Abstract: Disclosed is a system for configuring a terminal by intercepting requests, such as Input/Output (IO) requests or registry requests, evaluating rules based on the intercepted requests during runtime, and performing actions based on the rule evaluations, such as passing the request through, redirecting the request, modifying the request, hiding resources, or performing other actions. The system can be implemented in one or more of the terminal's file system filter drivers and registry filter drivers.

Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.

Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.

Abstract: A method and apparatus for providing radio communication with an electronic object in a local environment are disclosed. For example the method receives via a mobile endpoint device of a user at least one first digital certificate associated with the local environment from a trusted source, and a second digital certificate from the electronic device deployed in the local environment via a wireless connection. The method then authenticates the electronic device using the at least one first digital certificate and the second digital certificate.

Abstract: Processing streaming data in accordance with policies that group data by source, enforce a maximum permissible late arrival value for streaming data, a maximum permissible early arrival for data and/or a maximum degree to which data can be out of order and still be compliant with the out of order policy is described. The correct starting point for reading a data stream so as to produce correct output from a given output start time can be enabled using the early arrival policy. Using combinations of policies, output can be generated promptly (with low latency). When input from a given source is not disrupted, output can be generated with low latency. Output can be generated even when the input stops by applying a late arrival policy.

Abstract: The authenticity of a product associated with a host device is verified through a process. The product contains, in segments of a non-volatile memory, several different functions stored in ciphered fashion. The process involves, in a first phase, the sending by the host device of a control signal for executing a function, with the product functioning to decipher the function and store the unciphered function in the non-volatile memory. The process further involves, in a second phase, the sending by the host device of a control signal for causing execution of the deciphered function, with the product functioning to execute the function and send a result of this execution back to the host device. The host device evaluates the received result to verify product authenticity.

Abstract: An electronic device can include a processing device operatively connected to a biometric sensing device. The biometric sensing device may capture a biometric image each time a user interacts with the electronic device. When the user enters user identification data (UID) and a biometric image was recently captured, the biometric image is tagged with the UID. The user can access the electronic device and/or an application being accessed on the electronic device when a subsequently captured biometric image matches a tagged biometric image or an untagged biometric image that is assigned to a cluster that includes a tagged biometric image.

Abstract: A packet obfuscation method comprising receiving a data packet having a routing header portion and a payload portion, performing a first obfuscation on the routing header portion to generate an obfuscated routing header portion, performing a second obfuscation on at least the payload portion to generate an obfuscated payload portion, and combining the obfuscated routing header portion and the obfuscated payload portion to form an obfuscated packet. A packet forwarding method comprising obfuscating routing information using a packet obfuscation function, generating a plurality of forwarding rule entries in accordance with the obfuscated routing information, transmitting the plurality of forwarding rule entries to at least one network node in a network, transmitting the packet obfuscation function to at least one network node in the network, and transmitting a de-obfuscation function to at least one network node in the network.

Abstract: A method of authenticating a user of an image forming apparatus is provided that includes receiving, at the image forming apparatus, a one-time password (OTP) generating request, generating, at the image forming apparatus, an OTP according to the OTP generating request, receiving, at the image forming apparatus, an authentication request, from the host apparatus, including the OTP, and when the OTP received from the host apparatus matches the OTP generated according to the OTP generating request and absent a condition, approving an access to the image forming apparatus.

Abstract: Systems and methods for normalization of physical interfaces having different physical attributes are provided. According to one embodiment, information regarding multiple network devices is presented to a network manager. The network devices have one or more different physical attributes. Two physical attributes of two network devices that are to be normalized and that are among the one or more different physical attributes are identified. The physical attributes are normalized by creating a virtual attributes to which both correspond. A policy applicable to the virtual attribute is received. Configuration files, in which policies or rules contained therein are implemented in terms of the virtual attribute, are created for the network devices while they are offline. Physical attribute configurations for the physical attributes are resolved during installation of the network devices by resolving references to the virtual attribute in the configuration files into the respective physical attributes.

Abstract: Disclosed are various embodiments for facilitating collaboration among users for network-shared documents. A computing environment can identify that a particular identifier was used in a communication regarding a file being accessible on various client devices. A suitable task to perform in association with at least one of the plurality of client devices can be identified based on the identifier and a determination can be made whether performance of the task would comply with at least one compliance rule. In response to the performance of the task complying with the at least one compliance rule, the task can be performed.

Abstract: A user input is received for accessing a page in an application. Page display element metadata is retrieved that defines how the display elements are related to other objects in the application. It is determined whether the user has license rights and user permissions to access the information represented by the related objects. If not, the display elements are removed, hidden or disabled and a remainder of the page is rendered.

Abstract: Technologies are generally described for time-correlating administrative events within virtual machines of a datacenter across many users and/or deployments. In some examples, the correlation of administrative events enables the detection of confluences of repeated unusual events that may indicate a mass hacking attack, thereby allowing attacks kicking network signatures to be detected. Detection of the attack may also allow the repair of affected systems and the prevention of further hacking before the vulnerability has been analyzed or repaired.

Abstract: A device-installation-information distribution apparatus for distributing device installation information including a function of installing program on an information processing apparatus to enable the information processing apparatus to use a device over a network and a function of configuring operation settings of the program includes a distribution request obtaining unit configured to obtain a distribution request, which is transmitted from the information processing apparatus, requesting to distribute the device installation information, a device-installation-information update unit configured to obtain login information for use in logging into the information processing apparatus at a privilege authorized to install software based on the obtained distribution request and device installation information for the target device and update the device installation information by adding the login information to the device installation information, and a device-installation-information distribution unit configur

Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: A method in a cloud-based security system includes operating a Domain Name System (DNS) resolution service, proxy, or monitor in the cloud-based security system; receiving DNS records with time-to-live (TTL) parameters; checking the TTL parameters for indication of a fast flux technique; and detecting domains performing the fast flux technique based on the DNS records. A cloud-based security system includes a plurality of nodes communicatively coupled to one or more users; and a Domain Name System (DNS) service providing a resolution service, proxy, or monitor in the cloud-based security system; wherein the DNS service is configured to receive DNS records with time-to-live (TTL) parameters; check the TTL parameters for indication of a fast flux technique; and detect domains performing the fast flux technique based on the DNS records.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, storing the permission and identity information in a data file, determining for the application and a file of the set of files, privileges available to the application for the available authority based on the stored data file, determining a set of privileges needed by the application to access the file based on the stored data file, selecting privileges for a user of the application based on set of privileges needed by the application and the authority available to the application, and assigning the privileges for the user based on the selected privileges.

Abstract: Various aspects directed towards a wearable identity manager system are disclosed. In a first aspect, an association status between a user and a wearable identity manager device is ascertained based on whether the wearable identity manager device is worn by the user, and motion data associated with a movement of the wearable identity manager device is monitored. Authentication data, which includes the motion data, is then transmitted based on the association status. In another aspect, an association status between a user and a wearable identity manager device is again determined based on whether the wearable identity manager device is worn by the user. Here, however, the wearable identity manager device is paired with a pairing device, and authentication data is transmitted to the pairing device based on the association status to facilitate a user authentication via the pairing device.

Abstract: To provide for security and robustness in distribution of high value video content such as UHD video, a white list is provided that does not grant default access to content like a revocation listing does, but rather forces a software update on potentially compromised devices to bring them back into copy protection compliance, eliminating, e.g., the use of certain outputs that have been compromised. Prior to outputting content, a source device determines whether the receiving device is on a white list, whether the output is still valid, whether the version number of the receiving device is still valid, and that the receiving device does not have insecure outputs on which it could re-output content.

Abstract: As individuals increasingly engage in different types of transactions they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (Short Message Service, Multimedia Message Service, etc.) messaging, an infrastructure that enhances the security of the different types of transactions within which a wireless device user may participate through a Second Factor Authentication facility. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.