Abstract: Processing within a computing environment is facilitated by generating a hybrid security certificate using multiple cryptosystems. The generating includes obtaining data for inclusion in the hybrid security certificate, and generating a first digital signature associated with a first cryptosystem to cover the data, and a second digital signature associated with a second cryptosystem to cover the data. The generating further includes providing the hybrid security certificate, where the hybrid security certificate includes the data, the first digital signature associated with the first cryptosystem, and the second digital signature associated with the second cryptosystem, and where the first digital signature has no dependency on a key of the second cryptosystem or the second digital signature, and the second digital signature has no dependency on a key of the first cryptosystem or the first digital signature.

Abstract: Processing within a computing environment is facilitated by generating a hybrid security certificate using multiple cryptosystems. The generating includes obtaining data for inclusion in the hybrid security certificate, and generating a first digital signature associated with a first cryptosystem to cover the data, and a second digital signature associated with a second cryptosystem to cover the data. The generating further includes providing the hybrid security certificate, where the hybrid security certificate includes the data, the first digital signature associated with the first cryptosystem, and the second digital signature associated with the second cryptosystem, and where the first digital signature has no dependency on a key of the second cryptosystem or the second digital signature, and the second digital signature has no dependency on a key of the first cryptosystem or the first digital signature.

Abstract: A computer-implemented method for remote management of hardware security modules (HSMs) includes receiving a command request from a mobile device. The command request includes an encrypted key part and an encrypted signing key. The HSM decrypts the command request using a key associated with a security zone of the mobile device. The HSM decrypts the encrypted key part and the encrypted signing key. Decrypting the encrypted key part and the encrypted signing key includes using the key associated with the security zone of the mobile device and a key associated with a remote administrator associated with the mobile device. A command is generated for a domain with a target HSM. The command is generated using the decrypted key part and the decrypted signing key. The command is transmitted to the domain for execution by the target HSM. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method, apparatus and computer program product are provided for protecting ongoing system integrity of a software product using digital signatures. A core product load manifest for protecting ongoing system integrity of a software product having a plurality of pieces includes a manifest header including header attributes of the software product. A list of a plurality of manifest items is stored with the manifest header. Each manifest item identifies a corresponding piece of the software product. Each manifest item includes at least one attribute. A manifest digital signature is stored with the manifest header. The manifest header, the header attributes, each of the plurality of items, and each item attribute are included in the manifest digital signature. A digital signature is computed for each signable piece of the software product and is stored with the piece of the software product. The digital signature of each signed software product piece is excluded from the core product load manifest.

Abstract: A method, apparatus and computer program product are provided for protecting ongoing system integrity of a software product using digital signatures. A core product load manifest for protecting ongoing system integrity of a software product having a plurality of pieces includes a manifest header including header attributes of the software product. A list of a plurality of manifest items is stored with the manifest header. Each manifest item identifies a corresponding piece of the software product. Each manifest item includes at least one attribute. A manifest digital signature is stored with the manifest header. The manifest header, the header attributes, each of the plurality of items, and each item attribute are included in the manifest digital signature. A digital signature is computed for each signable piece of the software product and is stored with the piece of the software product. The digital signature of each signed software product piece is excluded from the core product load manifest.