Abstract: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.

Abstract: A method and apparatus for strong authentication and proximity-based access retention is presented. In this regard, an authentication agent is introduced to securely communicate with a key device associated with a user to identify the user, retrieve credentials for the user, securely communicate a session key to the key device, and identify the user who is requesting access to target resource(s) based on the user's credentials while the user's key device is proximate to the target resource(s).

Abstract: A system for increasing realized secure sockets layer (“SSL”) encryption and decryption connections is disclosed. The system combines monitoring of server load with adjustment of static SSL parameters to optimize a system of devices. The system monitors parameters of the servers that affect the ability of the servers to process SSL connections. An “SSL capacity” value for each server is calculated which represents the capability of that server to process SSL connections. This value is used to calculate an SSL threshold for that server, which is then applied to the SSL device to determine how many SSL connections the SSL device should process for that server. Since the connection threshold for an SSL device is a function of the device's load and each server's SSL capacity, and these values are dynamic, the connection threshold values are recalculated periodically to ensure increased SSL performance without impact to client response.

Abstract: A method and system for automatically associating a signed certificate with its matching certificate signing request. A data structure includes distinguished name data, or other suitable data, for all outstanding certificate signing requests. Distinguished name data, or other suitable data, is extracted or read from the signed certificate and compared against the data structure to identify the matching certificate signing request.

Abstract: A method and apparatus for strong authentication and proximity-based access retention is presented. In this regard, an authentication agent is introduced to securely communicate with a key device associated with a user to identify the user, retrieve credentials for the user, securely communicate a session key to the key device, and identify the user who is requesting access to target resource(s) based on the user's credentials while the user's key device is proximate to the target resource(s).

Abstract: A system and method for providing shared access to sealed data in a trusted computing environment are provided. A proxy requests sealing of data on behalf of the sealing entity. The proxy arbitrates requests from non-sealing entities for access to the sealed data.

Abstract: A method and system for automatically associating a signed certificate with its matching certificate signing request. A data structure includes distinguished name data, or other suitable data, for all outstanding certificate signing requests. Distinguished name data, or other suitable data, is extracted or read from the signed certificate and compared against the data structure to identify the matching certificate signing request.

Abstract: A system for increasing realized secure sockets layer (“SSL”) encryption and decryption connections is disclosed. The system combines monitoring of server load with adjustment of static SSL parameters to optimize a system of devices. The system monitors parameters of the servers that affect the ability of the servers to process SSL connections. An “SSL capacity” value for each server is calculated which represents the capability of that server to process SSL connections. This value is used to calculate an SSL threshold for that server, which is then applied to the SSL device to determine how many SSL connections the SSL device should process for that server. Since the connection threshold for an SSL device is a function of the device's load and each server's SSL capacity, and these values are dynamic, the connection threshold values are recalculated periodically to ensure increased SSL performance without impact to client response.

Abstract: Network-aware policy deployment uses dynamic network information, such as topology, congestion, link bandwidth, error rates, and the like, to intelligently deploy a policy in the most efficient manner possible. Because the software determines how to deploy a policy, the software is able to map a single user-created policy onto several devices that might otherwise have required the user to create and maintain multiple policies. Moreover, the software is able to analyze and adjust the deployment based on current network conditions.