Abstract: Mechanisms are provided for collecting configuration data from components of a managed computing system environment. A portion of code is obtained, in a data processing system, from a data collection system that does not have security credentials to allow the data collection system to directly access to the managed computing system environment. The portion of code is executed by the data processing system using security credentials maintained in the data processing system. Executing the portion of code causes the data processing system to access the managed computing system environment and collect configuration data from the managed computing system environment. The data processing system, via the portion of code, provides the configuration data collected from the managed computing system to the data collection system which stores the collected configuration data in a data storage.

Abstract: A method, computer program product, and system for transforming unit tests is described. A unit test associated with one or more software units is identified. A first input parameter of the unit test is identified. A substitute parameter value is determined, wherein the substitute parameter value is associated with a security test for the one or more software units. A value of the first input parameter in the unit test is replaced with the substitute parameter value. The unit test including the substitute parameter value is implemented for the one or more software units. A first security issue associated with the one or more software units is identified, based upon, at least in part, replacing the first input parameter of the unit test with the substitute parameter value and implementing the unit test including the substitute parameter value.

Abstract: A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit.

Abstract: A method, computer program product, and system for transforming unit tests is described. A unit test associated with one or more software units is identified. A first input parameter of the unit test is identified. A substitute parameter value is determined, wherein the substitute parameter value is associated with a security test for the one or more software units. A value of the first input parameter in the unit test is replaced with the substitute parameter value. The unit test including the substitute parameter value is implemented for the one or more software units. A first security issue associated with the one or more software units is identified, based upon, at least in part, replacing the first input parameter of the unit test with the substitute parameter value and implementing the unit test including the substitute parameter value.

Abstract: A system is configured to receive a first authentication request from a first device, authenticate the first device, establish a secure connection with the first device based on authenticating the first device, and receive, via the secure connection with the first device, a set of parameters from the first device. The first device is capable of generating an encryption key for a secure message, intended for a second device, based on the set of parameters. The system is also configured to receive a second authentication request from a second device, authenticate the second device and establish a secure connection with the second device based on receiving the second authentication request, and send, via the secure connection with the second device, the set of parameters to the second device. The second user device is capable of generating a decryption key for the secure message based on the set of parameters.

Abstract: High-security communications against information leakage as well as high-speed communications are realized using present optical fiber networks. The methods are as follows: (1) A seed key is shared between a transmitter and a receiver in advance. Random numbers are transmitted using carrier light accompanied by fluctuations and bases that are decided by random numbers. The transmitter and receiver compare a shared basis that is determined by the seed key with the random basis, and decompose the random numbers superimposed on each bit into two sequences, based on whether the shared basis coincides with the random basis or not. Error correction is processed for each sequence in the receiver, and then the random numbers are shared between the transmitter and the receiver. (2) The amount of the random numbers shared between the transmitter and the receiver is reduced to secret capacity through privacy amplification, and the resultant random numbers are used as a secret key.

Abstract: In an encrypted storage system employing data deduplication, encrypted data units are stored with the respective keyed data digests. A secure equivalence process is performed to determine whether an encrypted data unit on one storage unit is a duplicate of an encrypted data unit on another storage unit. The process includes an exchange phase and a testing phase in which no sensitive information is exposed outside the storage units. If duplication is detected then the duplicate data unit is deleted from one of the storage units and replaced with a mapping to the encrypted data unit as stored on the other storage unit. The mapping is used at the one storage unit when the corresponding logical data unit is accessed there.

Abstract: A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.

Abstract: A secure data storage system includes a mechanism that can be activated to inhibit access to stored data. In one embodiment, access to stored data can be prevented without having to erase or modify such data. An encryption key, or data used to generate the encryption key, is stored in an MRAM module integrated within the data storage system. The data storage system uses the encryption key to encrypt data received from a host system, and to decrypt the encrypted data when it is subsequently read by a host system. To render the stored data inaccessible, an operator (or an automated process) can expose the MRAM module to a magnetic field of sufficient strength to erase key data therefrom.

Abstract: The invention concerns a cryptographic key distribution system comprising a server node, a repeater network connected to the server node through a quantum channel, and a client node connected to the repeater network through a quantum channel; wherein in use: the repeater network and the client node cooperatively generate a transfer quantum key which is supplied to a system subscriber by the client node; the server node and the repeater network cooperatively generate a link quantum key; the repeater network encrypts the link quantum key based on the transfer quantum key and sends the encrypted link quantum key to the system subscriber through a public communication channel; the server node encrypts a traffic cryptographic key based on the link quantum key and a service authentication key and sends the encrypted traffic cryptographic key to the system subscriber through a public communication channel.

Abstract: An approach for authorizing access to computing resources (e.g., electronic files) based on calendar events (e.g., meetings of a user) in a networked computing environment (e.g., a cloud computing environment) is provided. A portion/segment (e.g., private cloud) of the networked computing environment may be designated for storing at least one electronic file to be shared (e.g., as stored in a computer storage device associated with the portion). The portion of the networked computing environment may then be associated (e.g., graphically) with an electronic calendar entry (e.g., a meeting having a set of attendees). Based on the calendar entry, a set of users (e.g., the meeting attendees) authorized to access the at least one electronic file may be determined based on the electronic calendar entry. Thereafter, access (e.g., a related permissions) to the at least one electronic file may be authorized for the set of users.

Abstract: Disclosed are various embodiments of generating a user signature associated with a user and authenticating a user. At least one behavior associated with at least one sensor in a computing device is identified. A timestamp is generated and associated with the behavior. A user signature corresponding to a user based at least in part upon the behavior and the timestamp is generated and stored.

Abstract: Similarity-based fraud detection techniques are provided in adaptive authentication systems. A method is provided for determining if an event is fraudulent by obtaining a plurality of tagged events and one or more untagged events, wherein the tagged events indicate a likelihood of whether the corresponding event was fraudulent; constructing a graph, wherein each node in the graph represents an event and has a value representing a likelihood of whether the corresponding event was fraudulent and wherein similar transactions are connected via weighted links; diffusing through weights in the graph to assign values to nodes such that neighbors of nodes having non-zero values receive similar values as the neighbors; and classifying whether at least one of the one or more untagged events is fraudulent based on the assigned values.

Abstract: Embodiments of apparatus, systems and methods facilitate deployment of distributed computing applications on hybrid public-private infrastructures by facilitating secure access to selected services running on private infrastructures by distributed computing applications running on public cloud infrastructures. In some embodiments, a secure tunnel may be established between proxy processes on the public and private infrastructures and communication between the distributed computing application and the selected services may occur through the proxy processes over the secure tunnel.

Abstract: A mechanism for the flow of access by derivation is provided. An access point may be any object, such as files or functions, to which the access recipient is granted access rights by the access provider. Access is typically represented by a relationship object referencing the access provider function, the access recipient function, and the access point object, and a set of access rights. This membership access relationship object is typically represented as a subtype of the access relationship. When a membership access relationship is created, typically a new associated persona function is generated, representing the new identity created for the access recipient function while serving as a member of the access point function. When a persona function is invited to be a member in another function, that in turn generates a membership and a second persona that is derived from the first persona, resulting in identity derivation.

Abstract: A method is provided for protecting data content against illegal copying. The data content is provided by an entertainment system and is output to output units in an authorized playback environment for playing back the data content. The method includes transmitting the data content in the authorized playback environment from the entertainment system to an output unit, and adding an interference signal to the data content such that, during playback of the data content outside the authorized playback environment a disruption is induced.

Abstract: Systems and methods are provided for intrusion detection. The systems and methods may include receiving transaction information related to one or more current transactions between a client entity and a resource server, accessing a database storing a plurality of transaction groups, analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups, and based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server. The transaction groups may be formed based on a plurality of past transactions between a plurality of client entities and the resource server. Identity information of a user associated with the one or more current transactions may also be received along with the transaction information. The user may be associated with at least one of the plurality of transaction groups.

Abstract: Methods, apparatus, systems and computer program products are described and claimed that provide for automatically and positively determining that an associate accessing a business domain/application using an application-specific associate identifier is the same associate that is accessing another business domain/application using another application-specific associate identifier. Once the positive determination of same associate is made, a federated identifier key is generated and applied to all of the platforms in which the associate can be positively identified, so as to globally identify the associates across multiple enterprise-wide domains/applications. As such, the present invention eliminates the need to manually analyze associate data to determine if an associate interfacing with one domain/application is the same associate interfacing with another domain/application.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting an item has been transferred from a first user to a second user; and presenting, via the computing device, one or more highlighted portions of the item, the one or more highlighted portions being highlighted in response, at least in part, to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: An embodiment of the invention provides a data encryption method for an electrical device. The method comprises: generating an identification code corresponding to the electrical device; generating a temporary key according to the identification code; encrypting first data to generate a first secret key according to the temporary key and a first encryption mechanism; and encrypting the first secret key by a second encryption mechanism to generate an encrypted key.