Abstract: Techniques are disclosed to automate secure propagation of a configuration to a plurality of servers in a server cluster. For example, the techniques may include a method. The method may include receiving, at a first computing device, a first public key associated with a target computing device, the first computing device having an updated configuration. The method may further include encrypting, at the first computing device, the updated configuration using the first public key. The method may further include sending the encrypted configuration to the target computing device. The method may further include decrypting, at the target computing device, the encrypted configuration using a first private key associated with the target computing device, wherein the first public key and the first private key are a first keypair associated with the target computing device. The method may further include updating the target computing device with the updated configuration.

Abstract: Techniques are disclosed to automate secure propagation of a configuration to a plurality of servers in a server cluster. For example, the techniques may include a method. The method may include receiving, at a first computing device, a first public key associated with a target computing device, the first computing device having an updated configuration. The method may further include encrypting, at the first computing device, the updated configuration using the first public key. The method may further include sending the encrypted configuration to the target computing device. The method may further include decrypting, at the target computing device, the encrypted configuration using a first private key associated with the target computing device, wherein the first public key and the first private key are a first keypair associated with the target computing device. The method may further include updating the target computing device with the updated configuration.

Abstract: Techniques are disclosed to automate secure propagation of a configuration to a plurality of servers in a server cluster. For example, the techniques may include a method. The method may include receiving, at a first computing device, a first public key associated with a target computing device, the first computing device having an updated configuration. The method may further include encrypting, at the first computing device, the updated configuration using the first public key. The method may further include sending the encrypted configuration to the target computing device. The method may further include decrypting, at the target computing device, the encrypted configuration using a first private key associated with the target computing device, wherein the first public key and the first private key are a first keypair associated with the target computing device. The method may further include updating the target computing device with the updated configuration.

Abstract: Techniques are disclosed for reducing the amount of data associated with code signing files in a cloud-based computing environment. In one embodiment, a cloud-based code signing component receives a request to sign a current version of a file. The request includes differences between the current version of the file and a previous version of the file. The cloud-based code signing component reconstructs the current version of the file based on the differences between the current version of the file and the previous version of the file. The cloud-based code signing component signs the reconstructed file, and determines differences between the signed file and the reconstructed file. The cloud-based code signing component transfers the differences between the signed file and the reconstructed file to a user.

Abstract: Techniques are disclosed to automate secure propagation of a configuration to a plurality of servers in a server cluster. For example, the techniques may include a method. The method may include receiving, at a first computing device, a first public key associated with a target computing device, the first computing device having an updated configuration. The method may further include encrypting, at the first computing device, the updated configuration using the first public key. The method may further include sending the encrypted configuration to the target computing device. The method may further include decrypting, at the target computing device, the encrypted configuration using a first private key associated with the target computing device, wherein the first public key and the first private key are a first keypair associated with the target computing device. The method may further include updating the target computing device with the updated configuration.

Abstract: Techniques are disclosed for reducing the amount of data associated with code signing files in a cloud-based computing environment. In one embodiment, a cloud-based code signing component receives a request to sign a current version of a file. The request includes differences between the current version of the file and a previous version of the file. The cloud-based code signing component reconstructs the current version of the file based on the differences between the current version of the file and the previous version of the file. The cloud-based code signing component signs the reconstructed file, and determines differences between the signed file and the reconstructed file. The cloud-based code signing component transfers the differences between the signed file and the reconstructed file to a user.

Abstract: A computer-implemented method for smart cipher selection may include (1) receiving, at a server and from a client, a request to communicate according to a cipher for encryption, the request containing a client list of ciphers available at the client, (2) identifying a server list of ciphers available at the server, (3) measuring, in response to receiving the request, a resource load at the server and a risk factor indicating a degree of risk posed by the client, and (4) selecting a common cipher, from the client list and the server list, for encrypted communication based on the measured resource load at the server and the measured risk factor indicating the degree of risk posed by the client. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying code signing certificate misuse may include (1) identifying a software file that has been signed using a code signing certificate, (2) identifying a software publisher that is identified by the code signing certificate used to sign the software file, (3) obtaining a reputation score for the software file that indicates a trustworthiness of the software file independently of the code signing certificate, and (4) providing, to the software publisher, information that is based on the reputation score and that indicates that the code signing certificate has been compromised. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for managing security certificates through email may include (1) receiving an encrypted email that contains both identifying information that identifies a security certificate for authenticating a website and a management command relating to the security certificate, (2) determining whether authentication of the encrypted email succeeded such that the management command is authorized, and (3) when a determination is made that authentication of the encrypted email succeeded, identifying the security certificate using the identifying information and executing the management command with respect to the identified security certificate. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for automatically generating policies from a set of cryptographic certificates is described. An automated policy generator, executing on a computing system, receives information from a set of one or more cryptographic certificates deployed in a network. The automated policy generator automatically generates a policy from the information of the set of cryptographic certificates.

Abstract: A computer-implemented method for automating cloud-based code-signing services may include identifying, at a cloud-based code-signing service, an automatically generated request from a signing automation agent on a remote client to sign at least one file. The method may further include verifying a security credential that authorizes the remote client to access the cloud-based code-signing service. The method may also include receiving, at the cloud-based code-signing service, the file from the signing automation agent. The method may additionally include signing, by the cloud-based code-signing service, the file. The method may further include sending the signed file from the cloud-based code-signing service to the remote client. Various other methods, systems, and computer-readable media are disclosed.

Abstract: A computer-implemented method for smart cipher selection may include (1) receiving, at a server and from a client, a request to communicate according to a cipher for encryption, the request containing a client list of ciphers available at the client, (2) identifying a server list of ciphers available at the server, (3) measuring, in response to receiving the request, a resource load at the server and a risk factor indicating a degree of risk posed by the client, and (4) selecting a common cipher, from the client list and the server list, for encrypted communication based on the measured resource load at the server and the measured risk factor indicating the degree of risk posed by the client. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for managing security certificates through email may include (1) receiving an encrypted email that contains both identifying information that identifies a security certificate for authenticating a website and a management command relating to the security certificate, (2) determining whether authentication of the encrypted email succeeded such that the management command is authorized, and (3) when a determination is made that authentication of the encrypted email succeeded, identifying the security certificate using the identifying information and executing the management command with respect to the identified security certificate. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for automatically configuring and provisioning cryptographic certificates is described. A certificate management sensor receives instructions from a first computing device to analyze a second computing device to identify an application on the second computing device associated with cryptographic network traffic on the second computing device, generates an application fingerprint based on application characteristics of the application, transmits the application fingerprint and a certificate signing request (CSR) to a certificate management system (CMS), and receives second instructions from the CMS to automatically install a cryptographic certificate on the second computing device based on the application fingerprint and CSR.

Abstract: A method and apparatus for automatically configuring and provisioning cryptographic certificates is described. A certificate management sensor receives instructions from a first computing device to analyze a second computing device to identify an application on the second computing device associated with cryptographic network traffic on the second computing device, generates an application fingerprint based on application characteristics of the application, transmits the application fingerprint and a certificate signing request (CSR) to a certificate management system (CMS), and receives second instructions from the CMS to automatically install a cryptographic certificate on the second computing device based on the application fingerprint and CSR.