A component security device may be disposed at an interface between a component and a cyber-physical system. The disclosed component security device may be physically and/or electrically coupled between the component and infrastructure of the cyber-physical system, such as a backplane, bus, and/or the like. The component security device may be configured to monitor the component, and selectively isolate the component from the cyber-physical system. Since the component security device is interposed at the interface of the component, the component security device may be capable of isolating the component regardless of whether the component has been compromised (e.g., regardless of whether the component is capable of complying with system commands).

A component security device may be disposed at an interface between a component and a cyber-physical system. The disclosed component security device may be physically and/or electrically coupled between the component and infrastructure of the cyber-physical system, such as a backplane, bus, and/or the like. The component security device may be configured to monitor the component, and selectively isolate the component from the cyber-physical system. Since the component security device is interposed at the interface of the component, the component security device may be capable of isolating the component regardless of whether the component has been compromised (e.g., regardless of whether the component is capable of complying with system commands).

A method for filtering communication data arriving from a communication partner via a communication connection, which provides access to at least one storage means of a receiving data processing device having at least one computation unit, in the data processing device, wherein PCI Express, in an interface unit, receiving the communication data, of the data processing device, a filter means, at least part of which is embodied as hardware, is used so that, according to configuration information, prescribed on the data processing device, containing at least one approval condition that rates the at least one property of the useful data contained in the communication data, only the communication data meeting at least one approval condition are forwarded from the interface unit to at least one further component of the data processing device.

A method for filtering communication data arriving from a communication partner via a communication connection, which provides access to at least one storage means of a receiving data processing device having at least one computation unit, in the data processing device, wherein PCI Express, in an interface unit, receiving the communication data, of the data processing device, a filter means, at least part of which is embodied as hardware, is used so that, according to configuration information, prescribed on the data processing device, containing at least one approval condition that rates the at least one property of the useful data contained in the communication data, only the communication data meeting at least one approval condition are forwarded from the interface unit to at least one further component of the data processing device.

The disclosure relates to systems, methods and computer readable for generating double encryption of data through discrete modules that are air gapped at every stage. Furthermore, the transceivers disclosed can operate in “off-line” mode which can be adapted to communicate with any network access terminal regardless of the intermediate connecting network.

The invention relates to an electric arrangement, comprising: (a) functional modules, which can serve both as transaction initiators or transaction targets, whereby a transaction initiating functional module may need a transaction target functional module to execute a function for and on its behalf; (b) a first interconnect fabric connecting the functional modules and providing communication between those functional modules; wherein the (electric) arrangement being arranged in that a selected transaction initiation functional module has temporally exclusive access to transaction target functional module(s), executing a function for and on its behalf, to ensure that transaction initiating functional modules other than the selected transaction initiation functional module, have no uncontrolled access thereto, wherein said selected transaction initiation functional module being a hardware secure module.

A single input/output (I/O) controller for both secure partitionable endpoints (PEs) and non-secure PEs is enabled in a trusted execution environment (TEE) where secure memory portions are isolated from non-secure PEs. Security attributes for certain endpoints indicate secure memory access privilege of owning entities of the certain endpoints. A security monitor has exclusive access to the address translation control tables (TCE) stored in secure memory associated with a secure endpoint. When owning entity reassignment occurs, the endpoints are reinitialized to support a change in ownership from an outgoing owning entity having secure memory access and an incoming owning entity not having secure memory access.

An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, one or more multiplexors, and a validator communicably coupled to the memory. In one implementation, the validator is to: receive design rule information for the one or more multiplexers, the design rule information referencing the contention set; analyze, using the design rule information, a user bitstream against the contention set at a programming time of the apparatus, the user bitstream for programming the one or more multiplexors; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.

An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, one or more multiplexors, and a validator communicably coupled to the memory. In one implementation, the validator is to: receive design rule information for the one or more multiplexers, the design rule information referencing the contention set; analyze, using the design rule information, a user bitstream against the contention set at a programming time of the apparatus, the user bitstream for programming the one or more multiplexors; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.

An Information Handling System (IHS) includes at least one hardware device in communication with a Baseboard Management Controller (BMC). The hardware device includes executable instructions for establishing a secure communication channel with the BMC, and subsequently receiving a list of allowed commands from the BMC. When a command is received by the hardware device, it determines whether the command is included in the list such that when the command is in the list and the command is received within the secure communication channel, the hardware device performs the command. However, when the command is in the list and the command is received outside of the secure communication channel, the hardware device ignores the command.