An information processing device updates its own secret key according to an update request including request order information, the information processing device being provided with: a storage unit that stores, in a nonvolatile manner, a master secret key, a secret key, and order comparison information that enables comparison of the request order of the update request; and an update unit that, in a case where the update request has been made, compares the request order information and the order comparison information, and in a case where it has been determined that the order of the update request is authorized, updates the order comparison information to information corresponding to the request order information before update processing of the secret key is performed by using the master secret key.

Systems, methods, and apparatuses to support encrypted remote direct memory access for live migration of a virtual machine are described. In one embodiment, a first computer system includes an encryption circuit in a hardware processor of the first computer system to encrypt data, a memory controller circuit, of the first computer system, comprising a port to couple to a network interface controller circuit, a direct memory access engine circuit of the first computer system to access a memory in the first computer system, and the hardware processor to, for a request to perform a live migration of a virtual machine from the first computer system to a second computer system via the network interface controller circuit: encrypt code and data of the virtual machine from the memory with an encryption key by the encryption circuit of the hardware processor, store the encrypted code and data of the virtual machine within a migration buffer of the memory of the first computer system by the direct memory access engine circuit, and cause the network interface controller circuit to send the encrypted code and data of the virtual machine from the migration buffer to the second computer system via the network interface controller circuit without the network interface controller circuit performing an additional encryption.

Embodiments relate to computer systems designed to support and enable a dual obfuscated virtual private network (VPN). A plurality of servers is configured with hardware elements in a hardware layer, and an operatively coupled operating system layer with a first virtual private server (VPS) operatively coupled to a second VPS. The first VPS is configured to generate an OpenVPN certificate and the second VPS is configured to generate a WireGuard certificate. Communication tunnels encrypted with a combination of OpenVPN and WireGuard are created to establish the dual obfuscated VPN.

In one embodiment, a method comprises: securing, by a security agent executed within a network device, first secure data structures for secure storage in the network device and second secure data structures for secure communications in a secure peer-to-peer data network; monitoring, by the security agent, a corresponding mandatory lifecycle policy for each of the first secure data structures; and cryptographically erasing one of the first secure data structures in response to expiration of the corresponding mandatory lifecycle policy.

A storage system that determines coupling priority of a plurality of coupling candidate servers includes a control unit. The control unit is configured to acquire information on security strength from the coupling candidate servers, determine coupling priority of the respective coupling candidate servers on a basis of the security strength of the coupling candidate servers and processing speed performance in processing relating to security with the coupling candidate servers, and cause the determined coupling priority of the coupling candidate servers to be stored in a prescribed memory.

A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

A system and method for providing remote access to a device is disclosed. The method comprises receiving an automatically expiring authentication token having encrypted authentication token data including a session key from the device, transmitting the authentication token to secure facility, receiving the decrypted authentication token data from the secure facility, signing a tool package with a package verification key derived at least in part from the session key, the tool package comprising processor instructions providing remote access to the device when executed by the processor, providing the signed tool package to the device. The device verifies the signed tool package using the package verification key and executes the tool package only if the signature of the tool package is verified.

A method in a virtual private network (VPN) environment, the method including determining, by a VPN server, an encrypted authentication packet based at least in part on utilizing an encryption key and a nonce to encrypt one or more fields of an initial authentication packet; transmitting, by the VPN server to an authentication server, the encrypted authentication packet to enable VPN authentication of a device requesting VPN services from the VPN server; determining, by the authentication server, a response regarding the VPN authentication based at least in part on decrypting the one or more fields utilizing a decryption key and the nonce; and transmitting, by the authentication server to the VPN server, the response regarding the VPN authentication. Various other aspects are contemplated.

An inline network traffic monitor is deployed inline between two endpoints of a computer network. A particular endpoint of the two endpoints works in conjunction with the inline network traffic monitor to decrypt encrypted network traffic transmitted between the two endpoints. A series of Change Cipher Spec (CCS) messages is exchanged between the inline network traffic monitor and the particular endpoint during a Transport Layer Security (TLS) handshake between the two endpoints. The series of CCS messages allows the particular endpoint and the inline network traffic monitor to detect each other on the computer network. After detecting each other's presence, the particular endpoint sends the inline network traffic monitor a session key that is used by the two endpoints to encrypt their network traffic. The inline network traffic monitor uses the session key to decrypt encrypted data of the network traffic transmitted between the two endpoints.

Concepts and technologies are disclosed herein for providing an electronic document processing system, an electronic document generation mechanism, an encrypted digital certificate generator, a tool for coordinating the processing of electronic documents, a packaging mechanism for finalizing and authenticating electronic documents, a tracking log for recording relevant electronic document information, and a transferring protocol for transferring the ownership of electronic documents. The present disclosure also is directed to an electronic authentication system including an electronic document authentication watermark seal or signature line for confirming a document's signing within the view. The present disclosure also is directed to a system, software program, and method for generating electronic documents, coordinating the signing of electronic documents, digitally authenticating and certifying electronic documents, and organizing electronic documents for retrieval and transfer in a mortgage closing and/or other financial services application.