Abstract: A user of a system defines a limited use access token for an external user for that external user to access defined resources of the system based on the user's account with the system. An access control system validates the access token when the external user attempts to access the defined resources and grants the external principal access to the defined resources.

Abstract: Techniques for sharing virtual machine (VM) resources are provided. A relative location for a resource within a VM is created; the relative location dynamically resolves to a particular physical location when a principal requests access to the resource at runtime. The principal is located outside an environment associated with the VM. Authentication and access restrictions are dynamically enforced against the requests made by the principal before a connection is permitted between the principal and the resource (the resource located within the environment of the VM).

Abstract: System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external address to the internal cloud addresses of the cloud workloads. A designated one of the cloud workloads obtains one key of a first pair of cryptographic keys, the first pair of cryptographic keys for decrypting encrypted storage hosted within the cloud computing environment.

Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: Techniques for virtual Representational State Transfer (REST) interfaces are provided. A proxy is interposed between a client and a REST service over a network. The proxy performs independent authentication of the client and provides credentials to the client and for the client to authenticate to the REST service using a REST service authentication mechanism. The proxy inspects requests and responses and translates the requests and responses into formats expected by the client and the REST service. Moreover, the proxy enforces policy and audits the requests and responses occurring between the client and the REST service over the network.

Abstract: Techniques for preventing information disclosure via dynamic secure cloud resources are provided. Data (information) remotely housed on a particular cloud resource of a particular cloud is periodically, randomly, and dynamically changed to a different cloud resource within the same cloud or to a different cloud resource within an entirely different cloud. A requesting principal for the data is dynamically authenticated and a current location for the data is dynamically resolved and the principal is securely and dynamically connected to the current cloud resource and current cloud hosting the data for access.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: Techniques for spawning workloads are provided. A single repository is read once to obtain an image for a workload or files and resources for the image. The read operation spawns multiple, and in some cases, concurrent write operations, to instantiate the workload over a network as multiple occurrences or instances of the workload in multiple processing environments.

Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.

Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: A secure server detects a login from a user originating from a first device. A second user-registered device is sent a message. The second device: translates the message into light-based communication that is captured by a camera of the first device, translates the message back into the original message, and sends the translated message to the secure server. The secure server authenticates the message and sends an indication to the first device that the second device is permitted to access the first device. In an embodiment, information passed between the first and second devices continue using light-based communications.

Abstract: Crafted identities are provided. A statement is provided to the principal for using a crafted identity. The statement includes an identifier that provides access to a resource when presented by the principal to the resource. The statement also includes one or more roles and permissions for the crafted identity when accessing the resource.

Abstract: Techniques for workload coordination are provided. An automated discovery service identifies resources with hardware and software specific dependencies for a workload. The dependencies are made generic and the workload and its configuration with the generic dependencies are packaged. At a target location, the packaged workload is presented and the generic dependencies automatically resolved with new hardware and software dependencies of the target location. The workload is then automatically populated in the target location.

Abstract: The system and method for determining fuzzy cause and effect relationships in an intelligent workload management system described herein may combine potential causes and effects captured from various different sources associated with an information technology infrastructure with substantially instantaneous feedback mechanisms and other knowledge sources. As such, fuzzy correlation logic may then be applied to the combined information to determine potential cause and effect relationships and thereby diagnose problems and otherwise manage interactions that occur in the infrastructure. For example, information describing potential causes and potential effects associated with an operational state of the infrastructure may be captured and combined, and any patterns among the information that describes the multiple potential causes and effects may then be identified.

Abstract: A secure server detects a login from a user originating from a first device. A second user-registered device is sent a message. The second device: translates the message into light-based communication that is captured by a camera of the first device, translates the message back into the original message, and sends the translated message to the secure server. The secure server authenticates the message and sends an indication to the first device that the second device is permitted to access the first device. In an embodiment, information passed between the first and second devices continue using light-based communications.

Abstract: The system and method for determining fuzzy cause and effect relationships in an intelligent workload management system described herein may combine potential causes and effects captured from various different sources associated with an information technology infrastructure with substantially instantaneous feedback mechanisms and other knowledge sources. As such, fuzzy correlation logic may then be applied to the combined information to determine potential cause and effect relationships and thereby diagnose problems and otherwise manage interactions that occur in the infrastructure. For example, information describing potential causes and potential effects associated with an operational state of the infrastructure may be captured and combined, and any patterns among the information that describes the multiple potential causes and effects may then be identified.

Abstract: At least two mobile devices introduce one another and select data for transfer to and receipt by at least one receiving mobile device using audio communications. Each of the devices uses its speaker(s) and its microphone to introduce and select the data. Once secure audio communications are confirmed between the devices, the selected data is acquired by the at least one receiving mobile device using audio communications or a different out-of-band communication wired or wireless network.

Abstract: Techniques for toxic workload mapping are provided. A state of a target workload is recorded along with a configuration and state of an environment that is processing the workload. Micro valuations are taken, via statistical sampling, for metrics associated with the workload and for different combinations of resources within the environment. The sampling taken at micro second intervals. The valuations are aggregated to form an index representing a toxic mapping for the workload within the environment. The toxic mapping is mined, in view of policy, to provide conditions and scenarios that may be deemed problematic within the workload and/or environment.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.