Abstract: The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc. This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.

Abstract: Embodiments of a system or method useful in forcing a computing system to perform a target amount of computations is disclosed. The actual amount of computations may vary from the target amount to within a selected maximum variation. Embodiments of the system or method involve generating a cryptographic challenge to which the computing system needs to compute a response to validate a request from the computing system.

Abstract: The invention provides a method and apparatus for the secure electronic signing of electronic documents and data. The method comprises the steps of: obtaining a first digital representation in a high level first data format of the set of application data; generating a second digital representation in a low level second data format of the application data whereby the low level second data format is different from the high level first data format; presenting an analog representation of the set of application data to a user, whereby the second digital representation is a precise and accurate representation of said analog representation; obtaining an indication whether the user approves the analog representation for signing; if the indication indicates that the user approves the analog representation for signing, generating the first digital signature over the second digital representation using a first signature key associated with the user.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for authenticating a user. The application server receives a user log in request and determines if a unique identification accompanies the received user log in request. The application server uses the unique identification to authenticate the identity of the user. The application server determines if the unique identification has been previously received by searching a first database to see if the unique identification was already stored in the first database. If the unique identification is not in the first database then the application server stores the unique identification and grants the user access to the one or more applications hosted on the application server.

Abstract: Online retailers may operate one or more services configured to detect request generated by automated agents. A security check may be generate and transmitted in response to requests generated by automated agents. The security checks may be transmitted to a second device registered with the online retailer. The second device may transmit the completed security check to the online retailer for verification before the online retailer processes the request.

Abstract: In one embodiment, a method includes receiving at a security analysis device a plurality of indicators of compromise (IOCs) associated with an entity, sorting at the security analysis device, the IOCs based on a time of occurrence of each of the IOCs, creating a representation of transitions between the IOCs at the security analysis device, and generating at the security analysis device, a feature vector based on the representation of transitions. The feature vector is configured for use by a classifier in identifying malicious entities. An apparatus and logic are also disclosed herein.

Abstract: An aspect includes a cognitive password entry system. A processor detects a login attempt targeting a website for a user identifier having a previously stored instance of a password associated with the user identifier. A number of login attempts is monitored since the password was manually entered at the website. The processor determines whether a prompting period has been reached based on the number of login attempts meeting a prompting period threshold. The stored instance of the password is used as an entered password for the login attempt based on determining that the prompting period has not been reached. A cognitive aid prompt is output based on determining that the prompting period has been reached.

Abstract: Exemplary embodiments provide adapted components that may be used by a computer program under different execution contexts. The adapted components may include platform independent source code which may be executed regardless of the execution context in which the component is deployed. Adaptation logic may wrap the execution context independent component in a wrapper. The wrapper may perform data marshaling between the execution context independent component and a computer program invoking the execution context independent component, or the host system on which the computer program is deployed. The execution context independent component may be adapted to a new execution context dynamically the first time that the execution context independent component is invoked in the execution context. Thereafter, the execution context independent component may be invoked statically without the need to re-adapt the component.

Abstract: The present relates to a method and device for controlling access from the device to a card via a Near Field Communication (NFC) interface of the device. An Access Control List (ACL) is stored at a memory of the device. The ACL comprises application signatures and corresponding card identifiers. A request is received at a processor of the device from a specific application executing on the device. The request is for accessing a particular NFC enabled card via the NFC interface of the device. The request comprises a particular card identifier of the particular card and a specific signature of the specific application. A determination is made by the processor based on the specific signature, the particular card identifier and the ACL. The determination consists in whether the specific application is granted or alternatively denied access to the particular card via the NFC interface.

Abstract: A system and method for creating switchable desktops each with its own authorization. The system provides a custom authentication and authorization data store that defines permission sets called roles, and lists which roles each user may assume. The system also provides a custom virtual desktop manager that creates new virtual desktops using the permissions defined by roles allowed for each user. When a user requests a new virtual desktop and role from the desktop manager, the manager requests new virtual desktop components from the operating system. The desktop manager intercepts a request by the operating system to the Local Security Authority module for permissions to grant the new virtual desktop. The manager substitutes the user's requested role permissions (if the user may assume the rule) for the permissions granted by the LSA module. The LSA module and operating system grant those role permissions to the user's activities in a newly created virtual desktop.

Abstract: Disclosed are various examples of securely distributing certificates to client devices. A uniform resource locator (URL) is sent to a client device, wherein the URL represents an address from which the client device can request a user certificate. A certificate for a registration authority is sent to the client device, wherein the certificate comprises a first public key and a first private key. A certificate signing request (CSR) received from the client device at the URL is decrypted, wherein the CSR is encrypted with the first public key. The CSR is validated based at least in part on the URL sent to the client device. The user certificate is then sent to the client device.

Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, limits data access to the owning entity, and is stored as metadata for the encryption unit.

Abstract: Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

Abstract: The subject matter disclosed herein relates to distribution of media content.

Abstract: A device associated with a cell tower in a Public Land Mobile Network receives, from a mobile device via a network, a uniform resource locator (URL) that is appended with a first signature generated at the mobile device using a private key of a public/private key pair associated with a toll-free campaign. The device obtains a public key of the public/private key pair, extracts the first signature from the URL, decrypts the first signature using the public key to obtain data, and encrypts the data using the private key to generate a second signature. The device compares the second signature with the first signature, denies toll-free network access to content associated with the URL when the second signature does not match the first signature, and designates data involved with accessing the content associated with the URL as being toll-free when the second signature matches the first signature.

Abstract: A system comprises one or more application containers, each application container including computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The system also comprises one or more virtual switches configured to route traffic from the application containers. The system further comprises one or more security containers, each security container configured to transparently intercept traffic from the one or more application containers for analysis of network security. The system further comprises a user interface (UI) container configured to receive configuration settings from a user. The system also comprises an analytics container configured to perform analysis on data received from the one or more security containers. The system also comprises a management container configured to configure settings for the one or more security containers and the analytics container.

Abstract: Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: Dynamically selecting a DHCP server for a DHCP client terminal device may include triggering, by a network device, an authentication performed by an authentication server on a DHCP client terminal device user when receiving a DHCP packet for requesting a configuration parameter sent from a DHCP client terminal device, receiving, by the network device, an identity of a DHCP server designated by the authentication server for the DHCP client terminal device user when the DHCP client terminal device user passes the authentication, and establishing an entry for user information of the DHCP client terminal device user and the identity of the designated DHCP server, and matching, by the network device, the user information carried in a packet with established entries when receiving the packet subsequently sent from the DHCP client terminal device, and forwarding the packet using the identity of the DHCP server in the entry matching the user information.

Abstract: A system, comprising includes an orchestration server including a processor, the orchestration server to receive authentication factors. A rules engine connects with the orchestration server, the orchestration to send the authentication factors to the rules engine and to request a decision on authentication from the rules engine. The rules engine to send the decision on authentication to the orchestration server based on the received authentication factors and a rules set.