Abstract: Concepts for linking source code with compliance requirements are presented. One example comprises analyzing a set of compliance requirements to identify one or more compliance topics. The example further comprises determining keywords for the identified one or more compliance topics. An item of source code is then analyzed to identify occurrences of the keywords in the source code. Mapping information representing a relationship between the item of source code and the compliance requirements is then generated based on the identified occurrence of the keywords.

Abstract: Concepts for linking source code with compliance requirements are presented. One example comprises analyzing a set of compliance requirements to identify one or more compliance topics. The example further comprises determining keywords for the identified one or more compliance topics. An item of source code is then analyzed to identify occurrences of the keywords in the source code. Mapping information representing a relationship between the item of source code and the compliance requirements is then generated based on the identified occurrence of the keywords.

Abstract: Concepts for identifying relevance of a source code change to compliance requirements are presented. One example comprises obtaining mapping information linking an item of source code with a set of compliance requirements, the mapping information representing a relationship between the item of source and the set of compliance requirements. A changed element of an item of source code is identified. The mapping information is analyzed based on the changed element to determine if the changed element relates to a compliance requirement. If it is determined that the changed element relates to a compliance requirement, an indication of th compliance requirement is generated.

Abstract: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.

Abstract: An email filter updating system includes a tracking component, and a logic component. The tracking component is provided to track user navigation. This tracking compiles information about websites the user has visited and presumably may “trust” in the event an email associated with one such site or application is later received by the user's email application. The logic component uses information and a set of configurable rule-based criteria to output a characterization that a particular email message has been initiated from a site that the user has visited or should otherwise trust. The characterization is then provided to the email filter to control whether in-bound email is passed to the user's email client inbox. Further, the logic component is operative to generate filter update commands that update the email filter in an automated manner, i.e., without user input.

Abstract: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.

Abstract: An email filter updating system includes a tracking component, and a logic component. The tracking component is provided to track user navigation. This tracking compiles information about websites the user has visited and presumably may “trust” in the event an email associated with one such site or application is later received by the user's email application. The logic component uses information and a set of configurable rule-based criteria to output a characterization that a particular email message has been initiated from a site that the user has visited or should otherwise trust. The characterization is then provided to the email filter to control whether in-bound email is passed to the user's email client inbox. Further, the logic component is operative to generate filter update commands that update the email filter in an automated manner, i.e., without user input.

Abstract: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.

Abstract: A set of hypertext transfer protocol (HTTP) requests for Web application content can be routed from a client computing device to a Web server. The routed HTTP requests can be analyzed for patterns indicative of user interest in a business offering available via the Web application. An unrequested HTTP request can be conveyed to the Web server for Web application content that was not explicitly requested from the client computing device. The Web server can convey a response to the unrequested HTTP request that provides content from the Web application related specifically to the user interest. The response can cause a user interface of a Web browser of the client computing device to display the content that is related to the user interest.

Abstract: In a cloud computing environment, a user authenticates to multiple cloud services concurrently. A master service has knowledge of or tracks the cloud service(s) to which a user is authenticated. Each cloud service may enforce its own inactivity period, and the inactivity period of at least first and second cloud services may be distinct from one another. When the master service receives an indication that the authenticated user is attempting to take an action at a first cloud service despite an activity timeout there, the master service issues a status request to at least the second cloud service to determine whether the user is still active at the second cloud service (despite its different inactivity period). If the user is still active at the second cloud service, the master service provides a response, selectively overriding (re-setting) the activity timeout at the first cloud service to permit the action.

Abstract: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.

Abstract: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.

Abstract: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.

Abstract: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.

Abstract: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.

Abstract: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.

Abstract: An email filter updating system includes a tracking component, and a logic component. The tracking component is provided to track user navigation. This tracking compiles information about websites the user has visited and presumably may “trust” in the event an email associated with one such site or application is later received by the user's email application. The logic component uses information and a set of configurable rule-based criteria to output a characterization that a particular email message has been initiated from a site that the user has visited or should otherwise trust. The characterization is then provided to the email filter to control whether in-bound email is passed to the user's email client inbox. Further, the logic component is operative to generate filter update commands that update the email filter in an automated manner, i.e., without user input.

Abstract: An email filter updating system includes a tracking component, and a logic component. The tracking component is provided to track user navigation. This tracking compiles information about websites the user has visited and presumably may “trust” in the event an email associated with one such site or application is later received by the user's email application. The logic component uses information and a set of configurable rule-based criteria to output a characterization that a particular email message has been initiated from a site that the user has visited or should otherwise trust. The characterization is then provided to the email filter to control whether in-bound email is passed to the user's email client inbox. Further, the logic component is operative to generate filter update commands that update the email filter in an automated manner, i.e., without user input.

Abstract: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.

Abstract: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.