Abstract: A microservices-management system intercepts a request for a cloud-based microservice sent by a microservices-architecture application. The system selects an optimal cloud-service provider from a group of candidate providers capable of delivering the microservice and then forwards the request to the optimal provider. The optimal provider is selected by drawing cognitive inferences from stored blockchain records that each describe a characteristic of a previous delivery of the requested service. Each record is generated by one of the candidate providers when delivering an instance of the microservice, regardless of whether the provider is in a trusted relationship with the application owner. The providers are barred by blockchain's intrinsic security features from altering or deleting previously stored blockchain records. Upon delivery of the service, the system compares the actual quality or cost of the delivery with predicted values in order to learn how to more effectively select optimal providers.

Abstract: A microservices-management system intercepts a request for a cloud-based microservice sent by a microservices-architecture application. The system selects an optimal cloud-service provider from a group of candidate providers capable of delivering the microservice and then forwards the request to the optimal provider. The optimal provider is selected by drawing cognitive inferences from stored blockchain records that each describe a characteristic of a previous delivery of the requested service. Each record is generated by one of the candidate providers when delivering an instance of the microservice, regardless of whether the provider is in a trusted relationship with the application owner. The providers are barred by blockchain's intrinsic security features from altering or deleting previously stored blockchain records. Upon delivery of the service, the system compares the actual quality or cost of the delivery with predicted values in order to learn how to more effectively select optimal providers.

Abstract: A system and method for using a unique identifier for encryption key derivation is presented. An application sends a password and a request for an encryption key to a hardware security module (HSM). The HSM uses the password to generate a tied application data encryption key (ADEK). The tied ADEK includes an encryption key and a known value that is “tied” to the password. The HSM encrypts the tied ADEK with a hardware master key and sends it to the application. When the application requests to encrypt or decrypt data, the application sends the encrypted tied ADEK and a password to the HSM. The password corresponds to the password used to generate the tied ADEK. The HSM uses an identical hardware master key and the password to recover the ADEK. The HSM also verifies that the known value is correct.

Abstract: Features of a data processing system, such as its configuration, are protected utilizing a machine-specific limited-life password. The data processing system includes execution resources for executing a watchdog program, a limited-life value generator, and non-volatile storage that stores a machine-specific value at least partially derived from relatively unique information associated with the data processing system (and preferably also derived from a secret control password). In response to each attempted access to the protected features of the data processing system, the watchdog program generates at least one machine-specific limited-life password from the machine-specific value and a limited-life value generated by the limited-life value generator. The watchdog program allows access to the protected features in response to entry of the machine-specific limited-life password and otherwise denies access.

Abstract: A method, apparatus and computer program product are disclosed for certifying the authenticity of an application program and for securely associating certified application programs whose certification has been verified, with persistent application data that they own. The invention prevents other application programs, including certified application programs whose certifications have been verified, from accessing data not of their own.

Abstract: Data, including a program and software updates, is encrypted by a public key encryption system using the private key of the data sender. The data is also digitally signed by the sender. The receiver decrypts the encrypted data, using the public key of the sender, and verifies the digital signature on the transmitted data. The program interacts with basic information stored within the confines of the receiver. As result of the interaction, the software updates are installed within the confines of the user, and the basic information stored within the confines of the user are changed.