Abstract: The present invention relates to cross-device authentication technologies. In particular, the present invention relates to methods, systems and computer program products for enabling cross-device authentication, including for implementation within cloud based service systems, and even more particularly for implementation within cloud gaming systems.

Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

Abstract: A method in one example implementation includes receiving a plurality of command messages through a control channel and reconstructing the command messages to determine an intended command for one or more virtual machines on a server device. The command messages include one or more criteria and the intended command corresponds to an operation defined in a policy database. The method also includes determining whether the corresponding operation is permitted by comparing one or more policies associated with the operation to the one or more criteria. The method further includes sending the command messages to the server device if the operation is permitted. In more specific embodiments, the operation may include one of creating, cloning, deleting, starting, stopping, and modifying the one or more virtual machines.

Abstract: Method and system for containing networked application client software in order to perform specified transactions only given explicit consent of a legitimate user. In one embodiment, a confirmation interceptor intercepts a service request message, queries the user of the request for a confirmation, and then either passes the service request message onto server application software or drops the request, depending on the user's confirmation response. In soliciting and processing the confirmation response, query is formulated so that the required response cannot be automatically generated by software that attempts to automate and simulate the user's actions.

Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

Abstract: A method in one example implementation includes receiving a plurality of command messages through a control channel and reconstructing the command messages to determine an intended command for one or more virtual machines on a server device. The command messages include one or more criteria and the intended command corresponds to an operation defined in a policy database. The method also includes determining whether the corresponding operation is permitted by comparing one or more policies associated with the operation to the one or more criteria. The method further includes sending the command messages to the server device if the operation is permitted. In more specific embodiments, the operation may include one of creating, cloning, deleting, starting, stopping, and modifying the one or more virtual machines.

Abstract: Method and system for containing networked application client software in order to perform specified transactions only given explicit consent of a legitimate user. In one embodiment, a confirmation interceptor intercepts a service request message, queries the user of the request for a confirmation, and then either passes the service request message onto server application software or drops the request, depending on the user's confirmation response. In soliciting and processing the confirmation response, query is formulated so that the required response cannot be automatically generated by software that attempts to automate and simulate the user's actions.

Abstract: A change management system for and method of change management control, monitoring, and analysis is disclosed. A change management system comprises a means for generating configuration item change information, and a means for processing configuration item change information for logical system groups according to an information structure. The information structure for the logical groups is comprised at least one of change rule information for the configuration items, interrelationship information between the configuration items and the system components, interrelationship information between system components. The method can be used as a monitoring tool for determining the effect of configuration changes.

Abstract: Invention selectively enables usage of services and communication conduits in a computer network, wherein the enablement is contingent on usage conditions, resulting in containment of the spread of unauthorized activity within a networked computer system and limiting the scope of results when an element becomes part of a hostile execution environment. Instead of protecting individual networked elements from a potentially hostile execution environment, the elements' usage of the networked environment is restricted to the extent of selectively allowing usage of needed resources explicitly authorized for use by such elements.

Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

Abstract: Invention selectively enables usage of services and communication conduits in a computer network, wherein the enablement is contingent on usage conditions, resulting in containment of the spread of unauthorized activity within a networked computer system and limiting the scope of results when an element becomes part of a hostile execution environment. Instead of protecting individual networked elements from a potentially hostile execution environment, the elements' usage of the networked environment is restricted to the extent of selectively allowing usage of needed resources explicitly authorized for use by such elements.

Abstract: Invention selectively enables usage of services and communication conduits in a computer network, wherein the enablement is contingent on usage conditions, resulting in containment of the spread of unauthorized activity within a networked computer system and limiting the scope of results when an element becomes part of a hostile execution environment. Instead of protecting individual networked elements from a potentially hostile execution environment, the elements' usage of the networked environment is restricted to the extent of selectively allowing usage of needed resources explicitly authorized for use by such elements.

Abstract: A method facilitates providing appropriate quality of service guarantees to a plurality of virtual hosts on a single physical host computer. A server application program and its child processes service communication requests made to the plurality of virtual hosts. Quality of service parameters associated with the virtual hosts are stored. Communication requests made to a specific one of the virtual hosts are detected. The quality of service parameters associated with the specific virtual host are obtained. Operating system resources are utilized to guarantee, to a child process of the server application program, a quality of service according to the obtained quality of service parameters associated with the virtual host. Communication between the virtual host and the client is allowed to proceed, the communication being managed by the child process.

Abstract: A system and a method dynamically adjusts the quality of service guarantees for virtual servers based upon the resource demands experienced by the virtual servers. Virtual server resource denials are monitored to determine if a virtual server is overloaded based upon the resource denials. Virtual server resources are modified dynamically to respond to the changing resource requirements of each virtual server. Occasionally, a physical host housing a virtual server may not have additional resources to allocate to a virtual server requiring increased resources. In this instance, a virtual server hosted by the overloaded physical host is transferred to another physical host with sufficient resources.

Abstract: A system and a method dynamically adjusts the quality of service guarantees for virtual servers based upon the resource demands experienced by the virtual servers. Virtual server resource denials are monitored to determine if a virtual server is overloaded based upon the resource denials. Virtual server resources are modified dynamically to respond to the changing resource requirements of each virtual server. Occasionally, a physical host housing a virtual server may not have additional resources to allocate to a virtual server requiring increased resources. In this instance, a virtual server hosted by the overloaded physical host is transferred to another physical host with sufficient resources.

Abstract: File access rates of processes are regulated according to file type. An association table stores entries associating processes to be regulated with specific access rates for various file types. System calls that access files are intercepted, and a system call wrapper executes. The system call wrapper determines the type of file that is being accessed by the process. The system call wrapper examines the association table in order to determine if the calling process is associated with an access rate for the file type being accessed. If so, the system call wrapper regulates access to the file according to the appropriate rate.