Abstract: The embodiment herein provides a system and a method for assessing a cyber-risk and loss in a cloud infrastructure includes (a) deriving at least one of asset, topology, network or authentication vulnerabilities of a cloud infrastructure, (b) generating a technology risk machine learning model and a technology risk index, (c) generating a compliance risk machine learning model and a compliance risk, (d) generating a ransomware machine learning model and a business risk by processing (i) the compliance risk machine learning model and the compliance risk, (ii) a business input comprising asset information, cash flow, a value of the asset, (e) determining an asset's ransomware risk and loss based on the business risk and (f) automatically enabling one or more actions to mitigate the asset's ransomware risk and loss by fix misconfigurations or upgrading software using an API of cloud infrastructure.

Abstract: The embodiment herein provides a system for securing computer infrastructure and one or more devices that depend on one or more cloud platforms. The system includes a memory, and a processor that stores and executes a set of instructions. The processor is configured to (i) extract one or more information data from at least one of the cloud platforms or the devices that depends on the one or more cloud platforms, (ii) execute compliance tests to identify compliance and non-compliance in the one or more information data, (iii) generate a network topology map by querying the one or more information data, (iv) classify a connectivity between the one or more devices and their nature, (v) compute risk metrics, (vi) re-execute the compliance tests to detect changes, and (vii) implement security compliances without impacting a production or operational environment of the one or more cloud platforms.

Abstract: The embodiment herein provides a method for securely transmitting a firmware update image to a device using a key management system. The key management subsystem includes a cellular modem. The method includes (i) configuring a SIM of the cellular modem to update a public key of a server using a key manager module of the Subscriber Identity Module (SIM), (ii) enabling the SIM to receive an encrypted key package from the server, using the cellular modem, (iii) processing the encrypted firmware update image that has to be transmitted to the device using the SIM and (iv) transmitting the decrypted key package to the device to enable implementation of the decrypted key package into the device using the SIM.

Abstract: In view of the foregoing, an embodiment herein provides a method of generating and managing a key package using a key manufacturing server. The key manufacturing server performs the steps of: (i) obtaining a key package from a development signing server; (ii) generating at least one production key that is specific to a device in the key package; (iii) communicating the key package with the at least one production key to a key manager associated with the device using a communication link; and (iv) obtaining the key package with at least one device key that is generated by the key manager.

Abstract: A storage controller coupled to a multi-tenant storage array receives a request from a client device to write a data block to a volume resident on the storage array, wherein the client device is associated with a tenant of the storage array. The storage controller determines a tenant identifier associated with the tenant, generates a hash value for the data block based at least in part on the data block and the tenant identifier, and performs at least one data deduplication operation on the data block using the hash value by determining whether the hash value matches with any of the plurality of previous hash values that are identified in a deduplication map. Responsive to determining that the hash value does not match with any of the plurality of previous hash values that are identified in the deduplication map, the hash value is stored in the deduplication map.

Abstract: The embodiment herein provides a method for securely transmitting a firmware update image to a device using a key management system. The key management subsystem includes a cellular modem. The method includes (i) configuring a SIM of the cellular modem to update a public key of a server using a key manager module of the Subscriber Identity Module (SIM), (ii) enabling the SIM to receive an encrypted key package from the server, using the cellular modem, (iii) processing the encrypted firmware update image that has to be transmitted to the device using the SIM and (iv) transmitting the decrypted key package to the device to enable implementation of the decrypted key package into the device using the SIM.

Abstract: In view of the foregoing, an embodiment herein provides a method of generating and managing a key package using a key manufacturing server. The key manufacturing server performs the steps of: (i) obtaining a key package from a development signing server; (ii) generating at least one production key that is specific to a device in the key package; (iii) communicating the key package with the at least one production key to a key manager associated with the device using a communication link; and (iv) obtaining the key package with at least one device key that is generated by the key manager.

Abstract: Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.

Abstract: Techniques for manufacturing cryptographically-enabled network endpoints are described herein. In an example, an endpoint is provisioned with keys, which may include a revocation key, a command key, a recovery key and other cryptographic information. A buyer of the endpoint may send one or more keys to the manufacturer, and request that a handover package be sent by the manufacturer to the buyer. The manufacturer sends the handover package, which may include cryptographic information appropriately signed by the manufacturer. Upon receipt, the handover package is cryptographically processed by the buyer and portions are included in a takeover package sent to the endpoint. The endpoint may replace operational keys within the endpoint and switch its operation from use of manufacturer-produced credentials to use of buyer-produced credentials. Accordingly, the endpoint is provisioned for secure operation by the owner in an advanced metering infrastructure (AMI) or Internet of Things environment.

Abstract: Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.

Abstract: Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.

Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

Abstract: Methods and systems are provided for controlling access to an electronic device. The electronic device, for example, may include, but is not limited to, a processor, a memory communicatively coupled to the processor, wherein the memory is configured to store a password for accessing the electronic device, and a communication interface communicatively coupled to the processor, wherein the processor is configured to receive a request to access the electronic device from the communication interface, and transmit an encrypted version of the password for accessing the electronic device via the communication interface.

Abstract: Disclosed is an electronic device that selects a password and encrypts it utilizing a public key of a public/private encryption key pair. The electronic device then provides the encrypted password to a client device when an access request is received from the client device. The client device proceeds to obtain an unencrypted version of the password by submitting the encrypted password to a private key server (which utilizes the private key of the public/private encryption key pair to decrypt the password) and receiving the decrypted password in return. The client device then returns the password to the electronic device which, upon receiving the decrypted password, allows access from the client device. The device generates the password once during operation or each time an access request is received.

Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

Abstract: Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.

Abstract: Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.

Abstract: Methods and systems are provided for verifying the authenticity of an electronic device by a security server comprising a processor and a memory. The method, for example, may include, but is not limited to, receiving, from the electronic device, a unique identifier associated with the electronic device, determining, by the processor, a public key corresponding to the unique identifier, generating, by the processor, a message, encrypting, by the processor, the message with the determined public key, transmitting, to the electronic device, the encrypted message; receiving, from the electronic device, a response message, comparing the response message to the generated message, and authorizing the electronic device based upon the comparison.

Abstract: Methods and systems are provided for controlling access to an electronic device. The electronic device, for example, may include, but is not limited to, a processor, a memory communicatively coupled to the processor, wherein the memory is configured to store a password for accessing the electronic device, and a communication interface communicatively coupled to the processor, wherein the processor is configured to receive a request to access the electronic device from the communication interface, and transmit an encrypted version of the password for accessing the electronic device via the communication interface.