Abstract: A physical level-based security system for data security of a security terminal and a method using the system. The security system includes at least one normal terminal corresponding to an external network, a security terminal corresponding to an internal network and storing sensitive data, and an interface device for transmitting input information of a user to any one of the at least one normal terminal and the security terminal, and providing unidirectional transmission service from the at least one normal terminal to the security terminal.

Abstract: An embodiment of the invention may include a method, computer program product and system for data transfer. The embodiment may include receiving, by a relay node, a data payload from a data sending program intended for a data receiving program. The embodiment may include determining whether the received data payload is numeric data or non-numeric data based on a payload length associated with the received data payload. The embodiment may include creating a corrected data payload by performing at least one cognitive correction to the non-numeric data payload based on determining that the received data payload contains non-numeric data. The embodiment may include transmitting the corrected data payload.

Abstract: A method for securing an enterprise application on a computing device includes: defining at least one monitored action, where the monitored action is an access of sensitive information in the enterprise application, defining a maximum number of instances of the at least one monitored action to be allowed while the computing device is not secured by a device-level lock, detecting at least one instance of the at least one monitored action, determining whether the computing device is secured by the device-level lock, and if according to the determining, the computing device is not secured by the device-level lock: displaying a warning message in response to the instances, incrementing a warning counter in response to the detecting, and if the warning counter exceeds the maximum number of the instances, preventing access to the enterprise application.

Abstract: Systems and methods for using an arbitrary base value for EPID calculations are provided herein. A system to use arbitrary base values in enhanced privacy ID (EPID) calculation, where the system includes a microcontroller; and a memory coupled to the microcontroller; wherein the microcontroller is to: obtain an arbitrary value at a member device, the member device being a member of a group of member devices, each member device in the group of member devices having a unique private EPID key assigned from a pool of private keys, where any of the pool of private keys is able to sign content that is verifiable by a single group public key, and the arbitrary value being one of a time-based value or a usage-based value; construct an EPID base using the arbitrary value; and transmit content signed with the private key using the EPID base to a verifier.

Abstract: An approach for managing collaboration on IWBs allows users of different third-party collaboration services to participate in collaboration meetings on IWBs. The approach allows the users to use collaboration functionality provided by IWBs, such as annotation, and to communicate with each other, even though the users are using different third party collaboration services. The approach uses a collaboration manager that provides a “single wrapper” application program interface (API) and centralized management of collaboration meetings, including license key and token management, cross-license collaboration, user management and meeting management. The collaboration manager acts as a mediation layer that handles the APIs of different third-party collaboration services and allows users using heterogeneous collaboration clients to participate in collaboration meetings.

Abstract: A computing device includes a bus controller and an endpoint device that are in communication over an internal bus. The bus controller initiates a discovery message to the endpoint device requesting a computational value based on the discovery message, wherein the computational value is generated by the endpoint device using a predefined algorithm and the discovery message includes a preconfigured identification code associated with the bus controller. The bus controller receives a response from the endpoint device, which includes the computational value, when the endpoint device authenticates the controller based on the preconfigured identification code. If the bus controller successfully authenticates the endpoint device based on the computational value, the controller sends an acknowledgment message to the endpoint device and registers it as being owned by the bus controller. Otherwise, the bus controller sends a failure message to the endpoint device and logs it as being unmanageable by the controller.

Abstract: The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication.

Abstract: A system and method for securing communications between a plurality of users communicating over an optical network. The system utilizes a fixed or tunable source optical generator to generate entangled photon pairs, distribute the photons and establish a key exchange between users. The distribution of entangled photon pairs is implemented via at least one wavelength selective switch.

Abstract: Disclosed are methods, apparatus, systems, and computer readable storage media for providing access to a private resource in an enterprise social networking system. One or more servers may receive a request for access to a private resource to be granted to a user from a publisher. The publisher may be configured to publish a message as a feed item to one or more feeds, where the message includes a user identification identifying the user. The user does not have access to the private resource. The feed item may be provided to display in the one or more feeds. Access may be granted to the user via the one or more feeds. In some implementations, access may be granted in response to a user input from the feed item associated with a moderator or owner, the moderator or owner having a privilege to control user access to the private resource.

Abstract: Embodiments of the invention provide a method, system and computer program product for advanced application authentication utilizing an application key. In a method of the invention, an end user provides in a single user interface screen for authenticating into an application, each of a user identification, password and an application key. Thereafter, the application key is validated in connection with the user identification. If the application key validates in connection with the user identification, one or more application parameters for the application necessary to complete a log-in process are retrieved and the end user is authenticated into the application utilizing each of the user identification, password and application parameters so as to complete the log in process for the end user and the application and the end user is granted the ability to utilize the application.

Abstract: Computer systems and methods for improving security or performance of one or more client computers interacting with a plurality of server computers. In an embodiment, a computer system comprises a first server computer and a second server computer; wherein the first server computer is configured to: generate a challenge nonce, wherein the challenge nonce corresponds to a challenge state; generate the challenge state based on the challenge nonce, wherein the challenge state corresponds to a response state; send, to a first client computer, the challenge nonce and the challenge state, but not the response state; wherein the second server computer is configured to: receive, from the first client computer, a test nonce and a test response state; determine whether the test response state matches the response state based on the test nonce, without: receiving the challenge state from the first server computer; receiving the challenge state from the first client computer.

Abstract: A computer-implemented method for coordinating content transformation includes receiving, at a computer server subsystem and from a web server system, computer code to be served in response to a request from a computing client over the internet; modifying the computer code to obscure operation of the web server system that could be determined from the computer code; generating transformation information that is needed in order to reverse the modifications of the computer code to obscure the operation of the web server system; and serving to the computing client the modified code and the reverse transformation information.

Abstract: According to one example, a method is described in which a computer system receives a composite document with at least one referenced resource location. The computer system decrypts the referenced resource location, determines if the referenced resource location requires loading, and determines if the referenced resource location is editable. In the event that the referenced resource location requires loading, the referenced resource may be loaded from the referenced resource location and decrypted. In the event that the referenced resource location is editable, the referenced resource location may be edited.

Abstract: Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for performing content scanning of content objects is provided. A content object that is to be scanned is stored by a general purpose processor to a system memory of the general purpose processor. Content scanning parameters associated with the content object are set up by the general purpose processor. Instructions from a signature memory of a co-processor that is coupled to the general purpose processor are read by the co-processor based on the content scanning parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned by the co-processor to a first instruction pipe of multiple instruction pipes of the co-processor for execution.

Abstract: An authentication system in accordance with an example includes an image capture device to scan an object. The authentication system also includes an authentication module to identify imperfections in the object based on the scan, to generate model data based on the identified imperfections, and to authenticate the user based on a comparison of currently identified imperfections to the model data.

Abstract: A secure method for resetting the password for an account is disclosed. During the setup of the account, the user can provide the service provider with a media file, and when the user asks the service provider to reset the password for the account, the user will be prompted with several media files. The user can be asked to identify the media file that the user provided to the service provider at the time of the setup of the account. If the user properly identifies the media file, the password will be reset.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to receive security results, using an application and data protection layer (ADPL) operating on a first host, from an end point protection agent (EPPA) configured to protect the first host. The logic is also configured to cause the processing circuit to provide the security results to one or more local applications operating on the first host. According to another embodiment, a method includes receiving security results, using an ADPL operating on a first host, from an EPPA configured to protect the first host. The method also includes providing the security results to one or more local applications operating on the first host. Other systems, methods, and computer program products are described in accordance with more embodiments.

Abstract: A memory circuit using dynamic random access memory (DRAM) arrays. The DRAM arrays can be configured as CAMs or RAMs on the same die, with the control circuitry for performing comparisons located outside of the DRAM arrays. In addition, DRAM arrays can be configured for secure authentication where, after the first authentication performed with a non-volatile secure element, subsequent authentications can be performed by the DRAM array.

Abstract: A data processing device includes a first packet communication interface for communication with at least one host processor via a network interface controller (NIC) and a second packet communication interface for communication with a packet data network. A memory holds a flow state table containing context information with respect to multiple packet flows conveyed between the host processor and the network via the first and second interfaces packet communication interfaces. Acceleration logic, coupled between the first and second packet communication interfaces, performs computational operations on payloads of packets in the multiple packet flows using the context information in the flow state table.

Abstract: Methods and apparatus for allowing an individual to preserve his/her privacy and control the use of the individual's images and/or personal information by other, without disclosing the identity of the individual to others, are described. In various embodiments the individual seeking privacy provides his/her identifying information, images, and sharing preferences indicating desired level of privacy to a control device which is then stored in a customer record. The control device can be queried to determine if an image or other information corresponds to a user who has restricted use of his/her image or other information in a public manner. Upon receiving a query the control device determines using the stored customer record whether an individual has authorized use of his or her image. Based upon the determination a response is sent to the querying device indicating whether the use of the image and/or individual's information is authorized.