Abstract: A method for sequencing virtual machines in a shared pool of configurable network computing resources comprises sequencing at least one computing element for one or more virtual machines into a respective one or more profiles. Each virtual machine corresponds to a respective profile. The method also includes storing the one or more profiles in a security database and identifying a first group of virtual machines and a second group of virtual machines. The first group of virtual machines corresponds to a security incident in the shared pool of configurable network computing resources. The method also comprises comparing profiles of the first group of virtual machines with profiles of the second group of virtual machines and determining an alteration plan based on the comparison of profiles of the first group with profiles of the second group. The alternation plan is related to the profiles of the second group of virtual machines.

Abstract: A method of storing a data object received from a network is described. An encrypted data object encrypted with a first encryption key is received. It is determined whether the encrypted data object is to be stored in an encrypted file system that requires encryption of a data object with a second encryption key. The first encryption key is encrypted with a third encryption key when it is determined the encrypted data object is to be stored in the encrypted file system. The first encryption key is attached to the encrypted data object. The data object encrypted by the first encryption key is stored in the encrypted file system.

Abstract: A method and/or computer program product autonomously drives a self-driving vehicle (SDV) to a service facility. One or more processors receive sensor readings from an SDV equipment maintenance sensor on the SDV. The SDV equipment maintenance sensor detects a state of equipment on the SDV indicative of a need for maintenance service for the SDV. The processor(s) identify a service facility capable of providing the maintenance service, and determine an amount of time required for the SDV to travel to and from a current location of the SDV to the service facility and to receive the maintenance service. The processor(s) identify a time window in which a user of the SDV will not need the SDV, and then direct the SDV to autonomously drive to the service facility during the time window in which the user of the SDV will not need the SDV.

Abstract: An approach provides solutions for responding to threats to virtual machines (VMs) and mitigating the risks of potential breaches to VMs that reside in the same neighborhood as VMs that are affected by threats. The approach can provide proactive responsive actions for one or more VMs in a determined neighborhood that help protect those VMs in a selective and prioritized manner.

Abstract: Embodiments of the present invention utilize a data hash and an associated geotag for authentication of geolocation policies for data object storage in a cloud system. The geotag may be an alphanumeric identifier such as a city name, postal (ZIP) code, and/or latitude-longitude pair. Embodiments include a post-authenticate process, in which, after a data object is retrieved from a BMS, the geographic location of the source is confirmed to ensure the location policies have not been violated. Additionally, embodiments include a pre-authenticate process, in which, prior to storing a data object in a BMS, the geographic location of the BMS that is to receive the data object is confirmed to ensure the location policies will not be violated. Embodiments may use pre-authenticate, post-authenticate, or both pre-authenticate and post-authenticate, in order to implement and verify the location policies.

Abstract: A web browser displays a set of search results from a web search, each search result indicating a link to a web page. Responsive to selection of a first of the set of search results for exclusion from display, a subset of one or more of the set of search results that indicate related links is identified. The related links comprise links have a same domain name as the link of the first search result. The first search result and the subset of the set of search results are excluded. The search results are displayed without the excluded ones of the set of search results.

Abstract: A method for sequencing virtual machines in a shared pool of configurable network computing resources comprises sequencing at least one computing element for one or more virtual machines into a respective one or more profiles. Each virtual machine corresponds to a respective profile. The method also includes storing the one or more profiles in a security database and identifying a first group of virtual machines and a second group of virtual machines. The first group of virtual machines corresponds to a security incident in the shared pool of configurable network computing resources. The method also comprises comparing profiles of the first group of virtual machines with profiles of the second group of virtual machines and determining an alteration plan based on the comparison of profiles of the first group with profiles of the second group. The alternation plan is related to the profiles of the second group of virtual machines.

Abstract: An approach provides solutions for responding to threats to virtual machines (VMs) and mitigating the risks of potential breaches to VMs that reside in the same neighborhood as VMs that are affected by threats. The approach can provide proactive responsive actions for one or more VMs in a determined neighborhood that help protect those VMs in a selective and prioritized manner.

Abstract: According to one exemplary embodiment, a method for load balancing between a virtual component within a virtual environment and a Host Intrusion Prevention System (HIPS) is provided. The method may include receiving a trusted connection table from the HIPS, wherein the trusted connection table contains a plurality of trusted connection information. The method may also include receiving a network packet from a virtual switch, wherein the network packet has a plurality of connection information. The method may then include determining if the plurality of connection information matches the plurality of trusted connection information. The method may further include sending the network packet to a destination based on determining that the plurality of connection information matches the plurality of trusted connection information.

Abstract: A method and system for uploading an image is provided. The method includes registering an application vendor with an account with respect to a computing system. A credentials file and an uploading software application are transmitted to the application vendor and a frozen image of a micro-cloud application running on an origin compute node associated with an application owner is compressed resulting in a compressed micro-cloud application. The credentials file is read and object store access information comprising an object store path and an object store authentication key is retrieved. The compressed frozen image of the micro-cloud application is uploaded and an entitlement package comprising the compressed frozen image of the micro-cloud application and an encrypted version of the object store access information is generated.

Abstract: A sender selection is detected at a sender computer system within a user interface of at least one suggested folder name for a composed electronic message for a recipient receiving the electronic message to select as a folder name for filing the electronic message. The at least one suggested folder name is attached to the electronic message at the sender computer system for distribution to the recipient. The electronic message is sent with the suggested filing folder name from the sender computer system to a recipient, wherein a recipient receiving the electronic message receives the at least one suggested folder name specified by the sender in the electronic message for selecting a folder for filing the electronic message in a messaging filing directory for the recipient.

Abstract: A method and system for uploading an image is provided. The method includes registering an application vendor with an account with respect to a computing system. A credentials file and an uploading software application are transmitted to the application vendor and a frozen image of a micro-cloud application running on an origin compute node associated with an application owner is compressed resulting in a compressed micro-cloud application. The credentials file is read and object store access information comprising an object store path and an object store authentication key is retrieved. The compressed frozen image of the micro-cloud application is uploaded and an entitlement package comprising the compressed frozen image of the micro-cloud application and an encrypted version of the object store access information is generated.

Abstract: According to one exemplary embodiment, a method for load balancing between a virtual component within a virtual environment and a Host Intrusion Prevention System (HIPS) is provided. The method may include receiving a trusted connection table from the HIPS, wherein the trusted connection table contains a plurality of trusted connection information. The method may also include receiving a network packet from a virtual switch, wherein the network packet has a plurality of connection information. The method may then include determining if the plurality of connection information matches the plurality of trusted connection information. The method may further include sending the network packet to a destination based on determining that the plurality of connection information matches the plurality of trusted connection information.

Abstract: Provided are techniques to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spoofing LPAR. The secure signal, or “heartbeat,” may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attach is occurring. The determination is made by sending a heartbeat that is designed to fail unless the heartbeat is received by a spoofing device.

Abstract: Each data integrity value, from among a plurality of data integrity values each associated with a separate unit of a program comprising a plurality of units, is checked against a separate recorded portion of a recording of the program corresponding to one of the plurality of units, wherein the recording of the program is recorded from a broadcast of the program. Responsive to a particular data integrity value from among the plurality of data integrity values not matching when checked against a particular separate recorded portion of the program corresponding to a particular unit from among the plurality of units, the recording is corrected by replacing only the particular separate recorded portion of the program from a second recording of only the particular unit from a subsequent broadcast of the program.

Abstract: A computer identifies at least one common content element used by each of at least two users from at least one communication by each of the at least two users. Responsive to one of the at least two users constructing content for a potential communication to the other of the at least two users, the computer accesses the at least one common content element for use by at least one content prediction service enabled for presenting one or more possible content elements comprising the at least one common content element for user selection during construction of the content for the potential communication.

Abstract: A school perimeter security system includes a registry database including: registered student mobile device identifiers, registered non-student mobile device identifiers, and a matching of students with authorized non-students with whom the students are permitted to be paired with near the perimeter. At least three beacon devices are located within the school's perimeter, positioned to establish a boundary area near the perimeter, detect and establish communication with mobile devices entering the boundary area, obtain an identifier from each mobile device that enters the boundary area, and facilitate tracking of all mobile devices within the boundary area. The processor and beacon devices interact to identify every mobile device entering the boundary area, track their location within the boundary area, compare the identified mobile devices with identifiers in the registry database and, transmit an alert notice when a condition is satisfied but not transmit that alert when a different condition is satisfied.

Abstract: According to one exemplary embodiment, a method for load balancing between a virtual component within a virtual environment and a Host Intrusion Prevention System (HIPS) is provided. The method may include receiving a trusted connection table from the HIPS, wherein the trusted connection table contains a plurality of trusted connection information. The method may also include receiving a network packet from a virtual switch, wherein the network packet has a plurality of connection information. The method may then include determining if the plurality of connection information matches the plurality of trusted connection information. The method may further include sending the network packet to a destination based on determining that the plurality of connection information matches the plurality of trusted connection information.

Abstract: According to one exemplary embodiment, a method for load balancing between a virtual component within a virtual environment and a Host Intrusion Prevention System (HIPS) is provided. The method may include receiving a trusted connection table from the HIPS, wherein the trusted connection table contains a plurality of trusted connection information. The method may also include receiving a network packet from a virtual switch, wherein the network packet has a plurality of connection information. The method may then include determining if the plurality of connection information matches the plurality of trusted connection information. The method may further include sending the network packet to a destination based on determining that the plurality of connection information matches the plurality of trusted connection information.

Abstract: A school perimeter security system includes a registry database. The registry database includes: registered student mobile device identifiers, registered non-student mobile device identifiers, and a matching of students with authorized non-students with whom the students are permitted to be paired with near the perimeter. At least three beacon devices are located within the school perimeter, positioned to establish a boundary area near the perimeter, detect and establish communication with mobile devices entering the boundary area, obtain an identifier from each mobile device that enters the boundary area, and facilitate trilateration of all mobile devices within the boundary area. The processor and beacon devices cooperatively interact to identify every mobile device entering the boundary area, track the location of every mobile device within the boundary area, compare the identified mobile devices with identifiers in the registry database and, transmit an alert notice when a condition is satisfied.