Abstract: Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.

Abstract: A user authentication apparatus safely uses resources by forming a communication channel between a plurality of execution environments through user authentication in a portable terminal providing the plurality of execution environments based on a virtualization solution, and prevents private information from being illegally leaked by hacking by not directly exposing a PIN number or a password a user inputs using a virtual keyboard and a keyboard coordinate when authenticating the user.

Abstract: The personal information manager system comprises a centralized information manager (CIM) and a personal information manager (PIM) device. The centralized information manager is encoded on a server and is accessable by the PIM device through Internet protocols over a wireless medium. The PIM, to be carried by a user, is connected to the CIM by a wireless transmitter, receives context-sensitive, customized, prioritized, filtered, and aggregated information from the CIM, and can directly receive GPS data and other sources of local information.

Abstract: A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.

Abstract: Apparatus for assessing threat to at least one computer network in which a plurality of systems (301, 302, 303, 304, 305, . . . 30n) operate is configured to determine predicted threat activity (13), to determine expected downtime of each system in dependence upon said predicted threat activity, to determine loss (12A, 12B, 12C, 12D, 12E, . . . , 12m) for each of a plurality of operational processes (31A, 31B, 31C, 31D, 31E, . . . 31m dependent on the downtimes of the systems, to add losses for the plurality of processes so as to obtain a combined loss (12SUM) arising from the threat activity.

Abstract: An environmental monitoring device that monitors the operation of a legacy electronic device is described. In particular, a sensor in the environmental monitoring device provides sensor data that represents an environmental condition in an external environment that includes the environmental monitoring device. This environmental condition is associated with the operation of the legacy electronic device in the external environment. The environmental monitoring device analyzes the sensor data and provides feedback about the operation of the legacy electronic device based on the analyzed sensor data. Moreover, the sensor provides the sensor data without or excluding communication and/or electrical coupling between the environmental monitoring device and the legacy electronic device. In this way, the environmental monitoring device facilitates monitoring, analysis and feedback of the sensor data without directly interacting with the legacy electronic device.

Abstract: An access management service system that manages use of a service provided by a resource service system, comprises: a holding unit which holds information of a user and information of a client system in a storage unit; a determination unit which, if an authorization request for use of the service is received from the client system due to an instruction from a user having authority to use the service, determines whether a group to which the user belongs and a group to which the client system belongs match based on the information held in the storage unit; and a presentation unit which, if the determination unit determines that the groups match, presents, to the user, a screen for instructing whether or not to permit delegation of the authority of the user to the client system.

Abstract: The claimed subject matter provides a system and/or a method that facilitates connectivity within a peer-to-peer networking environment. A client can transmit a request to connect with a host for peer-to-peer networking. A server can generate a list that includes at least one host that matches the request from the client. A predictor engine can reduce the list by at least one matched host based upon a predictor, wherein the predictor is at least one of an Internet Protocol history predictor, a prefix history predictor, or a geography predictor.

Abstract: A method for identity mapping across web services uses a delegated authorization protocol, such as OAuth. In response to a request from a first user at a first web service, a connection to a second web service is established using the protocol. The second web service responds by sending information associated with a second user of the first web service who previously logged into the second web service from the first web service using the protocol. The second user may be a “contact” of the first user. The information received from the second web service is a access token that was obtained by the second user during that prior login. The access token is provided in lieu of data associated with the second user's account at the second web service. Thereafter, the first web service uses the access token it received to map to an identity of the second user.

Abstract: Example embodiments perform on-the-fly delivery of PGP encrypted data. A large data file is broken into chunks which are encrypted and delivered to a pipe object. The bytes of a chunk are read from the pipe object in the same order as they were written. Header and footer packets are prepared and delivered.

Abstract: In embodiments of the present invention improved capabilities are described for selective website vulnerability and infection testing and intelligently paced rigorous direct website testing. By providing robust website content integrity checking while only lightly loading the website hosting server, visitor bandwidth availability is maintained through selective testing and intelligently paced external website exercising. A modular pod-based computing architecture of interconnected severs configured with a sharded database facilitates selective website testing and intelligent direct website test pacing while providing scalability to support large numbers of website testing subscribers.

Abstract: According to one embodiment, a radio communication apparatus includes a radio communicator, a storage, and a controller. The radio communicator is configured to perform close proximity wireless communication or near field wireless communication with other radio communication apparatus. The storage is configured to store data, setting parameters associated with the data, and an application. The controller is configured to execute the application and control a transmission and reception of the data performed by the radio communicator on the basis of the application. The application can be set to a read-only mode by an operation of a user. The setting parameters include transfer permission information. The controller checks whether or not a user is an authorized user of the radio communication apparatus, when the user is the authorized user, the controller executes the application and thereby activates the radio communicator.

Abstract: A computer-implemented method for protecting document files from macro threats may include (1) identifying a document file that contains an embedded macro, (2) locating an event-driven programming language module that stores the embedded macro for the document file, and (3) cleaning the event-driven programming language module by removing procedures for the embedded macro within the event-driven programming language module and retaining variable definitions within the event-driven programming language module. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method are provided for discovering new friends using recommendation paths in a media recommendation network. In general, media items are recommended among users in a media recommendation network. Use of media items by the users is monitored. If the use of a media item by a user exceeds a threshold, a determination is made as to whether the media item was recommended to the user. If so, that recommendation is identified as a highly valued recommendation for that user. Thereafter, when the user desires to identify new friends from which to receive recommendations and to which to send recommendations, a recommendation path for the highly valued recommendation is identified. Users in the recommendation path that are not already friends of the user are identified as potential new friends for the user.

Abstract: A system and method for controlling communications networks. Network performance information is gathered from a first communications network using performance information packet data packets. A network operator of the first communications network is controlled from a secondary communications network using the performance information packet data packets. Changes to the network operator are implemented based on instructions included in the performance information packet data packets.

Abstract: In one embodiment, a mechanism to implement security in process-based virtualization is disclosed. In one embodiment, a method includes maintaining a security policy for a process-based virtualization system, initializing a virtual machine (VM) in the process-based virtualization system, assigning a security label to the VM, and enforcing the security policy on the VM based on the security label of the VM in order to isolate the VM from other VM's in the process-based virtualization system.

Abstract: A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

Abstract: One aspect of the present invention relates to a method for detecting a phishing website. The method includes acquiring information related to a microblog post containing a uniform resource locator (URL) of a website; analyzing the information related to the microblog post to extract features of the microblog post; calculating credibility of the URL of the website contained in the microblog post according to the extracted features of the microblog post; and determining according to the credibility of the URL of the website whether the URL of the website is a URL of a phishing website.

Abstract: Implementations of the present disclosure provide systems and methods for automatically preloading data pertaining to credentials determined to be likely to be used during a particular time interval into a memory utilized by a credential emulator. The systems and methods described herein contemplate identifying a particular time interval by identifying events that may designate the beginning and end of that particular time interval, identifying contextual information relevant to the client device or a user account affiliated with the client device during the time interval, identifying a set of credentials available for loading into the memory utilized by the credential emulator, determining from the set of credentials, a subset composed of individual credentials that are likely to be used during the time interval, and loading data pertaining to individual credentials in the subset into the memory utilized by the emulator.

Abstract: In one embodiment, a secure transport layer tunnel may be established over a public network between a first cloud gateway in a private cloud and a second cloud gateway in a public cloud, where the secure transport layer tunnel is configured to provide a link layer network extension between the private cloud and the public cloud. In addition, a cloud virtual Ethernet module (cVEM) may be executed (instantiated) within the public cloud, where the cVEM is configured to switch inter-virtual-machine (VM) traffic between the private cloud and one or more private application VMs in the public cloud connected to the cVEM.