Abstract: Techniques for hashing messages with cryptographic key components are provided. In one technique, a message to be hashed with a private key component is identified. During a hash operation relative to the message involving a hash function, the client identifies an internal state of the hash function, which internal state is based on the message. The client sends the internal state of the hash function to a cryptographic device. The cryptographic device identifies a private key component and generates a final hash based on the private key component and the internal state of the hash function. In another technique, a client receives, from a cryptographic device, an internal state of a hash function, where the internal state is based on a private key component that is stored in the cryptographic device. Based on the internal state and a message, the client generates a final hash.

Abstract: Techniques for sharing secrets over one or more computer networks using proxies are provided. In one technique, a proxy server receives, from a client device, over a computer network, a request for a secret. In response to receive the request, the proxy server causes a tunnel to be created with a resource server that is separate from the client device, retrieves the secret from a secrets repository, and causes the secret to be transmitted through the tunnel to the resource server.

Abstract: A compliant pad spacer utilized in a three-dimensional IC packaging is provided. The compliant pad spacer may be utilized to provide adequate support among the substrates or boards, such as packing substrates, interposers or print circuit broads (PCBs), so as to minimize the effects of substrate warpage or structural collapse in the IC packaging. In one example, the compliant pad spacer includes an insulating material, such as silicon-based polymer composites having ceramic fillers disposed therein.

Abstract: Techniques for exporting remote cryptographic keys are provided. In one technique, a proxy server receives, from a secure enclave of a client device, a request for a cryptographic key. The request includes a key name for the cryptographic key. In response to receiving the request, the proxy server sends the request to a cryptographic device that stores the cryptographic key. The cryptographic device encrypts the cryptographic key based on an encryption key to generate a wrapped key. The proxy server receives the wrapped key from the cryptographic device and sends the wrapped key to the secure enclave of the client device.

Abstract: Techniques for sharing secrets over one or more computer networks using proxies are provided. In one technique, a proxy server receives, from a client device, over a computer network, a request for a secret. In response to receive the request, the proxy server causes a tunnel to be created with a resource server that is separate from the client device, retrieves the secret from a secrets repository, and causes the secret to be transmitted through the tunnel to the resource server.

Abstract: Techniques for employing a secure enclave to enhance the security of a system that makes use of a remote server that proxies cryptographic keys. In one technique, a proxy server receives a request for a cryptographic operation that is initiated by a client device. The request includes a key name of a cryptographic key and a (e.g., authentication) code. In response, the proxy server sends the code and the request to a secure enclave that is associated with a cryptographic device that stores the cryptographic key. The secure enclave validates the code based on a local key and sends, to the cryptographic device, (1) data associated with the secure enclave and (2) the cryptographic request. The proxy server receives result data that was generated by the cryptographic device that performs the cryptographic operation. The proxy server sends the result data to the client device.

Abstract: Techniques for exporting remote cryptographic keys are provided. In one technique, a proxy server receives, from a secure enclave of a client device, a request for a cryptographic key. The request includes a key name for the cryptographic key. In response to receiving the request, the proxy server sends the request to a cryptographic device that stores the cryptographic key. The cryptographic device encrypts the cryptographic key based on an encryption key to generate a wrapped key. The proxy server receives the wrapped key from the cryptographic device and sends the wrapped key to the secure enclave of the client device.

Abstract: Techniques for employing a secure enclave to enhance the security of a system that makes use of a remote server that proxies cryptographic keys. In one technique, a proxy server receives a request for a cryptographic operation that is initiated by a client device. The request includes a key name of a cryptographic key and a (e.g., authentication) code. In response, the proxy server sends the code and the request to a secure enclave that is associated with a cryptographic device that stores the cryptographic key. The secure enclave validates the code based on a local key and sends, to the cryptographic device, (1) data associated with the secure enclave and (2) the cryptographic request. The proxy server receives result data that was generated by the cryptographic device that performs the cryptographic operation. The proxy server sends the result data to the client device.

Abstract: Techniques for exporting remote cryptographic keys are provided. In one technique, a proxy server receives, from a secure enclave of a client device, a request for a cryptographic key. The request includes a key name for the cryptographic key. In response to receiving the request, the proxy server sends the request to a cryptographic device that stores the cryptographic key. The cryptographic device encrypts the cryptographic key based on an encryption key to generate a wrapped key. The proxy server receives the wrapped key from the cryptographic device and sends the wrapped key to the secure enclave of the client device.

Abstract: Techniques for sharing secret key information in a system that includes a remote server that proxies cryptographic keys. In one technique, a proxy server receives, from a client device, a request for a cryptographic operation. The proxy server also receives, from the client device, secret key information that is associated with the request. Prior to the request, the proxy server did not have access to the secret key information. While storing the secret key information in memory of the proxy server, the proxy server sends the secret key information to a cryptographic device that stores one or more cryptographic key. The proxy server does not store the secret key information in any persistent storage. The cryptographic device performs the cryptographic operation based on the secret key information.

Abstract: Techniques for performing hash validation are provided. In one technique, a signature request that includes a first hash and a data identifier is received from a client. In response, the data identifier is identified and sent to a data repository, data that is associated with the data identifier is received from the data repository, a second hash is generated based on the data, and a determination is made whether the second hash matches the first hash. If the two hashes match, then the first hash is sent to a cryptographic device that generates a digital signature, which is eventually transmitted to the client. Alternatively, the digital signature is transmitted to the client prior to the first hash being validated. In a related technique, a server receives the signature request and sends the data identifier to a hash validator, which interacts with the data repository and generates the second hash.

Abstract: Techniques for transparently adding one or more security controls to a challenge-response-based protocol are provided. In one technique, a client device sends a request for a resource to a resource server. The client device receives a challenge as part of a challenge-response handshake and forwards, to a proxy server, the challenge as part of a cryptographic request that includes a key identifier and certain data. In response, the proxy server initiates one or more security controls and sends the key identifier and the certain data to a cryptographic device that generates output based on the certain data. The proxy server receives the output from the cryptographic device. The proxy server determines whether at least one of the security controls resulted in a success. The proxy server sends the output to the client device only in response to determining that at least one of the security controls resulted in a success.

Abstract: Techniques for employing a secure enclave to enhance the security of a system that makes use of a remote server that proxies cryptographic keys. In one technique, a proxy server receives a request for a cryptographic operation that is initiated by a client device. The request includes a key name of a cryptographic key and an authentication code. In response, the proxy server sends the authentication code and the request to a secure enclave that is associated with a cryptographic device that stores the cryptographic key. The secure enclave validates the authentication code based on a local key and sends, to the cryptographic device, (1) data associated with the secure enclave and (2) the cryptographic request. The proxy server receives result data that was generated by the cryptographic device that performs the cryptographic operation. The proxy server sends the result data to the client device.

Abstract: Techniques for performing hash validation are provided. In one technique, a signature request that includes a first hash and a data identifier is received from a client. In response, the data identifier is identified and sent to a data repository, data that is associated with the data identifier is received from the data repository, a second hash is generated based on the data, and a determination is made whether the second hash matches the first hash. If the two hashes match, then the first hash is sent to a cryptographic device that generates a digital signature, which is eventually transmitted to the client. Alternatively, the digital signature is transmitted to the client prior to the first hash being validated. In a related technique, a server receives the signature request and sends the data identifier to a hash validator, which interacts with the data repository and generates the second hash.

Abstract: Techniques for performing hash validation are provided. In one technique, a signature request that includes a first hash and a data identifier is received from a client. In response, the data identifier is identified and sent to a data repository, data that is associated with the data identifier is received from the data repository, a second hash is generated based on the data, and a determination is made whether the second hash matches the first hash. If the two hashes match, then the first hash is sent to a cryptographic device that generates a digital signature, which is eventually transmitted to the client. Alternatively, the digital signature is transmitted to the client prior to the first hash being validated. In a related technique, a server receives the signature request and sends the data identifier to a hash validator, which interacts with the data repository and generates the second hash.

Abstract: Enables trusted user access of computer systems for example that verifies trusted users and may allow trusted users to bypass challenge-response tests, while limiting access by automated processes and unwanted human challenge-response test solvers. Embodiments may implement an account that may be utilized across websites to enable a valid or trusted user to bypass challenge-response tests. Embodiments of the invention cost time, or cost a nominal fee, or require use of something that may be validated as owned by a user such as a physical address or cell phone, or trusted referral or social graph or any combination thereof, but cost large amounts time or money for spammers using cheap third world labor, thus making it expensive to invoke attacks on sites protected by embodiments of the invention.

Abstract: Enables trusted user access of computer systems for example that verifies trusted users and may allow trusted users to bypass challenge-response tests, while limiting access by automated processes and unwanted human challenge-response test solvers. Embodiments may implement an account that may be utilized across websites to enable a valid or trusted user to bypass challenge-response tests. Embodiments of the invention cost time, or cost a nominal fee, or require use of something that may be validated as owned by a user such as a physical address or cell phone, or trusted referral or social graph or any combination thereof, but cost large amounts time or money for spammers using cheap third world labor, thus making it expensive to invoke attacks on sites protected by embodiments of the invention.

Abstract: Provided are electronics chassis having air inlets with increased cross-sectional area that facilitate airflow through the chassis and thereby provide improved cooling. As electronics chassis are often stacked, it has been determined that the upper surfaces of a lower chassis may be utilized to at least partially define the air inlet of the upper chassis. In this regard, an upper portion of the lower chassis may be removed to increase the size of an air inlet. That is, portions of an upper wall and/or the top wall of a lower chassis are removed and connected by a connecting wall (e.g. a tapered and/or a chamfered wall). Likewise, the bottom wall of an upper chassis may be removed. When stacked, the air inlet of the upper chassis may be disposed above the truncated portion of the lower chassis. In such an arrangement, the size of the resulting air intake is significantly increased.

Abstract: Generally, a DC power filter and its associated components are presented herein. The DC power filter may operate in a telecommunications chassis between one or more electrical sources and one or more loads. A common mode noise shunt may be included to shunt noise from more than one of the electrical sources or loads together. Additionally, the DC power filter may include protection circuitry that is coupled to more than one of the electrical sources. The protection circuitry may include a combination of diodes and other transient voltage suppression devices.

Abstract: Generally, a DC power filter and its associated components are presented herein. The DC power filter may operate in a telecommunications chassis between one or more electrical sources and one or more loads. A common mode noise shunt may be included to shunt noise from more than one of the electrical sources or loads together. Additionally, the DC power filter may include protection circuitry that is coupled to more than one of the electrical sources. The protection circuitry may include a combination of diodes and other transient voltage suppression devices.