A system comprises a communications module; at least one processor coupled with the communications module; and a memory coupled to the at least one processor and storing processor-executable instructions which, when executed by the at least one processor, configure the at least one processor to provide, via the communications module, a first encryption key of an encryption key pair to a client device; receive, via the communications module and from a conversation agent server, a fulfillment request based on a natural language input transmitted from the client device to the conversation agent server; determine that the fulfillment request includes a request for personal data; obtain the requested personal data; encrypt the personal data with a second encryption key of the encryption key pair; and provide, via the communications module and to the conversation agent server, the encrypted personal data for transmission to the client device.

A method, an apparatus, and an electronic device for processing a data transaction are disclosed. The method includes receiving an application request from a client to perform a data operation in a target data partition; creating a corresponding data transaction according to the application request, and assigning a transaction identifier to the data transaction; returning the transaction identifier that is assigned to the data transaction to the client; performing the data operation based on the target data partition according to the data operation carrying the transaction identifier and sent by the client; and processing the data transaction according to a transaction instruction sent by the client. The method enables a data operation to implement transactional attributes, and to satisfy a transactional nature of the data operation. Moreover, the service logic of data transactions implemented by the method is relatively simple, thus ensuring that data services have a good transactional nature.

One example method includes reading, at an air-gapped system, a code provided by a control system, and the code includes a message containing instructions from the control system to the air-gapped system, checking, by the air-gapped system, the message to determine if the message includes a command executable by the air-gapped system, and when the message identifies a command executable by the air-gapped system, and the command is included in a list of authorized commands, executing, by the air-gapped system, the command.

A method for managing a storage system includes initiating, by a hardware resource manager, a boot-up of a storage controller managing the storage system comprising a plurality of storage devices, making a determination, by the storage controller, that the storage controller is in a secured mode, based on the determination: identifying a security state of each of the plurality of storage devices, determining that a storage device of the plurality of storage devices is in an unsecured state, and based on the unsecured state, sending, by the storage controller, a security operation request for securing the storage device, obtaining a secure state response from the hardware resource manager corresponding to securing the storage device, and based on the secure state response, resuming operation of the storage controller based on the secure mode.

There is provided mechanisms for handling instances of a trusted execution environment on an execution platform. The trusted execution environment is associated with a secure cryptoprocessor. The secure cryptoprocessor holds a register. The trusted execution environment is configured to read from and write to the register at a given index i. A method is performed by the trusted execution environment. The method comprises checking, upon start of a new instance of the trusted execution environment, status of the register at the given index i, and wherein, when the register at the given index i has its status set to “undefined”, an internal status value is set to a first value, and else, when a value is read from the register at the given index i, the internal status value is set to a second value based on the read value. The method comprises writing the internal status value to the register at the given index i. The method comprises running the new instance. The method comprises, whilst running the new instance, reading a current value from the register at the given index i. The method comprises enabling the new instance to keep running only when the current value equals the internal status value.

A command to perform a data operation at a memory device is received. The command includes an encryption key tag. A first key table is accessed from local memory. The first key table includes a first set of key entries corresponding to a first set of encryption keys. The first key table is searched to determine whether it includes an entry corresponding to the encryption key tag. Based on determining the first key table does not include an entry corresponding to the tag, a second key table is accessed from RAM. The second key table includes a second set of key entries corresponding to a second set of encryption keys. A key entry corresponding to the encryption key tag is identified from the second key table. The key entry includes an encryption key corresponding to the encryption key tag. The command is processed using the encryption key.

Embodiments of systems and methods for automatically evicting an owner of a security processor are described. In some embodiments, a security processor may include: a core and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: determine that a secure boot public key last used by a first entity to bootstrap an Information Handling System (IHS) fails to bootstrap the IHS; in response to the determination, identify another secure boot public key usable by a second entity to bootstrap the IHS; and in response to the security processor being in a factory environment, increment a counter associated with the first entity to evict the first entity in favor of the second entity.

In illustrative embodiments, systems and methods are disclosed by which keystroke data may be securely delivered to an application executing on a computer. The keystroke data may traverse an atypical data path to the memory space of the application, and may be encrypted along its traversal of such data path, and my further be encrypted when it is delivered into the memory space of the application. The system may include a filter driver that is arranged in a driver stack with a keyboard device driver that ordinarily interacts with the keyboard, and the filter driver may receive keystroke data from the keyboard device driver, encrypt such data, and provide such encrypted data to a body of software instruction that it injected into the memory space of the application. The body of software instructions may, in turn, decrypt the encrypted data and provide the decrypted data to the application.

Embodiments of systems and methods for indicating a type of secure boot to endpoint devices by a security processor are described. In some embodiments, a security processor may include: a core and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: identify a type of secure boot last performed to bootstrap an Information Handling System (IHS); and make an indication of the type of secure boot available to a host processor or Baseboard Management Controller (BMC) of the IHS.

Embodiments of systems and methods for deriving dependent symmetric encryption keys based upon a type of secure boot using a security processor are described. In some embodiments, a security processor may include: a core; and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: retrieve a first symmetric key based, at least in part, upon a type of secure boot performed to bootstrap an Information Handling System (IHS); and derive a second symmetric key based, at least in part, upon the first symmetric key.