Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: generating a data tag for an object within a data center asset, the generating the data tag for the object associating a contextual meaning with the object; mapping the data tag to the object, the mapping the data tag to the object associating a data tag with the object; and, protecting the data tag to provide a protected data tag, the protecting the data tag ensuring that only an authorized user can manage an aspect of the protected data tag.

Abstract: Systems and methods are provided for vulnerability proofing the launching of application instances by an IHS (Information Handling System). The launching of an application instance on the IHS is detected, where the application instance is launched using an application template that includes configurations for one or more hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. Hardware component configurations included in the application template are identified as vulnerable in one or more of the catalogs. If the application template includes configurations that are identified as vulnerable in the catalogs, launching of the application is prevented until the hardware component configurations within the application template are modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: receiving data center data; identifying unprotected sensitive data center data contained within the data center data; classifying the sensitive data center data contained within the data center data according to a sensitivity based classification; and, remediating the sensitive data center asset data according to the sensitivity based classification of the sensitive data center data.

Abstract: A secure computing control method, a data packet processing method and device, and a system thereof are disclosed. The secure computing method may include: receiving a first data packet message for secure computing from a processor, the first data packet message including data packet information and secure computing configuration information corresponding to the data packet information; acquiring corresponding first data packet data from a memory according to the data packet information of the first data packet message; selecting a corresponding security algorithm according to the secure computing configuration information corresponding to the first data packet message; performing secure computing on the first data packet data by the selected security algorithm to generate secure computed second data packet data and a second data packet message corresponding to the second data packet data; transmitting the second data packet data to the memory; and transmitting the second data packet message to the processor.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: generating a request for a client identifier or an access token for access to a target application programming interface (API); obtaining an access policy associated with the target API; determining a least privileged API access permission based upon the access policy associated with the target API; and, using the client identifier or access token to access the target API when the least privileged API access permission allows access to the target API.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: submitting a request for a workload instance to a cloud service provider; establishing a secure communication channel between the cloud service provider and a data center monitoring and management console; exchanging information between the cloud service provider and the data center monitoring and management console via the secure communication channel, the information including a verifiable workload instance identity; and, using the verifiable workload instance identity to authenticate a workload instance provided by the cloud service provider.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: providing the data center asset to a data center asset purchaser; establishing a communication channel between an onboarding system and the data center asset; generating a request to a rendezvous service to generate a shared data center asset secret key for the data center asset; associating the shared data center asset secret key with the data center asset; and, providing authorization for the data center asset to be onboarded when the shared data center asset secret key generated by the rendezvous service matches the shared data center asset secret key associated with the data center asset.

Abstract: The present invention provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies. An implantable medical device is generally constrained to employ a low power transceiver, which supports short distance digital communications. A relay device, such as a smartphone or WiFi access point, acts as a conduit for the communications to the internet or other network, which need not be private or secure. The medical device supports encrypted secure communications, such as a virtual private network technology. The medical device negotiates a secure channel through a smartphone or router, for example, which provides application support for the communication, but may be isolated from the content.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: embedding a unique identifier within a data center asset, the unique identifier including a signed certificate; providing the data center asset to a customer; establishing a secure communication channel between an onboarding system and the data center asset, the secure communication channel using the signed certificate; exchanging information between the onboarding system and the data center asset via the secure communication channel, the information including a data center asset ownership voucher; and, using the data center asset ownership voucher to associate the data center asset to the customer.

Abstract: A system, method, and computer-readable medium for performing a security operation.

Abstract: A validation software obtains a session datum from a request initiating at a device. The validation software hashes the session datum to obtain a hashed session datum. The validation software transmits a validation request that includes a portion of the hashed session datum to a validation server. The portion of the hashed session datum may have a length that is less than a length of the hashed session datum. The validation software determines, and based on a response received from the validation server, that the session datum is likely compromised. In response to determining that the session datum is likely compromised, a notification is output at the device.

Abstract: An enterprise-level security policy management tool receives, via a graphical user interface (GUI), inputs defining a security policy configured to be deployed within an enterprise that operates one or more operational technology (OT) networks, generates the security policy based on the inputs, and transmits the security policy to one or more computing devices running respective other instantiations of the enterprise-level security policy management tool, wherein the respective other instantiations of the enterprise-level security policy management tool are configured to facilitate enforcement of the security policy within the one or more OT networks operated by the enterprise.

Abstract: Methods and systems described herein improve blockchain storage operations in a variety of environments. A blockchain compression system may determine that a blockchain compression condition associated with a blockchain having a first plurality of blocks has been satisfied. In response, the system compresses the first plurality of blocks using a first hash tree into a first root hash value and stores the first plurality of blocks in a first database. The blockchain compression system generates a first new era genesis block that includes the first root hash value and a first database address of the first database at which the first plurality of blocks are stored. The blockchain compression system stores the blockchain at one or more nodes in a blockchain network. The blockchain includes the first new era genesis block and any previous new era genesis blocks. This may effectively reduce storage requirements for the blockchain, in various embodiments.

Abstract: A system, method, and computer-readable medium are disclosed for performing entity interaction risk analysis operation. The entity interaction risk analysis operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; identifying an interaction between the entity and another entity based upon the monitoring; analyzing the interaction between the entity and the another entity; and, performing a security operation in response to the analyzing the interaction.

Abstract: A system, method, and computer-readable medium are disclosed for performing entity interaction risk analysis operation. The entity interaction risk analysis operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; identifying an interaction between the entity and another entity based upon the monitoring; analyzing the interaction between the entity and the another entity; determining whether the interaction between the entity and the another entity is non-sanctioned; and, performing a security operation in response to the analyzing the interaction and the determining whether the interaction is non-sanctioned.

Abstract: Systems and methods are provided for vulnerability proofing updates to an IHS (Information Handling System). An update system receives a notification of an update including updated configurations for hardware components of the IHS. The update system queries the IHS for vulnerability proofing requirements for updates that modify configurations of hardware components of the IHS. In response to the query, vulnerability proofing requirements are retrieved from a persistent data storage of the IHS and transmitted to the update system, where the vulnerability proofing requirements specify catalogs of known vulnerabilities of hardware components. The update system determines whether the updated configurations are identified as vulnerable in the one or more of catalogs. If the updated configurations are not identified in the catalogs, the update is transmitted to the IHS. If configurations from the update are identified in the catalogs, the update is terminated and the IHS is notified.

Abstract: Systems and methods are provided for vulnerability proofing the installation of new hardware components in an IHS (Information Handling System). The coupling of a new hardware component to the IHS is detected. A profile is identified that is to be used in provisioning the new hardware component that has been coupled to the IHS. The profile may include various configurations for the coupled hardware component. One or more catalogs are accessed that specify known vulnerabilities of hardware components. Configurations from the profile for the coupled hardware component are used to identify any configuration that have known vulnerabilities that are listed in the catalogs. If known vulnerabilities are identified in the configuration for the new hardware component, further use of the new hardware component by the IHS is disabled until the profile is modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: An output of a GenAI model responsive to a prompt is received. The GenAI model is configured using one or more system prompts including one or more Easter eggs. The output is scanned to confirm whether an Easter egg is present. In cases in which at least one Easter egg is present, one or more remediation actions can be initiated to thwart an information leak by the GenAI model. Related apparatus, systems, techniques and articles are also described.

Abstract: A first device may provide a request to establish a secure communication with a second device, and may hide public keys based on a commutative legacy compatible encryption process sharing a modulus and based on quasi-Carmichael numbers larger than the modulus with quadratic residuals. The first device may utilize variable extendable-output function hashing, based on the modulus, with bloom filtering to generate an output that prevents creation of classical rainbow tables, and may utilize a key derivation function to generate a symmetric key based on the output. The first device may establish the secure communication with the second device based on the symmetric key.

Abstract: Systems and methods provide vulnerability proofing procedures for booting of an IHS (Information Handling System). A request to boot the IHS is detected. One or more boot configurations are determined that include configurations for operation of one or more of the hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. The boot configurations are used to identify any hardware component configurations that have known vulnerabilities that are listed in the catalogs. If known vulnerabilities are identified in the boot configuration, further booting of the IHS may be disabled until the boot configuration is modified to include no configurations with vulnerabilities identified in the catalogs.