Abstract: A message limit value to be used in enqueuing one or more messages on a queue of a device of the computing environment is obtained. The message limit value indicates whether an extended maximum message length is supported by the device. The extended maximum message length is different from a default maximum message length supported by the device. Based on determining that the extended maximum message length is supported and that the obtained message limit value has a defined relationship with a select value, at least one message of an extended length is enqueued on the queue of the device.

Abstract: A method, a computer program product, and a system are provided that handles host requests on a hardware security module (HSM). The method includes selecting a domain with a longest wait time with a host request for the HSM and selecting an oldest host request requested by the domain. The method also includes determining a hardware engine type required to process the oldest host request and determining a saturation level of the hardware engine type exceeds a saturation threshold. The method further includes selecting a second host request requested by the domain that uses a different hardware engine type based on the saturation level exceeding the saturation threshold and processing the second host request using the different hardware engine type of the HSM. The method further includes selecting unprocessed host requests of the domains to continuously provide efficient selection of those host requests to the HSM.

Abstract: Aspects of the invention include a computer-implemented method of executing a hybrid quantum safe key exchange system. The computer-implemented method includes initially retrieving an authenticated random value from a trusted source, generating a first Z value using a first elliptic curve (EC) private key and a first certified form of an EC public key with an EC Diffie-Hellman (ECDH) algorithm, deriving a shared key using the authenticated random value and the first Z value with a key derivation function, decrypting the authenticated random value using a quantum safe algorithm (QSA) private key, generating a second Z value using a second EC private key and a second certified form of the EC public key with the ECDH algorithm and deriving the shared key using the authenticated random value and the second Z value with the key derivation function.

Abstract: Processing within a computing environment is facilitated by generating a hybrid security certificate using multiple cryptosystems. The generating includes obtaining data for inclusion in the hybrid security certificate, and generating a first digital signature associated with a first cryptosystem to cover the data, and a second digital signature associated with a second cryptosystem to cover the data. The generating further includes providing the hybrid security certificate, where the hybrid security certificate includes the data, the first digital signature associated with the first cryptosystem, and the second digital signature associated with the second cryptosystem, and where the first digital signature has no dependency on a key of the second cryptosystem or the second digital signature, and the second digital signature has no dependency on a key of the first cryptosystem or the first digital signature.

Abstract: Aspects of the invention include a computer-implemented method of executing a hybrid quantum safe key exchange system. The computer-implemented method includes initially retrieving an authenticated random value from a trusted source, generating a first Z value using a first elliptic curve (EC) private key and a first certified form of an EC public key with an EC Diffie-Hellman (ECDH) algorithm, deriving a shared key using the authenticated random value and the first Z value with a key derivation function, decrypting the authenticated random value using a quantum safe algorithm (QSA) private key, generating a second Z value using a second EC private key and a second certified form of the EC public key with the ECDH algorithm and deriving the shared key using the authenticated random value and the second Z value with the key derivation function.

Abstract: A message limit value to be used in enqueuing one or more messages on a queue of a device of the computing environment is obtained. The message limit value indicates whether an extended maximum message length is supported by the device. The extended maximum message length is different from a default maximum message length supported by the device. Based on determining that the extended maximum message length is supported and that the obtained message limit value has a defined relationship with a select value, at least one message of an extended length is enqueued on the queue of the device.

Abstract: Aspects of the invention include providing a clear key with an attribute that controls usage of the clear key. The clear key includes key data in at least a first 8-byte section and second and third 8-byte sections and a wrapping key for wrapping the clear key. The computer-implemented method further includes chaining the first, second and third 8-byte sections together with zeroes for those 8-byte sections that are unpopulated into chained key data, deriving encryption and authentication keys from the wrapping key, calculating an authentication code over the clear key and the attribute using the authentication key, executing encryption over the chained key data using the encryption key to generated encrypted chained key data and adding the authentication code, the attribute and the encrypted chained key data to form a key block.

Abstract: At least one secure object of a security module is bound to a secure guest. A trusted component determines whether metadata of the secure guest includes a confidential binding attribute for the security module. Based on determining that the metadata includes the confidential binding attribute, the trusted component configures the security module for the secure guest in a select mode. The select mode prevents certain operations from being intercepted by a hypervisor associated with the secure guest. The trusted component intercepts a security module communication and performs a cryptographic operation on one or more secure objects of the security module communication using the confidential binding attribute to provide a cryptographic result. An outcome of the security module communication, which includes the cryptographic result, is provided to a receiver.

Abstract: Embodiments of the invention provide a computer-implemented method of executing multi-factor authentication (MFA). In embodiments of the invention, the computer-implemented method includes analyzing multiple categories of MFA factors, wherein a first category of the multiple categories of MFA factors includes a something-you-have MFA (SYH-MFA) factor. The SYH-MFA factor is analyzed by receiving, using a processor of an authenticating entity, an SYH certificate from a to-be-authenticated (TBA) entity; and determining, using the processor, that the SYH-MFA factor is satisfied by determining that the SYH certificate possessed by the TBA entity is valid.

Abstract: An adjunct processor dynamically determines, on a per-command basis, whether commands obtained by the adjunct processor are to be processed by the adjunct processor. The adjunct processor obtains a command request of a requester. The command request includes at least one filtering indicator indicating at least one valid command type for processing by the adjunct processor for the requester. The adjunct processor determines using the at least one filtering indicator whether a command of the command request is valid for processing by the adjunct processor for the requester. Based on determining that the command is valid for processing by the adjunct processor, the command is processed by the adjunct processor.

Abstract: A security module, such as a cryptographic adapter, is reserved for a secure guest of a computing environment. The reserving includes binding one or more queues of the security module to the secure guest. The one or more queues are then managed based on one or more actions relating to the reservation.

Abstract: Aspects of the invention include a computer-implemented method of executing a hybrid quantum safe key exchange system. The computer-implemented method includes initially retrieving an authenticated random value from a trusted source, generating a first Z value using a first elliptic curve (EC) private key and a first certified form of an EC public key with an EC Diffie-Hellman (ECDH) algorithm, deriving a shared key using the authenticated random value and the first Z value with a key derivation function, decrypting the authenticated random value using a quantum safe algorithm (QSA) private key, generating a second Z value using a second EC private key and a second certified form of the EC public key with the ECDH algorithm and deriving the shared key using the authenticated random value and the second Z value with the key derivation function.

Abstract: Processing within a computing environment is facilitated by generating a hybrid security certificate using multiple cryptosystems. The generating includes obtaining data for inclusion in the hybrid security certificate, and generating a first digital signature associated with a first cryptosystem to cover the data, and a second digital signature associated with a second cryptosystem to cover the data. The generating further includes providing the hybrid security certificate, where the hybrid security certificate includes the data, the first digital signature associated with the first cryptosystem, and the second digital signature associated with the second cryptosystem, and where the first digital signature has no dependency on a key of the second cryptosystem or the second digital signature, and the second digital signature has no dependency on a key of the first cryptosystem or the first digital signature.

Abstract: An adjunct processor dynamically determines, on a per-command basis, whether commands obtained by the adjunct processor are to be processed by the adjunct processor. The adjunct processor obtains a command request of a requester. The command request includes at least one filtering indicator indicating at least one valid command type for processing by the adjunct processor for the requester. The adjunct processor determines using the at least one filtering indicator whether a command of the command request is valid for processing by the adjunct processor for the requester. Based on determining that the command is valid for processing by the adjunct processor, the command is processed by the adjunct processor.

Abstract: Aspects of the invention include providing a clear key with an attribute that controls usage of the clear key. The clear key includes key data in at least a first 8-byte section and second and third 8-byte sections and a wrapping key for wrapping the clear key. The computer-implemented method further includes chaining the first, second and third 8-byte sections together with zeroes for those 8-byte sections that are unpopulated into chained key data, deriving encryption and authentication keys from the wrapping key, calculating an authentication code over the clear key and the attribute using the authentication key, executing encryption over the chained key data using the encryption key to generated encrypted chained key data and adding the authentication code, the attribute and the encrypted chained key data to form a key block.

Abstract: The present invention provides MDM2 inhibitor compounds of Formula I, wherein the variables are defined above, which compounds are useful as therapeutic agents, particularly for the treatment of cancers. The present invention also relates to pharmaceutical compositions that contain an MDM2 inhibitor.

Abstract: At least one secure object of a security module is bound to a secure guest. A trusted component determines whether metadata of the secure guest includes a confidential binding attribute for the security module. Based on determining that the metadata includes the confidential binding attribute, the trusted component configures the security module for the secure guest in a select mode. The select mode prevents certain operations from being intercepted by a hypervisor associated with the secure guest. The trusted component intercepts a security module communication and performs a cryptographic operation on one or more secure objects of the security module communication using the confidential binding attribute to provide a cryptographic result. An outcome of the security module communication, which includes the cryptographic result, is provided to a receiver.

Abstract: A security module, such as a cryptographic adapter, is reserved for a secure guest of a computing environment. The reserving includes binding one or more queues of the security module to the secure guest. The one or more queues are then managed based on one or more actions relating to the reservation.

Abstract: The present invention provides MDM2 inhibitor compounds of Formula I, wherein the variables are defined above, which compounds are useful as therapeutic agents, particularly for the treatment of cancers. The present invention also relates to pharmaceutical compositions that contain an MDM2 inhibitor.

Abstract: A system and method for provisioning one or more value added services to a postpaid/prepaid mobile account and/or a postpaid/prepaid mobile device using a wireless communication device as a point-of-sale device, is disclosed.