Abstract: Provided is a method, a computer program product, and a system for providing perfect forward secrecy in virtual machines. The method includes receiving a secure memory allocation function from an application, including a connection secret to be stored in memory. The method further includes allocating memory for the connection secret according to the memory size parameter and storing an entry relating to the connection secret in a secure database. The memory information includes a memory location and a memory size of the memory. The method also includes monitoring an operation state relating to the virtual machine. The method further includes receiving, from the application, a secure deallocation function relating to the connection secret and retrieving the memory information from the secure database. The method also includes deleting the connection from the memory and sanitizing the memory location logged by the memory information.

Abstract: Provided is a method, a computer program product, and a system for providing request messages with zero round trip time in a Transport Layer Security (TLS) session. The method includes establishing a TLS session between a server and a client by performing a TLS handshake between the server and the client. The method further includes generating a session ticket associated to the client. The method also includes transmitting the session ticket to the client and receiving an early request message from the client during the TLS session. The early request message includes a request message that is to be sent to the client upon resuming the TLS session with the client. The method further includes associating the early request message with the session ticket and processing the early request message. The data related to the early request message can be sent upon resumption of the TLS session.

Abstract: A method, a computer program product, and a system for transport layer security protocol functions in separate instances. The method includes receiving, by a handshake processor instance, a TLS connection request from a client to a server. The method further includes establishing a TLS connection including connection secrets by the handshake processor instance. Once established, the method proceeds by transmitting the connection secrets to a connection processor instance. The method further includes deleting the connection secrets stored on the handshake processor instance and processing application data by the connection processor instance.

Abstract: A similarity score between a profile of an email sender and one or more profiles associated with one or more respective recipients of the email being sent by the email sender is calculated. In response to determining that the calculated similarity score between the profile of the email sender and at least one profile of the one or more profiles associated with a respective recipient of the one or more respective recipients does not exceed a first threshold value, a relevance score between a context of the email and each of the one or more recipients of the email is calculated. Responsive to determining that the calculated relevance score between the context of the email and each of the one or more recipients of the email does not exceed a second threshold value, a distribution list of the email is updated. The email is transmitted using the updated distribution list.

Abstract: Transport Layer Security (TLS) connection establishment between a client and a server for a new session is enabled using an ephemeral (temporary) key pair. In response to a request, the server generates a temporary certificate by signing an ephemeral public key using the server's private key. A certificate chain comprising at least the temporary certificate that includes the ephemeral public key, together with a server certificate, is output to the client by the server, which acts as a subordinate Certificate Authority. The client validates the certificates, generates a session key and outputs the session key wrapped by the ephemeral public key. To complete the connection establishment, the server applies the ephemeral private key to recover the session key derived at the client for the new session. The client and server thereafter use the session key to encrypt and decrypt data over the link. The ephemeral key pair is not reused.

Abstract: Techniques for authentication using a blockchain hash value as a moving factor. The techniques include retrieving, by an authenticating device and from a blockchain, a current hash value of the blockchain, where the authenticating device and an authenticator server share a secret key value and each have access to the blockchain. The techniques further including generating, by the authenticating device, a secure token based on the secret key value and the current hash value. The techniques further including transmitting the secure token to the authenticator server and receiving an indication of authentication from the authenticator server.