Abstract: Methods and systems for automatic setup and initiation of meeting resources are described herein. A meeting room, area, or resource may be equipped with a camera or other proximity based sensor to determine when a user enters the meeting area. The camera may perform initial recognition of a user, e.g., based on facial or body recognition. The system may then authenticate the user as the meeting organizer using a second recognition technique, e.g., voice recognition. Based on the user authentication, the system may query the meeting organizer's calendar (or other resource) for meeting information, download an associated meeting presentation from cloud storage, initiate meeting (e.g., screen sharing) software, notify any missing attendees that the meeting has begun, and launch the presentation on a shared screen. The meeting organizer may then control the presentation using video and/or voice. All may be completed without the meeting organizer being required to touch anything.

Abstract: A monitoring system for monitoring a service execution infrastructure for providing a service to client computers via a network manages baselines of monitoring values of components per load of the service provided by the infrastructure, and uses the baselines depending on a current service load. When detecting an abnormality of a service monitoring value or component monitoring value by use of the baselines, the monitoring system compares events up to predetermined minutes ago from now with events in the baseline time zone thereby to specify a differential event (or non-normal recent event).

Abstract: An electronic file sending method is provided to securely and easily send en electronic file to a receiver. A receiving apparatus receives from a sending apparatus an electronic mail including an encrypted electronic file. The sending apparatus uses a public key of a management server to encrypt a decryption password that is necessary to decrypt the encrypted electronic file and sends the encrypted decryption password to the management server. In association with a file identifier of the electronic file, the management server stores the decryption password and an electronic mail address of a correct receiver, who is a receiver of the receiving apparatus. The receiving apparatus sends to the management server the file identifier of the electronic file and the electronic mail address of the receiver. The management server uses a public key of the receiving apparatus to encrypt the password and sends the encrypted password to the receiving apparatus.

Abstract: A method begins by a dispersed storage (DS) processing module encrypting a plurality of data segments of the data using a plurality of encryption keys to produce a plurality of encrypted data segments and generating a plurality of deterministic values from the plurality of encrypted data segments. The method continues with the DS processing module establishing a data intermingling pattern and generating a plurality of masked keys by selecting one or more of the plurality of deterministic values in accordance with the data intermingling pattern and performing a masking function on the plurality of encryption keys and the selected one or more of the plurality of deterministic values. The method continues with the DS processing module appending the plurality of masked keys to the plurality of encrypted data segments to produce a plurality of secure data packages and outputting the plurality of secure data packages.

Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.

Abstract: Systems for proximity-based access control include a proximity module configured to determine whether a distance from a first mobile device to each of one or more safe mobile devices falls below a threshold distance; a policy engine comprising a processor configured to determine whether a number of safe mobile devices within the threshold distance exceeds a safe gathering threshold; and a security module configured to activate a safe gathering policy in accordance with the safe gathering threshold that decreases a security level in the first mobile device.

Abstract: A request is received at an authorization framework via an authorization application programming interface (API) from a trusted application for authorizing a client application, where the client application requests a service provided by the trusted application. In response to the request, the client application is authorized in view of one or more authorization policies associated with the client application to determine whether the client application is authorized to access the requested service. A user associated with the client application is authenticated to determine whether the user is allowed to access the requested service. Thereafter, a value is returned from the authorization framework via the authorization API to the trusted application indicating whether the client application can access the requested service provided by the trusted application, based on results of the authorization and authentication.

Abstract: Artificial Immune Systems (AIS) including the Dendritic Cell Algorithm (DCA) are an emerging method to detect malware in computer systems. The DCA implementation may use an inflammation signal to communicate information among the processes of device or a network or among nodes of a network, where the inflammatory signal indicates a likelihood that a process or a node has been attacked by malicious software. The DCA implementation may dynamically change the malware sensitivity and responsiveness based on the inflammation signals without requiring user intervention. The inflammatory signal includes one or more inflammatory tuples, which may include multiple components such as a strength, a PrimeIndicator, and an optional third element, p. The strength component may be an indication of the magnitude of an attack and provide a degree of certainty of the attack. The PrimeIndicator may be an identifier of the indicator type that is the source of the inflammation tuple.

Abstract: Selectively permitting or denying usage of a service available on a device is provided. Usage restrictions on usage of services available on the device are maintained, the usage restrictions including customizable restrictions on usage of the services available on the device. A usage restriction for a service indicates usage parameter(s) of the device under which the service is usable or is unusable to users of the device. Based on detecting an event associated with the device, current usage parameter(s) of the device are identified and compared to usage parameter(s) indicated by a usage restriction to determine whether the service is to be usable or unusable. Usage of the service by a user of the device is then permitted or denied based the comparison.

Abstract: A method to secure a non-native application. The non-native application is processed to obtain an application stub to be triggered within a virtual machine. The processing of the non-native application also provide a native code function upon which the application stub depends. The non-native function is part of a trusted module that extends security services from the trusted module to the virtual machine. The trusted module is a native code application that creates a trusted zone as a root of trustiness extending to the virtual machine by an execution-enabling mechanism between the application tab and the non-native function.

Abstract: A method and apparatus for service login to a service provider sites have been disclosed. The method including: receiving a login request from a user, wherein the login request comprises at least both terminal's login information input by the user and third party account information pertaining to the user; after successful verification on the third party account information, determining by the service provider, whether the terminal's login information input by the user matches to reference login information, wherein the reference login information comprises specific information of the user to further identify user's identity; if the terminal's login information matches to at least a portion of the reference login information, delivering service to the terminal according to the third party account information.

Abstract: This data providing method is carried out by a computer (460) built in a data processing system (1) which is designed to collect log information from electronic devices through a network (30) and provide services based on that log information for authenticated users. The method includes: receiving a fridge's (100a, 100b) log information through the network; generating display data, representing a trend of change of a recovery time that indicates how long it takes for the fridge's inside temperature to recover a preset operating temperature since the fridge's door was closed, by reference to pieces of information which are included in the fridge's log information and which indicate (i) the preset operating temperature inside the fridge, (ii) the temperature of the ambient surrounding the fridge, (iii) a temperature inside the fridge, and (iv) opening and closing history of the fridge; and providing the display data for an authenticated user's display terminal (130a, 130b).

Abstract: A first device may receive a service authorization instruction from a second device. The service authorization instruction may include one or more authorization parameters and an instruction to associate or disassociate a key, with a service, to permit or prevent the service to be accessed using the key. The key may be embedded in an application used to provide an application instruction corresponding to a request for the service. The first device may validate the service authorization instruction based on the one or more authorization parameters; and update, based on validating the service authorization instruction, information identifying services that are accessible using the key to permit or prevent the service to be accessed using the key without modifying the key embedded in the application.

Abstract: Communications by a device in a private network to a site operating outside of the network can be programmatically inspected. Unstructured data, including messages and application content, originating from outside of the network may be disassembled, analyzed, and categorized into source specific application element types (AETs). A monitoring layer may allow a user of the device in the network to switch between different modes of interaction with the site operating outside of the network. Interactions and activities in different modes can be monitored and processed differently according to internal policies and/or business rules.

Abstract: Example embodiments provide various techniques for locating cryptographic keys stored in a cache. The cryptographic keys are temporarily stored in the cache until retrieved for use in a cryptographic operation. The cryptographic key may be located or found through reference to its cryptographic key identifier. In an example, a particular cryptographic key may be needed for a cryptographic operation. The cache is first searched to locate this cryptographic key. To locate the cryptographic key, the cryptographic key identifier that is associated with this cryptographic key is provided. In turn, the cryptographic key identifier may be used as an address into the cache. The address identifies a location of the cryptographic key within the cache. The cryptographic key may then be retrieved from the cache at the identified address and then used in the cryptographic operation.

Abstract: Systems and methods are provided for generating subsequent encryption keys by a client device as one of a plurality of client devices across a network. Each client device is provided with the same key generation information and the same key setup information from an authentication server. Each client device maintains and stores its own key generation information and key setup information. Using its own information, each client device generates subsequent encryption keys that are common or the same across devices. These subsequent encryption keys are generated and maintained the same across devices without any further instruction or information from the authentication server or any other client device. Additionally, client devices can recover the current encryption key by synchronizing information with another client device.

Abstract: A method of identifying one or more malicious threats in a computing device. The device comprises monitoring a plurality of events occurring on a computing device in run time, a plurality of processes executed on the computing device in run time, and a plurality of host activities of the computing device in run time, identifying a compliance of at least some of the plurality of events, the plurality of processes, and the plurality of host activities with a plurality of rules, generating a rule compliance status dataset generated according to the compliance, identifying a match between the rule compliance status dataset and at least one of a plurality of reference profiles each indicative of a computing device operation under a malicious threat activity, and detecting a malicious threat according to the match.

Abstract: A digital certification analyzer (or “analyzer”) provides protection for digital content stored on servers, file sharing systems, hard drives and USB enabled external drives or other digital repositories. The analyzer prevents unauthorized access from both owners/administrators and recipients of digital content being shared through a web based or file sharing type service. The analyzer protects the owner of the shared digital content from unauthorized access, while allowing multiple protection instances to be applied to multiple digital content shares within a digital file hosting and sharing environment. Timers are provided to limit access to digital content at the discretion of the owner of the digital content.

Abstract: A non-transitory computer readable storage medium includes executable instructions to identify specified network interactions initiated by a client machine. The specified network interactions are compared to normative values to produce a promiscuity score indicative of the risk of the client machine contracting malicious software. Depending upon the promiscuity score, prophylactic actions are optionally applied to the client machine.

Abstract: In a computer system operable at more than one privilege level, an application is securely customized to use secret data without disclosing the secret data to a managing operating system. In operation, an integrity module executes at a higher privilege level than both the managing operating system and the application. After the managing operating system loads the application executable code, the integrity module injects the secret data directly into the instruction stream of the application executable code and then sets the memory location of the secret data as executable-only. As the application executes at the assigned privilege level, the instruction in the application directly accesses the secret data without performing any indirect memory access, thereby protecting the secret data from malicious attempts to read the secret data at a privilege level lower than the integrity module.