Abstract: A method and system for authenticating a user to a target server. A request is received from a user computer system to authenticate the user for access to a target server at level N of N levels (N?2). Each record of a stored authentication plan associated with the user has authentication records each having information relating to authentication of the user for access to N?1 target servers at respective levels 1 through N?1. Each record of a received current authentication plan for the user has authentication records each having current information relating to authentication of the user for access to the N?1 target servers at respective levels 1 through N?1. It is determined that there is at least a partial match between the stored and current authentication plans, and in response, the user is authenticated for access to the target server at level N.

Abstract: A system and a method for secure communication in a mobile computing device involve obtaining, by a first program installed on the mobile computing device, an access credential from an authentication server on behalf of a second program installed on the mobile computing device. The second program submits the access credential to a remote resource as proof that the second program has been authenticated by the authentication server. Upon successful verification of the access credential, the remote resource allows the second program to access data.

Abstract: A computer program product has a computer-readable storage medium having computer program instructions embodied therein for performing a method for implementing a privacy policy for a user. The method may include the user developing rules that determine whether another user (requester) can access information related to the user. The rules may be stored in a database coupled to a server and evaluated when a request is received from the requester to access the information. If a rule is satisfied by the requester, the server can return the information to the requester. The information can be returned at a level of granularity specified by the user in the satisfied rule. A privacy level can be set by the user to allow access to requesters based on the rules or to deny access to any requesters.

Abstract: An image forming apparatus which is capable of properly updating firmware. Update firmware is downloaded into a download area of an HDD and expanded and stored in a temporary expansion area of the HDD. A CPU determines whether or not the update firmware expanded and stored in the temporary expansion area has been tampered with. The update firmware stored in the temporary storage area is applied to the image forming apparatus when the CPU determines that the update firmware has not been tampered with.

Abstract: Aspects of the present disclosure are directed towards a method of electronic verification of motion data. This includes collecting a first set of motion data that corresponds to a first set of motion characteristics generated from physically moving a hardware element of a computer ending upon inserting the hardware element of the computer into a computer chassis. This can further include determining an approved set of motion data and comparing the first set of motion data to the approved set of motion data. This can further include determining a difference between the first set of motion data and the approved set of motion data. This can further include determining that the difference does not satisfy a threshold. This can further include executing a reaction sequence in the computer, in response to determining that the difference does not satisfy the threshold.

Abstract: In embodiments of load balanced and prioritized data connections, a first connection is established to communicate first data from a first server to a second server over a public network, where the first data is communicated from a private network to a first device or subnet that is connected to the second server. A second connection is established to communicate second data from the first server to the second server over the public network, where the second data is communicated from the private network to a second device or subnet that is connected to the second server. The second server can distinguish the first data from the second data according to an authentication certificate field that identifies one of a first communication interface of the first connection or a second communication interface of the second connection.

Abstract: An electronic device capable of securing data is provided. The electronic device includes a storage device for storing data and a number of securing strategies. Each of the securing strategies includes a securing condition for triggering a data securing action and one or more identifiers of the data to be secured. If the electronic device determines that a securing condition is met, the electronic device secured the data having the one or more identifiers corresponding to the met securing condition. A data securing system and method are also provided.

Abstract: A plug-in software module of a DNS server helps to enforce a network security policy. The plug-in module scans communication packets at a DNS server computer and intercepts a request from a user computer to access a web site. The intercepted request is not received by the DNS service. The plug-in module initiates a security check of the user computer over a network connection to determine if the user computer has implemented the security policy of the computer network. If the user computer does not implement the security policy then the plug-in module returns an IP address to the user computer that is the IP address of a security web site. The security web site then displays on the user's browser an indication of a security policy to be applied. The security web site may also perform the security check.

Abstract: Embodiments relate to an isolated program execution environment. An aspect includes receiving, by the isolated program execution environment on a computer comprising a processor and a memory, a request to run a program. Another aspect includes wrapping program code corresponding to the program as a function. Another aspect includes cloning a real global object of the isolated program execution environment to create a fake global object. Another aspect includes passing the fake global object to the function. Another aspect includes executing the function, such that the function executes the program.

Abstract: Aspects of the present disclosure are directed towards a method of electronic verification of motion data. This includes collecting a first set of motion data that corresponds to a first set of motion characteristics generated from physically moving a hardware element of a computer ending upon inserting the hardware element of the computer into a computer chassis. This can further include determining an approved set of motion data and comparing the first set of motion data to the approved set of motion data. This can further include determining a difference between the first set of motion data and the approved set of motion data. This can further include determining that the difference does not satisfy a threshold. This can further include executing a reaction sequence in the computer, in response to determining that the difference does not satisfy the threshold.

Abstract: The disclosed computer-implemented method for locating unrecognized computing devices may include (1) identifying a plurality of cooperating computing devices on a wireless network that are each configured with a device location application, (2) determining a physical location for each cooperating computing device within the plurality of cooperating computing devices, (3) receiving, from the device location application on the plurality of cooperating computing devices, data about packets intercepted by the plurality of cooperating computing devices that are directed to the wireless network by an unrecognized computing device, and (4) locating the unrecognized computing device based on information received from the plurality of cooperating computing devices that identifies both the physical location for each cooperating computing device and signal strengths of the packets intercepted by the plurality of cooperating computing devices.

Abstract: A method in one example implementation includes selecting at least one criterion for controlling data transmission from within a virtual machine. At least one application is included within the virtual machine, which includes a policy module. The selected criterion corresponds to at least one policy associated with the policy module. The method also includes evaluating the selected criterion of the policy to permit an attempt to transmit the data from within the virtual machine. In more specific embodiments, the policy may include a plurality of criteria with a first selected criterion permitting transmission of the data to a first application and a second selected criterion prohibiting transmission of the data to a second application. In another specific embodiment, the method may include updating the policy module through an administration module to modify the selected criterion.

Abstract: Embodiments relate to an isolated program execution environment. An aspect includes receiving, by the isolated program execution environment on a computer comprising a processor and a memory, a request to run a program. Another aspect includes wrapping program code corresponding to the program as a function. Another aspect includes cloning a real global object of the isolated program execution environment to create a fake global object. Another aspect includes passing the fake global object to the function. Another aspect includes executing the function, such that the function executes the program.

Abstract: A method of security sandboxing which may include detecting an illicit intrusion to a computer on a first computer system; cloning the intruded computer; directing all traffic from the illicit intrusion to the cloned computer; observing activities of the illicit intrusion interacting with the cloned computer; and dynamically adapting the cloned computer to perform activities of predicted interest to the illicit intrusion based on the observed activities of the illicit intrusion. The steps of the method may be performed by one or more computing devices.

Abstract: An information processing apparatus includes a file acquiring unit, a generating unit, a data processing unit, and an output unit. The file acquiring unit acquires a file on the basis of an instruction from a user. The generating unit generates restriction information for restricting access to the file acquired by the file acquiring unit. The data processing unit associates the restriction information generated by the generating unit with the file acquired by the file acquiring unit. The output unit outputs the restriction information generated by the generating unit on a paper medium.

Abstract: A computer program product for processing a message is provided. The computer program product comprises a computer readable storage medium having program instructions embodied therewith. The program instructions readable by a processing circuit cause the processing circuit to perform a method. The method validates a security token for a user. The method allows the user to compose a message. Based on the security token, the method verifies that the user is authorized to send the message to an intended recipient of the message and that a security level of the message is at or below a security level of the user.

Abstract: Methods, systems, and computer-readable media for authenticating customers of an organization and managing authenticated sessions of various customers are presented. Some aspects of the disclosure provide ways for a customer of an organization to authenticate using a mobile computing device, such as the customer's personal mobile device, when interacting with the organization in various contexts, such as when accessing an automated transaction device or when interacting with an agent of the organization during an in-person session or during a teleconference session. In some arrangements, the customer's authentication status, which may be established on the mobile computing device and which, in some instances, may be verified based on the location of the mobile computing device, may be carried over from the mobile computing device to another computing device or system, such as an automated transaction device or a teller terminal device, which may be used by an agent of the organization.

Abstract: A method for detecting a malicious network activity. The method includes extracting, based on a pre-determined criterion, a plurality of protection phase feature sequences extracted from a first plurality of network traffic sessions exchanged during a protection phase between a server device and a first plurality of client devices of a network, comparing the plurality of protection phase feature sequences and a plurality of profiling phase feature sequences to generate a comparison result, where the plurality of profiling phase feature sequences were extracted from a second plurality of network traffic sessions exchanged during a profiling phase prior to the protection phase between the server device and a second plurality of client devices of the network, and generating, in response to detecting a statistical measure of the comparison result exceeding a pre-determined threshold, an alert indicating the malicious network activity.

Abstract: A method capable of erasing a password from a BIOS automatically includes steps of the BIOS determining whether a password erasing flag has been set when an electronic device is booting; the BIOS erasing the password if the password erasing flag has been set; the BIOS displaying a password input window if the password erasing flag has not been set; inputting a comparison data in the password input window; the electronic device transmitting the comparison data to a server; the server comparing the comparison data with a registration data, generating a comparison result, and transmitting the comparison result to the electronic device; the BIOS determining whether the comparison result is correct; the BIOS setting the password erasing flag and rebooting the electronic device if the comparison result is correct; and the BIOS rebooting the electronic device directly if the comparison result is wrong.

Abstract: Disclosed are systems, methods and computer program products for controlling access to encrypted files. In one aspect, the system detects a request from an application to access an encrypted file. The system identifies the application that requested access to the encrypted file and one or more file access policies associated with the application. The file access policy specifies at least a file access method associated with the application. The system then controls access to the file based on the identified one or more file access policies.