Abstract: Described herein is a framework to authenticate users. In accordance with one aspect of the framework, an authentication library is provided to implement an authentication process. The authentication library comprises computer-readable program code to create a request for an access token, send the request to the authorization server, deconstruct a response from the authorization server to extract the access token, and return the access token for use in accessing one or more resources.

Abstract: A method, system, and recording medium for communication comparison including encrypting a first communication and a second communication, determining a list of frequencies and intensities based on the first communication and the second communication, projecting light based on the list of frequencies and intensities of the first communication onto an object, reading the frequencies and intensities of the light based on the first communication from the object, and comparing the light read in the reading with the list of frequencies and intensities of the second communication to calculate a semantic overlap between the frequencies and intensities of the first communication and the second communication.

Abstract: A computer-implemented method for data loss prevention of unidentifiable and unsupported object types may include (1) monitoring, through at least one filter, data input to an application during execution, (2) scanning, through a data loss prevention scanner, the data input to the application to detect whether the data includes sensitive data that is protected by a data loss prevention policy, (3) flagging, based on the scanning, the application as having accessed the sensitive data that is protected by the data loss prevention policy, (4) detecting that the application is requesting to output a data object in a format that obscures underlying content, and (5) performing, by a data loss prevention program, a remedial action to prevent loss of the sensitive data based on both flagging the application and detecting that the application is requesting to output the data object in the format that obscures underlying content.

Abstract: The disclosed computer-implemented method for digitally enforcing computer parental controls may include (i) identifying a parental-control policy that controls a user's computer usage in some way, (ii) determining that the user is using a primary device, which is configured to restrict its usage according to the terms of the parental-control policy, to access a secondary device, which is not configured to restrict its usage according to the terms of the parental-control policy, and (iii) restricting, in response to the determination, the user's access to the secondary device according to the terms of the parental-control policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method, a system and a server for self-healing of an electronic apparatus are provided. In the method, the components installed in the electronic apparatus are sequentially called and checked to update each component. Then, a self-diagnosis is executed on the electronic apparatus to produce a diagnosis result and the diagnosis result is sent to a server. The server analyzes the diagnosis result, accordingly sets at least one policy for healing the electronic apparatus and sends the at least one policy back to the electronic apparatus. The electronic apparatus transforms the policy into at least one rule adapted for itself and performs the self-healing according to the rules.

Abstract: Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name.

Abstract: Disclosed are various examples of systems and methods for transferring data between applications executing in sandboxed environments. An application executing on a computing device in a sandbox provided by an operating system is identified. A key-value pair is retrieved from an access-restricted data store provided by the operating system, wherein the key-value pair comprises a timestamp and an application identifier. The application identifier is compared with the application. Data is sent to the application based at least in part on the application identifier matching an identification of the application and the timestamp specifying a point in time within a predetermined period of time.

Abstract: Techniques for sharing a peripheral device connected to a first host computing system in a cluster are disclosed. In one embodiment, a request to access the peripheral device connected to the first host computing system is received from a virtual machine running on a second host computing system. Further, a bandwidth requirement associated with the peripheral device is determined. Furthermore, one of enabling the virtual machine to remotely access the peripheral device over a network and recommending migration of the virtual machine to the first host computing system to locally access the peripheral device is performed based on the bandwidth requirement of the peripheral device.

Abstract: The invention proposes a new device and method that allows scanning and downloading the content of a portable storage device (i.e., USB drive) from any computer with a portable storage device plug and a browser without the risk of having the computer infected by virus or malware resident in the portable storage device. The device can be manufactured in a small and portable device.

Abstract: An approach using a computer, receives from a first computer, text generated by a user and identifies in the text generated by the user, confidential information registered in a dictionary that contains registered confidential information and substitute words corresponding to the registered confidential information. The approach includes retrieving, from the dictionary, substitute words corresponding to each identified registered confidential information and identifying, in the text generated by the user, potentially confidential words based on a text analysis of the text generated by the user.

Abstract: Identification information of a program read from outside, such as firmware, is acquired, and usability of a piece of key data in a range corresponding to the identification information is set, among a plurality of pieces of key data to be used for the program. As another example, based on new key data generated based on key data stored in advance in a memory and identification information, firmware corresponding to the identification information is decrypted.

Abstract: A method of operating an integrated circuit may include generating a session key with a random number generator circuit. The session key may then be used to establish a secure communications channel between the integrated circuit and a remote server. The integrated circuit may be placed in a non-operational mode prior to establishing the secure communications channel. Accordingly, in response to establishing the secure communications channel, the integrated circuit may be placed in an operational mode to allow user operation. In some scenarios, the integrated circuit may receive license files from the remote server to enable implementation of specific logic blocks on the integrated circuit via the established secure communications channel.

Abstract: A system and method of multi-factor authentication are described. In some embodiments, a first device provides an initial authentication data to a second device. The second device is different from the first device. The first device obtains a first response data from the second device. The first device generates a first subsequent authentication data using the first response data. The first subsequent authentication data is different from the initial authentication data. The first device provides the first subsequent authentication data to the second device. In some embodiments, obtaining the first response data comprises capturing the first response data from the second device using a camera on the mobile device, where the first response data is displayed on the second device.

Abstract: A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

Abstract: A method for secure access control to a power tool enables secure access to an embedded computing device in the power tool from a web application in another computer that is connected to the power tool via a USB or other suitable peripheral data connection in a workshop environment. The access control enables authorized parties to perform repair and diagnostic procedures on the power tools based on specific user roles while denying access to unauthorized parties.

Abstract: A request from a computing device for accessing a resource is received by an edge server, where the request includes a cookie containing a first token value and a second token value. The edge server validates the first token value and a second token value using a third token value generated using hashing algorithm with a secret key and one or more other values. The edge server then compares the received token values with the third token value. When the request is validated, the edge server retrieves the request resource.

Abstract: Some embodiments provide a method for identifying unnecessary firewall rules for a distributed firewall of a logical network. The method identifies a firewall policy for network traffic of the logical network. The firewall policy includes a set of firewall rules. The method generates a set of data for implementing the firewall policy on a set of managed forwarding elements that implement the logical network. The method analyzes potential network traffic based on the generated set of data to identify a subset of unnecessary data. The method identifies a subset of unnecessary firewall rules of the set of firewall rules that corresponds to the subset of unnecessary data.

Abstract: Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.

Abstract: Techniques are described herein for generating and using in-memory data structures to represent columns in data block sets. In an embodiment, a database management system (DBMS) receives a query for a target data set managed by the DBMS. The query may specify a predicate for a column of the target data set. The predicate may include a filtering value to be compared with row values of the column of the target data set. Prior to accessing data block sets storing the target data set from persistent storage, the DBMS identifies an in-memory summary that corresponds to a data block set, in an embodiment. The in-memory summary may include in-memory data structures, each representing a column stored in the data block set. The DBMS determines that a particular in-memory data structure exists in the in-memory summary that represents a portion of values of the column indicated in the predicate of the query.