Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

Abstract: A method and apparatus for network security elements using endpoint resources. An embodiment of a method includes receiving a request for access to a network at an endpoint server. The method further includes detecting that the request for access to the network includes a request that is unauthorized. The request for access to the network is directed to a network security element.

Abstract: A platform for verifying the validity of changes to dynamic data modifiable during the runtime execution of an agent. In one embodiment, a management mode of a processor uses key information to generate a signature for a set of dynamic data, the signature to verify the validity of the state of the dynamic data to an integrity measurement agent.

Abstract: Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise comprised operating system environment. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material.

Abstract: Secure enterprise network communication technology provides improved authentication prior to granting network access of enterprise host platforms with the network devices via a backend infrastructure.

Abstract: According to embodiments of the present invention, host platform device includes an embedded firmware agent that may detect an attempt by the host platform device to fully connect to a network. The firmware agent may restrict traffic between the host platform device and the network to bootstrap traffic, test the device to determine device vulnerability, may temporarily stop access to other peripheral devices, and transmit a report of the device vulnerability to a remote policy server. After the test(s) are performed, the firmware agent may receive an indication from the remote policy server as to whether the device is permitted to fully connect to the network and, if so, whether there are any further restrictions on traffic flow, for example, and if the peripheral device access may be allowed.

Abstract: Transport agnostic, secure communication protocol for transmitting host platform posture information to the Network Access Control Server or PDP (Policy Decision Point) and for receiving policy information to be enforced on the trusted host platform and respective applications for data processing and communication are described herein.

Abstract: According to some embodiments, a resource data record associated with diagnostic code to manage a manageable resource is exposed, and the resource data record is discovered. The diagnostic code is loaded into a management platform based on the resource data record. The diagnostic code may be loaded from a location in host memory indicated by the resource data record. An the integrity check value may be received from the location in host memory, and an integrity check may be performed on the loaded diagnostic code based on the integrity check value.

Abstract: Techniques are described that may provide secure access to a computing device. In one embodiment, a nonce and a device identifier are utilized to generate a secured one time access code.

Abstract: Apparatus, system, and method having a first counter to record a number of invalid authentication requests, a first timer to set a first time period based on a value of the first counter, and an authentication module associated with the first counter and the first timer to receive an initial authentication request that includes a username and when said username is invalid, the module is to invalidate any subsequent authentication requests under the username during the first time period regardless of whether the subsequent requests includes a valid username. The system further includes a communication medium. The method includes receiving an authentication request with new information in a first session, validating the new information, and caching the validated new information in the first session.

Abstract: A method is provided for determining a private key for a first network based on at least one security value associated with a second network. The method further includes establishing a plurality of sessions between a mobile terminal and the first network based on the private key.

Abstract: Techniques for managing information in a computing environment. Information associated with components of the computing environment is obtained. Then, from at least a portion of the obtained information, a determination is made as to the existence of one or more relationships associated with at least a portion of the components of the computing environment. The determination of the existence of one or more relationships is capable of accounting for a full lifecycle (e.g., including deployment, installation and runtime) associated with at least one component of the computing environment.

Abstract: Techniques for managing information in a computing environment. Information associated with components of the computing environment is obtained. Then, from at least a portion of the obtained information, a determination is made as to the existence of one or more relationships associated with at least a portion of the components of the computing environment. The determination of the existence of one or more relationships is capable of accounting for a full lifecycle (e.g., including deployment, installation and runtime) associated with at least one component of the computing environment.