Abstract: A physical host executes a hypervisor or virtual machine monitor (VMM) that instantiates at least one virtual machine (VM) and a virtual input/output server (VIOS). The VIOS determines by reference to a policy data structure a disposition of a packet of network communication with the VM, where the disposition includes one of dropping the packet and forwarding the packet. Thereafter, the determined disposition is applied to a subsequent packet in a same packet flow as the packet.

Abstract: Data can be scanned using a network managed appliance. The network managed appliance may integrate commercial hardware elements connected through a basic or simplified operating system environment expressly developed for the appliance, thus being more malware resistant and less vulnerable to attacks from the scanned data or other sources. The network managed appliance may be a self-contained apparatus with an integrated chassis, designed and configured as “single-purpose” device. Such appliances may be connected to an appliance management network including central management servers in communication with appliances in remote locations. The central management servers may ensure that scanning software and the definitions lists for each of the appliances are current and match an enterprise-approved configuration.

Abstract: A method for registering a first device with a second device over a wireless network includes receiving a registration request from the first device and sending one or more user input choices to the first device. The user input choices each specify a user input action available though a user interface associated with the second device. A device description describing the second device is sent to the first device in a manner that allows it to be presented to the user by the first device. At least one of the user input actions are sequentially received through the user interface in response to instructions provided to the user by the first device. The first device is registered with the second device if the user input actions received by the second device correctly reflect the instructions provided to the user by the first device.

Abstract: An invention is disclosed for updating a networked, single-threaded application's data model without blocking the application's entire user interface. In embodiments of the invention, a client executes a networked application with a single-threaded user interface that communicates with a server to refresh its data model. The client sends a message to the server that requests a refresh of the data model. Before the data model has been refreshed, the client receives local user input to perform an action on the data model. The client sends a message to the server to cancel the refresh. When the client receives an acknowledgement from the server that the refresh has been cancelled, the client performs the action. After performing the action, the client sends a second message to the server that requests a refresh of the data model, and then refreshes the data model upon receiving the refreshed data model from the server.

Abstract: The authentication method for stateless address allocation in IPv6 networks provides a P2P trust-verification approach for identifying a rogue node. Alternatively, the authentication method provides an information hiding scheme to avoid being plagued by rogue nodes. In both cases, the authentication method is embodied in a computer software product having machine readable code.

Abstract: A system and method for installing software on a secure controller without requiring the software to be properly signed. The method includes determining whether a by-pass flag has been set in the controller that identifies whether a file validation procedure is required to install the file and performing a pre-check operation to determine whether predetermined parameters of the file have been satisfied. The method also includes installing the file into a memory in the controller if the pre-check operation has been satisfied. The method further includes determining whether the file has a proper signature and indicating that the signature is proper if the by-pass flag is set and the file does not include a proper signature, and allowing the file to be installed if the signature has been indicated as being proper.

Abstract: A technique controls a soft token running within an electronic apparatus. The technique involves providing an initial series of authentication codes based on a first set of machine states. The initial series of authentication codes is provided from the electronic apparatus to a server through a forward channel to authenticate a user. The technique further involves receiving a command from the server through a reverse channel between the electronic apparatus and the server. The reverse channel provides communications in a direction opposite to that of the forward channel. The technique further involves changing the first set of machine states to a second set of machine states in response to the command, and providing a new series of authentication codes based on the second set of machine states. The new series of authentication codes is provided from the electronic apparatus to the server through the forward channel for user authentication.

Abstract: A server device may receive an indication that a mobile device has enrolled in a cache subscription service. The server device may receive cache parameters associated with the cache subscription service, where the cache parameters are specific to the mobile device. Content may be retrieved from a network and stored, in a memory associated with the one or more server devices, based on the received cache parameters. The server device may receive, from the mobile device, a request for particular content, determine whether the request for particular content corresponds to content that is stored in the memory, and provide, when determining that the requested particular content corresponds to content that is stored in the memory, the corresponding stored content to the mobile device.

Abstract: In a switching method of an electronic device, the electronic device receives a message sent from an earphone that is in electronic connection with the electronic device, the message comprising an input password, if the input password is equal to a password to switch an application layer into a host mode, the electronic device switches the application layer into the host mode to access private information of the application layer.

Abstract: A method for establishing secure wireless communications between a mobile device and a vehicle, where a user is not required to enter a password, but instead the telematics system is used to bootstrap the trust between the mobile device and the vehicle. The user initiates the process by pressing a button on the mobile device to request pairing. The vehicle uses its secure OnStar cellular communication link to verify the mobile device with the OnStar server, which generates and sends a session key to the vehicle via the vehicle-OnStar cellular connection, and also sends the session key to the mobile device via the device's own cellular connection. The session key serves as a shared secret, such that the vehicle can issue a secrecy challenge to the mobile device. When the mobile device responds appropriately, a trusted wireless communications link can be established between the mobile device and the vehicle.

Abstract: Methods, systems and computer program products for monitoring and analysis of network servers and web analytics programs are disclosed. A monitoring program, for example, is configured to monitor the status of web analytics program(s) associated with one or more network servers. The monitoring program may monitor server-specific metrics such as server free disk space, server available memory, server on-line/off-line status, report processing time, difference between system time and log file time, table size details, etc. The program may be configured to present status indicators to the user that are indicative of the health of the web analytics program and/or server. A user may receive an alert generated by the monitoring program regarding a change in web analytics program status. Additionally, the monitoring program may be configured to automatically take corrective action to remedy or prevent a critical event that may cause loss of data or delay web analytics reporting.

Abstract: A Data Loss Prevention (DLP) system includes an automated method for tracking changes to a security classification (e.g., content category) associated with an artifact to determine whether an attempt is being made to subvert a DLP policy. The method exploits the basic principle that, depending on context, the classification of a particular artifact, or a change to an existing classification, may indicate an attempt to subvert the policy. According to the method, an artifact classification state machine is implemented within a DLP system. For each policy-defined content category on each artifact, the machine identifies a content category change that may be of interest, as defined by policy. When a change in a classification has occurred, an artifact notification event (or, more generally, a notification of the change in classification) is issued.

Abstract: A method for controlling the traffic of an authentication server and an authentication access apparatus, wherein a local area network token bucket including a high priority token bucket and a low priority token bucket is set according to the capability of the authentication server in processing the request message, and the request message sent by the authentication client is redirected to the authentication server after allocating a token to the authentication client, thus the traffic of the authentication server is controlled, so that the authentication server will not receive more request messages than it can handle. Meanwhile, the tokens in the high priority token bucket are reserved specially for authentication clients of a high priority, and they cannot be used by authentication clients that are not of a high priority, so the quality of service for authentication clients of a high priority is improved.

Abstract: Disclosed are a multi-hop MIMO system and method. The multi-hop MIMO system according to an exemplary embodiment of the present invention includes: a server including a plurality of virtual machines; one remote screen device first connected to the server through at least one virtual machine of the plurality of virtual machines, receiving screen data from the server in a unicast scheme, and driven as a multicast server; and a plurality of different remote screen devices connected to the server through the at least one virtual machine, existing on a sub network where the one remote screen device exist, operating as multicast clients, receiving the screen data from the server or the one remote screen device in a multicast scheme, wherein the one remote screen device and the plurality of different remote screen devices simultaneously output the same screen data.

Abstract: A method and system for providing recording device privileges through biometric assessment are disclosed herein. An embodiment of the method includes monitoring information associated with a recording device. The information includes a recording device location, dynamic biometric data, knowledge data, and recording device identification data. From the monitored information, an identity of a then-current user of the recording device is determined. An authorization level for the then-current user is determined, and recording device access privileges are dynamically adjusted based on the determined authorization level.

Abstract: Embodiments are directed to providing a structural diagram to collect user input data in a non-linear manner and to managing multiple distributed application models using a structural diagram. In one scenario, a computer system receives a user input specifying a distributed software application that is to be managed across various different computer systems. The computer system determines, based the specified distributed application, which nodes are to be displayed in a structural diagram, where the nodes of the structural diagram represent application properties for managing the specified distributed software application. The computer system then provides a structural diagram that displays the determined nodes. The nodes allow non-linear configuration of the specified application across the various computer systems.

Abstract: A technique controls access to a protected resource. The technique involves performing a series of authentication operations between an end user device and an authentication engine, and providing, while the series of authentication operations results in ongoing successful authentication, a virtual desktop session from a virtual desktop server to the end user device to enable a user at the end user device to access the protected resource using the virtual desktop session. The technique further involves closing the virtual desktop session when the series of authentication operations results in unsuccessful authentication (e.g., receipt of an incorrect authentication factor, loss of communications between the end user device and the authentication engine, etc.) to prevent further access to the protected resource using the virtual desktop session.

Abstract: An improved technique of processing an authentication request from an authentication requestor involves an adaptive authentication device comparing a behavioral history of fact values associated with a user over a current time window with a user's baseline profile that includes a behavioral history of the fact values. The adaptive authentication device accesses such a behavioral history over several previous time windows from a database whose entries include a user identifier, a time interval and user data which represents fact value behavioral history over the time interval. When the device receives an authentication request from an authentication requestor, the adaptive authentication device matches a username of the request with a user identifier of an entry of the database whose time period is the current time period. The adaptive authentication device then updates fact values representing the user's current behavioral history and compares the current behavioral history to the user's baseline profile.

Abstract: Computer resource utilization modeling for multiple workloads includes a computer obtaining resource utilization data, the resource utilization data having groups of computer resource utilization measurements made during time intervals for a plurality of workloads. The computer determines parameters representing a distribution of the computer resource utilization measurements for each of the groups to generate a baseline of distributions across the time intervals for each of the plurality of workloads. The computer sums the baselines of distributions for the plurality of workloads to generate a combined baseline of distributions across the time intervals for a combination of the plurality of workloads.

Abstract: A business object model, which reflects data that is used during a given business transaction, is utilized to generate interfaces. This business object model facilitates commercial transactions by providing consistent interfaces that are suitable for use across industries, across businesses, and across different departments within a business during a business transaction. In some operations, software creates, updates, or otherwise processes information related to a communication system and/or an object identifier mapping business object.