Abstract: As disclosed herein, a computer program product, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The computer program product further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system.

Abstract: As disclosed herein a computer system, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The computer system further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system.

Abstract: As disclosed herein, a computer program product, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The computer program product further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system.

Abstract: As disclosed herein a computer system, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The computer system further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system.

Abstract: A method, system, and/or computer program product manages a distributed denial of service attack in a multiprocessor environment. A determination is made of (a) a first upper threshold for a normal number of packets from the multiprocessor environment to multiple destination addresses, (b) a second upper threshold for a normal ratio of the packets from the multiprocessor environment to a single destination address compared to the packets from the multiprocessor environment to the multiple destination addresses, and (c) a third upper threshold for a normal ratio of packets from the multiprocessor environment to a single port at a single destination address compared to packets from the multiprocessor environment to the multiple destination addresses. In response to the first and second thresholds being exceeded, a specific port is monitored to determine if the third upper threshold is being exceeded at that port, thus indicating an apparent distributed denial of service attack.

Abstract: As disclosed herein a method, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The method further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system. A computer system, and a computer program product corresponding to the above method are also disclosed herein.

Abstract: As disclosed herein a method, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The method further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system. A computer system, and a computer program product corresponding to the above method are also disclosed herein.

Abstract: As disclosed herein a method, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The method further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system. A computer system, and a computer program product corresponding to the above method are also disclosed herein.

Abstract: A system and method to protect web applications from malicious attacks and, in particular, a system and method for identification and blocking of malicious DNS servers. The system includes a central processing unit and first program instructions. The first program instructions identify a rogue Domain Name Service (DNS) by identifying that a DNS metric is outside a historical limit. The first program instructions are stored on the computer system for execution by the central processing unit.

Abstract: A solution for computing password strength based upon layout positions of input mechanisms of an input device that entered a password. A password including an ordered sequence of at least two characters can be identified. A position of each of the characters of the sequence can be determined relative to a layout of an input device used for password entry. Each position can correspond to an input region (key) of the input device (keyboard). A proximity algorithm can generate a proximately score for the determined positions based upon a pattern produced by the positions given the layout of the input device. A password strength score can be computed based at least in part upon the proximity score.

Abstract: A router includes a relatively low bandwidth communication connection to a small computer, a relatively high bandwidth communication connection to a communication network; and a processing unit for executing in the router a set of permit rules for permitting flow of communication packets with respect to the connections for user initiated sessions, the permit rules including a default rule for discarding all packets with respect to the small computer in traffic not pertaining to sessions initiated by the small computer.

Abstract: A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.

Abstract: System and method for tracking inventory of a multiplicity of products. First RFID tags are associated with respective products or groups of products. Second Active RFID tags are associated with respective first containers for the multiplicity products. A third Active RFID tag is associated with a second container for the first containers. First RFID tags broadcast their respective identifications. Second Active RFID tags hash the identities of the first RFID tags within their respective first containers and broad their hashed values. Third Active RFID tag hash the hashed values broadcast by the second Active RFID tags. An expected value is compared to a result of the third Active RFID tag hashing the hashed values broadcast by the second Active RFID tags.

Abstract: A technique for tracking one or more thresholds relating to the blocking of a particular screen name used on an IM system is disclosed. If the number of people who have blocked a particular screen name reaches a threshold amount, a determination is made that the screen name is being used by a spimmer or other bothersome person, and disciplinary action can be taken. In a preferred embodiment, the email address associated with a user name of a suspected spimmer is identified and all screen names associated with that email address are also subjected to disciplinary action, if desired. Thus, an IM company can suspend all screen names of a spimmer that are tied to the same email address, even though not all (or even none) of the screen names individually have reached a threshold level for discipline/suspension.

Abstract: A system and method to protect web applications from malicious attacks and, in particular, a system and method for identification and blocking of malicious DNS servers. The system includes a central processing unit and first program instructions. The first program instructions identify a rogue Domain Name Service (DNS) by identifying that a DNS metric is outside a historical limit. The first program instructions are stored on the computer system for execution by the central processing unit.

Abstract: A solution for computing password strength based upon layout positions of input mechanisms of an input device that entered a password. A password including an ordered sequence of at least two characters can be identified. A position of each of the characters of the sequence can be determined relative to a layout of an input device used for password entry. Each position can correspond to an input region (key) of the input device (keyboard). A proximity algorithm can generate a proximately score for the determined positions based upon a pattern produced by the positions given the layout of the input device. A password strength score can be computed based at least in part upon the proximity score.

Abstract: System and method for tracking inventory of a multiplicity of products. First RFID tags are associated with respective products or groups of products. Second Active RFID tags are associated with respective first containers for the multiplicity products. A third Active RFID tag is associated with a second container for the first containers. First RFID tags broadcast their respective identifications. Second Active RFID tags hash the identities of the first RFID tags within their respective first containers and broad their hashed values. Third Active RFID tag hash the hashed values broadcast by the second Active RFID tags. An expected value is compared to a result of the third Active RFID tag hashing the hashed values broadcast by the second Active RFID tags.

Abstract: System and method for tracking inventory of a multiplicity of products. First RFID tags are associated with respective products or groups of products. Second Active RFID tags are associated with respective first containers for the multiplicity products. A third Active RFID tag is associated with a second container for the first containers. First RFID tags broadcast their respective identifications. Second Active RFID tags hash the identities of the first RFID tags within their respective first containers and broad their hashed values. Third Active RFID tag hash the hashed values broadcast by the second Active RFID tags. An expected value is compared to a result of the third Active RFID tag hashing the hashed values broadcast by the second Active RFID tags.

Abstract: A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.

Abstract: A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.