Abstract: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).

Abstract: Example apparatus and methods detect how a portable (e.g., handheld) device (e.g., phone, tablet) is gripped (e.g., held, supported). Detecting the grip may include detecting and characterizing touch points for fingers, thumbs, palms, or surfaces that are involved in supporting and positioning the apparatus. Example apparatus and methods may determine whether and how an apparatus is being held and then may exercise control based on the grip detection. For example, a display on an input/output interface may be reconfigured, physical controls (e.g., push buttons) on the apparatus may be remapped, user interface elements may be repositioned, resized, or repurposed, portions of the input/output interface may be desensitized or hyper-sensitized, virtual controls may be remapped, or other actions may be taken. Touch sensors may detect the pressure with which a smart phone is being gripped and produce control events (e.g., on/off, louder/quieter, brighter/dimmer, press and hold) based on the pressure.

Abstract: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.

Abstract: Architecture that includes optimizations for “Bump-in-the-API” (BIA) as employed for multi-stack hosts. These optimizations reduce the limitations imposed by the existing translation technologies by simplifying the implementation and addressing possible compatibility issues. More specifically, the architecture discloses optimizations that use a preconfigured NAT64 prefix for mapping of NAT64 IPv6 addresses in the prefix subnet to IPv4 addresses, without a mapping table (stateless), use configuration information for enabling API translation per application (resolves possible compatibility issues), and use a local IPv4 socket and a data pump to reduce the number of translated API calls.

Abstract: Architecture that includes optimizations for “Bump-in-the-API” (BIA) as employed for multi-stack hosts. These optimizations reduce the limitations imposed by the existing translation technologies by simplifying the implementation and addressing possible compatibility issues. More specifically, the architecture discloses optimizations that use a preconfigured NAT64 prefix for mapping of NAT64 IPv6 addresses in the prefix subnet to IPv4 addresses, without a mapping table (stateless), use configuration information for enabling API translation per application (resolves possible compatibility issues), and use a local IPv4 socket and a data pump to reduce the number of translated API calls.

Abstract: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).

Abstract: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.