Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.

Abstract: A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified.

Abstract: A method, system, and computer usable program product for protocol based key management are provided in the illustrative embodiments. A key management protocol associated with a key request is identified, the key request being a request for data usable in cryptographic security. A first subset is selected from a set of policies using the key management protocol. A set of permissions is computed based on the first subset of policies, the set of permissions indicating whether the key request is permitted under the key management protocol. The set of permissions is cached in a cache in a data storage device.

Abstract: A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified.

Abstract: A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified.

Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.

Abstract: A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified.

Abstract: A computer implemented method for integrating a calendar and task scheduler to enable automatic scheduling of meetings and assignment of tasks based on priority. With the illustrative embodiments, a task in a user's calendaring system may be split into multiple time blocks, and each time block for the task may then be scheduled around meetings in a user's calendar. Tasks that are scheduled in the user's calendar may also be automatically rescheduled when meetings within the user's calendar change. Tasks may be scheduled over lower priority meetings in the user's calendar as needed in order to meet the due dates assigned to the tasks. The illustrative embodiments also allow for automatically adjusting meeting or task priorities based on policies, and identifying classes of activities that may be performed concurrently.

Abstract: A method, system, and computer usable program product for protocol based key management are provided in the illustrative embodiments. A key management protocol associated with a key request is identified, the key request being a request for data usable in cryptographic security. A first subset is selected from a set of policies using the key management protocol. A set of permissions is computed based on the first subset of policies, the set of permissions indicating whether the key request is permitted under the key management protocol. The set of permissions is cached in a cache in a data storage device.

Abstract: A computer implemented method and apparatus for controlling the presentation of information. In response to receiving a request to present the information, a process confirms that conditions for presentation of the information are satisfied using a set of presentation policies, wherein the conditions are specified in the set of presentation policies, and wherein the conditions comprise a status of a user and a setting of the user. The process then determines whether confidential content is present in the information. Responsive to the confidential content being present, the process redacts the confidential content before presenting the information to a user, and then updates a presentation history with metadata describing the presentation of the information comprising the confidential content.

Abstract: A replicated networked storage domain of an original data partition and one or more replica data partitions in which each partition is stored on a storage device having a network address, is secured by associating with each partition a secret key; sharing the secret keys between the storage devices and a file manager; requesting access to a specific partition by a client; and accessing the specific partition by the client using a credential encrypted by the key associated with the specific partition and including a network address of a storage device which stores the partition.

Abstract: A system for protecting data within a portable storage device. A self-destruct unit associated with the portable storage device is enabled. If the portable storage device is not within a pre-specified route tolerance or if the portable storage device is not at a pre-selected identification checkpoint, an alert message is sent. In response to receiving a particular response, a self-destruct signal is sent to the enabled self-destruct unit. Then the enabled self-destruct unit creates an electromagnetic pulse from a xenon flash tube to render confidential data within the portable storage device unusable.

Abstract: A computer implemented method for integrating a calendar and task scheduler to enable automatic scheduling of meetings and assignment of tasks based on priority. With the illustrative embodiments, a task in a user's calendaring system may be split into multiple time blocks, and each time block for the task may then be scheduled around meetings in a user's calendar. Tasks that are scheduled in the user's calendar may also be automatically rescheduled when meetings within the user's calendar change. Tasks may be scheduled over lower priority meetings in the user's calendar as needed in order to meet the due dates assigned to the tasks. The illustrative embodiments also allow for automatically adjusting meeting or task priorities based on policies, and identifying classes of activities that may be performed concurrently.

Abstract: A computer implemented method and apparatus for controlling the presentation of information. In response to receiving a request to present the information, a process confirms that conditions for presentation of the information are satisfied using a set of presentation policies, wherein the conditions are specified in the set of presentation policies, and wherein the conditions comprise a status of a user and a setting of the user. The process then determines whether confidential content is present in the information. Responsive to the confidential content being present, the process redacts the confidential content before presenting the information to a user, and then updates a presentation history with metadata describing the presentation of the information comprising the confidential content.

Abstract: A system for protecting data within a portable storage device. A self-destruct unit associated with the portable storage device is enabled. If the portable storage device is not within a pre-specified route tolerance or if the portable storage device is not at a pre-selected identification checkpoint, an alert message is sent. In response to receiving a particular response, a self-destruct signal is sent to the enabled self-destruct unit. Then the enabled self-destruct unit creates an electromagnetic pulse from a xenon flash tube to render confidential data within the portable storage device unusable.

Abstract: A system and method for gathering data regarding receivers of multicast content is provided. A spanning tree is used to connect a content producer, such as a pay-per-view broadcaster, to one or more receivers over a computer network, such as the Internet. Clients that wish to join a multicast group to which content is sent join the multicast group at the client's designated multicast router. The router sends information regarding the request, such as a tally of the number of clients that have joined the group, through intermediate routers to an endpoint router as identified by the spanning tree. The content producer is able to use the information, such as the tally and demographic information, to analyze the group of receivers. In a pay-per-view setting, the tally can further be compared to the number of subscribers to determine whether illicit receivers have joined the group, whereupon appropriate action is taken.

Abstract: A bidirectional metadirectory agent a data source converter layer; a filters and rules layer for blocking disallowed changes; a mapping layer for translating attributes in change commands from a local set of attribute names to a set of metadirectory attribute names, and vice versa, and for converting change commands between said agent-internal common format and a directory change protocol; an extensible user customization layer for implementing custom metadirectory agent functions; and a metadirectory interface for sending and receiving said change commands in said directory change protocol.

Abstract: Through associating each data partition within a replicated storage domain of networked storage devices with one of multiple secret keys shared with a file manager, a credential is issued from the file manager to a client requesting access to a partition. The credential includes a network address for the partition to which the client is to direct its actions. The storage device periodically confirms with the file manager the validity of the shared secret keys. Through logical process and evaluations applied to issuing the credential and determining the address of the partition to be included in each credential, the file manager may invalidate partitions individually, provide load balancing between access of original and replica partitions, and provide security functions such as isolation of partitions for access by and tracking of unauthorized users, or for testing purposes.

Abstract: A system and method which propagates change operations to data items within a metadirectory on a differential basis in order to minimize or eliminate redundant updates to attributes within data items that have not changed, as well as conserve computing resources and transmission bandwidth consumed by update activities in large organizations of data items. A best match entry in the metadirectory is selected using a weighted score process, a determination is made as to exactly which attributes are changed by the update operation, and a differential update is propagated throughout the metadirectory via direct joiner access to the data items, or through remote access such as through LDAP.

Abstract: The present invention enables a facility (home, business or industrial site) to optimize the consumption of energy in that facility. In this invention, the power companies that supply energy provide information to its client facilities on the cost and availability of energy from that company on a real-time basis. Each client facility would have a power accounting server. These servers store this and process this information to predict when the rates for using the energy will be the least expensive for a particular task or to operate a particular appliance. A homeowner (client facility) for example can program appliances such as a dishwasher or laundry machine to turn on when the cost of energy is below a particular threshold price. The present invention has the capability to receive characteristics about a particular appliance, generate a list of energy consumption options for that particular product at a particular time period and select and implement the most efficient energy supply option.