Abstract: The content management system can receive log-on requests from a plurality of users and a request from the plurality of users to access content stored in a repository of the content management system. The requested content can be copied to a transient content store. The transient content store can facilitate presentation of the copy of the content on a shared interface to the plurality of users. The transient content store can facilitate editing of the copy of the content by the plurality of users simultaneously by an editor external to the content management system. The edited copy of the content can be transmitted back to the content management system and can be stored in the repository of the content management system.

Abstract: A computer receives a set of objects from a client, whereby at least one of the objects of the set are respectively associated and encrypted with a unique file encryption key (FEK). The computer encrypts each of the FEKs with a common master encryption key, MEK, resulting in respective locked keys. In an initial backup, the encrypted objects together with their associated locked keys are transmitted to a backup server where a first module determines if locked key has changed via referencing an encryption state associated with the encrypted objects. If an MEK has changed, the existing FEKs are re-encrypted with the changed MEK to generate new locked keys, and, in a subsequent backup operation, sending the new locked keys to the backup server to replace the existing locked keys, while avoiding transmitting to the backup server the objects whose associated FEKs are affected by the changed MEK.

Abstract: A computer implemented process of encoding of at least one source file for obtaining an executable binary file that is executable by compilation of the at least one source file according to at least one instruction file, the process including: obtaining the at least one source file and the at least one instruction file; obtaining a plurality of encryption keys, at least two keys from the plurality of encryption keys being of different types, each type of encryption key being associated with a particular access right to the at least one source file; selecting each of the keys from the plurality of encryption keys and encrypting the source file according to the key selected and generating the source file encrypted according to the key selected; generating a package containing the at least one instruction file and the source files encrypted according to each key of the plurality of encryption keys.

Abstract: Securing invocation of stored procedures is provided herein. A first database management system (DBMS) can include a first database with first tables, a first user management module configured to manage privileges of database users (DB-users) of the first DBMS, and at least one first stored procedure. A second DBMS can include a second database with second tables, a second user management module configured to manage privileges of DB-users of the second DBMS, and at least one second stored procedure, the at least one second stored procedure configured to perform a computational task in the second DBMS. A synchronization mapping can map at least a portion of the first tables to respective ones of the second tables. Thus, a transfer of data of at least some of the first tables to the respective ones of the second tables in accordance with the synchronization-mapping can be performed.

Abstract: The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, a pre-defined information may also be utilized to authorize a connected-state guest operation environment in the host device.

Abstract: Systems and methods are provided herein for enabling a user to access a blocked media asset. These systems and methods allow a user to request that a parent, or another user, who can approve access to the blocked media asset approve access to the blocked media asset for viewing. The request may be transmitted as a notification to a mobile phone or another suitable device, such that the parent the other user can approve the request, even though they may be remote from the requesting user. Both the requesting user and the user whose approval is required to unblock the media asset (i.e., the approver), are identified by the system based on an identifier associated with each user. This informs the approver which user submitted the request. Additionally, this also adds a layer of security, since the approver must enter an identifier to authenticate their identity to the system before being able to unblock the program for the requesting user.

Abstract: Systems and methods for distributed authorization are described. In some embodiments, an Information Handling System (IHS) may include a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive a first authentication material from a first device; identify, based upon a policy stored in the IHS, a second device; and distribute a second authentication material to the second device.

Abstract: Disclosed herein is a digital rights management system that includes a storage module that stores a usage right for digital content in a tamper-resistant portion of a memory. The system also includes a flag status module that generates a flag corresponding with a transfer status of the usage right, sets the flag to one of a plurality of transfer statuses, and stores the flag in the tamper-resistant portion of the memory. The transfer statuses include a status indicating a request for the usage right was generated by a device with a usage right recovery mechanism.

Abstract: A method and proxy device for detecting bypass vulnerabilities in a cloud-computing platform are provided. The method includes identifying an access attempt by a client device to a cloud-based application hosted in the cloud-computing platform; identifying login information corresponding to the identified access attempt; requesting authenticated login information from a central authentication system; correlating the login information corresponding to the access attempt with the authenticated login information; determining, based on the correlation, whether a bypass vulnerability exists; and generating a bypass event when it is determined that the bypass vulnerability has been exploited wherein the bypass event indicates that the access attempt to the cloud-based application has not been properly authenticated.

Abstract: Embodiments relate to detecting and mitigating network intrusions. Packets are inspected at their source/destination hosts to identify packet trends local to the hosts. The local packet trends are combined to identify network-wide packet trends. The network-wide packet trends are used to detect anomalies or attacks, which in turn informs mitigation actions. The local inspection may be performed by reconfigurable/reprogrammable “smart” network interfaces (NICs) at each of the hosts. Local inspection involves identifying potentially suspect packet features based on statistical prevalence of recurring commonalities among the packets; pre-defined threat patterns are not required. For network-wide coherence, each host/NIC uses the same packet-identifying and occurrence-measuring algorithms. An overlay or control server collects and combines the local occurrence-measures to derive the network-wide occurrence-measures.

Abstract: A peripheral device and central device in a communication network, such as a Bluetooth Low Energy network, maintain privacy while establishing a connection. During the connection set-up, energy may be saved in the peripheral device by linking the advertising address of the peripheral device to the resolvable private address of the central device, thereby minimizing the search effort of the peripheral device.

Abstract: The embodiments herein provide a method and system for password recovery using Fuzzy logic. The system includes a receiving module, a validation module, an authentication module, a display module, a memory module, and a network interface. The system uses a phonetic algorithm such as Soundex algorithm for enabling the password recovery process. The user credentials received through the receiving module is validated with the validation module at the time of accessing the application. The authentication module is configured to authenticate the user using a fuzzy logic derived from a phonetic algorithm, by matching the answers of the user with the stored answers to compute a score which is compared with a threshold score. The user is enabled to unlock the user device when the computed validation score is greater than the threshold score.

Abstract: A system and method for managing implementation of policies in an information technologies system receives into a processor at least one policy function stored in at least one memory, receives into the processor a policy input indicating a high-level policy for the IT system, the policy input being compliant with the at least one policy function, based on the received policy input, automatically or semi-automatically generates via the processor a rule and/or configuration by replacing at least one policy function in the policy input with the at received least one policy function, the generated rule and/or configuration being compliant with the received policy input or replacing at least one value or value placeholder in the policy input with a corresponding value, and distributes the rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.

Abstract: The embodiments herein disclose a system and method for enabling single sign-on for a user on a plurality of web applications through a browser extension. The system includes a browser extension installed on a client device and a server. The server includes a receiving module, a parsing module, an authentication module, a generating module, and a database.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: Techniques are presented for uniquely identifying authentication associated with messages. A message is inspected for sender or domain identifying information associated with a sender of the message or a sender's domain. The identifying information is authenticated, and if authentication, then distinctive metadata is associated with the message. The distinctive metadata is presented or played in connection with the message for purposes of readily identifying the authentication.

Abstract: A request is received from a requestor for security credentials. An initial credential authority is selected based upon a first predetermined criteria. When the initial credentials authority is not available, a back-up credentials authority is chosen based upon a second predetermined criteria. The security credentials are obtained from the back-up certificate authority. The security credentials are transmitted to the requestor.

Abstract: A biometric identification device comprising a computer unit (3) arranged to execute an identification program and a registration program for storing in memory both biometric characteristics and also identifiers of people to be identified subsequently. The device comprises means for exchanging data with a distinct computer terminal (100) provided with a screen, and the registration program comprises a web server programmed to co-operate with a web browser of the terminal to set up a bidirectional communication channel and to send in real time to the web browser, via the communication channel, information about capture progress in order to enable the information to be displayed on the terminal in the form of a capture web page.

Abstract: Automated approval of a non-compliance of a modified configuration of a computer system includes performing a compliance check by a compliance management system. The modified configuration results from deploying a pre-approved modification pattern by a package management system modifying an initial configuration of the computer system. The modification pattern is provided by a software package that specifies at least one modification to be applied to the initial configuration and at least one compliance exception pre-approval specifying pre-approved non-compliances of modifications with compliance rules. Responsive to detecting a non-compliance, the non-compliance is compared with the pre-approved non-compliances. In response to determining that the detected non-compliances are not matching any pre-approved non-compliances, a compliance exception approval is requested. The detected non-compliance is approved in response to receiving the compliance exception approval for the detected non-compliances.

Abstract: For enhancing security in a complex network by a computer processor device, a processor collaborates with at least one additional processor device in a higher hierarchical order in the complex network. A Media Access Control (MAC) address of an offending network device is shared between the processor devices such that access of the offending network device to portions of the complex network under the supervisory control of the processor devices may be subsequently blocked.