Abstract: A method and apparatus for configuring an overlay network are provided. In the method and apparatus, a first application is caused to be deployed for execution on the first computer system, with the application being member of an application group. First information is provided to the first computer system, with the first information being usable for securing communication between at least the first application and a second application deployed to a second computer system. Second information usable for establishing a routing entity for the first computer system is provided to the first computer system, with the routing entity established to route data from or to the first application.

Abstract: Sensitive pieces of information stored on an individual's device can be protected using a device identification system that applies, for each sensitive piece of information, a function that integrates an identifier of the individual with a respective sensitive piece of information to create a respective identity element. Each identity element can be signed with a signature to create a trust group. The identity element and signature can be uploaded to the individual's device using an application that is configured to provide a subset of the sensitive pieces of information in response to a query.

Abstract: A protection method for an electronic device includes generating a control command using a processor of the electronic device when it is determined to acquire information of a current user of the electronic device. The electronic device is controlled to acquire the information of the current user and to acquire data of the electronic device according to the control command. The acquired information is stored. The acquired information and the acquired data is transmitted to the server.

Abstract: A system and computer-implemented method including receiving a request from a service provider, at a central account manager, to provide a user account for a user logging into the first service provider, identifying one or more user accounts associated with the user at one or more user account providers maintained at the central account manager, selecting a first user account of the one or more user accounts and providing, using the one or more computing devices, the selected first user account to the first service provider in response to the request.

Abstract: In an example embodiment, a wireless device is operable to advertise a policy on the inclusion of the wireless device in a radio frequency map. For example, the wireless device may transmit a signal comprising a field in an extended capabilities information that indicates whether mapping of the wireless device is permissible. As another example, the wireless device may perform certain actions, such as changing media access control address, changing transmit power, and/or vary response times to prevent accurate mapping of the location of the wireless device.

Abstract: The present invention relates to data communication systems and protocols utilized in such systems.

Abstract: Disclosed are various embodiments for facilitating the distribution of files from a file repository. Files from a file repository can be distributed via peer to peer transmissions where the peer devices can perform authentication functions. The authentication can be performed based upon metadata associated with the files as well as based upon authentication requests submitted to an authentication server.

Abstract: A computer-implemented method, including receiving, by one or more computer systems, customer characteristic information for a user; applying, by the one or more computer systems, one or more recommendation rules to the customer characteristic information to determine a security tier; comparing, by the one or more computer systems, the customer characteristic information to one or more other users with a threshold level of similarity to the user for which the customer characteristic information is received; identifying, by the one or more computer systems, a security tier assigned to one of the one or more other users; and generating information indicative of a recommended security tier, based on the identified security tier and the determined security tier.

Abstract: A web browser sends to a web-application server a request to access a web application. The web server transmits to the web browser a parent document with an inline frame (iframe) containing a Uniform Resource Locator (URL) to an authentication location. In response, a child document is transferred to the web browser. The child document occludes the parent document and presents a user interface for user authentication. Rather than wait until authentication is complete to begin transferring prerequisite files, the web-application server at least partially transfers to the web browser prerequisite files for the web application during the authentication process. This reduces the post-authentication delay involved in transferring prerequisite files, improving the user experience.

Abstract: A method for providing an administration policy to a user device comprising a plurality of applications, the method comprising centrally generating the administration policy to be implemented in the user device, the administration policy comprising at least one of an application administration policy to be used by at least one of the plurality of applications and a client administration policy for the user device; and providing the generated policy to the user device.

Abstract: The invention relates to systems, methods and computer-readable media for controlling access to compute resources in a compute environment such as a cluster or a grid. The method of providing conditional access to a compute environment comprises associating a required service level threshold with a compute environment, associating a service level with a requestor, receiving a request for access to the compute environment from the requestor; and, if the service level of the requestor meets the specified service level threshold, then allowing access to the compute resources. The threshold-based access may be enforced by reservations, policies or some other method.

Abstract: Methods and apparatuses for authenticating data communications are disclosed. In a method an intermediate node between a sender device and a receiver device obtains an authenticator associated with the sender device. The intermediate node authenticates the sender device such that the intermediate node acts as the receiver device towards the sender device. The intermediate node is then authenticated to the receiver device such that the intermediate node uses the authenticator associated with the sender device for the authentication to transparently intervene data communications from the sender device to the receiver device.

Abstract: Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential.

Abstract: Methods of obtaining input on a physical input device are provided. A virtual input device is superimposed over the physical input device. The virtual input device has a different layout than the physical input device, such that a first input on the physical input device is mapped to a different input on the virtual input device. In another aspect, methods of securing a transaction according include displaying a first input screen to a user, encrypting a scrambling key using a public key, the scrambling key defining a second input screen that has a different layout from the first input screen, transmitting the encrypted scrambling key to a user device, receiving an input from the user device, and mapping the input to the second input screen.

Abstract: A processing device comprises a processor coupled to a memory and is configured to obtain a credential associated with a particular access control interval, to determine an application programming interface (API) key based at least in part on the credential, and to utilize the API key in an API key enrollment protocol. The obtaining, determining and utilizing are repeated for one or more additional instances of the API key enrollment protocol corresponding to respective ones of one or more additional access control intervals. The processing device illustratively comprises a service requester device configured to carry out at least a portion of a given instance of the API key enrollment protocol with a service provider device. The API key may comprise, for example, the credential itself, or a function of the credential and other information. The credential may comprise, again by way of example, an intermediate value of a hash chain.

Abstract: A processing device comprises a processor coupled to a memory and is configured to obtain a credential associated with a particular access control interval, to insert information derived from the credential into one or more messages of a remote management interface protocol, to transmit the one or more messages to a managed device, and to remotely control the managed device responsive to a successful authentication based at least in part on the inserted information. The one or more messages of the remote management interface protocol are illustratively compliant with a designated Intelligent Platform Management Interface (IPMI) specification. The credential associated with the particular access control interval may be generated based at least in part on a corresponding intermediate value of a hash chain. For example, the credential may be generated based at least in part on a message authentication code and the corresponding intermediate value of a hash chain.

Abstract: A method of generating an unpredictable number in a computing device is provided. The method comprises the computing device performing the following programmed steps: obtaining a plurality of data elements; performing a first one way function on an internal value P and the plurality of data elements to update the value P; and performing a second one way function on the value P to obtain the unpredictable number. A computing device adapted to perform this method is also described.

Abstract: Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By using a “class” designation within the existing certificate store structure and key store structure, certificates and keys can be assigned to one space among plural spaces. Accordingly, a personal certificate store and a personal key store may exist in a personal space. Similarly, a corporate certificate store and a corporate key store may exist in a corporate space. APIs designed to work within such a system may be arranged to employ a “class” attribute when managing certificates and cryptographic keys.

Abstract: A cloud-based system is disclosed including at least one local client device communicatively coupled, via an intermediate network, with a server device having an information processing, organization, and management engine, and further including distributed local and cloud databases spread across separately owned user accounts. The information processing, organization, and management engine includes one or more information processing, organization, and management blocks responsive to selections by the owner of content and other users of the system to control access to and use of content by users of the system.

Abstract: The authentication system includes a to-be-authenticated device for generating a first authentication data; an authentication code convertor for converting the first authentication data generated by the to-be-authenticated device into a second authentication data; and an authentication device for performing authentication of the to-be-authenticated device based on the second authentication data. The first authentication data includes an authentication code obtained by encrypting challenge data output from the authentication device and input to the to-be-authenticated device through the authentication code convertor and predetermined data included in the to-be-authenticated device in accordance with an encryption method using a first encryption key; and the predetermined data included in the to-be-authenticated device.