Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing cross organizational data sharing including, for example, means for storing customer organization data in a database of the host organization; allocating at least a sub-set of the customer organization data to be shared as shared data; configuring a hub to expose the shared data to a proxy user and configuring the proxy user at the hub with access rights to the shared data; configuring one or more spokes with access rights to the shared data of the hub via the proxy user; receiving a request from one of the hubs for access to the shared data of the customer organization via the proxy user at the hub; and returning a response to the hub having made the request. Other related embodiments are disclosed.

Abstract: Disclosed herein are methods and systems for validating an autonomous system that comprises a static-code module and a dynamic-code module, the method including the steps of performing a code-integrity-validation process on the static-code module and performing a behavior-integrity-validation process on the dynamic-code module. In some embodiments, performing the code-integrity-validation process on the static-code module includes performing a signature-verification process on the static-code module. In some embodiments, performing the behavior-integrity-validation process on the dynamic-code module includes using an encrypted-and-signed test vector.

Abstract: In one embodiment, a computer implemented method provides a client computing device network access to a private network by a network traffic manager, and the method includes: obtaining context parameters related to a context of the client computing device; selecting as a function of the context parameters one or more policies as selected policies, wherein each policy is associated with one or more network entitlement rules defining network access rules to a networking device or an application in the private network according to the policy; retrieving the one or more network entitlement rules associated with the selected policies; and providing the network traffic manager with the one or more network entitlement rules, thereby providing the client computing device the network access.

Abstract: Native file encryption support is integrated into an existing file system that does not provide such support, such as the FAT family of file systems, while maintaining backwards compatibility with previous implementations of these file systems.

Abstract: Methods and apparatuses employing copula optimization in building multivariate statistical models for identifying and detecting threats to an enterprise or e-commerce system are disclosed, including grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers and using the one or more rules on incoming enterprise or e-commerce system data traffic to detect threats to the enterprise or e-commerce system. Other embodiments are described and claimed.

Abstract: A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

Abstract: An interface device includes a communication interface and a secure element. The communication interface receives input data and a selection of one of a plurality of secure modes to secure the input data for transmission to a secure external computing device, such as a banking web server. The secure element secures the input data based on the secure mode that was selected. The secured input data is then transmitted to the secure external computing device.

Abstract: Systems and methods are described for delivering messages from one or more service hosts to clients via a network. A first request identifying the client is received at the message server, and a connection is established and maintained between the message server and the client in response to the first request. When a subsequent request that identifies the client is received from the service host, a message is transmitted from the message server to the client over the previously-established connection. The methods and techniques may be used, for example, to provide messages from various services to placeshifting devices or other clients communicating via the network.

Abstract: Methods, systems, and computer program products are provided for developing application definition packages, and deploying the application definition packages at cloud services to produce real-time data analytics applications. In one implementation, a selection is received of an application definition package that defines a real-time data analytics application. The application definition package indicates an application name and includes at least one payload definition, reference data definition, and query definition. A domain name is provided for the real-time data analytics application, and a cloud service is generated that is associated with the domain name. The application definition package is applied to an application template to generate a finalized real-time data analytics package. The finalized real-time data analytics package is instantiated in the cloud service to create a network-accessible instance of the real-time data analytics application.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining network related anomaly scores. One of the methods includes generating a network map including at least a plurality of network nodes and a plurality of edges that indicate communications paths between the plurality of network nodes, obtaining first data indicating network activity over the edges and between the plurality of network nodes for a first time period, generating a model of expected network activity over the edges and between the plurality of network nodes for a future time period using the network map and the first data, obtaining second data indicating network activity over the edges and between the plurality of network nodes for a second time period, and determining an anomaly score using a comparison between the second data and the model of expected network activity.

Abstract: Delegating authorizations sufficient to access services is contemplate. The authorization may be delegated in the form of a token or other transmissible construct relied upon to authenticate access to services, such as but not necessarily limited to conferring a user identity established via authenticated device for the purposes of enabling an unauthenticated or unsecured device to access a service associated with the user identity.

Abstract: A streaming environment includes at least a first processing element of a first compute node and a second processing element of a second compute node. A tuple encryption operation is determined of the first processing element and the second processing element. The first processing element includes a first encryption key for encrypting the tuples as the leave the first processing element. An encryption workload is measured of the tuple encryption operation of a processing workload of the use of the first encryption key of a transfer of the stream of tuples. A threshold of the tuple encryption operation is determined. The second processing element is migrated to the first compute node and fused to the first compute node with the first processing element. The tuple encryption operation is removed from the first processing element.

Abstract: According to some embodiments, a plurality of geographically remote distribution points may be established, each distribution point being associated with a traffic cleaning or scrubbing center. Incoming traffic at each distribution point may be received and not legitimate network traffic may be detected, wherein the not legitimate network traffic may include DDOS traffic. When not legitimate network traffic is detected, the system may filter the incoming traffic via the clearing or scrubbing center at each distribution point, or across a plurality of distribution points simultaneously (thereby diluting the attack across multiple network nodes and scrubbing centers). The filtered traffic may then be transmitted from each distribution point to a customer network via an active association, wherein responses from the customer network utilize customer infrastructure to deliver the response with or without involving the clearing or scrubbing centers.

Abstract: Techniques described herein may be used to enable users to access services protected by two-factor security systems without having to provide additional authentication information (e.g., a portion of the user's social security number, biometric information, etc.). An application server may provide one or more services, such as a social networking service, an online banking service, etc. When a user device attempts to access the service, the user may provide a username and password, to the application server, as the first factor of a two-factor authentication process required to access the service. However, instead of requiring the user to provide additional authentication information (e.g., the second factor), a network authentication server, the application server, and the user device may collaborate to automatically provide the additional authentication information.

Abstract: An operating method of a memory controller may include: enabling a security mode in response to a first command received from a host; generating a security key based on a host key received from the host; storing the security key in a security key storing unit; and/or performing a first data processing operation of encrypting data received from the host and decrypting data stored in a non-volatile memory device, based on the security key, when the security mode is enabled. The security key storing unit may be a volatile memory.

Abstract: A streaming environment includes at least a first processing element of a first compute node and a second processing element of a second compute node. A tuple encryption operation is determined of the first processing element and the second processing element. The first processing element includes a first encryption key for encrypting the tuples as the leave the first processing element. An encryption workload is measured of the tuple encryption operation of a processing workload of the use of the first encryption key of a transfer of the stream of tuples. A threshold of the tuple encryption operation is determined. The second processing element is migrated to the first compute node and fused to the first compute node with the first processing element. The tuple encryption operation is removed from the first processing element.

Abstract: Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.

Abstract: A computer-implemented method for identifying abnormal computer behavior includes receiving, at a computer server subsystem, data that characterizes subsets of particular document object models for web pages rendered by particular client computers; identifying clusters from the data that characterize the subsets of the particular document object models; and using the clusters to identify alien content on the particular client computers, wherein the alien content comprises content in the document object models that is not the result of content that is the basis of the document object model served.

Abstract: In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. The scanning facility may utilize the contextual information from the client request to aid in the detection of restricted content associated with retrieved content.

Abstract: Improved systems and techniques are disclosed for controlling the security states of anti-theft security systems such as product display assemblies using security fobs. According to an example embodiment, a manager security fob and another security fob that is to be authorized for use in controlling the security status of a product display assembly can interact with a system in accordance with a defined sequence to add the another security fob to an authorization list for the product display assembly. For example, the defined sequence can be a connection of the manager security fob with the system, followed by a disconnection of the manager security fob from the system, followed a connection of the another security fob with the system within a defined window.