Abstract: Methods for managing an address on a switching device, managing an address on a network switch, and screening addresses in a cloud computing environment are provided. One embodiment is directed towards a computer-implemented method for managing an address on a switching device that is communicatively coupled to a plurality of virtual machines. The method includes accessing an address pool that includes an assigned address for each virtual machine from the plurality of virtual machines. The method includes determining, on the switching device, a used address for the virtual machine from the plurality of virtual machines. The method includes determining whether the used address is matching the assigned address for each virtual machine. The method also includes routing traffic from the virtual machine to a hypervisor in response to the used address matching the assigned address.

Abstract: A method for communicating between a user using a viewing device (2000) and the viewing device, includes the following steps: acquiring, at an acquisition interface (1400) integrated into a pair of glasses (1000) of the user, an item of information on utilization of the glasses; and generating and sending to the viewing device (2000), by a microcontroller (1100) integrated into the glasses, a data signal (DATA) depending on the acquired information. The acquired information enables in particular the authentication of the user, so as to send, to the viewing device, data that the latter will use to display a digital content.

Abstract: In an approach for providing auditable retrieval of privileged credentials in a privilege identity management (PIM) system, a processor invokes a checkout of a PIM credential, based on, at least, a determination that a PIM server cannot be accessed. A processor receives a request to access the PIM credential by a user. A processor receives validation of the request to access the PIM credential and an identity of the user. A processor retrieves the PIM credential from a database, wherein the database stores a plurality of PIM credentials owned by a system owner.

Abstract: An information processing apparatus according to the present application includes a first application allowed to access the IC chip, including an IC chip in which predetermined data is recorded, an IC chip reading unit that reads the data recorded in the IC chip, and a signature data generation unit that generates signature data by performing encryption processing on the recorded data read by the IC chip reading unit and a second application not allowed to access the IC chip, including a server access unit that requests acquisition of content from an information providing server by receiving the signature data and the recorded data from the first application and transmitting the signature data and the recorded data to the information providing server that provides predetermined content.

Abstract: A method, system and computer program product are provided for implementing block extent granularity authorization processing for a Coherent Accelerator Processor Interface (CAPI) adapter. An Application Client requests authorization to a File from a system processor file system. The file system validates the request, determines the location of each Extent that comprises the File, and requests authorization to each Extent from a System CAPI Authorization manager. The System CAPI Authorization manager requests the CAPI Client manager to assign a Child Client ID and CAPI Server Register range to the requesting Application Client and requests a previously authorized CAPI Parent Client to authorize the Child ID to the list of Extents. The CAPI Parent Client sends a Create Authorizations command to the CAPI Adapter via the Parent's CAPI Server Registers.

Abstract: Methods, apparatuses, and computer program products are provided for facilitating the secure transmission and storage of data. In this regard, a method is provided that comprises causing data encrypted by a sender system to be received at a service provider system; causing the data as encrypted by the sender system to be stored at the service provider system; receiving a request for the data from a recipient system; determining the recipient system is authorized to receive the data; and causing the data as encrypted to be transmitted to the sender system.

Abstract: A method, system and computer program product are provided for implementing block extent granularity authorization command flow processing for a Coherent Accelerator Processor Interface (CAPI) adapter. An Application Client builds a command including start LBA and number of LBAs and Child Authorization Handle. The Application Client sends the command directly to the CAPI Adapter via the Application Clients CAPI Server Registers assigned to the specific Application Client. The CAPI adapter validate that the requesting Client is authorized to perform the command using the Authorization Handle and the receiving CAPI Server Register address. The CAPI Adapter executes the validated command and sends completion back to the Application Client.

Abstract: A method, system and computer program product are provided for implementing block extent granularity authorization command flow processing for a Coherent Accelerator Processor Interface (CAPI) adapter. An Application Client builds a command including start LBA and number of LBAs and Child Authorization Handle. The Application Client sends the command directly to the CAPI Adapter via the Application Clients CAPI Server Registers assigned to the specific Application Client. The CAPI adapter validate that the requesting Client is authorized to perform the command using the Authorization Handle and the receiving CAPI Server Register address. The CAPI Adapter executes the validated command and sends completion back to the Application Client.

Abstract: Security techniques and security mechanisms for wireless networks that transmit content such as advertisements. According to exemplary techniques, control messages comprising unrequested content (e.g., advertisement data) may be transmitted in response to a request from a client device, while in other exemplary techniques the control messages may be transmitted without any request from a client device. In some exemplary implementations, security mechanisms such as public key cryptography algorithms may be used to secure transmissions. In some of these techniques which implement public key cryptography, a user may be required to retrieve a public key from a source other than the wireless access point transmitting encrypted advertisements (e.g., a sign or terminal in a commercial entity transmitting such advertisements, or from a web service), such that the user may confirm that the encrypted content is from a source matching the retrieved public key and thus confirm the authenticity of a wireless access point.

Abstract: A download security system (100) includes a server (102) and an information processing apparatus (10). The information processing apparatus (10) includes a flash memory (64) for storing data downloaded from the server (102) and a memory controller (62). A transition command for a transition to a writable mode to the flash memory (64) is transmitted from the server (102), and in response to the transition command, a memory controller (62) makes a transition to the writable mode. The data downloaded from the server (102) is written to the flash memory (64) by the memory controller (62) in the writable mode.

Abstract: A method for preventing malware attacks includes the steps of detecting an attempt on an electronic device to access a task scheduler, determining an entity associated with the attempt to access the task scheduler, determining a malware status of the entity, and, based on the malware status of the entity, allowing or denying the attempted access to the task scheduler. The task scheduler is configured to launch one or more applications at a specified time or interval.

Abstract: A method and an apparatus for distinguishing humans from computers. During user registration, a computer prompts a human user to provide a spoken response to certain authentication information for registration. The computer obtains registration voice data from the spoken response and establishes a registration voiceprint of the human user. During user logon, the computer identifies the user requesting to logon by the user's logon credentials, provides authentication information for logon to the user, and prompts the user to provide a spoken response to the authentication information for logon. The computer obtains logon voice data from the spoken response, and establishes a logon voiceprint of the user. The computer then determines whether the user requesting to logon is human by comparing the logon voiceprint with the registration voiceprint.

Abstract: A technique for assigning a user workload to an application server includes receiving a user request to initiate execution of a workload assigned to a user. An application server is selected, from among multiple application servers, to execute the workload based on compatibility between respective current states of the application servers and the workload.

Abstract: Each node of a metric tree comprises a similarity hash of a member of a dataset of known message threats, calculated using a given similarity hashing algorithm. The nodes are organized into the tree, positioned such that the differences between the similarity hashes are represented as distances between the nodes. Messages are received and tested to determine whether they are malicious. When a message is received, a similarity hash of the message is calculated using the same similarity hashing algorithm that is used to calculate the hashes of the members of the dataset. The tree is searched for a hash of a known message threat that is within a threshold of distance to the hash of the received message. Searching the tree can take the form of traversal from the root node, to determine whether the tree contains a node within the similarity threshold.

Abstract: A programmable logic controller includes a device that stores therein data, an authentication-information storage unit that stores therein authentication information, an authentication function unit that performs a user authentication based on the authentication information, and an encryption filter that has a plurality of encryption patterns. When writing of data to the device is requested, the authentication function unit performs the user authentication. When the user authentication is successful, the encryption filter performs the encryption processing to the data with the encryption pattern set in advance by the user to write the data to the device, and when the user authentication fails, the encryption filter performs the encryption processing to the data with one of the encryption patterns that is different from the encryption pattern set in advance by the user to write the data to the device.

Abstract: According to an authentication device is for authenticating the validity of a subject ciphertext generated by encrypting a plaintext using homomorphic encryption. The authentication device includes a commitment generator and a response generator. The commitment generator is configured to generate a commitment from a randomly selected verification value, and transmit the commitment to a verification device for verifying the validity of the subject ciphertext. The response generator is configured to generate a response value generated by computing from an acquired challenge value, the plaintext, and the verification value, and transmit the response value to the verification device. The response generator is configured to generate the response value by a third operation where a result of a first operation using the response value is equal to a result of processing the challenge value, the subject ciphertext, and the commitment by a second operation.

Abstract: Applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

Abstract: A method and apparatus for trusted authentication and logon is disclosed. A trusted platform module (TPM) based logon method is presented for authentication and access. A user registers an identity with an identity provider that is tightly bound to the user's specific platform, e.g., the TPM. If the user decides to login, for example to a service provider using this identity, the identity provider challenges the user to provide the correct credentials. The credentials consist of a TPM generated ticket, that is, a credential chain. This allows the user to login without the need for a password at the identity provider.

Abstract: A parent social network based on relationship of children, including of activities, needs, interests or combinations thereof, is described. The parent social network can identify at least two minors with a common activity, need, interest or combination thereof, identify an adult responsible for the identified minors; and propose to link the identified adults. The parent social network can also provide post and other data to a parent based on interests and activities of a child. The parent social network can also identify and subscribe the parent to relevant children related calendars. The parent social network can allow effective communication between relevant parents using messaging and other means.

Abstract: Methods and products to deliver at least a portion of an advertisement to a viewer at normal playback speeds after receiving a command from the viewer to fast-forward through an advertisement faster than normal playback speeds is described. In certain embodiments, the invention delivers a portion of the advertisement to be played at normal playback speeds to the viewer; and delivers the remaining portion of the advertisement to be played at a playback speed that is faster than the specified playback speed so that the combination of the portions delivered at normal and faster playback speeds is delivered to the user at the specified playback speed. In some other embodiments, the invention delivers at least a portion of the first advertisement to the viewer at normal playback speeds; and delivers one or more other advertisements to the viewer simultaneously with the first advertisement with the audio information muted based on the specified playback speed.