Abstract: Disclosed herein is a method and system for providing copyright protection for blog posts prior to publication from within a running blog-publishing software application by automatically assembling and electronically submitting a copyright application for the blog post to the United States Copyright Office through the use of a portable application programming interface, which may be utilized by third-party blog-publishing applications, and then automatically publishing the blog post through the blog-publishing application once submission of the electronic copyright application for the blog post is confirmed.

Abstract: A system for sharing a USB Key by multiple virtual machines located at different hosts including at least two virtual machine managers, each virtual machine manager including a virtual machine transceiver module which is configured to receive a request for accessing a USB Key from a virtual machine within its host; a storage module which is configured to store an association relationship between a USB Key and the virtual machine authenticated by the USB Key; a verification module which is configured to, in response to judging that the virtual machine of the received request can access the USB Key, transmit the request for accessing the USB Key to a USB Key transceiver module of a virtual machine manager of the host where the USB Key is located; and a USB Key transceiver module which is configured to receive a request for accessing a USB Key, and to transmit an access request to a connected USB Key.

Abstract: Systems and methods are provided for recording a user's biometric features and generating an identifier representative of the user's biometric features and whether the user is alive (“liveness”) using mobile devices such as a smartphone. The systems and methods described herein enable a series of operations whereby a user using a mobile device can capture imagery of a user's face, eyes and periocular region. The mobile device is also configured analyze the imagery to identify and determine the position of low-level features spatially within the images and the changes in position of the low level features dynamically throughout the images. Using the spatial and dynamic information the mobile device is further configured to determine whether the user is alive and/or generate a biometric identifier characterizing the user's biometric features which can be used to authenticate the user by determining liveness and/or verify the user's identity.

Abstract: A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet is forwarded to an FSD of the cluster by: (i) extracting a configurable number of bit values from a configurable set of bit positions within the packet; (ii) determining the output of the load balancing function; (iii) identifying the port to which the FSD is coupled based on the output and the table; and (iv) transmitting the packet to the FSD via the identified port.

Abstract: Systems and methods are provided for recording a user's biometric features and generating an identifier representative of the user's biometric features using mobile device such as a smartphone. The systems and methods described herein enable a series of operations whereby a user using a mobile device can capture imagery of a user's face, eyes and periocular region. The mobile device is also configured analyze the imagery to identify and determine the position of low-level features spatially within the images and the changes in position of the low level features dynamically throughout the images. Using the spatial and dynamic information the mobile device is further configured to generate a biometric identifier characterizing the user's biometric features and which can be used to identify/authenticate the user by comparing the biometric identifier to a previously generated biometric identifier.

Abstract: This document describes techniques for transporting at least a portion of the data for a remote presentation session via datagrams. In particular, a span-out model is described whereby a remote presentation session can be associated with multiple channels and each channel can be routed through a different gateway computer system. As such, a connectionless oriented channel for a client may be routed through a first gateway computer system and a connection oriented channel for the client may be routed through a second gateway computer system. In addition to the foregoing, other techniques are described in the claims, the attached drawings, and the description.

Abstract: A method of electronically displaying glyphs. The method includes receiving a glyph spacing, moving a first glyph toward a second glyph along an axis, identifying an intersection of a first axis coordinate of the first glyph with a second axis coordinate of the second glyph, and moving at least one of the glyphs along the axis to separate the first and second axis coordinates of the respective first and second glyphs by the glyph spacing.

Abstract: A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet is forwarded to an FSD of the cluster by: (i) extracting a configurable number of bit values from a configurable set of bit positions within the packet; (ii) determining the output of the load balancing function; (iii) identifying the port to which the FSD is coupled based on the output and the table; and (iv) transmitting the packet to the FSD via the identified port.

Abstract: Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, session data, including session entries representing previously established traffic sessions from a particular source to a particular destination and forming an association between the previously established session and a particular FSD, is maintained for each port of a session-aware switching device. When a TCP SYN packet is received, the switching device: (i) reduces its vulnerability to a DoS attack by foregoing installation of a forward session entry for the forward traffic session within the session data until a processed TCP SYN/ACK packet associated with the corresponding reverse traffic session is received; (ii) selects an FSD to associate with the forward traffic session and a corresponding reverse traffic session by performing a load balancing function on the TCP SYN packet; and (iii) causes the TCP SYN packet to be processed by the selected FSD.

Abstract: A method for securely storing password information in a memory of a computer device. The stored password information is protected by a master password. The method includes receiving a text string corresponding to password information. The method also includes converting the text string to a media file. When the media file is passed to an output the password information is presented to a user. The method also includes storing the media file in the memory such that it is protected by the master password.

Abstract: A method for balancing load among firewall security devices in a network is disclosed. Firewall security devices are arranged in multiple clusters. A switching device is configured with the firewall security devices by communicating control messages and heartbeat signals. Information regarding the configured firewall security devices is then included in a load balancing table. A load balancing function is configured for enabling the distribution of data traffic received by the switching device. A received data packet by the switching device is forwarded to one of the firewall security devices in a cluster based on the load balancing function, the load balancing table and the address contained in the data packet.

Abstract: A computer is configured to impose an access restriction based upon user-provided information, such as a user's birthdate. In order to enforce such a restriction, the computer requests from a user an image of a valid identity document associated with the user, such as a valid driver's license. In response to receiving such an image from the user, the computer performs an image analysis on the image to extract user information. The computer might extract the user's name, address, birthdate, driver's license number, and/or other information from the image for instance. The computer may utilize the extracted information to determine whether the user should be granted access. The computer may determine based upon the extracted information, for instance, whether the age of the user is greater than a minimum age required to access the computer. The computer may be configured to restrict access to a Web site in this manner.

Abstract: An approach for managing licenses for software installations on virtual machine (VM) instances in a networked computing environment (e.g., a cloud computing environment) is provided. Specifically, in one example, data (e.g., real-time and/or historical) pertaining to usage of a set of software installations on a set of (VM) instances in the networked computing environment is collected. When a request is received (e.g., from a requester) for a license for a particular software installation of the set of software installations, it is determined whether the license is available. If not, it is then determined whether the license is obtainable based on the collected data and a current configuration of the networked computing environment. Then, responsive to the license being obtainable, the requested license may be allocated.

Abstract: A method of authenticating an entity includes associating a local identity of the entity with a global identity of the entity, the local identity being associated with a first one of a plurality of restricted access zones, associating the global identity of the entity with particular ones of the plurality of restricted access zones for granting access to the particular ones of the plurality of restricted access zones, receiving an authentication request from the entity to access a second one of the plurality of access zones where the authentication request includes the local identity of the entity, and authenticating the entity for access to the second one of the plurality of access zones responsive to receiving the authentication request when the second one of the plurality of restricted access zones is one of the particular ones of the plurality of restricted access zones that are associated with the global identity of the entity.

Abstract: Approaches for preventing unauthorized access of sensitive data within an operating system (OS), e.g., a guest OS used by a virtual machine. Dummy data may be written over physical locations on disk where sensitive data is stored, thereby preventing a malicious program from accessing the sensitive data. Alternately, a delete operation may be performed on sensitive data within an OS, and thereafter the OS is converted into a serialized format to expunge the deleted data. The serialized OS is converted into a deserialized form to facilitate its use. Optionally, a data structure may be updated to identify where sensitive data is located within an OS. When a request to access a portion of the OS is received, the data structure is consulted to determine whether the requested portion contains sensitive data, and if so, dummy data is returned to the requestor without consulting the requested portion of the OS.

Abstract: A system and method for tracking and preventing an execution of an application on a user device are provided. The method comprises receiving a request to determine if an application is a restricted application for a user of the user device; receiving at least one context parameter respective of the application; receiving at least one variable related the user of the user device; determining whether the application is a restricted application based on the analysis of the at least one context parameter and the at least one variable parameter; and disabling an access of the user to contents of the application if the application is determined to be restricted.

Abstract: Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, a switch maintains session data the session entries of which represent established traffic sessions between a source and a destination and form an association between the traffic session and a particular FSD. A data packet of a traffic session from a client device directed to a target device is received at the switch. When none of the session entries are determined to correspond to the data packet, an FSD is selected to associate with the first traffic session by performing a load balancing function on at least a portion of the data packet. When a matching session entry exists, an FSD identified by the matching session entry is selected to process the data packet. The data packet is then caused to be processed by the selected firewall security device.

Abstract: Technologies are generally described for proxy key generation, and signature generation and validation. In some examples, a cryptographic key generation system may include an original key generation unit configured to generate a public key and a private key for an original signer, a proxy key generation unit configured to generate one or more proxy public keys and one or more proxy private keys for one or more proxy signers, and a transmitter configured to transmit the proxy private keys respectively to the one or more proxy signers.

Abstract: A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a startup event of a guest virtual machine, and installs a DLP component in the guest virtual machine. The DLP component communicates with the DLP manager operating within the security virtual machine. The DLP manager also receives file system events from the DLP component, and enforces a response rule associated with the guest virtual machine if the file system event violates a DLP policy.

Abstract: Systems, methods, and computer-readable media for identifying and managing wireless devices that are performing tethering services are described. The system may include a database and server. The database stores records of services subscribed by wireless devices in a wireless network. The server may poll the database to generate a list of wireless devices that are not subscribed to a tethering service. In turn, the server receives notification messages from each wireless device that is tethering at least one other network element. The wireless devices are identified as unauthorized by the server when the notification message indicates existence of a configured network address translation table at the wireless device and the wireless device is located on the list of wireless devices that are not subscribed to the tethering service.