摘要:
Systems and methods for protecting symmetric encryption keys when performing encryption are described. In one embodiment, a computer-implemented method includes retrieving at least one real key from a secure area and executing, with a processor, a key transform instruction to generate at least one transformed key based on receiving the at least one real key. The at least one transformed key is an encrypted version of at least one round key that is encrypted by the processor using the at least one real key. The processor is able to decrypt the at least one transformed key and encrypt the at least one round key.
摘要:
Systems and methods for protecting symmetric encryption keys when performing encryption are described. In one embodiment, a computer-implemented method includes retrieving at least one real key from a secure area and executing, with a processor, a key transform instruction to generate at least one transformed key based on receiving the at least one real key. The at least one transformed key is an encrypted version of at least one round key that is encrypted by the processor using the at least one real key. The processor is able to decrypt the at least one transformed key and encrypt the at least one round key.
摘要:
Devices, systems, and methods for monitoring and asserting a trust level of a computing device are disclosed. In one illustrative embodiment, a computing device may include a memory having stored therein a persistent trust log, the persistent trust log comprising data relating to historic events influencing a trust level of the computing device, and a security controller configured to detect an event that influences the trust level of the computing device and to write data relating to the event to the persistent trust log.
摘要:
A system for determining reliability for location resources. A device may be configured to determine device location based on location information received from a location information source, the device including secure systems configured to provide a reliability rating of the location information source. The secure systems may be configured to compare a device location based on the location information to a secondary device location based on secondary information to determine the reliability rating. For example, location information based on location signals received by the device may be compared to sensor information in the device to determine whether the movement described by location information and sensor information agrees. In the same or a different embodiment, a refined reliability rating may be requested from a secure resource in the device or accessible via a network. The secure resource may refine the reliability rating using tertiary information available to the secure resource.
摘要:
It is convenient to allow access to a private network, such as a corporate intranet, or outward facing extranet application, from an external network, such as the Internet. Unfortunately, if an internal authentication system is used to control access from the external network, it may be attacked, such as by a malicious party intentionally attempting multiple invalid authentications to ultimately result in an attacked account being locked out. To circumvent this, an authentication front-end, proxy, wrapper, etc. may be employed which checks for lockout conditions prior to attempting to authenticate security credentials with the internal authentication system.
摘要:
A method, apparatus and system enable enhanced processor frequency governors to comprehend virtualized platforms and utilize predictive information to enhance performance in virtualized platforms. Specifically, in one embodiment, an enhanced frequency governor in a virtual host may run within a virtual machine on the host and interact with a virtual machine manager to collect predictive information from application(s) running within each virtual machine on the host. The enhanced frequency governor may then utilize the predictive information to determine future CPU frequency requirements and raise or lower the CPU frequency and/or voltage in anticipation of the needs of the various applications.
摘要:
It is convenient to allow access to a private network, such as a corporate intranet, or outward facing extranet application, from an external network, such as the Internet. Unfortunately, if an internal authentication system is used to control access from the external network, it may be attacked, such as by a malicious party intentionally attempting multiple invalid authentications to ultimately result in an attacked account being locked out. To circumvent this, an authentication front-end, proxy, wrapper, etc. may be employed which checks for lockout conditions prior to attempting to authenticate security credentials with the internal authentication system.
摘要:
A system for determining reliability for location resources. A device may be configured to determine device location based on location information received from a location information source, the device including secure systems configured to provide a reliability rating of the location information source. The secure systems may be configured to compare a device location based on the location information to a secondary device location based on secondary information to determine the reliability rating. For example, location information based on location signals received by the device may be compared to sensor information in the device to determine whether the movement described by location information and sensor information agrees. In the same or a different embodiment, a refined reliability rating may be requested from a secure resource in the device or accessible via a network. The secure resource may refine the reliability rating using tertiary information available to the secure resource.
摘要:
The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.
摘要:
By processing aggregated data in a trusted environment, a system can reduce opportunities for tampering with aggregated data that is processed in a peer-to-peer chain. Each device may pass the predecessor aggregated data to a trusted environment in that device, which obtains local data for that device and aggregates it with the predecessor aggregated data, producing an output aggregated data. Optionally, the system can identify when a device has previously processed the aggregated data, reducing the possibility that the device can be used to aggregate data repeatedly. The aggregated data may be digitally signed or encrypted to enhance the tamper resistance of the data payload.