Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include associating one or more client domains with a computer executing an LDAP client, defining one or more client roles for each of one or more client domains, and associating one or more privileges with each of the client roles. Upon detecting a login of a client user having a client user name, the client user name is conveyed to an LDAP server, and in response, one or more client groups are received from the LDAP server, each given client group comprising a server role and a server domain. For each received client group having a respective server domain matching a given client domain, the respective server role is matched to a given client role, and the one or more privileges associated with the given client role is assigned to the client user.

Abstract: As disclosed herein a method, executed by a computer, includes receiving, from an augmented reality device, a pairing request, negotiating with the augmented reality device to generate a new encryption key and a mapping plan for presenting optically readable codes, that correspond to one or more images, on a touch sensitive display device. The method further includes presenting, on the touch sensitive display device, the optically readable codes, and receiving a user selection from the touch sensitive display device. The optical codes are overlayed by the wearers of an augmented reality system with an un-encrypted or otherwise modified form of the optical code. A computer system, and a computer program product corresponding to the above method are also disclosed herein.

Abstract: As disclosed herein a method, executed by a computer, includes receiving, from an augmented reality device, a pairing request, negotiating with the augmented reality device to generate a new encryption key and a mapping plan for presenting optically readable codes, that correspond to one or more images, on a touch sensitive display device. The method further includes presenting, on the touch sensitive display device, the optically readable codes, and receiving a user selection from the touch sensitive display device. The optical codes are overlayed by the wearers of an augmented reality system with an un-encrypted or otherwise modified form of the optical code. A computer system, and a computer program product corresponding to the above method are also disclosed herein.

Abstract: Neighbor discovery is used to create a generic trust database for other applications. As part of the neighbor discovery, each device performs classification and validation of the credentials of the neighboring devices. The credentials and validation results are stored locally without having to perform a separate authentication step. The trust database is created and maintained as a neighbor table with the results of the validation. The generic trust database may then be consulted by other protocols. The neighbor discovery may use any of various underlying protocols, but the resulting table unifies the results such that other applications or protocols may take advantage of the secured identity without having to implement their own discovery process. Both discovery and validation may be implemented locally without relying on centralized servers. Manual configuration may be avoided.

Abstract: Systems and techniques are disclosed to protect a user equipment's international mobile subscriber identity by providing a privacy mobile subscriber identity instead. In an attach attempt to a serving network, the UE provides the PMSI instead of IMSI, protecting the IMSI from exposure. The PMSI is determined between a home network server and the UE so that intermediate node elements in the serving network do not have knowledge of the relationship between the PMSI and the IMSI. Upon receipt of the PMSI in the attach request, the server generates a next PMSI to be used in a subsequent attach request and sends the next PMSI to the UE for confirmation. The UE confirms the next PMSI to synchronize between the UE and server and sends an acknowledgment token to the server. The UE and the server then each update local copies of the current and next PMSI values.

Abstract: A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to the second network or other aspects of the first network, or both. The attack alerts may be distributed dynamically with the second network via diameter based security protocol Rs. Such system and method may mitigate distributed malicious attacks by sharing destination internet protocol and bad international mobile subscriber identity information across carriers.

Abstract: A method includes performing operations as follows on a processor: receiving a notification from a mobile application management server in an enterprise through which mobile device usage policies for the enterprise are managed that a policy change has occurred with respect to use of mobile devices in the enterprise, communicating with a work planning system in the enterprise to determine whether the policy change adversely affects work planned by an end user, and sending an alert to the mobile application management server responsive to a determination that the policy change adversely affects the work planned by the user.

Abstract: A forensics analysis is conducted on each of multiple mobile devices in an enterprise system to detect malicious activity. The systems and methods described include storing a single baseline image for the multiple mobile devices at a server. A client-side application on each mobile device scans storage locations to identify changes in data compared to a previous scan. At least a portion of the information about the changes is sent to the server. The server reconstructs snapshot images for each mobile device based on the baseline image and the received information. Malicious activity is detected by comparing the reconstructed snapshot image to a previous snapshot image for each mobile device.

Abstract: A relay server includes a storage configured to store first access right information of a first cloud storage service to which a first user is subscribed and second access right information of a second cloud storage service to which a second user is subscribed. The relay server further includes a communication interface configured to request, from the first cloud storage service, first data that is stored in the first cloud storage service, based on the first access right information, and receive the requested first data from the first cloud storage. The relay server further includes a controller configured to control the communication interface to store the received first data in the second cloud storage service, based on the second access right information.

Abstract: In some embodiments, a method includes receiving encrypted information associated with a user, and calculating a first portion of a shared secret based on the encrypted information associated with the user. The method also includes defining a completed portion of the shared secret based on the first portion of the shared secret and a second portion of the shared secret and storing the completed portion of the shared secret in a memory for a pre-defined period of time. The method includes defining a ticket based on the completed portion of the shared secret, and sending the ticket to a device associated with the user such that data associated with the ticket is accessible based on the ticket within the pre-defined period of time, and not accessible without the ticket or after the pre-defined period of time.

Abstract: Techniques are provided for integrating application-level user security context with a database. A session manager, in a middle tier that includes an application, obtains the security context of a user and establishes, in the database, a light-weight session (LWS) that reflects the security context. The security context is synchronized between the middle tier and database before application code execution. The database maintains an isolated copy of the LWS for the unit of application code executed as the security context. The database sends to the session manager the identifier of the copy of LWS. Before allowing a request from an application to be sent to the database, the session manager, transparent to the application, inserts an identifier that identifies the LWS. In this way, the database processes an application request in the context of the corresponding user's security context that is the same as the security context in the middle tier.