Abstract: A method for securing customer sensitive information on private cloud platforms includes receiving, at an on-premises computing system, sensitive information of a user. A local key of the on-premises computing system was previously encrypted by a master key stored at an off-premises computing system. The method includes sending the encrypted local key to the off-premises computing system for decryption, and receiving the decrypted local key in response to sending the encrypted local key to the off-premises computing system. The decrypted local key is decrypted from the received encrypted local key. The method includes decrypting a secret key assigned to the user, encrypting the sensitive information using the decrypted secret key, and storing the encrypted sensitive information.

Abstract: Providing a hybrid virtual network, includes: receiving from a source VM, by a hypervisor of a first stack, a packet to be transmitted to a target VM within a virtual network includes multiple VMs spanning a multiple stacks, where each stack includes an aggregation of compute, storage, and network resources and separate stacks are coupled for data communications via a network level protocol; if the target VM is located in the first stack, overwriting a MAC address of in the packet with a replacement MAC address for transmission via a data link layer protocol and transmitting the packet with the data link layer protocol; and if the target VM is not located in the first stack, encapsulating the packet for tunneling via a network layer protocol and transmitting the encapsulated packet with the network layer protocol.

Abstract: A method includes identifying, for each port of a storage controller, an optimal path between a port of the storage controller to a computer and identifying a port of the computer connected to the optimal path. Two or more interconnected switches connect the computer and the storage controller. The method includes assigning a static IP address to each port of the storage controller, and transmitting to the computer, for each port of the storage controller, a static MAC address of a port of the storage controller and the corresponding port of the computer that is part of the optimal path between the port of the storage controller and the computer. The computer uses the static MAC addresses and the corresponding ports to create a static map and uses the static map to determine which port of the computer to use to service a storage request.

Abstract: Apparatuses, computer readable media, methods, and systems are described for requesting creation of virtual machine (VM) in a cloud environment comprising a virtual private cloud. Through various communications between a cloud DMZ, cloud provider, and/or company's network, a VM instance may be securely created, initialized, booted, unlocked, and/or monitored through a series of interactions building, in some examples, upon a root of trust.

Abstract: Apparatuses, computer readable media, methods, and systems are described for storing a first measurement of a virtualization platform, storing a second measurement of a measured virtual machine, generating a quote using a key, wherein the quote is based on the first measurement and the second measurement, and providing the quote for attesting to authenticity of the virtualization platform and of the measured virtual machine. In a further example, the quote may be generated based on a third measurement of a secure tunnel.

Abstract: Apparatuses, computer readable media, methods, and systems are described for providing a list of cloud orchestrator clients, each of the clients being associated with one of a plurality of cloud provider data centers, processing an instruction to at least one of create a virtual machine and change a state of the virtual machine, select a particular one of the cloud orchestrator clients associated with a particular one of the cloud provider data centers where the virtual machine is to be created or where the virtual machine currently resides, generating a provisioning request instructing the particular cloud orchestrator client to perform at least one of creating the virtual machine and changing the state of the virtual machine, and communicating the request to the particular cloud orchestrator client.

Abstract: Apparatuses, computer readable media, methods, and systems are described for generating and communicating a create measured virtual machine (VM) request, the request comprising a network address of a boot server, initiating establishment of a secure tunnel with a measured VM, receiving a quote from the measured VM, and determining, by a processor, whether the measured VM is authentic based on the quote.

Abstract: Methods, apparatus, systems and computer program products described and claimed that provide for automatically and positively determining that a customer interfacing with one business platform application using a platform-specific customer identifier is the same customer that is interfacing with another business platform application using another platform-specific customer identifier. Once the positive determination of same customer is made, a federated identifier key is generated and applied to all of the platforms, so as to globally identify the customer across multiple enterprise-wide platforms. As such, the present invention eliminates the labor-intensive need to manually analyze customer data to determine if a customer interfacing with one platform is the same customer interfacing with another platform.

Abstract: Apparatuses, computer readable media, methods, and systems are described for requesting creation of virtual machine (VM) in a cloud environment comprising a virtual private cloud. Through various communications between a cloud DMZ, cloud provider, and/or company's network, a VM instance may be securely created, initialized, booted, unlocked, and/or monitored through a series of interactions building, in some examples, upon a root of trust.

Abstract: Apparatuses, computer readable media, methods, and systems are described for requesting creation of virtual machine (VM) in a cloud environment comprising a virtual private cloud. Through various communications between a cloud DMZ, cloud provider, and/or company's network, a VM instance may be securely created, initialized, booted, unlocked, and/or monitored through a series of interactions building, in some examples, upon a root of trust.

Abstract: Apparatuses, computer readable media, methods, and systems are described for generating a first measurement of a virtualization platform, receiving a create measured virtual machine request comprising authentication information, in response to the request, creating a measured virtual machine based on the authentication information, generating a second measurement of the measured virtual machine, and communicating a quote generated based on the first measurement and the second measurement for attesting to authenticity of the virtualization platform and of the measured virtual machine.

Abstract: Apparatuses, computer readable media, methods, and systems are described for storing a first measurement of a virtualization platform, storing a second measurement of a measured virtual machine, generating a quote using a key, wherein the quote is based on the first measurement and the second measurement, and providing the quote for attesting to authenticity of the virtualization platform and of the measured virtual machine. In a further example, the quote may be generated based on a third measurement of a secure tunnel.

Abstract: Apparatuses, computer readable media, methods, and systems are described for storing a first measurement of a virtualization platform, storing a second measurement of a measured virtual machine, generating a quote using a key, wherein the quote is based on the first measurement and the second measurement, and providing the quote for attesting to authenticity of the virtualization platform and of the measured virtual machine. In a further example, the quote may be generated based on a third measurement of a secure tunnel.

Abstract: Apparatuses, computer readable media, methods, and systems are described for requesting creation of virtual machine (VM) in a cloud environment comprising a virtual private cloud. Through various communications between a cloud DMZ, cloud provider, and/or company's network, a VM instance may be securely created, initialized, booted, unlocked, and/or monitored through a series of interactions building, in some examples, upon a root of trust.

Abstract: Embodiments herein disclosed provide for computer network security and, more specifically, monitoring application-based access to secure data and monitoring predetermined actions conducted on applications to determine abnormal access or abnormal actions. Specific embodiments of the invention provide for improved database which implements time period-structured tables and file directories. Such structuring of the database provides for automated data purging, backing-up of data and data recovery. Additional embodiments provide for tracking data attributes related to the monitored data, such as the quality of the monitored data, the quality of the monitored data and the origin of the monitored data. In addition, embodiments provide for validating the source of the monitored data to assure that data is received from a valid application.

Abstract: Methods, apparatus, systems and computer program products are described and claimed that provide for automatically and positively determining that an associate accessing a business domain/application using an application-specific associate identifier is the same associate that is accessing another business domain/application using another application-specific associate identifier. Once the positive determination of same associate is made, a federated identifier key is generated and applied to all of the platforms in which the associate can be positively identified, so as to globally identify the associates across multiple enterprise-wide domains/applications. As such, the present invention eliminates the need to manually analyze associate data to determine if an associate interfacing with one domain/application is the same associate interfacing with another domain/application.

Abstract: Apparatuses, computer readable media, methods, and systems are described for providing a list of cloud orchestrator clients, each of the clients being associated with one of a plurality of cloud provider data centers, processing an instruction to at least one of create a virtual machine and change a state of the virtual machine, select a particular one of the cloud orchestrator clients associated with a particular one of the cloud provider data centers where the virtual machine is to be created or where the virtual machine currently resides, generating a provisioning request instructing the particular cloud orchestrator client to perform at least one of creating the virtual machine and changing the state of the virtual machine, and communicating the request to the particular cloud orchestrator client.

Abstract: Methods, apparatus, systems and computer program products are described and claimed that provide for automatically and positively determining that an associate accessing a business domain/application using an application-specific associate identifier is the same associate that is accessing another business domain/application using another application-specific associate identifier. Once the positive determination of same associate is made, a federated identifier key is generated and applied to all of the platforms in which the associate can be positively identified, so as to globally identify the associates across multiple enterprise-wide domains/applications. As such, the present invention eliminates the need to manually analyze associate data to determine if an associate interfacing with one domain/application is the same associate interfacing with another domain/application.

Abstract: Methods, apparatus, systems and computer program products described and claimed that provide for automatically and positively determining that a customer interfacing with one business platform application using a platform-specific customer identifier is the same customer that is interfacing with another business platform application using another platform-specific customer identifier. Once the positive determination of same customer is made, a federated identifier key is generated and applied to all of the platforms, so as to globally identify the customer across multiple enterprise-wide platforms. As such, the present invention eliminates the labor-intensive need to manually analyze customer data to determine if a customer interfacing with one platform is the same customer interfacing with another platform.

Abstract: Embodiments of the invention provide for cell level data encryption. The methods, apparatus and computer program products herein described provide for the encryption of individual data values without requiring adjacent data valued to also be encrypted. For example, in situations where individual data values are arranged in a database that is visualized as a two-dimensional representation, individual data values may be encrypted without requiring horizontally or vertically adjacent data values to also be encrypted. In situations where data values is transmitted and visualized as a sequential stream of data values, one data value may be encrypted without requiring previous or subsequent data values to be encrypted. In some such examples, an individual data value may be encrypted without requiring the entire transmission channel to be encrypted.