In order to enable dynamic scaling of network services at the edge, novel systems and methods are provided to enable addition of add new nodes or removal of existing nodes while retaining the affinity of the flows through the stateful services. The methods provide a cluster of network nodes that can be dynamically resized to handle and process network traffic that utilizes stateful network services. The existing traffic flows through the edge continue to function during and after the changes to membership of the cluster. All nodes in the cluster operate in active-active mode, i.e., they are receiving and processing traffic flows, thereby maximizing the utilization of the available processing power.

An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device. In some cases, a determination may be made that a type of access is compatible with one or more allowed access types for the page as represented in a protected container page metadata structure.

An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device. In some cases, a determination may be made that a type of access is compatible with one or more allowed access types for the page as represented in a protected container page metadata structure.

An approach for operating at least one touch-sensitive, flat input device of a complete device, the input device being connected via a message-based bus connection to a control device of the complete device, and messages containing touch datasets describing touch data events being transmitted to the control device, which evaluates the messages for input information for an application program implemented by the control device, wherein when a security function in the control device that queries sensitive input information is accessed, the touch datasets are transmitted from the input device to the control apparatus via the bus connection in encrypted form until the associated input process has ended.

An approach for operating at least one touch-sensitive, flat input device of a complete device, the input device being connected via a message-based bus connection to a control device of the complete device, and messages containing touch datasets describing touch data events being transmitted to the control device, which evaluates the messages for input information for an application program implemented by the control device, wherein when a security function in the control device that queries sensitive input information is accessed, the touch datasets are transmitted from the input device to the control apparatus via the bus connection in encrypted form until the associated input process has ended.

A system is provided. The system includes a computing resource, a cable insertable into the computing resource, a locking element and a controller. The locking element is configured to assume a locked condition in which the cable is locked to the computing resource or prevented from insertion into the computing resource and an unlocked condition in which the cable is removable from the computing resource and permitted to be inserted into the computing resource. The controller is configured to define rules for users. The rules are associated with respective identifiers (IDs) of each of the users and establish criteria associated with each user for causing the locking element to assume one of the locked and unlocked conditions.

A system is provided. The system includes a computing resource, a cable insertable into the computing resource, a locking element and a controller. The locking element is configured to assume a locked condition in which the cable is locked to the computing resource or prevented from insertion into the computing resource and an unlocked condition in which the cable is removable from the computing resource and permitted to be inserted into the computing resource. The controller is configured to define rules for users. The rules are associated with respective identifiers (IDs) of each of the users and establish criteria associated with each user for causing the locking element to assume one of the locked and unlocked conditions.

Technologies are described herein for providing a Baseboard Management Controller (“BMC”) -based security processor. The disclosed BMC-based security processor can provide a hardware Root of Trust (“RoT”) for a computing platform without the addition of specialized silicon to the platform and while minimizing the number of attack points. The disclosed BMC-based security processor can also provide functionality for securely filtering requests made on certain buses in a computing platform. Through implementations of the features identified briefly above, and others described herein, various technical benefits can be achieved such as, but not limited to, increased security as compared to previous computing systems that utilize a BMC to provide a hardware RoT and reduced complexity and cost as compared to previous computing systems that utilize a separate hardware device, such as a Field Programmable Gate Array (“FPGA”) or a microcontroller, to provide a hardware RoT.

Technologies are described herein for providing a Baseboard Management Controller (“BMC”) -based security processor. The disclosed BMC-based security processor can provide a hardware Root of Trust (“RoT”) for a computing platform without the addition of specialized silicon to the platform and while minimizing the number of attack points. The disclosed BMC-based security processor can also provide functionality for securely filtering requests made on certain buses in a computing platform. Through implementations of the features identified briefly above, and others described herein, various technical benefits can be achieved such as, but not limited to, increased security as compared to previous computing systems that utilize a BMC to provide a hardware RoT and reduced complexity and cost as compared to previous computing systems that utilize a separate hardware device, such as a Field Programmable Gate Array (“FPGA”) or a microcontroller, to provide a hardware RoT.

An unauthorized connection detecting device to detect an unauthorized device connection at a connection part at which an electronic control unit mounted on a vehicle and an input and output unit are connected to each other is provided. The unauthorized connection detecting device includes a pair of connectors having one connector mounted on the electronic control unit and another connector mounted on the input and output unit, the pair of connectors being to be attached to each other, a protrusion or a conductor pattern formed on the another connector, a switch unit arranged on the one connector and to detect the protrusion or a conductor connection detecting unit arranged on the one connector and to be electrically connected to the conductor pattern, and an unauthorized connection identification unit to detect an unauthorized connection based on a state detected by the switch unit or the conductor connection detecting unit.