Abstract: A file system data is divided into two or more data blocks. A unique encryption key is assigned to each data block with the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks and each of the data blocks is encrypted using its assigned encryption key. One of the data blocks within the file system is then selected and decrypted using the distinct encryption key assigned to the selected data block and a new encryption key, distinct for the previously assigned encryption key, is assigned to the selected data block and the selected data block is re-encrypted using the new encryption key. This process is then repeated for each data block on a sequential/cyclic and continually rotating basis.

Abstract: Employment role data, trust data, and special permissions data, associated with a party is automatically obtained and/or monitored. The employment role data associated with the party, the trust data associated with the party, and the special permissions data associated with the party, is then analyzed to determine a set of allowed access permissions data to be associated with the party, the set of allowed access permissions data providing the party access to one or more resources. It is then either recommended that the set of allowed access permissions data be provided to the party, or the set of allowed access permissions data is automatically provided to the party.

Abstract: A method for customizing a graphical user interface (GUI). The method includes identifying an event associated with the GUI and a user; matching the event to a trigger of a GUI pattern; identifying, within the GUI pattern, an expected interaction between the GUI and the user in response to the event; and modifying the GUI to improve user access to a graphical element involved in the expected interaction.

Abstract: A method for obtaining a configuration profile, including obtaining test results for customer-tested configuration profiles, including operable configuration profiles, from customer mobile devices. A shared data repository is populated with the test results and the customer-tested configuration profiles. The customer-tested configuration profiles are related to customer mobile device profiles of the customer mobile devices. A target mobile device profile, describing mobile device properties, is received from a target mobile device. A subset of the customer mobile device profiles having a threshold degree of similarity to the target mobile device profile are selected from the shared data repository. For each of the operable configuration profiles in the subset, a probability of compatibility is calculated, and the operable configuration profiles in the subset are tested on the target mobile device in an order defined by the probability of compatibility.

Abstract: Virtual asset creation data used to create a virtual asset is generated through a virtual asset creation system that includes primary virtual asset data. Secondary authentication data is also generated. When the virtual asset is launched, the secondary authentication data is passed to the virtual asset from the virtual asset creation system. The primary virtual asset data and secondary authentication data from the virtual asset creation system and the virtual asset, and/or one or more other sources associated with the virtual asset, are then sent to a virtual asset validation system through different communication channels. If the primary virtual asset data and secondary authentication data from the two sources match, or have a defined threshold level of similarity, the status of the virtual asset is transformed to the status of validated virtual asset eligible to receive sensitive data.

Abstract: Data security jurisdiction zones are identified and data security policy data for the data security jurisdiction zones is obtained. The data security policy data for the data security jurisdiction zones is then automatically analyzed to determine allowed secrets data with respect to each of the identified data security jurisdiction zones. The allowed secrets data with respect to each of the data security jurisdiction zones is then automatically obtained and provided to resources in the respective data security jurisdiction zones, either from a central secrets data store or from an allowed secrets data store associated with each data security jurisdiction zone.

Abstract: Virtual host creation data used to instantiate a hardened task specific virtual host in a first computing environment is generated including hardening logic for providing enhanced security and trust for the hardened task specific virtual host and internal task specific logic for directing and/or allowing the hardened task specific virtual host to perform a specific function assigned to the hardened task specific virtual host. When task data is received indicating a task to be performed in the first computing environment requires the performance of the specific function assigned to the hardened task specific virtual host, the hardened task specific virtual host is automatically instantiated and/or deployed in the first computing environment.

Abstract: Communications and data security policy data for two or more communications jurisdiction zones is obtained that includes data indicating allowed protocols for the respective communications jurisdiction zones. Data indicating a desired exchange of data between a first resource in a first communications jurisdiction zone and a second resource in a second communications jurisdiction zone is received/obtained. The first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone policy data is automatically obtained and analyzed to determine an allowed type of secure communications security level for the desired exchange of data that complies with both the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone policy data.

Abstract: User acceptance of a given data extraction template and the number of data fields that the data extraction template can extract accurately is used to calculate data extraction template ranking, or a ranking score, to be associated with the data extraction template. Then the data extraction template having the highest data extraction template ranking score is used in a first attempt to extract data from a source documents of the source document type associated with the data extraction templates. As more data extraction templates associated with a given source document type are received, data extraction template ranking scores are updated/modified, and, in one example, the data extraction templates having the lowest data extraction template ranking scores are detected/eliminated.

Abstract: One embodiment of the present invention provides a system for using a mobile device to remotely control a desktop application that was configured for use with a pointing device. During operation, the system receives at a mobile device, from a user, a connection request to connect to a desktop application executing on a remote device. In response to the connection request, the system establishes a remote control session between the mobile device and the remote device. Next, the system receives, at the mobile device, a video stream from a first camera coupled to the mobile device. The system then analyzes the video stream, at the mobile device, to identify a gesture made by the user. Next, the system identifies, at the mobile device, a pointing device command corresponding to the gesture. Finally, the system sends the pointing device command to the desktop application executing on the remote device.

Abstract: A technique for associating data with an account is described. During this technique, a user uploads data to a computer system from an electronic device one or more times without providing log-in credentials for the account. Instead, the data is stored along with an identifier determined from characteristics or attributes of the electronic device. If the user subsequently logs into the account from the electronic device, the computer system determines that the identifier for the electronic device matches the previously determined identifier. At this point, the computer system associates data with the account.

Abstract: Some embodiments described herein provide a system to facilitate determining a solution for a software product crash. During operation, a server can receive multiple crash reports, wherein each crash report corresponds to a crash instance of the software product. The crash reports can be received from client systems where the product was executing before the crash. The server can then generate a description for each crash instance based on the corresponding crash report. Next, the server can create a crash report page that visually organizes each of the crash descriptions. Finally, the crash report can be displayed to a user to facilitate determining a solution to at least some of the crash instances.

Abstract: During an information-extraction technique, a user of an electronic device may be instructed by an application executed by the electronic device (such as a software application) to acquire images, with different orientations (which are known to the user), of a target location on a document using an imaging sensor, which is integrated into the electronic device. After the user has taken a first image and before the user takes a second image in a different orientation of the electronic device (and, thus, the imaging sensor), the electronic device captures multiple images of the document. Then, the electronic device stores the images with associated timestamps. Moreover, after the user has taken the second image, the electronic device analyzes one or more of the first image, the second image and at least a subset of the images to extract information proximate to the target location on the document.

Abstract: A secure secrets proxy is instantiated in a first computing environment and includes secure secrets proxy authentication data for identifying itself to a secrets distribution management system in a second computing environment as a trusted virtual asset to receive and cache secrets data in a secure secrets cache outside the second computing environment. The secure secrets proxy requests one or more secrets to be cached and is then provided data representing the requested secrets in the secure secrets cache. The secure secrets proxy then receives secrets application request data from a second virtual asset instantiated in the first computing environment requesting one or more secrets be applied to second virtual asset data. The secure secrets proxy then obtains the required secrets from the secure secrets cache and coordinates the application of the secrets to the second virtual asset data.

Abstract: Secrets data representing one or more secrets required to access associated resources is provided along with secrets distribution policy data representing one or more secrets distribution factors used to control the distribution of the secrets. When a requesting virtual asset submits secrets request data, virtual asset profile data associated with the requesting virtual asset is obtained. The requesting virtual asset profile data is then analyzed using at least one of the secrets distribution factors to authenticate the requesting virtual asset. The requesting virtual asset profile data is then analyzed using one or more of secrets distribution factors to determine what secrets the requesting virtual asset legitimately needs. Authorized secrets data for the requesting virtual asset representing one or more authorized secrets is then generated. The requesting virtual asset is then provided access to the authorized secrets data.

Abstract: Computerized methods, systems and computer program products for determining how an identity of a consumer can be verified during a transaction involving the consumer and a merchant. Embodiments access and analyze data of an account the consumer has with an online social network to derive a challenge question response options. The social-network based challenge question and response options are presented to the consumer, and the consumer's selection of certain response options is used to confirm that the consumer is the person named on a credit card or other payment instrument or that other identification or verification information should be requested by the merchant before completing the transaction.

Abstract: One or more relevant scanners used to identify asset vulnerabilities are identified, obtained, and logically arranged for deployment on an asset in accordance with a vulnerability management policy and a scanner deployment policy such that the relevant scanners are deployed at, or before, a determined ideal time to minimize the resources necessary to correct the vulnerabilities, if found. The relevant scanners are then automatically deployed in accordance with the scanner deployment policy and, if a vulnerability is identified, one or more associated remedies or remedy procedures are applied to the asset. At least one of the one or more relevant scanners are then re-deployed on the asset to determine if the identified vulnerability has been corrected and, if the vulnerability is not corrected at, or before, a defined time, protective measures are automatically taken.

Abstract: A method for delivering an online social network (OSN) message. The method includes obtaining delivery status and content of the OSN message, wherein the OSN message is sent by a first user using an OSN application to a second user, generating, by a computer processor, a text message comprising the content of the OSN message, and sending, by the computer processor and in response to the delivery status meeting a pre-determined criteria, the text message using a text messaging service (TMS) to the second user, wherein the OSN application is used by the first user to exchange social interaction messages with OSN friends of the first user, and wherein the second user is not able to view the OSN message using the OSN application.

Abstract: In response to a user instruction, an electronic device contacts a representative associated with a software application (such as customer support or sales) using a telephone number of the representative. In addition, the electronic device provides an identifier via a telephone connection with the representative to specify the information about the user known to a provider of the software application to allow the representative to access the information. For example, the identifier may include a numerical value (such as an extension), and providing the identifier may involve appending the numerical value to the telephone number prior to the establishment of the telephone connection with the representative. Alternatively or additionally, the identifier may be provided after the telephone connection is established with the representative.

Abstract: The disclosed embodiments relate to a system that enables a user to continue accomplishing a task on a handheld device while moving. During operation, the system tracks the speed of the handheld device while the user is interacting with an application on the device. If the speed is greater than a pre-determined speed, the system audibly prompts the user to enable hands-free mode. If the user says yes, the system enables hands-free mode and the user may continue to use the application in hands-free mode. Otherwise, the system continues to run the application without enabling hands-free mode.