Abstract: A method, system and computer program product for allowing a user to easily collaborate with users from different organizations. In response to authenticating the user to access the environment of the user's home organization, a list of outside organizations where the user has visitor status is obtained. Outside organization(s) in the list of outside organizations that have content to be viewed by the user are identified. An object associated with the user's home organization, objects associated with the outside organizations where the user has visitor status as well as indications (e.g., star) associated with those outside organizations that have content to be shared with the user are displayed on the user interface of the user's computing device. In this manner, the user will be able to collaborate with an outside organization that has content to be shared in response to selecting the object associated with the outside organization.

Abstract: A non-transitory machine-readable storage medium encoded with instructions for execution by a keyed encryption operation by a cryptographic system mapping an input message having an encoded portion and a padding portion to an output message, including: instructions for receiving a padding value k; instructions for receiving the input message, wherein the padding portion has a size indicated by the padding value k; instructions for computing a first portion of the encryption operation to produce a first portion output; instructions for computing a compensation factor corresponding to the padding portion of the input message; and instructions for compensating the first portion output based upon the compensation factor.

Abstract: A computer-implemented method for protecting virtual machine program code may include (1) identifying one or more software program functions developed for execution in a virtual machine to be protected against reverse engineering, (2) converting one or more of the software program functions to native code for the computing device, (3) obtaining a memory address of one or more virtual machine functions, (4) generating one or more at least partially random alphanumeric values to identify the memory address of the virtual machine functions, (5) invoking the converted native code using a native code interface for the virtual machine, and (6) invoking one or more of the virtual machine functions from the converted native code using the alphanumeric value. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An authorization prompt issued from a server is detected, and previously-entered account information, is accessed on a user device. A selectable display element corresponding to each set of entered account information is displayed. User selection or actuation of a given display element is received, and the corresponding account information is retrieved and used to log onto the server that issued the authentication prompt.

Abstract: A system can include a mobile computing device and a wearable computing device. The wearable computing device can include a sensor that outputs an indication that the wearable computing device is not being worn. Responsive to receiving the indication that the wearable computing device is being not being worn, one or both of the devices can be operable to change an access mode of computing environment provided by the respective device from an increased access mode to a reduced access mode.

Abstract: Technology is described for monitoring computing instance launch times. A launch plan for launching a computing instance in a computing service environment may be identified. A predicted launch time for launching the computing instance on a selected physical host in the computing service environment may be determined using a launch time prediction model. An actual launch time for launching the computing instance in the computing service environment may be identified. The predicted launch time that is determined using the launch time prediction model may be compared with the actual launch time for launching the computing instance in the computing service environment. The actual launch time may be determined as not being within a defined threshold of the predicted launch time. An alert may be generated to indicate that the actual launch time is not within the defined threshold of the predicted launch time.

Abstract: An information processing apparatus according to the present invention is arranged in a client terminal connected to a server storing data via a network, wherein the information processing apparatus receives requests from one or a plurality of applications in the client terminal and controls transmission and reception of information to/from the server. The information processing apparatus includes an authentication information storage unit for storing authentication information of a user for accessing the server, and a request transmission unit for attaching the authentication information of the user of the client terminal to a request based on the request given by the application of the client terminal, and transmits the request to the server.

Abstract: Various disclosed embodiments include methods and systems for provisioning traversal using relays around network address translation (TURN) credentials and servers for network address translation/firewall (NAT/FW) traversal via a Voice-over-Internet-protocol/Web Real-Time Communication (VoIP/WebRTC) signaling channel. The method comprises receiving, at a signaling gateway, a signaling message from a first electronic device (ED) when the first electronic device registers with the signaling gateway or sends other signaling messages for requesting a TURN credential. The signaling message comprises one or more signaling message parameters. The signaling message further comprises a request that the signaling gateway generate a TURN credential for the first electronic device, the TURN credential associated with the one or more signaling message parameters. The method comprises sending, from the signaling gateway, the TURN credential to the first electronic device.

Abstract: Authentication method by one-time password from a user (10) having a computer terminal (11) and a telephone terminal (12) who wishes to access an online resource from an information system (20), the method including a step of triggering a call to said telephone terminal with a caller identifier including the one-time password.

Abstract: A method for authenticating a transmitter to a receiver, as well as for the protected transmission of messages; both the transmitter, as well as the receiver at least having a first common key; a random number, as well as at least one first partial code of a first code calculated from the random number with the aid of the first key from the receiver to the transmitter being transmitted in a synchronization message; the first partial code being checked by the transmitter; a first counter being generated by the transmitter; useful data, as well as a first partial counter of first counter and at least one second partial code of a second code calculated with the aid of a second key being transmitted by the transmitter to the receiver in a message; and the receiver checking the second partial code to verify the transmitter, as well as the transmitted message.

Abstract: Methods of extending capabilities of authenticated code modules (ACM) with minimal increase in code size comprises defining an authenticated code module (ACM) extension module using an entry of a Firmware Interface Table (FIT). The FIT contains a starting address of the ACM extension module that is located outside of a protected boot block. Based on the ACM extension module having been authenticated, the ACM and the ACM extension module may be processed together.

Abstract: An image processing apparatus includes an imaging unit, an authenticating unit, and a controller. The imaging unit acquires a face image of a user. The authenticating unit performs a first authentication process based on the face image and a second authentication process based on information other than the face image. The controller suspends the first authentication process based on the face image while maintaining the imaging unit in an activated state when the authenticating unit performs the second authentication process.

Abstract: Techniques are described for controlling access to an online service by a one or more authentication mechanisms based on device, browser, or location, or a combination of the three. A method comprises receiving a request to access a service, receiving, in association with the request, a first access mechanism, receiving a first and second level of authentication associated with the user requesting the service, updating authenticated-mechanism data to indicate that the first access mechanism is an authenticated access mechanism for the particular user, receiving a second request to access the service, in response to receiving a second request, determining whether the second access mechanism is an authenticated access mechanism for the particular user, upon determining that the second access mechanism is not an authenticated mechanism, requesting a second level of authentication for the particular user, otherwise granting access.

Abstract: Active disablement of a target device that is reported as lost or stolen, even if the device no longer has a cellular link. A service assembles a list of target devices that have been reported as lost or stolen, and transmits at least a subset of the assembled list of target devices to candidate proximate systems. If one of the candidate proximate system receives an identification signal from a target device that is on the received list, the proximate system commands the target device to at least partially disable itself. The target device then disables as commanded, and the proximate system may acknowledge the same to the service.

Abstract: A system and method can support dynamically scaling up/down transactional resources in a transactional middleware machine environment. Transactional resources, such as groups and machines, can be added or removed using a dynamic resource broker according to resource usage changes. The transactional middleware machine environment can comprise a deployment center in the transactional middleware machine environment, wherein the deployment center maintains one or more deployment policies for the transactional middleware machine environment and one or more deployment agents. Each of the one or more deployment agents is associated with a transactional middleware machine of a plurality of transactional middleware machines in a transactional domain in the transactional middleware machine environment.

Abstract: According to an embodiment, an information processing apparatus includes a secure OS, a non-secure OS, and a monitor. The monitor is configured to switch between the OSs. The secure OS includes a memory protection setting controller, a processing determination controller, and a secure device access controller. The memory protection setting controller is configured to set a protection address in a memory for each certain processing. The processing determination controller is configured to receive an access type, a physical address of an access destination, and data to be written, acquire a list of processing, and determine a type of processing to be performed. The secure device access controller is configured to receive the access type, the physical address of an access destination, and data to be written, and access a peripheral identified by the physical address.

Abstract: According to an embodiment, an information processing apparatus includes a main processor, a secure operating system (OS) module, a non-secure OS module, a secure monitor memory setting module, a timer, and an address space controller. When receiving a notification of an interrupt from the timer, a secure monitor instructs the secure OS module to execute certain processing. The secure OS module is configured to execute certain processing instructed by the secure monitor and store data of a result of the processing in a first memory area.

Abstract: Apps are secured or security-wrapped either before they are downloaded onto a device, such as a smart phone or tablet device, or after they are downloaded but before they are allowed to access the device operating system and cause any potential damage to the device. The app is secured before it is allowed to access the operating system of the device, thereby preventing the app from malicious behavior. App object code is substituted with security program object code, thereby creating a security-wrapped app. The app is provisioned with a geo-fencing policy which prevents execution of an app outside a pre-defined geographical area. If the device is within the defined area, the app is allowed to execute. The geographical area, such as a building or company campus, is defined using longitude and latitude coordinates and a location accuracy value. Device location is obtained using location/GPS services on the device.

Abstract: In the present disclosure, implementations of Diffie-Hellman key agreement are provided that, when embodied in software, resist extraction of cryptographically sensitive parameters during software execution by white-box attackers. Four embodiments are taught that make extraction of sensitive parameters difficult during the generation of the public key and the computation of the shared secret. The embodiments utilize transformed random numbers in the derivation of the public key and shared secret. The traditional attack model for Diffie-Hellman implementations considers only black-box attacks, where attackers analyze only the inputs and outputs of the implementation. In contrast, white-box attacks describe a much more powerful type of attacker who has total visibility into the software implementation as it is being executed.

Abstract: A communications relay apparatus for relaying communications between an electronic control unit (ECU) connected to the apparatus via an in-vehicle local area network (LAN) and an external device connected to the apparatus via a communication path different from the in-vehicle LAN. In the apparatus, a data transfer unit forwards relay data received from the ECU to the communication path and forwards relay data received from the external device to the in-vehicle LAN. But the data transfer unit is inhibited from forwarding reprogramming data for reprogramming the ECU received from the external device to the in-vehicle LAN. An authentication unit authenticates a vehicle user, and when the vehicle user is successfully authenticated, then permits the data transfer unit to forward the reprogramming data to the in-vehicle LAN.