Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: A user of a system defines a limited use access token for an external user for that external user to access defined resources of the system based on the user's account with the system. An access control system validates the access token when the external user attempts to access the defined resources and grants the external principal access to the defined resources.

Abstract: Apparatus, systems, and methods may operate to receive the execution status of a user application, and to transmit the state of a dynamic user status indication, based on the execution status, to a user status reporting application. The state may be changed according to a system administration policy configuration. In some embodiments, activities include changing the state of a dynamic user status indication (included as part of a user status reporting application) based on the execution status of a user application. Changing the status may be conducted according to a user-specified configuration policy or a system administration policy configuration. Further activity may include transmitting the state to at least one additional application to enable display of the state across a network. Additional apparatus, systems, and methods are disclosed.

Abstract: Techniques for evaluating patent impacts are provided. A claim of a patent is normalized and an abstract of the claim is generated. The abstract is used to search a repository of target sources and their corresponding abstracts. Related abstracts found during the search are returned for purposes of evaluating the claim in view of data sources associated with the related abstracts.

Abstract: Techniques for enabling storage remotely are presented. A REpresentational State Transfer (REST) front-end interface is interfaced to a legacy file system via a backend interface that directly interacts with the native storage and protocols of the legacy file system. The REST interface is presented as the frontend interface to the legacy file system making the storage of the legacy file system available to web or network-enabled devices.

Abstract: Techniques for trusted platform module (TPM) assisted data center management are provided. A data center registers TPM remote attestations for physical processing environments of physical devices within a data center. Each time a physical processing environment is established; a new TPM remote attestation is generated and validated against the registered TPM remote attestation. Additionally, during registration other identifying information is supplied to the physical processing environments that permit each physical processing environment to be authenticated, validated, and controlled via unique identities. Inter-data center communication is established for sharing virtual processing environments and administrative operations are authenticated within each of the data centers perform any administrative operation is permitted to process within a particular data center.

Abstract: System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external cloud address to the internal cloud addresses of the cloud workloads. The routing system comprises a virtual router configured to function as a network address translator (“NAT”); a distributor connected between the virtual router and the cloud workloads; and a distributor registry accessible by the distributor for maintaining information comprising at least one of port mappings, cloud address mappings, and cloud workload configuration information.

Abstract: Techniques for parallel business intelligence and management are provided. Data is collected from a variety of disparate sources and from a variety of disparate network locations. The data is then filtered and normalized. Next, relationships between elements in the data are established and correlations are created between the elements. The elements are then tagged and integrated with other data of a distributed knowledge store to create customized business intelligence reports and customized data visualizations.

Abstract: Apparatus, systems, and methods may operate to include transforming subsequent unmarked contexts into additional tainted contexts in response to identifying a tainted event as a link between a prior tainted context and the subsequent unmarked contexts. Further operations may include publishing an event horizon to a display. The event horizon may include the tainted event and all other events associated with a linked chain of contexts that include the prior tainted context and the additional tainted contexts, where the tainted event and the other events share the taint in common. In this way, a taint associated with malicious behavior can be propagated and tracked as it moves between contexts. Additional apparatus, systems, and methods are disclosed.

Abstract: Techniques for meta-directory control and evaluation of events are provided. Disparate events from heterogeneous processing environments are collected as the events are produced by resources within the processing environments. The events are filtered and organized into taxonomies. Next the filtered and organized events are assigned to nodes of a Meta directory, each node defining a relationship between two or more of the resources and policy is applied. Finally, additional policy is evaluated in view of the events and their node assignments with other events, and one or more automated actions are then taken.

Abstract: At least two mobile devices introduce one another and select data for transfer to and receipt by at least one receiving mobile device using audio communications. Each of the devices uses its speaker(s) and its microphone to introduce and select the data. Once secure audio communications are confirmed between the devices, the selected data is acquired by the at least one receiving mobile device using audio communications or a different out-of-band communication wired or wireless network.

Abstract: A first device requests a protected resource (managed by a second device). A first authentication is performed by the second device upon receipt of the request. The second device provides an audio message back to the first device, which plays the audio message over a speaker. A third device captures the audio message as audio and uses the audio message to request a second authentication from the second device. The second device provides an authenticated session handle back to the first device for accessing the protected resource when both the first and second authentications are successful.

Abstract: Techniques for auditing and controlling network services are provided. A proxy is interposed between a principal and a network service. Interactions between the principal and the service pass through the proxy. The proxy selectively raises events and evaluates policy based on the interactions for purposes of auditing and controlling the network service.

Abstract: In a computing system environment for administratively installing MSI applications on one or more computing devices of a remote user, methods and apparatus include creating a temporary administrative user on the computing devices. Upon installation, the temporary administrative user is removed and the application is used normally. Preceding installation, however, determinations are made regarding whether the MSI application requires the presence of the user. If so, creation of the temporary administrative user occurs on the fly by software, indicated by way of an administrator of the environment on a computing device other than the one being installed with the application. In this manner, MSI applications, which oftentimes require the presence of an actual user, can be successfully installed without their presence. They can also be installed without the security risks of a generic user common to all computing device or installed immediately without waiting for a first user to log on.

Abstract: Techniques for automated service platform prospecting are provided. A prospector process is sent out in advance to scout for potential network sites that provide computing infrastructure and computing services (platforms) to self-contained computing environments. The prospector process validates the potential network sites for use and gathers site characteristics that are used to configure the self-contained computing environments when they are to be installed and executed on those network sites.

Abstract: Techniques for runtime patching of an OS without stopping execution of the OS are presented. When a patch function is needed, it is loaded into the OS code. Threads of the OS that are in kernel mode have a flag set and a jump is inserted at a location of an old function. When the old function is accessed, the jump uses a trampoline to check the flag, if the flag is set, processing returns to the old function; otherwise processing jumps to a given location of the patch. Flags are unset when exiting or entering the kernel mode.

Abstract: Techniques for project management instantiation and configuration are provided. A master project includes policy directives that drive the dynamic instantiation and configuration of resources for a project. The resources are instantiated and configured on demand and when resources are actually requested, in response to the policy directives.

Abstract: Methods and apparatus teach a digital spectrum of a file. The digital spectrum is used to map a file's position. This position relative to another file's position reveals distances between the files. Representatively, files have a plurality of symbols representing an underlying data stream of original bits of data. The number of occurrences of each symbol in each file is compared to like symbols in other files. This can occur via algorithms, mapping, or both. In certain instances, comparison reveals a difference in counts between the symbols of the files. This difference is then squared, added together, and a square root taken. Comparing “distance values” reveals file adjacency, grouping, or the like. Also, normalizing, weighting, filtering functions and/or other statistical computations are applied in certain instances.

Abstract: Techniques for virtual Representational State Transfer (REST) interfaces are provided. A proxy is interposed between a client and a REST service over a network. The proxy performs independent authentication of the client and provides credentials to the client and for the client to authenticate to the REST service using a REST service authentication mechanism. The proxy inspects requests and responses and translates the requests and responses into formats expected by the client and the REST service. Moreover, the proxy enforces policy and audits the requests and responses occurring between the client and the REST service over the network.

Abstract: Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed.