Abstract: Verifiable test case workflow is provided by creating a secure database for actions taken regarding a source file that is stored on a first computer; creating a test executable from one or more source files and storing it on the first computer; finalizing the source file for test on a second computer different from the first computer; hashing a test environment related to the source file and the second computer; and in response to determining that a version of the test executable provided to the second computer matches a version of the test executable provided to the secure database: executing the test executable on the second computer; hashing test results from testing the source file on the second computer; and adding the test executable as hashed and the test results as hashed to the secure database to actions already stored in the secure database.

Abstract: Verifiable test case workflow is provided by creating a secure database for actions taken regarding a source file that is stored on a first computer; creating a test executable from one or more source files and storing it on the first computer; finalizing the source file for test on a second computer different from the first computer; hashing a test environment related to the source file and the second computer; and in response to determining that a version of the test executable provided to the second computer matches a version of the test executable provided to the secure database: executing the test executable on the second computer; hashing test results from testing the source file on the second computer; and adding the test executable as hashed and the test results as hashed to the secure database to actions already stored in the secure database.

Abstract: In a software environment wherein one or more subjects respectively seek to access one or more objects, and wherein a security policy having rules is associated with the environment, a method is provided for use in connection with an effort by a particular subject to access a particular object. The method comprises identifying a domain to which the particular subject belongs, and identifying a type that includes or characterizes the particular object. One or more rules of the security policy are then used to decide whether to permit the particular subject to access the particular object. The method further comprises providing one or more distinct audible sounds for a user associated with the particular subject, wherein each audible sound represents specified information pertaining to the decision of whether or not to permit access to the particular object.

Abstract: In a software environment wherein one or more subjects respectively seek to access one or more objects, and wherein a security policy having rules is associated with the environment, a method is provided for use in connection with an effort by a particular subject to access a particular object. The method comprises identifying a domain to which the particular subject belongs, and identifying a type that includes or characterizes the particular object. One or more rules of the security policy are then used to decide whether or not to permit the particular subject to access the particular object. The method further comprises providing one or more distinct audible sounds for a user associated with the particular subject, wherein each audible sound represents specified information pertaining to the decision of whether or not to permit access to the particular object.

Abstract: A method, system, apparatus, and computer program product are presented for significantly decreasing the computational effort for a rekeying process without sacrificing the security of a single sign-on system. For each user, a “minor” key is created when the user's account within the single sign-on system is created; the user's minor key is used to encrypt and decrypt the user's target passwords. However, to protect the confidentiality of a user's minor key, the minor key is not stored directly. Instead, a storage key is generated by masking a user's minor key with the master key in an appropriate manner, e.g., using the user's minor key and the master key as inputs to an exclusive-OR function to generate the storage key. A user's storage key can then be stored without compromising the user's minor key or the master key, and the user's minor key can be efficiently regenerated using the storage key and the master key.

Abstract: A method of managing passwords of users desiring access to multiple target resources in a computer enterprise environment. For each given user, each of a set of id/password pairs is associated to each of a set of one or more respective targets. Each id/password pair is normally required to access a respective target resource. The targets of each given user are stored in a globally-accessible database. In response to entry by a given user at a client machine of a single-sign on (SSO) id/password, the globally-accessible database is accessed from a personal key manager (PKM) server to retrieve the targets of the given user. The targets are returned to the PKM server, which then uses data therein to access the respective target resources on behalf of the given user at the client machine.

Abstract: A method of sharing a master key across a set of servers operating a single sign-on (SSO) mechanism in a distributed computer network. The master key is useful for encrypting user passwords for storage in a globally-accessible registry. The method begins by establishing in the registry a group identifying which of the servers in the set, if any, have a copy of the master key. At a given server, the method continues by determining whether a copy of the master key is stored at the given server and whether the group has at least one member. The master key is then generated at the given server if a copy of the key is not stored at the given server and the group does not have at least one member. Other servers in the set pull the master key as needed.