Abstract: A method includes modifying a product with a first configuration such that the product is configured in accordance with a second configuration, generating data representative of the second configuration, obtaining a signed version of the data representative of the second configuration, and storing the signed version of the data representative of the second configuration in a wireless read/write accessory that is affixed to the product, wherein the wireless read/write accessory includes a prior signed version of data representative of the first configuration.

Abstract: Techniques are provided for monitoring power consumption for individual systems or devices as a way to detect illicit or rogue hardware, e.g., addition of an unauthorized integrated circuit (IC), which may have been added to an existing system. Techniques include monitoring a power on sequence of a system, the power on sequence including one or more distinct stages, determining for each stage of the one or more distinct stages of the power on sequence, whether an observed power load of any distinct stage has deviated from an expected power load according to a power profile for the system, and when the observed power load of a given distinct stage has deviated from the expected power load, performing an action indicating that a deviation from the expected power load has occurred. The power profile specifies expected power characteristics of the system for each stage of a power on sequence.

Abstract: A meeting server receives shared content from a presenter device in an online conference session with one or more attendee devices. The meeting server generates one or more digital watermarks corresponding to the one or more attendee devices. Each respective digital watermark includes an indication of the presenter device and an indication of a respective attendee device. The meeting server transmits the shared content with the respective digital watermark to the respective attendee device as part of the online conference session. The respective digital watermark is visible in the shared content displayed on the respective attendee device.

Abstract: Techniques are provided for monitoring power consumption for individual systems or devices as a way to detect illicit or rogue hardware, e.g., addition of an unauthorized integrated circuit (IC), which may have been added to an existing system. Techniques include monitoring a power on sequence of a system, the power on sequence including one or more distinct stages, determining for each stage of the one or more distinct stages of the power on sequence, whether an observed power load of any distinct stage has deviated from an expected power load according to a power profile for the system, and when the observed power load of a given distinct stage has deviated from the expected power load, performing an action indicating that a deviation from the expected power load has occurred. The power profile specifies expected power characteristics of the system for each stage of a power on sequence.

Abstract: A meeting server receives shared content from a presenter device in an online conference session with one or more attendee devices. The meeting server generates one or more digital watermarks corresponding to the one or more attendee devices. Each respective digital watermark includes an indication of the presenter device and an indication of a respective attendee device. The meeting server transmits the shared content with the respective digital watermark to the respective attendee device as part of the online conference session. The respective digital watermark is visible in the shared content displayed on the respective attendee device.

Abstract: A trusted guard module stores one or more identifiers, each identifier uniquely identifying a respective electronic component of one or more electronic components in a circuit, wherein each electronic component is previously programmed with its respective identifier. In one embodiment, the one or more electronic components are in communication with the guard module via a test data channel. A query is sent from the guard module to one of the components via the test data channel, requesting that the queried component provide its respective identifier to the guard module. The guard module then receives a response from the queried component via the test data channel. The guard module compares the response to the stored identifier for the queried component. If the response fails to correspond to the stored identifier for the queried component, the guard module asserts an alarm condition.

Abstract: Techniques are provided for monitoring power consumption for individual systems or devices as a way to detect illicit or rogue hardware, e.g., addition of an unauthorized integrated circuit (IC), which may have been added to an existing system. Techniques include monitoring a power on sequence of a system, the power on sequence including one or more distinct stages, determining for each stage of the one or more distinct stages of the power on sequence, whether an observed power load of any distinct stage has deviated from an expected power load according to a power profile for the system, and when the observed power load of a given distinct stage has deviated from the expected power load, performing an action indicating that a deviation from the expected power load has occurred. The power profile specifies expected power characteristics of the system for each stage of a power on sequence.

Abstract: Presented herein are vulnerability assessment techniques for highlighting an organization's information technology (IT) infrastructure security vulnerabilities. For example, a vulnerability assessment system obtains application metadata for each of a plurality of executable applications observed at one or more devices forming part of an organization's IT infrastructure. The application metadata includes unique software identifiers for each of the plurality of executable applications. The vulnerability assessment system obtains global security risk metadata for executable applications observed at the one or more devices. The vulnerability assessment system maps one or more unique software identifiers in the application metadata to global security risk metadata that corresponds to applications identified by the one or more unique software identifiers, thereby generating a vulnerable application dataset.

Abstract: A trusted processor is pre-booted using a secure pre-boot loader integrated with the trusted processor. The trusted processor verifies whether an external boot loader is valid, and when valid, the trusted processor is booted using the external boot loader, thereby enabling trusted operation of the trusted processor. The trusted processor verifies whether a firmware image for a field programmable device is valid, and when valid, a firmware image loading process for the field programmable device is triggered. When the firmware image loading process is triggered, the firmware image is loaded into the field programmable device and the field programmable device is released to execute of the firmware image. The field programmable device verifies whether an external boot loader for an untrusted processor is valid, and when valid, the untrusted processor is booted using the external boot loader for the untrusted processor, thereby enabling trusted operation of the untrusted processor.

Abstract: A method includes modifying a product with a first configuration such that the product is configured in accordance with a second configuration, generating data representative of the second configuration, obtaining a signed version of the data representative of the second configuration, and storing the signed version of the data representative of the second configuration in a wireless read/write accessory that is affixed to the product, wherein the wireless read/write accessory includes a prior signed version of data representative of the first configuration.

Abstract: A technique for detecting unauthorized manipulation of a circuit. In one embodiment, a test data channel of a boundary scan system of a circuit is monitored while the circuit is in operation. By monitoring the test data channel, a monitoring module determines the presence of a signal on the test data channel. During operation, activity on this channel may represent a potential unauthorized manipulation attempt. An alarm condition may therefore be created if a signal is detected.

Abstract: A trusted guard module stores one or more identifiers, each identifier uniquely identifying a respective electronic component of one or more electronic components in a circuit, wherein each electronic component is previously programmed with its respective identifier. In one embodiment, the one or more electronic components are in communication with the guard module via a test data channel. A query is sent from the guard module to one of the components via the test data channel, requesting that the queried component provide its respective identifier to the guard module. The guard module then receives a response from the queried component via the test data channel. The guard module compares the response to the stored identifier for the queried component. If the response fails to correspond to the stored identifier for the queried component, the guard module asserts an alarm condition.

Abstract: A technique for detecting unauthorized manipulation of a circuit. In one embodiment, a test data channel of a boundary scan system of a circuit is monitored while the circuit is in operation. By monitoring the test data channel, a monitoring module determines the presence of a signal on the test data channel. During operation, activity on this channel may represent a potential unauthorized manipulation attempt. An alarm condition may therefore be created if a signal is detected.

Abstract: Presented herein are vulnerability assessment techniques for highlighting an organization's information technology (IT) infrastructure security vulnerabilities. For example, a vulnerability assessment system obtains application metadata for each of a plurality of executable applications observed at one or more devices forming part of an organization's IT infrastructure. The application metadata includes unique software identifiers for each of the plurality of executable applications. The vulnerability assessment system obtains global security risk metadata for executable applications observed at the one or more devices. The vulnerability assessment system maps one or more unique software identifiers in the application metadata to global security risk metadata that corresponds to applications identified by the one or more unique software identifiers, thereby generating a vulnerable application dataset.

Abstract: The present disclosure describes techniques evaluating compute and/or thermal loads (among other things) to aid in managing a collection of one or more containerized or modular data centers. For example, forecasts (or real-time measurements) of environmental factors (as well as projected computing demands) may be used to tailor the compute loads, cooling strategies or other metric of data center operations for a network of containerized or modular data centers. Doing so allows an operator of such a data center network to manage specific operational goals in real time.

Abstract: A trusted processor is pre-booted using a secure pre-boot loader integrated with the trusted processor. The trusted processor verifies whether an external boot loader is valid, and when valid, the trusted processor is booted using the external boot loader, thereby enabling trusted operation of the trusted processor. The trusted processor verifies whether a firmware image for a field programmable device is valid, and when valid, a firmware image loading process for the field programmable device is triggered. When the firmware image loading process is triggered, the firmware image is loaded into the field programmable device and the field programmable device is released to execute of the firmware image. The field programmable device verifies whether an external boot loader for an untrusted processor is valid, and when valid, the untrusted processor is booted using the external boot loader for the untrusted processor, thereby enabling trusted operation of the untrusted processor.

Abstract: Techniques are provided for monitoring power consumption for individual systems or devices as a way to detect illicit or rogue hardware, e.g., addition of an unauthorized integrated circuit (IC), which may have been added to an existing system. Techniques include monitoring a power on sequence of a system, the power on sequence including one or more distinct stages, determining for each stage of the one or more distinct stages of the power on sequence, whether an observed power load of any distinct stage has deviated from an expected power load according to a power profile for the system, and when the observed power load of a given distinct stage has deviated from the expected power load, performing an action indicating that a deviation from the expected power load has occurred. The power profile specifies expected power characteristics of the system for each stage of a power on sequence.

Abstract: Various systems, processes, and products may be used to authenticate computer system boot instructions. In particular implementations, a system, process, and product for authenticating computer system boot instructions may include the ability to determine, according to pre-boot computer system instructions, whether a public key associated with the boot instructions is authentic using a public key associated with a central processing unit. The system, process, and product may also include the ability to determine, if the public key associated with boot instructions is authentic, whether the boot instructions are authentic using the public key associated with boot instructions. The system, process, and product may further include the ability to launch the boot instructions if the boot instructions are authentic.

Abstract: Techniques are provided for securely upgrading a field programmable circuit, e.g., a Field Programmable Gate Array (FPGA), in a device that has been deployed to a customer site. A plurality of keys is stored in the device, e.g., public, private, and/or symmetric keys. The keys are used to authenticate and decrypt a newly received FPGA software image upgrade. The image upgrade is re-encrypted using one of the stored keys and stored in the computing device. The device is booted and the encrypted image upgrade is loaded into the field programmable circuit. The encrypted image upgrade is decrypted to obtain the image upgrade for execution on the field programmable circuit.

Abstract: Various systems, processes, and products may be used to authenticate computer system boot instructions. In particular implementations, a system, process, and product for authenticating computer system boot instructions may include the ability to determine, according to pre-boot computer system instructions, whether a public key associated with the boot instructions is authentic using a public key associated with a central processing unit. The system, process, and product may also include the ability to determine, if the public key associated with boot instructions is authentic, whether the boot instructions are authentic using the public key associated with boot instructions. The system, process, and product may further include the ability to launch the boot instructions if the boot instructions are authentic.