Abstract: A method of operating an intrusion detection system. The system determines occurrence of a signature event indicative of a denial of service intrusion on a protected device. A value of a signature event counter is increased. The value of the signature event counter is adjusted to not include a count of signature events past a sliding window. The value of the signature event counter is determined to exceed a signature threshold quantity, followed by generation of an alert at a time subsequently recorded in a log. The log is cleared of entries past a permissible age. A present alert generation rate is determined as a ratio of the total number of timestamps in the log to the permissible age. The present alert generation rate is ascertained to exceed an alert generation rate threshold. A selected element of the signature set is altered to decrease the alert generation rate.

Abstract: An authenticator is configured with intelligence for the purpose of providing a “failsafe” mode for port-based authentication (802.1x). This failsafe mode enables end users to access a network when communication between the authenticator and the authentication server has temporarily failed, but keeps security measures in place so that unauthorized users cannot gain network access. An 802.1x access control point (e.g., a switch) is enabled to continue to authenticate certain users onto the network during periods of temporary communication failure with the authentication server, by locally storing alternative authentication information limited to historical authentication information of clients that have previously accessed the network via the authentication server. Subsequent revalidation of specific users using the primary authentication information follows restoration of communication with the authentication server.

Abstract: Disclosed are methods, systems, and computer program products for identifying sensitive data from a user-entered input sequence based on user-defined criteria. According to one method, user-defined criteria for identifying sensitive data within user-entered input sequences that include sensitive data and padding data are received. A request for sensitive data from a requesting agent is presented. A user-entered input sequence that includes sensitive data and padding data is received in response to the request for sensitive data. Sensitive data is identified within the user-entered input sequence using the user-defined criteria. The identified sensitive data is provided to the requesting agent in response to the request for sensitive data.

Abstract: Methods, systems, and computer program products for reconfiguring an operational mode of an input interface based on a privacy level are disclosed. According to one method, at least one of an environment in which data is being entered into a computer via an input interface and a destination for the data being entered is identified. An input interface privacy level is determined based on the identified at least one of the environment and the data destination. The input interface is reconfigured to operate in a mode corresponding to the determined input interface privacy level.

Abstract: Methods, systems, and computer program products for associating an originator of a network packet with the network packet using biometric information are disclosed. According to one method, biometric identification information is identified for a network user. The identified biometric identification information is associated with a header or a trailer of a network packet originated by the network user. The network packet may be sent over a network.

Abstract: A computer-implemented method and system is provided for associating subscription service information with media content. An exemplary embodiment includes receiving the media content including an identifier of a subscription service associated with the media content; using the identifier to subscribe to a subscription service using a publish/subscribe protocol; receiving information associated with the subscription service via the publish/subscribe protocol based on the subscription; and presenting the subscription information along with the media content.

Abstract: Disclosed are methods, systems, and computer program products for identifying sensitive application-layer data and controlling transmission of the data in a network. According to one method, sensitive data in a system resource is identified at an application layer. A packetization of the identified sensitive data is detected. A flag indicative of the presence of sensitive data is inserted in a packet having at least a portion of the identified sensitive data in response to identifying the sensitive data and detecting the packetization. The flag is inserted in a portion of the packet corresponding to a layer other than the application layer. Transmission of the packet is controlled in a network based on the flag.

Abstract: The present invention provides a method for indicating presence of a contact on a communication device.

Abstract: Methods, systems, and computer program products for providing context-based, hierarchical security for a mobile device includes storing a hierarchy of security actions for at least of one of protecting data stored on the mobile device and preventing unauthorized use of the mobile device. The hierarchy includes multiple levels. Each level may include at least one context-based security action. At least one security action associated with a first security level is performed in response to the existence of a first context associated with the first security level. At least one security action associated with a second security level is performed in response to the existence of a second context associated with the second security level.

Abstract: Method, system, and program product for port based authentication protocols where addresses are dynamically assigned within a network environment, and more particularly to port based authentication in the network environment, where connection information is captured and stored. This facilitates administrator access to information created as a result of protocol exchanges involved in dynamic address assignment, authentication, and connection.

Abstract: The present invention provides a computer-implemented method and system for associating presence information with a digital image. Aspects of the preferred embodiment include allowing an identifier associated with at least one object depicted in the image to be stored as image metadata; using the identifier to associate presence information with the at least one object; and performing an action related to the object using the associated presence information.

Abstract: Methods, systems, and computer program products are disclosed for indicating a return route in a mobile device. A location identifier representing an intermediate point along a route is received and is independent of global positioning system information. A direction of travel is associated with the location identifier. Directional instructions indicating a return route passing through the intermediate point are determined. The directional instructions are determined based on the location identifier and the associated direction of travel without reference to a mapping database and independent of global positioning system information. The directional instructions are then presented.

Abstract: A threat management domain controller is responsive to a computer-actionable threat management vector that includes a first computer-readable field that provides identification of at least one system type that is affected by a computer security threat, a second computer-readable field that provides identification of a release level for the system type and a third computer-readable field that provides identification of a set of possible countermeasures for a system type and release level. The threat management domain controller processes a threat management vector that is received for use by a domain of target computer systems, and transmits the threat management vector that has been processed to at least one of the target computer systems in the domain of target computer systems.

Abstract: A countermeasure for a computer security threat to a computer system is administered by establishing a baseline identification of an operating or application system type and an operating or application system release level for the computer system that is compatible with a Threat Management Vector (TMV). A TMV is then received, including therein a first field that provides identification of at least one operating system type that is affected by a computer security threat, a second field that provides identification of an operating system release level for the operating system type, and a third field that provides identification of a set of possible countermeasures for an operating system type and an operating system release level. Countermeasures that are identified in the TMV are processed if the TMV identifies the operating system type and operating system release level for the computer system as being affected by the computer security threat.

Abstract: Computer security threat management information is generated upon receiving notification of a computer security threat, by generating a computer-actionable Threat Management Vector (TMV) from the notification that was received. The TMV includes a first computer-readable field that provides identification of at least one system type that is affected by the security threat, a second computer-readable field that provides identification of a release level for the system type, and a third computer-readable field that provides identification of a set of possible countermeasures for a system type and a release level. The TMV that is generated is transmitted to target systems for processing.