Abstract: A system and method are provided to monitor and prevent potential enterprise policy and/or rule violations by subscribers. A node filters requests to send a selected communication and/or content and/or provide a nonsubscriber with access to the selected communication and/or content against plurality trusted groupings to determine if the nonsubscriber is a member of a trusted group. The nonsubscriber is provided with the selected communication and/or content when he or she is a trusted group member and restricted from receiving and/or accessing the at least a portion of the selected communication and/or content when he or she is not in a trusted group or is in a trusted group not privileged to receive the information. The nonsubscriber can be a member of multiple trusted groups, based on the nature of the relationship of the nonsubscriber with the enterprise.

Abstract: A computing device is described that outputs for display at a presence-sensitive screen a lock screen graphical user interface. The lock screen graphical user interface includes a widget region and an unlock region. The widget region includes a widget and an overlay that at least partially obscures the widget. The computing device receives an indication of a user input and determines a characteristic of the user input. In response to determining that the determined characteristic satisfies a threshold, the computing device removes the overlay from the widget region.

Abstract: Some embodiments provide firewalls and methods for guarding against attacks by leveraging the Document Object Model (DOM). The firewall renders the DOM tree to produce a white-list rendering of the data which presents the non-executable elements of the data and, potentially, outputs of the executable elements of the data without the executable elements that could be used to carry a security threat. Some embodiments provide control over which nodes of the DOM tree are included in producing the white-list rendering. Specifically, a configuration file is specified to white-list various nodes from the DOM tree and the white-list rendering is produced by including the DOM tree nodes that are specified in the white-list of the configuration file while excluding those nodes that are not in the white-list. Some embodiments provide a hybrid firewall that executes a set of black-list rules over white-listed nodes of the DOM tree.

Abstract: An instant message is received, converted to blog-compatible information, and posted on a blog.

Abstract: Disclosed is a device including: a control section; a tamper detection section to detect changes of predetermined states of a plurality of pre-defined parts of the device, and to output detection information; a storage section to store the detection information, and request information for requesting the tamper detection section to detect a change of a predetermined state of a specific part of the plurality of parts, wherein when a main power supply section of the device is in an off-state, the electric power is supplied to the control section, the tamper detection section and the storage section from a standby power supply section, and the control section controls the tamper detection section and the storage section so that the tamper detection section detects the change of the predetermined state of the specific part in accordance with the request information, and the storage section stores the detection information.

Abstract: A method and apparatus for configuring and managing policy configuration associated with a plurality of interfaces of a plurality of devices in a network are provided. This method is executable in a processing system. The processing system includes a processor coupled to a display and user input device. The method comprises displaying an icon corresponding to a device in the network, a plurality of interface indicia associated with traffic flow through the device policy-related information of devices in a network, and, a pair of traffic indicia that indicate a direction of traffic flow with respect to the plurality of interface indicia and the icon. A signal is then accepted from the user input device to indicate selection of an interface indicium. Finally, the policy information of an interface associated with the interface indicium is displayed in accordance with a direction of traffic flow in response to the signal from the user input device.

Abstract: A method and system for customer incentive-based management of computing resource utilization. According to one embodiment, a method may include provisioning a computing resource according to a given level of resource utilization, and dynamically predicting utilization of the computing resource that is expected to occur during a given interval of time. In response to dynamically predicting that utilization of the computing resource will be less than the given level of resource utilization during the given interval of time, the method may further include offering an incentive to a customer to utilize the computing resource during at least a portion of the given interval of time.

Abstract: Methods and apparatus for managing devices and content in a network environment. In one implementation, a method of adding a client as a member of a hub network includes: detecting a client connected to a server in a hub network; authenticating said client; authorizing said client; and adding said client as a member in said hub network.

Abstract: A user is aided in using an application program. A method may include receiving an input in a computer system upon a user dropping an electronic message object in a graphical user interface of an application program. Upon receiving the input, an information portion is extracted from the electronic message object. An operation is performed in the application program with the extracted information portion as a parameter, wherein the electronic message object is not stored in association with the application program. When the performed operation includes a data repository query, a learning function or an ambiguity-resolving feature may be used.

Abstract: A method for providing access to secure peer-to-peer communications to a device can include receiving a request to join an interest group. The request can include a device identification number of the device. The method can further include determining access rights for the device. The access rights can include permission to access shared messages of the interest group. Additionally, the method can include providing an access key to the device. The access key can enable the device to access shared messages of the interest group.

Abstract: An improved user experience at a local client computer that is coupled to one or more remote servers over a WAN is provided by an arrangement in which data and files that are likely to be needed by a user during a work session are identified through the application of one or more heuristics and then pre-fetched to be made available in advance of the session's start. The pre-fetching of the data and files may be performed as the client computer goes through its startup or boot process. When the startup is completed and the desktop applications become ready for use, the data and files that the user needs to immediately begin work are already available at the local client computer.

Abstract: An MTA certificate containing a public key is provided to a provisioning server, typically via an MIB. The provisioning server retrieves configuration information associated with the MTA. A symmetric session key is randomly generated and used to encrypt the configuration information. The public key is used to encrypt the symmetric key. The encrypted session key is combined with the encrypted configuration information into a composite file, and the composite file is distributed to the device that contains the MTA. The MTA device decrypts the session key using its private key that corresponds to the public key and the decrypted session key is used to decrypt the configuration information. The decrypted configuration information is used to complete initialization of the MTA device.

Abstract: A system and method is provided for enabling identification of network users having similar interests and for facilitating communication between them. An Internet-based (or “on-line”) application is provided that: 1) facilitates the identification of users having similar interests using web-browsing behavior; 2) determines the virtual distance between web sites; and 3) utilizes profiling techniques and user-supplied descriptive information to facilitate direct communication between users who need not have had prior contact, and without requiring the participation of the visited web sites.

Abstract: An information security apparatus and a security system, which prevent eavesdropping on input information input by an input device and identify eavesdroppers, includes a key input interface unit inputting secret information returns a decoy key input value when receiving a read access from unprotected domain 1011. Further, a payment-processing company, which judges whether it is possible or not to use a service such as electronic payment-processing, provides the information security apparatus with an immediate value to be used as the decoy key input value when performing an authentication. Accordingly, a person who attempts to eavesdrop on the input from a key input unit acquires the decoy key input value. If the decoy key input value is used when requesting payment-processing company to perform an authentication, the payment-processing company recognizes the person who requests the authentication as an eavesdropper.

Abstract: Included are systems and methods for resuming a previous browsing session. At least one embodiment of a method includes receiving a request to initiate a current browsing session and in response to receiving a request to initiate a current browsing session, retrieving data related to a previous browsing session, the previous browsing session being different than the current browsing session. Other embodiments include providing the retrieved data in the current browsing session such that the current browsing session is presented as a continuation of the previous browsing session.

Abstract: A security module may be configured to execute on the electronic device at a level below all of the operating systems of an electronic device accessing the one or more system resources. The security module may be configured to: trap one or more attempts to access system resources of the electronic device, the one or more attempts made from a less privileged ring of execution than the first security module; record information identifying one or more processes attempting to access the system resources of the electronic device; compare the information identifying one or more processes attempting to access the system resources with the enumerated one or more processes visible to the operating system; and based on the comparison, determine one or more hidden processes, the hidden processes determined by at least identifying processes whose information was recorded by first security module but were not enumerated by the second security module.

Abstract: A method and system to improve the retention of synchronization between the transmitter and receiver of image data across a communication channel. If the control character designating the end of the line of data is corrupted, the receiving system will not recognize that the line of data has ended and will continue as if data is still being received. The corruption of a single bit in the control character will cause the receiver to misinterpret the end of line control word. Since the receiving logic does not realize the transmitter is no longer sending data, erroneous data will be stored in the storage elements. By using an alternate control character as an additional end of line indicator, the receiver will terminate the line of data and will wait for the next start of line control character from the transmitter. Synchronization between the transmitter and receiver across the communication channel is thus maintained.

Abstract: Method and system for containing networked application client software in order to perform specified transactions only given explicit consent of a legitimate user. In one embodiment, a confirmation interceptor intercepts a service request message, queries the user of the request for a confirmation, and then either passes the service request message onto server application software or drops the request, depending on the user's confirmation response. In soliciting and processing the confirmation response, query is formulated so that the required response cannot be automatically generated by software that attempts to automate and simulate the user's actions.

Abstract: Efficient secure password protocols are constructed that remain secure against offline dictionary attacks even when a large, but bounded, part of the storage of a server responsible for password verification is retrieved by an adversary through a remote or local connection. A registration algorithm and a verification algorithm accomplish the goal of defeating a dictionary attack. A password protocol where a server, on input of a login and a password, carefully selects several locations from the password files, properly combines their content according to some special function, and stores the result of this function as a tag that can be associated with this password and used in a verification phase to verify access by users.

Abstract: Disclosed is an internet traffic monitoring method that includes a network service provider analyzing an HTTP transaction involving an internet user client. The network service provider responds to the HTTP transaction by forwarding, to the internet user client, a modified web object including a monitoring implement. After forwarding the modified web object to the internet user client, the network service provider forwards a web object, originally associated with the HTTP transaction, to the internet user client.