Abstract: Transport Layer Security (TLS) connection establishment between a client and a server for a new session is enabled using an ephemeral (temporary) key pair. In response to a request, the server generates a temporary certificate by signing an ephemeral public key using the server's private key. A certificate chain comprising at least the temporary certificate that includes the ephemeral public key, together with a server certificate, is output to the client by the server, which acts as a subordinate Certificate Authority. The client validates the certificates, generates a session key and outputs the session key wrapped by the ephemeral public key. To complete the connection establishment, the server applies the ephemeral private key to recover the session key derived at the client for the new session. The client and server thereafter use the session key to encrypt and decrypt data over the link. The ephemeral key pair is not reused.

Abstract: A method, computer system, and a computer program product for secure transport of data is provided. The present invention may include defining a trust relationship based on a secret. The present invention may also include associating a trusted transport key identity (TTKI) based on the defined trust relationship. The present invention may then include receiving a trusted transport key (TTK), wherein the TTK is digitally signed and encrypted with the TTKI. The present invention may further include verifying the digitally signed TTK. The present invention may also include enveloping the secret with the TTK.

Abstract: In some embodiments, an apparatus can comprise a memory unit including, two or more assemblies, wherein the two or more assemblies include a first assembly and a second assembly, wherein the second assembly is a later version of the first assembly, and wherein the first and second assemblies include, a stub module configured to detect an assembly initialization request indicating one of the first or second assemblies. The stub module can also be configured to retrieve a reference to a symbol table associated with the one of the first and second assemblies indicated in the assembly initialization request, to store data in the symbol table, and to provide the reference to a caller. The memory unit can also comprise an implementation module configured to perform operations associated with symbols in the symbol table and a processor configured to receive and execute one or more of the stub and implementation modules.

Abstract: In some embodiments, an apparatus can comprise a memory unit including, two or more assemblies, wherein the two or more assemblies include a first assembly and a second assembly, wherein the second assembly is a later version of the first assembly, and wherein the first and second assemblies include, a stub module configured to detect an assembly initialization request indicating one of the first or second assemblies. The stub module can also be configured to retrieve a reference to a symbol table associated with the one of the first and second assemblies indicated in the assembly initialization request, to store data in the symbol table, and to provide the reference to a caller. The memory unit can also comprise an implementation module configured to perform operations associated with symbols in the symbol table and a processor configured to receive and execute one or more of the stub and implementation modules.