Abstract: A system and method that identifies and effectuates communication between a connectable client and a wireless human interface device. The wireless human interface device utilizes technologies to abstract the complexities of IP based wired and wireless networks to provide mechanisms to easily discover, associate, utilize and diagnose the wireless human interface device. Through the ensuing abstraction the wireless human interface device can be associated with an unlimited number of connectable networked clients or hosts thus eliminating the requirement of analog switch boxes to connect human interface devices to each connectable host or client, and further providing for the control of local and/or Internet based hosts or clients.

Abstract: In one embodiment, a method includes obtaining at least one packet from a first element on a Universal Serial Bus (USB) bus. The at least one packet is intended for a second element. The method also includes processing the at least one packet to determine whether the at least one packet is associated with unsafe content, and providing the at least one packet to the second element if it is determined that the at least one packet is not associated with the unsafe content. The at least one packet is provided to the second element on the USB bus. Finally, the method includes blocking the at least one packet from being provided to the second element when it is determined that the at least one packet is associated with the unsafe content.

Abstract: A method for the protected deposit of event protocol data of a computer system provides access control which prohibits access to event protocol data in the computer system and also performs: reading event protocol data generated in the computer system, sequential assignment of individual data sections of the read event protocol data to one of at least two categories in accordance with predetermined criteria, merging the categorized data sections for each respective category into a sub-file, and separate storage of created sub-files and setting up an access option to access the individual sub-files.

Abstract: Embodiments of the present invention provide methods, systems, and computer program products that enable secure network communications with logical partitions. A gateway between a physical network adapter and at least one virtual network trunk adapter receives a packet. The gateway tags the packet with an indication of an origin of the packet. The gateway delivers the tagged packet to an intrusion prevention system for intrusion analysis. When the gateway receives the tagged packet from the intrusion prevention system, the gateway forwards the tagged packet according to the indication of origin of the tagged packet.

Abstract: Systems, methods and media are provided for selective decryption of files. One method includes monitoring a secure file storage area including at least one file using a selective decryption process associated with the secure file storage area. Content of each of the at least one file is protected with an encryption. The method also includes detecting a request by an application program for one of the at least one file. The method further includes determining whether the application program needs to access the content of the requested file. The method also includes, when it is determined that the application program does not need to access the content of the requested file, allowing the application program to access the file content without decrypting the encryption.

Abstract: A notification is received at a workload that indicates that a compliance policy update is available for the workload at a compliance policy management system. A synchronization manager on the workload pulls the compliance policy update from the compliance policy management system and deploys it to the workload.

Abstract: A device for verifying at least one challenge-response pair includes a coherent light source configured to emit coherent light. A challenge creating device is configured to create an optical challenge to be sent to a physically unclonable function (PUF). A wavefront shaping device is configured to perform a verification based on an optical response from the physically unclonable function (PUF). A detector is configured to read out a result of the verification performed by the wavefront shaping device. A focusing device is configured to focus light exiting from the wavefront shaping device onto the detector for detection.

Abstract: The system and method described herein may provide unified transport and security protocols. In particular, the unified transport and security protocols may include a Secure Frame Layer transport and security protocol that includes stages for initially configuring a requester device and a responder device, identifying the requester device and the responder device to one another, and authenticating message frames communicated between the requester device and the responder device. Additionally, the unified transport and security protocols may further include a Secure Persistent User Datagram Protocol that includes modes for processing message frames received at the requester device and the responder device, recovering the requester device in response to packet loss, retransmitting lost packets sent between the requester device and the responder device, and updating location information for the requester device to restore a communications session between the requester device and the responder device.

Abstract: Disclosed are methods and devices for provisioning authorization claims, which are enforced to control access of users to objects (resources) in a computer system, and which are to be equivalent to an attribute-based access control (ABAC) policy. A policy converter according to the invention includes a policy processor processing the policy by partial evaluation against attribute values of the users, objects or permission levels in the system and outputting simplified policies, which are subject to reverse evaluation in a reverse policy evaluator, whereby users, objects and permission levels to be associated by way of a single authorization claim are obtained. Responsible for the defining of the authorization claim and its distribution in the computer system are an authorization claim generator and an authorization claim distribution interface. The invention may be so configured as to return a single authorization claim for each combination of an object and a permission level.

Abstract: Systems and techniques for granting of network access to a new network device are described. Specifically, various techniques and systems are provided for connecting a new network device to a network and limiting access of the network device while authenticating the new network device. Exemplary embodiments of the present invention include a computer-implemented method.

Abstract: A computing device can enable a user to navigate to an application or other digital object directly from a lock screen of the device. A user can specify a credential, such as a short code, that is associated with a specific application. If the credential is recognized, the device can be unlocked and the corresponding application displayed. The user can then be granted full or partial access to functionality and/or data of the device, as may depend at least in part upon the type of credential or a level of access specified for the credential. The credential can be based at least in part upon, or independent of, a general unlock credential for the device. In some embodiments, the user can be able to specify the amount and/or type of access to be granted under a credential, such as access only to utilize the corresponding application.

Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: An information processing system includes a device registration unit that stores device identification information of a device in a first storage unit in response to a device identification information registration request, a generation unit that generates user identification information of an unspecified user of the device, an authentication unit that performs authentication in response to an authentication request from the device and associates user identification information of a specified user specified in the authentication request with the device when the authentication performed in response to the authentication request is successful, and a processing unit that executes a process according to the user identification information associated with the device in response to a request from the device that has been successfully authenticated.

Abstract: A user device may access a remote conference management application and setup a conference customized for the user. For example, one method of operation may include transmitting a notification to a user device of an upcoming scheduled meeting time and receiving a confirmation that the scheduled meeting is a valid meeting time. The method may also include receiving at least one instruction from the user device regarding the meeting time, loading a data file sequence stored in a user account, and transmitting the data file sequence to a presentation management device.

Abstract: Systems and methods are disclosed for computer-based user authentication to prove user identity or to approve access to a resource such as a computer system, in which a user performs a set of actions on at least one verification image on a display screen. Users are authenticated by a computer comparing the set of actions against a key definition for the verification image. The set of actions may include selecting at least one target location on the image, selecting target locations in a selected order, selecting the target locations with a selected pattern, selecting at least one overlay with which to cover a one target location, superimposing a target location with a selected overlay, covering the target locations with overlays in a selected superimposing order; and covering the target locations with overlays in a selected superimposing pattern.

Abstract: A mechanism for protecting integrated circuits (IC) from security attacks includes an IC having components that may store one or more data items and may perform a number of functions and which produce resulting events. The IC may also include a security module that may modify signals and events provided to the components such that the resulting events are modified in a non-effectual way but that causes the events to be non-deterministic relative to an event that is external to the integrated circuit when the resulting events are viewed externally to the IC. This may result in obscuring the data, and the functions from being observed from external to the IC, particularly when using an IR laser probe.

Abstract: Method for providing user-to-user delegation service in federated identity environment, characterized in that it comprises a delegation or assignment step wherein a delegator specifies said delegation at an identity provider for delegating a privilege or task to a delegatee to be performed at a service provider.

Abstract: The invention relates to a method, comprising: registering user groups to a video game server, and assigning video game identifiers for the user groups; authenticating a video game identifier and an authorization certificate input by a user; and registering the user to the video game server and the user groups if both the video game identifier and the authorization certificate are successfully authenticated. And a system, comprising: means for registering user groups to a video game server and assigning video game identifiers for the user groups; means for authenticating a video game identifier and an authorization certificate input by a user; and means for registering the user to the video game server and the user groups when both the video game identifier and the authorization certificate are successfully authenticated.

Abstract: Systems and methods may provide for receiving an authentication input and determining an authentication orientation of a mobile platform during entry of the authentication input. In addition, a determination may be made as to whether to validate a user based on the authentication input and the authentication orientation of the mobile platform. Platform orientation may also be used to detect malware.

Abstract: A system for software license control is described that is particular useful for use in a virtualized system, such as a cloud computing system. A module can be made available for use within the virtualized network, wherein a license fee is payable for use of the module. The module includes a license file that can be located wherever it is required. In addition, a central license file is provided at an administration node. The central license file is configured such that it can only be operated from that administration node, thereby preventing the copying of that file. The license file operating in the virtual network communicates with the central license file. The central license file controls the use of the licensed module.