Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.

Abstract: Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

Abstract: Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

Abstract: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.

Abstract: Mechanisms are provided, in a communication device associated with a first computing device, for capturing security data exchanged between the first computing device and a second computing device. The mechanisms receive a data message from either the first computing device or the second computing device. The data message is part of an operation for establishing a secure communication connection between the first computing device and the second computing device. The mechanisms filter the received data message for security data passed in the received data message and mirror the security data to an analysis port of the communication device. Moreover, the mechanisms output, via the analysis port, the security data to a data collection and analysis system that analyzes the security data with regard to security requirement compliance.

Abstract: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.

Abstract: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.

Abstract: Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

Abstract: A method for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity.

Abstract: Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

Abstract: Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

Abstract: A system or computer usable program product for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity.

Abstract: A method for automated validation and execution of cryptographic key and certificate deployment and distribution includes providing one or more keys; providing one or more key deployment points; and distributing the one or more keys to the one or more key deployment points in an automated manner based on a matrix or pattern mapping of each of the one or more keys to be distributed to each of the one or more key deployment points.

Abstract: A method for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity.

Abstract: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.