Abstract: A request for a first resource by a user is received. In response to receiving the request for a first resource, a second resource is determined based on the first resource and a resource usage pattern of the user. A response to the request for the first resource is provided. The response includes the first resource and the second resource.

Abstract: Risk-based credential management is provided. A request to checkout credentials is received. The credentials are associated with at least one managed resource. A risk value of the request is determined. The determination of the risk value is based, at least in part, on risk information of the requesting device. A determination is made whether to deny the request based, at least in part, on the risk value and a first predetermined threshold of a checkout policy.

Abstract: Risk-based credential management is provided. A request to checkout credentials is received. The credentials are associated with at least one managed resource. A risk value of the request is determined. The determination of the risk value is based, at least in part, on risk information of the requesting device. A determination is made whether to deny the request based, at least in part, on the risk value and a first predetermined threshold of a checkout policy.

Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.

Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.

Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.

Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.

Abstract: A mechanism is provided for authenticating a second terminal based on information sensed by a first terminal. Responsive to receiving an authentication request, a first output request is sent to a second terminal instructing the second terminal to generate information able to be sensed by a sensor in a first terminal. An authentication of the authentication request is performed based on a condition that the sensor in the first terminal has sensed the information generated by the second terminal.

Abstract: A mechanism is provided for sending a password to a terminal. A password send request is received. The status of each of a plurality of terminals coupled to the information processing device via a network is acquired. On the basis of the acquired statuses, at least one item is selected from a group comprising the terminal serving as a destination for the password, the communication method with the terminal, or the method for inputting the password in the terminal. The password is then sent to the selected terminal via a network.

Abstract: Monitoring across multiple-channels, used by multiple devices, to determine which email messages being sent to a user are solicited by the user. A broad spectrum of network and telephony access records are analyzed to determine whether an email message is likely being sent as a result of legitimate services access by the user.

Abstract: A role and entitlements mining system uses network intelligence to facilitate role definition. The system records traffic on a network. The traffic is analyzed to identify the user and application involved. The matched data is then provided to an analytics engine, which analyzes that data to attempt to derive an initial set of one or more roles and the application entitlements for each role. Each role derived by the analytics engine identifies one or more users who are identified as belonging to the role, as well as one or more application entitlements. Preferably, one or more directory services are then interrogated for known group and user relationships to detect whether the roles identified by the analytics engine can be modified or enriched. Evaluation of the known group and user relationships provides a way to identify a more granular set of role definitions. A role-based access control policy is then generated.

Abstract: A binary library overload instruction is received at an embedded computing device that executes a write-protected firmware build. The binary library overload instruction specifies a write-protected binary library of the write-protected firmware build to be overloaded by execution of an alternative binary library instead of the write-protected binary library of the write-protected firmware build. The alternative binary library is configured within a random access memory (RAM) storage area to execute instead of the write-protected binary library as specified in the received binary library overload instruction. The write-protected firmware build is executed using the alternative binary library instead of the write-protected binary library specified in the binary library overload instruction.

Abstract: A binary library overload instruction is received at an embedded computing device that executes a write-protected firmware build. The binary library overload instruction specifies a write-protected binary library of the write-protected firmware build to be overloaded by execution of an alternative binary library instead of the write-protected binary library of the write-protected firmware build. The alternative binary library is configured within a random access memory (RAM) storage area to execute instead of the write-protected binary library as specified in the received binary library overload instruction. The write-protected firmware build is executed using the alternative binary library instead of the write-protected binary library specified in the binary library overload instruction.

Abstract: A computer detects fraudulent access to user accounts of a network application. The computer receives user account usage profile information for a plurality of user accounts. Rules are determined, based in part on the user account profile information, that define account usage patterns across two or more user accounts that identify fraudulent user account usage. The computer receives user account usage event information for a plurality of user accounts. Based on the determined rules, the computer identifies fraudulent user account usage patterns in the user account usage event information and transmits a security alert to the user accounts associated with the identified fraudulent user account usage pattern.

Abstract: A computer detects fraudulent access to user accounts of a network application. The computer receives user account usage profile information for a plurality of user accounts. Rules are determined, based in part on the user account profile information, that define account usage patterns across two or more user accounts that identify fraudulent user account usage. The computer receives user account usage event information for a plurality of user accounts. Based on the determined rules, the computer identifies fraudulent user account usage patterns in the user account usage event information and transmits a security alert to the user accounts associated with the identified fraudulent user account usage pattern.

Abstract: A system and method for protecting a user from offensive behavior in communications and notifying the user and/or an enforcement entity of the offensive behavior. The offensive content analysis system monitors communications between users for offensive behavior. The offensive content analysis system may measure the level of current offense in the communication and determine a historical offensive behavior pattern for the user. The offensive content analysis system may then determine if the offensive behavior, both current and historical, rises to a threshold behavior level. The offensive content analysis system may take notification action if the offensive behavior meets the threshold level.

Abstract: A binary library overload instruction is received at an embedded computing device that executes a write-protected firmware build. The binary library overload instruction specifies a write-protected binary library of the write-protected firmware build to be overloaded by execution of an alternative binary library instead of the write-protected binary library of the write-protected firmware build. The alternative binary library is configured within a random access memory (RAM) storage area to execute instead of the write-protected binary library as specified in the received binary library overload instruction. The write-protected firmware build is executed using the alternative binary library instead of the write-protected binary library specified in the binary library overload instruction.

Abstract: A binary library overload instruction is received at an embedded computing device that executes a write-protected firmware build. The binary library overload instruction specifies a write-protected binary library of the write-protected firmware build to be overloaded by execution of an alternative binary library instead of the write-protected binary library of the write-protected firmware build. The alternative binary library is configured within a random access memory (RAM) storage area to execute instead of the write-protected binary library as specified in the received binary library overload instruction. The write-protected firmware build is executed using the alternative binary library instead of the write-protected binary library specified in the binary library overload instruction.

Abstract: An identity management (“IdM”) system can change the credentials at certain intervals. If credentials change, there is no way for an application that uses the credentials to know that the credentials have changed because the application dependency relationships are unknown. When service account credentials change, credentials are typically manually updated for each dependent application. Some embodiments of the inventive subject matter allow IdM systems to track application dependencies for service accounts. The IdM systems can detect when service account credentials change and automatically notify dependent applications of the new service account credentials.

Abstract: A drug interaction utility can retrieve the patient's current medications from a medication information card on the smart card by interacting with an identity selector on the provider's computer. The identity selector can transmit the current medications to the drug interaction utility without disclosing any information about the current medications to the provider and without disclosing any information identifying the patient to the drug interaction utility.