Abstract: A method, computer program product, and computer system for sending, by a first computing device, a payload from a plurality of payloads to a second computing device. A response from the second computing device responding to the payload is received at the first computing device. It is determined whether the payload has successfully attacked an application executing at the second computing device based upon, at least in part, the response. If not, at least a portion of the plurality of payloads that shares a structural overlap with the first payload is identified. At least a second payload of the portion is prevented from being sent to the second computing device in response to identifying that the second payload shares the structural overlap with the first payload.

Abstract: Systems and methods for authenticating playback devices using timestamp validation in accordance with embodiments of the invention are disclosed. One embodiment includes securely storing at least one timestamp in memory within a playback device in response to the occurrence of at least one predetermined event, where a stored timestamp is based on the current time of a system clock when an event occurs, generating a cryptographic key using the at least one timestamp, securing cryptographic data using the cryptographic key, receiving a request to playback encrypted content, where the encrypted content is accessible using the cryptographic data, accessing the at least one timestamp, generating the cryptographic key, accessing the cryptographic data using at least the cryptographic key, and playing back the content using the playback device.

Abstract: A method, computer program product, and system for transforming unit tests is described. A unit test associated with one or more software units is identified. A graphical representation of a portion of a computer program is built, wherein the graphical representation includes a control flow edge. A potentially vulnerable data flow associated with the control flow edge is identified. A control flow weight is assigned to the control flow edge, based upon, at least in part, identifying the potentially vulnerable data flow. A security analysis is applied to the portion of the computer program based upon, at least in part, the control flow weight.

Abstract: A new approach is proposed that contemplates systems and methods to support user identity verification based on social and personal information of the user. Under the approach, customers/users are required to grant identity verifying party a degree of access to their social network information, including but not limited to, account data and social graph information on social networks. The identity verifying party then acquires information of a current or potential user's online presence in addition to other information of the user and utilizes such information to verify the user's identity in the real world and/or to assess the fraud risk of a specific financial transaction requested by the user.

Abstract: An approach is provided for distributed policy management and enforcement. A policy manager determines one or more domains of an information system. The one or more domains are associated at least in part with respective subsets of one or more resources of the information system. The policy manager also determines one or more respective access policies local to the one or more domains. The one or more respective access policies configured to enable a determination at least in part of access to the respective subsets, the one or more resources, or a combination thereof. At least one of the one or more respective access policies is configured to operate independently of other ones of the one or more respective schemas.

Abstract: A computer implemented system and method are provided for password pre-verification on the client side in client-server applications. An example system comprises a translation module configured to translate user input, in the form of a character string that can represent a password, to obtain a symbolic representation of the user input. The example system also comprises an output module configured to receive the symbolic representation from the translation module and, based on the user input, provide output to the user in the form of visual, audio or haptic cues. Such cues can alert a user as to whether or not the input character string is correctly entered. In a further example embodiment, a system can further comprise a comparison module configured to compare an existing symbolic representation with the symbolic representation generated from the user input by the translation module.

Abstract: A computer-implemented method includes receiving, by one or more servers associated with an application marketplace, a policy that includes data that identifies one or more users, and a restricted permission. A request is received, by the servers associated with the application marketplace, to access one or more applications that are distributed through the application marketplace, wherein the request includes data that identifies a particular one of the users. One or more of the applications that are associated with the restricted permission are identified by the servers associated with the application marketplace, and access by the particular user to the applications that are associated with the restricted permission is restricted by the servers associated with the application marketplace.

Abstract: Setup of a Voice over Internet Protocol (VoIP) call is initiated and an authentication token is received for the VoIP call that is set up, that indicates that the VoIP call is authorized. The authentication token is inserted into packets for the VoIP call. The packets, including the authentication token therein, are transmitted into an IP network. The authentication token may be placed in an IP version 6 (IPv6) flowID field.

Abstract: Aspects of the present disclosure may provide a location-based multimedia experience to a user. In one example, a method includes receiving location information corresponding to a physical location of the first computing device, and outputting the location information from a first computing device to a second computing device in order to authenticate the first computing device. The method includes receiving an authentication response indicating that the first computing device has been successfully authenticated. The method may further include responsive to receiving the authentication response, receiving, one or more video communication sessions based on the location information, wherein each of the one or more video communication sessions enables communication between computing devices associated with users. The method may also include generating for display, by the first computing device, a representation of the one or more video communication sessions.

Abstract: The present invention describes an automated process that enables dynamic provisioning (both creation and deletion) of administrative accounts based upon a real-time need as defined by service desk processes and procedures. This invention enhances current provisioning of administrative account processes that are typically handled by service desk personnel that constantly turnover through firings and hirings. By creating an on-demand provisioning process on a strictly as-needed basis an enhanced security structure is created. In addition, audit ability of access can be added to the processes that provides accountability and traceability of activities that can be directly related back to actual business justifications (the initial problem report) for actions (important not only in ITIL but also regulatory requirements).

Abstract: A method includes controlling security in a communication system that involves a node capable of routing traffic according to one or more security algorithms with respective security levels. The node is adapted to estimate at least one safety degree relating to the node, to select at least one security algorithm of the one or more security algorithms, depending on the estimated safety degree; and to activate the at least one security algorithm.

Abstract: Various systems and methods distribute enforcement of browser rules. For example, one method can involve receiving, from a browser control client, information indicating that a user is accessing the Internet via a browser. The information received from the client can include a login name submitted by the user via the browser. The browser is installed on a computing device, and the browser control client is also installed on the computing device. The method can then send, to the browser control client, a set of one or more browser rules associated with the login name for enforcement on the computing device, in response to receipt of the information.

Abstract: A server storing a pool of unassigned access credentials selects an access credential from the pool, assigns it to an individual, identifies a mobile communication device associated with the individual, and pushes the access credential to the mobile communication device over a secure and authenticated channel such that the access credential is receivable by the mobile communication device. If the mobile communication device supports a proximity technology and is proximate to an access node that supports the proximity technology, the mobile communication device employs the proximity technology to present the access credential to the access node.

Abstract: A download terminal acquires and stores a content from a content server, acquires from a license server, a writing-out license including a use condition for writing out of the content to an exchangeable medium and writes out the content to the exchangeable medium according to the writing-out license. The writing-out license includes a pack identifier given to a content group to which the content belongs, and viewing term information of the content, as the use condition. The download terminal determines based on the viewing term information, a viewing time limit of the content to be written out, and synchronizes a viewing time limit of other content having a same pack identifier as that of the content.

Abstract: A computer-readable recording medium having stored therein a program for causing a computer to execute an automatic virtualization process includes creating a copy of information stored in a storage unit in a migration source, storing the created copy in a migration destination apparatus; and encrypting the storage unit in the migration source after storing the copy in the migration destination apparatus.

Abstract: A configuration service comprises a deployment package and a production configuration for a network security device. One or more configuration parameters of the production configuration may be defined by an administrator of the network security device (e.g., the customer). The network security device may be preconfigured with a network address and identifier. The network security device may be configured to automatically request and apply the deployment package at deployment time by use of the preconfigured network address and identifier. The network security device may automatically request and apply the production configuration from the configuration service in response to applying the deployment package.

Abstract: Methods and apparatuses that collect tracking data items into a plurality of data stores for one or more domain in response to resources received from the domains are described. Each tracking data item may be accessible for one of the domains. Relationships of the domains may be identified among the tracking data items across multiple data stores according to the resources received. One or more of the domains may be selected according to the identified relationships to control accessibility of the tracking data items for the domains. The data stores may be updated to prohibit accessing at least a portion of the tracking data items for the selected domains.

Abstract: The present invention provides an extensible disc player that is upgradeable to play new content types. The player's capability can be extended by downloading an appropriate decoder from a web server via the Internet. In this way, the player can play back contents that it does not originally support. If the content type is unknown, the player will check whether the disc contains a URL for linking to a web site containing an appropriate decoder. If the disc contains the URL, the player will access the web site to download the appropriate decoder. In a similar manner, the capability of a recorder can also be expanded by downloading appropriate encoders from the Internet.

Abstract: A system and method facilitate the use of a multi-function computer for an examination. An application implementing the method receives a hash input from a user and, upon successful completion of the examination, displays a hash output. The hash output may be displayed as a visual hash. During the examination, the application or system monitors the multi-function computer to determine whether the user has activated, viewed, or launched any prohibited functions or applications on the multi-function computer. If the user views a prohibited function or application, the examination application does not display the hash output. The system and application implement various security measures to prevent spoofing or duplication of the hash output or tampering with the application.

Abstract: A method for detecting if a digital document (e.g. an HTML document) is changed by others than authenticated script code (e.g. JavaScript code) is presented. The method includes loading the authenticated script code into a trusted computer application and storing a snapshot of the digital document in the trusted computer application. Before the authenticated script code is executed, the snapshot of the digital document is compared with the document to verify if the digital document is still authentic. After executing the authenticated script code, the snapshot of the digital document is replaced with an up-to-date copy reflecting eventual changes made to the digital document by the executed script code. The digital document can then at any time be compared with the most recent snapshot to verify if it is authentic.