Abstract: Techniques for analyzing a page to be presented by a browser running on a computing platform. The page is disabled. The page is tested to determine if the page is framed by a second page. The page is enabled if the testing indicates that the page is not framed by a second page. Each level of a hierarchy of framed pages is inspected to determine whether each level is authorized. The page is enabled if the inspecting indicates that each level of the hierarchy of framed pages is authorized.

Abstract: A technique by a processing module of a computing device of a dispersed storage network (DSN) to generate metadata associated with a stored data object. Once the data object is identified, a data segment of the data object is determined and a number of data slices corresponding to the data segment is retrieved. Then, the data segment is regenerated from the retrieved data slices. Once the data segment is regenerated, metadata that is associated with the data segment is generated and stored.

Abstract: In a stream computing application, data may be transmitted between operators using tuples. However, the receiving operator may not evaluate these tuples as they arrive but instead wait to evaluate a group of tuples—i.e., a window. A window is typically triggered when a buffer associated with the receiving operator reaches a maximum window size or when a predetermined time period has expired. Additionally, a window may be triggered by a monitoring a tuple rate—i.e., the rate at which the operator receives the tuples. If the tuple rate exceeds or falls below a threshold, a window may be triggered. Further, the number of exceptions, or the rate at which an operator throws exceptions, may be monitored. If either of these parameters satisfies a threshold, a window may be triggered, thereby instructing an operator to evaluate the tuples contained within the window.

Abstract: A system for and method of system state analysis of a computational system. The method is comprised of capturing selective state information of a computational system configured to operated with one or more guest machines running on a virtual machine layer and configured to output state information. The state information is then analyzed to for compliance checking. The system for system state analysis is comprised of a storage system, computation hardware configured to run the guest machines and the virtual machine layer, guest machines, a virtual machine layer configured to output guest machine state information, a system state snapshot server configured to control the virtual machine layer for the capture of state information.

Abstract: An inter-process messaging security management may be provided. A message comprising an operation to be performed may be sent from a process operating in a process chamber to a second process operating in another chamber. Before the message is allowed to be delivered, the validity of the operation contained in the message may be verified and a security policy may be examined to determine whether the message is permitted to be sent from the first process to the second process. If the security policy permits the second process to execute the operation requested by the first process, the message may be delivered to the second process. If the operation is not permitted, the message may not be delivered and an error message may be returned to the first process.

Abstract: A dynamic configuration system can manage and configure switches or other network devices that come online in a network. When the dynamic configuration system determines that a network device has come online, the dynamic configuration system can identify the network device (e.g., based on its network location, neighbors, fingerprint, identifier, address or the like), select the appropriate configuration data for the network based on the desired network topology, and transmit the configuration data to the network device. The network device can then load the configuration data and function as a component of the desired network topology.

Abstract: The invention concerns methods, a device and computer program products for simplifying handover back to a restricted local access point from an unrestricted global access point as well as to a device implementing a restricted local access point for provision in a wireless network and a wireless network. In the network a restricted local access point hands over a mobile station to an unrestricted global access point and provides data enabling the restricted local access point to be identified as a candidate access point. A device for simplifying handover back determines that the restricted local access point is a candidate for further handover based on this data and informs the mobile station about the restricted local access point via the unrestricted glob access point. Thereby hand over may be considered also to the restricted local access point in addition to other surrounding access points.

Abstract: Embodiments of the present invention provide a simplified authentication transaction for reconnecting a storage device to a host apparatus that has completed authentication in the past. According to one embodiment, an authentication log is recorded in the host. Plural units of this log information are recorded in the storage device. At the time of transferring a content decryption key and usage rules between the host and the storage device, the decryption key and usage rules are recorded into the host as a log for the transfer. The used authentication log is recorded into the storage device as RAPDI. If RAPDI indicates the authentication log in the simplified authentication transaction, recovery transaction is permitted. The host device deletes/invalidates or holds the log for the transfer in accordance with non-permission/permission. In the case of permission, the key and usage rules are recovered by using a log for the transfer prior to the simplified authentication transaction.

Abstract: A system and method for processing an input data stream in a first data format of a plurality of first data formats to an output data stream in a second data format of a plurality of second data formats. A plurality of input connector modules receive respective input data streams and at least one input queue stores the received input data streams. A plurality of job threads is operatively connected to the at least one input queue, each job thread formatting a stored input data stream to produce an output data stream. At least one output queue stores the output data streams from the plurality of job threads. A plurality of output connector modules is operatively connected to the at least one output queue, the output connector modules supplying respective output data streams.

Abstract: One embodiment relates to a computer-implemented method for detecting malicious scripts in web pages. A local engine and an application are executed at a client computer. The local engine intercepts an access by the application to a web page at a universal resource locator (URL) under a domain. The local engine determines scripts at the URL and scripts at other URLs under the domain. Using that information, the local engine determines if the scripts at the URL include one or more unique script(s). The local engine sends the unique script(s), if any, via a network to a script analyzer. The script analyzer may then perform emulation of the unique script(s) to detect malicious code therein. Other embodiments, aspects and features are also disclosed.

Abstract: MAC addresses are flexibly and dynamically allocated across groups of devices that need MAC addresses. MAC address pools are defined for the groups by non-overlapping ranges of MAC addresses. The range of MAC addresses defined for any pool may be shrunk to support an expansion of the range of MAC addresses of another pool. The maximum number of universally-administered MAC addresses that can be defined for any MAC address pool is greater than 216, and the maximum number of locally-administered MAC addresses that can be defined for any MAC address pool is greater than 238.

Abstract: Systems, methods and consumer-readable media for providing an system implementing an information lock box. Sensitive files may be identified by the system prior to engagement of the protection system. One method according to the invention may preferably include hiding and/or encrypting sensitive files upon detecting changes of the network status. The information lock box may utilize a file-system driver to control access to files. The system may communicate with administrative serve and communicating messages to a user.

Abstract: A communication system includes a communication server configured to receive a request to generate a communication and receive a request to associate the communication with one or more classifications from a plurality of classifications. The system further includes a store coupled to the communication server and configured to store the communications and/or store the classification received in the association request. The classifications are associated with a request for information from a recipient of the communication. The classifications are associated with a request for information from a recipient of the communication, a request for sharing information with the recipient of the communication, and a request for action from the recipient of the communication.

Abstract: In one embodiment, a method includes determining a location of a system responsive to location information received from at least one of a location sensor and a wireless device of the system, associating the location with a key present in the system to generate an authenticated location of the system, and determining whether the authenticated location is within a geofence boundary indicated in a location portion of a launch control policy (LCP) that provides a geographic-specific policy. Other embodiments are described and claimed.

Abstract: A method of monitoring network communications originating in monitored jurisdictions includes a step of identifying a monitored jurisdiction within a computer network based on predetermined criteria. The computer network includes at least one monitored jurisdiction and at least one unmonitored jurisdiction. A database is queried to identify at least one communication identifier associated with the monitored jurisdiction. The method also includes a step of storing a list including the at least one communication identifier. Only network communication having communication identifiers included in the list are monitored.

Abstract: Systems and methods for enciphering data are provided. In one embodiment, information is enciphered using a variable block length cipher that returns the encrypted symbol set in the same format as the plaintext symbol set. The cipher can be based on DES, AES or other block ciphers. In one example implementation a method for enciphering token information the invention provides for enciphering token information by constructing a tweak of a defined length using token information; converting the tweak to a bit string of a defined size to form a first parameter; converting a number of digits of plaintext to a byte string of a defined size to form a second parameter, wherein the number of digits converted varies; defining a data encryption standard key; applying the data encryption standard key to the first and second parameters; computing a specified number of encryption rounds; and receiving enciphered token information.

Abstract: A computer-implemented method for detecting suspicious web pages. The method may include 1) identifying a plurality of malicious web pages; 2) establishing a classification model for identifying suspicious web pages, the classification model being based at least in part on the plurality of malicious web pages; 3) identifying an additional web page; 4) classifying the additional web page as suspicious using the classification model; 5) analyzing the additional web page to determine whether the additional web page is malicious; 6) determining that the additional web page is malicious based on the analysis; and 7) updating the classification model based at least in part on the determination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A server migration tool used to construct data center migration scenarios allowing for a user to rapidly manipulate a large number of input parameters required to describe a transformation from one data center configuration to a new data center configuration. The tool then performs the transformation and allows the user to interact with new data center configuration to understand its performance. A novel parameterization, speed independent service demand (SISD), greatly facilitates scaling performance metrics between different hardware platforms.

Abstract: An embodiment is directed to a hybrid cloud environment wherein a user of cloud computing services is disposed to consume cloud provided services delivered by each of a plurality of cloud computing service providers. Specified event data is received at an MCS component, wherein the event data pertains to metering events related to consumed services delivered by one or more cloud service providers. Event data includes event data furnished by one or more entities that actively monitor metering events at one or more local or remote cloud service provider locations. Event data is sent from the MCS component to a metering system, and the metering system generates reports from the event data that contains usage information on services provided by one or more cloud service providers, wherein information for a provider specifies amounts and quality of each type of service delivered to users by the provider.

Abstract: A method for forwarding resources is provided, which includes the following steps. Content-based routing is performed between a resource request entity and a resource providing entity according to a resource identifier. Information indicating content-based forwarding is generated on an intermediate route entity during routing. A resource-content-based forward path is created between the resource request entity and the resource providing entity. The resource requested by the resource request entity is sent to the resource request entity by the forward path created based on the information indicating content-based forwarding. A network entity and a network system are also provided. Thus, the content-based routing is performed based on the resource identifier, and the content-based forward path is created, so that the path forwarding based on the content is realized.