrievable from the local storage of the web browser. The presentation is presented together with the main presentation retrieved from the website, thereby the presentation proves authenticity of the main presentation with the first website (10B).

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network risk assessment. One of the methods includes obtaining information describing network traffic between a plurality of network devices within a network. A network topology of the network is determined based on the information describing network traffic, with the network topology including nodes connected by an edge to one or more other nodes, and with each node being associated with one or more network devices. Indications of user access rights of users are associated to respective nodes included in the network topology. User interface data associated with the network topology is generated.

Abstract: A system and method for evaluating definitions from a markup language document for agentless host configuration of an image in a virtualized computing environment generates an instruction to deploy a virtual instance based on a base image, the virtual instance including a disk. The method further includes generating an inspectable disk based on the disk of the virtual instance; receiving a markup language document, the document including a plurality of definitions, each including a data element; inspecting the inspectable disk for a cybersecurity object corresponding to a data element of a first definition of the plurality of definitions; evaluating the first definition based on the cybersecurity object to generate an evaluated first definition result, in response to determining that the definition is evaluable; generating an output based on the evaluated first definition result; and generating the output based on a notification, in response to determining that the definition is unevaluable.

Abstract: A system and method for evaluating definitions from a markup language document for agentless host configuration includes generating an inspectable disk based on a disk of a host, the host deployed in a virtualized computing environment. The system is configured to: receive a markup language document, the markup language document including a plurality of definitions, each definition including a data element; inspect the inspectable disk for a cybersecurity object corresponding to a first data element of a first definition of the plurality of definitions; evaluate the first definition further based on the cybersecurity object to generate an evaluated first definition result, in response to determining that the definition is evaluable; generate an output based on the evaluated first definition result; and generate the output based on a predetermined notification, in response to determining that the definition is unevaluable.

Abstract: Systems and methods are provided for vulnerability proofing the administration of hardware components of an IHS. A proposed configuration for a hardware component of the IHS is detected. Multiple catalogs specifying known vulnerabilities of hardware components are accessed, such as a catalog of known vulnerabilities provided by a manufacturer of the hardware component and such as a catalog of known vulnerabilities provided by a manufacturer of the IHS. The proposed configuration of the hardware component is evaluated as being vulnerable in the first catalog and also in the second catalog. If the proposed configuration is identified as vulnerable in either the first catalog or in the second catalog, the hardware component is disabled until the proposed configurations for the hardware component are changed to include no configurations with vulnerabilities identified in either the first or second catalogs.

Abstract: Systems and methods are provided for vulnerability proofing the launching of application instances by an IHS (Information Handling System). The launching of an application instance on the IHS is detected, where the application instance is launched using an application template that includes configurations for one or more hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. Hardware component configurations included in the application template are identified as vulnerable in one or more of the catalogs. If the application template includes configurations that are identified as vulnerable in the catalogs, launching of the application is prevented until the hardware component configurations within the application template are modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: receiving data center data; identifying unprotected sensitive data center data contained within the data center data; classifying the sensitive data center data contained within the data center data according to a sensitivity based classification; and, remediating the sensitive data center asset data according to the sensitivity based classification of the sensitive data center data.

Abstract: A secure computing control method, a data packet processing method and device, and a system thereof are disclosed. The secure computing method may include: receiving a first data packet message for secure computing from a processor, the first data packet message including data packet information and secure computing configuration information corresponding to the data packet information; acquiring corresponding first data packet data from a memory according to the data packet information of the first data packet message; selecting a corresponding security algorithm according to the secure computing configuration information corresponding to the first data packet message; performing secure computing on the first data packet data by the selected security algorithm to generate secure computed second data packet data and a second data packet message corresponding to the second data packet data; transmitting the second data packet data to the memory; and transmitting the second data packet message to the processor.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: generating a data tag for an object within a data center asset, the generating the data tag for the object associating a contextual meaning with the object; mapping the data tag to the object, the mapping the data tag to the object associating a data tag with the object; and, protecting the data tag to provide a protected data tag, the protecting the data tag ensuring that only an authorized user can manage an aspect of the protected data tag.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: providing the data center asset to a data center asset purchaser; establishing a communication channel between an onboarding system and the data center asset; generating a request to a rendezvous service to generate a shared data center asset secret key for the data center asset; associating the shared data center asset secret key with the data center asset; and, providing authorization for the data center asset to be onboarded when the shared data center asset secret key generated by the rendezvous service matches the shared data center asset secret key associated with the data center asset.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: generating a request for a client identifier or an access token for access to a target application programming interface (API); obtaining an access policy associated with the target API; determining a least privileged API access permission based upon the access policy associated with the target API; and, using the client identifier or access token to access the target API when the least privileged API access permission allows access to the target API.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: submitting a request for a workload instance to a cloud service provider; establishing a secure communication channel between the cloud service provider and a data center monitoring and management console; exchanging information between the cloud service provider and the data center monitoring and management console via the secure communication channel, the information including a verifiable workload instance identity; and, using the verifiable workload instance identity to authenticate a workload instance provided by the cloud service provider.

Abstract: The present invention provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies. An implantable medical device is generally constrained to employ a low power transceiver, which supports short distance digital communications. A relay device, such as a smartphone or WiFi access point, acts as a conduit for the communications to the internet or other network, which need not be private or secure. The medical device supports encrypted secure communications, such as a virtual private network technology. The medical device negotiates a secure channel through a smartphone or router, for example, which provides application support for the communication, but may be isolated from the content.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: embedding a unique identifier within a data center asset, the unique identifier including a signed certificate; providing the data center asset to a customer; establishing a secure communication channel between an onboarding system and the data center asset, the secure communication channel using the signed certificate; exchanging information between the onboarding system and the data center asset via the secure communication channel, the information including a data center asset ownership voucher; and, using the data center asset ownership voucher to associate the data center asset to the customer.

Abstract: A system, method, and computer-readable medium for performing a security operation.

Abstract: A validation software obtains a session datum from a request initiating at a device. The validation software hashes the session datum to obtain a hashed session datum. The validation software transmits a validation request that includes a portion of the hashed session datum to a validation server. The portion of the hashed session datum may have a length that is less than a length of the hashed session datum. The validation software determines, and based on a response received from the validation server, that the session datum is likely compromised. In response to determining that the session datum is likely compromised, a notification is output at the device.

Abstract: An enterprise-level security policy management tool receives, via a graphical user interface (GUI), inputs defining a security policy configured to be deployed within an enterprise that operates one or more operational technology (OT) networks, generates the security policy based on the inputs, and transmits the security policy to one or more computing devices running respective other instantiations of the enterprise-level security policy management tool, wherein the respective other instantiations of the enterprise-level security policy management tool are configured to facilitate enforcement of the security policy within the one or more OT networks operated by the enterprise.

Abstract: Methods and systems described herein improve blockchain storage operations in a variety of environments. A blockchain compression system may determine that a blockchain compression condition associated with a blockchain having a first plurality of blocks has been satisfied. In response, the system compresses the first plurality of blocks using a first hash tree into a first root hash value and stores the first plurality of blocks in a first database. The blockchain compression system generates a first new era genesis block that includes the first root hash value and a first database address of the first database at which the first plurality of blocks are stored. The blockchain compression system stores the blockchain at one or more nodes in a blockchain network. The blockchain includes the first new era genesis block and any previous new era genesis blocks. This may effectively reduce storage requirements for the blockchain, in various embodiments.