Abstract: A system and process include receiving information relating to a plurality of cloud services from a plurality of cloud service providers. A determination is made, for each of the plurality of cloud services, one or more of a location of a server that hosts a cloud service, an origin of data used in the cloud service, and a destination of data processed by the cloud service. One or more of the plurality of cloud services are selected based on one or more of the determination of the server location, the origin of data, and the destination of data.

Abstract: A method and system for identifying a machine used for an online session with an online provider includes executing a lightweight fingerprint code from a provider interface during an online session to collect and transmit machine and session information; generating and storing a machine signature or identity including a machine effective speed calibration (MESC) which may be used to identify the machine when the machine is used in a subsequent online session by a method of matching the machine signature and MESC to a database of machine identities, analyzing a history of the machine's online sessions to identify one or more response indicators, such as fraud indicators, and executing one or more responses to the response indicators, such as disabling a password or denying an online transaction, where the response and response indicator may be provider-designated.

Abstract: A method receiving a first alert indicating a fault associated with a first node of a plurality of nodes. The method further includes determining a first value indicating a measure of reliability for the first node based on an amount of first node downtime associated with the first alert and a severity of the first alert.

Abstract: A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP.

Abstract: A method and system for consistent format preserving encryption (C-FPE) are provided to protect sensitive data while the sensitive data is in a domain while allowing encrypted sensitive data to be treated inside the domain as if it were the unencrypted sensitive data. The method includes inserting a transparent coupling into a data flow at a perimeter of the domain, and translating a sensitive data element from an unprotected data element to a protected data element using the transparent coupling such that the sensitive data element is a protected data element within the domain.

Abstract: According to one embodiment of the present disclosure, a method includes partitioning a disk image file into a plurality of segments. The method also includes generating a unique key for each segment, storing the unique keys in an image mapping file, and transmitting the image mapping file to a particular one of a plurality of nodes on a network. The method further includes transmitting a first segment and a second segment of the plurality of segments to different nodes of the plurality of nodes.

Abstract: A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP.

Abstract: Systems and methods for replicating data from a master server to a replica or backup server include capturing a read event associated with a retrieved file at the master server. The retrieved file may be generated by updating a reference file with remotely stored data. Attributes associated with the retrieved file may be checked to determine if they include attributes associated with the reference file, and if they do not, at least a portion of data and one or more attributes of the retrieved file may be copied or replicated to the replica server. The captured read event may be generated when an application attempts to access or read the retrieved file. An event associated with generation of the reference file may also be captured at the master server, and copies to the replica server.

Abstract: A method is provided for generating a human readable passcode to an authorized user including providing a control access datum and a PIN, and generating a unique machine identifier for the user machine. The method further includes modifying the controlled access datum, encrypting the controlled access datum using the PIN and/or a unique machine identifier to camouflage the datum, and generating a passcode using the camouflaged datum and the PIN and/or the unique machine identifier. A mobile user device may be used to execute the method in one embodiment. The passcode may be used to obtain transaction authorization and/or access to a secured system or secured data. The unique machine identifier may be defined by a machine effective speed calibration derived from information collected from and unique to the user machine.

Abstract: A method for implementing data model management at a first client application including: receiving a data model from a repository; generating a first delta from changes made to the data model; detecting whether a second delta, which is generated by a second client application from changes made to the data model at the second client application, is stored in the repository; and sending the generated first delta to the repository when the second delta is not stored in the repository. When the second delta is stored in the repository, the method includes steps of requesting the second delta generated by the second client application from the repository; generating a merged delta by merging the first delta with the second delta; and sending the merged delta to the repository. A system for implementing the data model management method.

Abstract: A method for self-managing group membership is disclosed. The method has a portion operating on a client terminal. The client-side portion includes determining if an email received at an email address is an intra-organizational email from a mailbox of a group. Additionally, the method provides a graphical interface element when the received email is determined to be an intra-organizational email from a mailbox of a group. The graphical interface element is configured to selectablely transmit a remove instruction to the group. Moreover, the method has a portion operating on a server. The server-side portion includes receiving the remove instruction; identifying a sender of the remove instruction; locating the sender in the group member list; and unsubscribing the sender from the group member list.

Abstract: Provided is a system, method, and computer-readable storage medium having one or more computer-readable instructions thereon for providing leased images in cloud computing environments. The method includes monitoring a usage of a leased image provided by a cloud vendor, by a client computing device. A threshold period of time associated with the usage is determined. Whether an access to the leased image should be terminated based upon an expiry of the threshold period of time or based upon a request received from the client computing device is determined. The image is locked based upon whether the access to the leased image should be terminated. An access request received for the locked image is monitored; and access to the locked image is enabled when it is determined that the access request is valid.

Abstract: Provided herein are systems and method enabling secure virtual image access in a virtual or cloud computing environment. The systems and methods include assigning a status to indicator to guest virtual machines (virtual images) that provide applications and other services to cloud consumers in the cloud environment. A virtual appliance machine in the cloud environment maintains the status of the guest virtual machines and makes decisions based on the status as to whether to allow access to the guest virtual machines. These decisions are transmitted to local elements on the guest virtual machines, which enforce access control on a local level. In this manner, unauthorized virtual image access is prevented providing increased security and data integrity.

Abstract: Provided herein are systems and methods for providing isolated virtual image communication in a virtual computing environment. Initially, a guest virtual machine that is activated in a virtual computing environment may be isolated into a private network. A service request may then be formulated at the guest virtual machine and addressed to a predetermined non-existent address. The request is then ostensibly sent to the predetermined address, whereupon the service request is actually transmitted to a shared resource with a security appliance machine in the virtual computing environment. The request is then forwarded to the security appliance machine and a reply formulated. The reply is sent back to the guest virtual machine via the shared resource.

Abstract: A system, method, and computer-readable storage medium for managing virtual hard disks in a cloud computing/storage environment are provided. The method includes associating, using a virtual hard disk (VHD) management system of a server device, a plurality of data blocks of a virtual hard disk stored at a cloud vendor to a corresponding plurality of cloud objects. A plurality of cloud object identifiers associated with the plurality of cloud objects in a first cloud allocation table are stored. Changes to one or more data blocks are determined. Corresponding new cloud allocation tables for every data block in the plurality of data blocks that has changed are formed, the new cloud allocation tables having corresponding new cloud object identifiers. The first and the new cloud allocation tables are downloaded and merged to form an updated cloud allocation table. The updated cloud allocation table is uploaded to the cloud vendor.

Abstract: An identification device includes a computer readable code. The computer readable code includes data relating to one or more pictures of a person and identity data for the person. The computer readable code is readable by a device reader, and the device reader is configured to interpret the computer readable code and to display the picture of the person using the computer readable code data relating to the picture of the person.

Abstract: A system and method is provided for allowing seamless auditing compliance and investigations of privileged account access and activities. Account access information and privileged activity information may be stored in a central data repository. The central data repository may be queried to determine who was granted access to a privileged account, the timeframe that the access was granted, and/or what actions were performed by the user who was granted access.

Abstract: According to one embodiment of the present disclosure, a method includes receiving a query from a user, the query requesting access to a database object in a first database table, the database object comprising a first column and a second column. The method also includes determining whether the user is authorized to access the database object based on the first column, and determining whether the user is authorized to access the database object based on the second column. The method further includes allowing the user to access to database object in response to determining the user is authorized to access the database object based on the first column or the second column.

Abstract: In some embodiments, a mobile device includes an interface configured to scan information from a communication tag associated with an asset, a memory operable to store the information, and a processor communicatively coupled to the memory. The information comprises a header describing the information, business application data, and asset identification data uniquely identifying the asset. The processor is configured to extract the business application data from the information scanned from the communication tag and extract the asset identification data from the information scanned from the communication tag.

Abstract: According to one embodiment, a method may include providing a representation of each of a plurality of nodes of an information technology (IT) environment to a plurality of administrators responsible for maintaining the IT environment. A plurality of scores for each of two or more of the plurality of nodes may be received. Each score may provide an assessment of a respective node of the plurality of nodes. One or more display characteristics may be determined for each node for which one or more scores was received. The display characteristics may comprise a size of a respective node that is based on the scores received for the respective node. The display characteristics may be provided to at least one administrator of the plurality of administrators responsible for maintaining the IT environment.