Abstract: A flight control system (20) comprising: • at least one drive unit (4); • at least one wing (5) operatively connected to the at least one drive unit; and • a controller (21) configured to: • send a control signal to the at least one drive unit to operate the at least one drive unit through a demanded motion; • receive a feedback signal indicative of the actual motion of the at least one drive unit; and • compare the actual motion to the demanded motion to determine a motion error of the at least one drive unit.

Abstract: The invention relates to methods of treating cancer, particular cancers which have developed a resistance to chemotherapeutics. Particularly, the invention relates to a method of treating cancer in an individual who has not responded, or no longer responds, to chemotherapy, the method comprising providing an individual who has not responded, or no longer responds, to a chemotherapeutic agent; providing in the individual a whole antibody or a fragment thereof including a variable domain for binding to a P2X7 receptor that is expressed by the individual; wherein the P2X7 receptor has an impaired response to ATP such that it is unable to form an apoptotic pore under normal physiological conditions, thereby treating cancer in the individual.

Abstract: A plastic film formed of a layer and at least one skin layer, with the formulation: (i) about 10% to about 70% of a polyethylene resin (e.g. LLDPE, MDPE, HDPE, PERT) of fractional melt index (<0.6 gr/10 min, 190° C., 2.16 kg/min) and a density ranging from 0.910 to 0.960 5 g/cm3; (ii) about 30% to 90% of a LDPE resin of fractional melt index (<1 gr/10 min, 190° C., 2.16 kg/min) and a density from 0.910 to 0.960 g/cm3; (iii) about 0.05 to 0.5 wt % of at least one processing stabilizer; (iv) about 1% to 5 wt % of a UV absorber. The plastic film having asperities, Mohr-Coulomb peak friction angle of >30° and peak adhesion value of >15 kPa for a normal pressure of >100 kPa as per ASTM D-5321. A roll made of the plastic film and a 0 method of producing the plastic film.

Abstract: A technique to enforce mobile device security policy is based on a “risk profile” of the individual device, where the risk profile is fine-grained and based on the types of applications installed on the device, the services they are accessing, and the operation(s) the user granted the device authorization to perform. Thus, the approach takes into account not only the actual applications installed on the device (and those actively in use), but also the services those applications are accessing, and the scope of operations the user has granted the device authorization to perform. By combining this information to create the risk profile, a suitable security policy, including one that does not unnecessarily degrade device usability, may then be applied.

Abstract: A confidence-based authentication discovery scheme is implemented at a proxy. The scheme assumes that some level of unauthenticated browsing is allowed prior to enforcing authentication at the proxy. Once a known and trusted set of identity providers has been accessed and the user is required to authenticate at the proxy (e.g., as a result of policy), the proxy initiates Federated Single Sign-On (F-SSO) to one or more (or, preferably, all) known sites accessed by the browser. This F-SSO operation is performed seamlessly, preferably without the user's knowledge (after the user allows an initial trust decision between the proxy acting as a service provider and the external identity provider). The proxy collates the results and, based on the trust it has with those sites, produces a confidence score. That score is then used as input into policy around whether or not a user should be permitted to access a particular site.

Abstract: A confidence-based authentication discovery scheme is implemented at a proxy. The scheme assumes that some level of unauthenticated browsing is allowed prior to enforcing authentication at the proxy. Once a known and trusted set of identity providers has been accessed and the user is required to authenticate at the proxy (e.g., as a result of policy), the proxy initiates Federated Single Sign-On (F-SSO) to one or more (or, preferably, all) known sites accessed by the browser. This F-SSO operation is performed seamlessly, preferably without the user's knowledge (after the user allows an initial trust decision between the proxy acting as a service provider and the external identity provider). The proxy collates the results and, based on the trust it has with those sites, produces a confidence score. That score is then used as input into policy around whether or not a user should be permitted to access a particular site.

Abstract: A technique for intelligent automated consent is described by which a client may be automatically authorized to access a resource owner's protected information (e.g., a profile) based on the owner's previous authorization decisions and/or other client classifications. Using this approach to granting consent, the resource owner is not required to intervene during the authorization step for each client that is requesting access. Clients may be categorized, and authorization given to individual clients based on the category to which they belong and/or the scope of the access request. The technique may be implemented with user-centric identity protocols, as well as with delegated authorization protocols. The technique provides for policy-based consent grants.

Abstract: A confidence-based authentication discovery scheme is implemented at a proxy. The scheme assumes that some level of unauthenticated browsing is allowed prior to enforcing authentication at the proxy. Once a known and trusted set of identity providers has been accessed and the user is required to authenticate at the proxy (e.g., as a result of policy), the proxy initiates Federated Single Sign-On (F-SSO) to one or more (or, preferably, all) known sites accessed by the browser. This F-SSO operation is performed seamlessly, preferably without the user's knowledge (after the user allows an initial trust decision between the proxy acting as a service provider and the external identity provider). The proxy collates the results and, based on the trust it has with those sites, produces a confidence score. That score is then used as input into policy around whether or not a user should be permitted to access a particular site.

Abstract: An intermediary (such as a web reverse proxy), which is located between a web browser and one or more backend applications, manages cookies that are provided by the backend applications and returned to the web browser during a user session. When a session sign-off event is initiated in the reverse proxy, HTTP “Set-Cookie” headers are sent back to the web browser to destroy the cookies (in the browser) that represent sessions with the one or more backend application(s).

Abstract: An approach is provided to access resources at legacy systems. In this approach, a resource request destined to a legacy system is receiving from a requestor with the resource request including an access token and being on behalf of a resource owner. A validation process is performed on the access token. If the access token is valid, the approach identifies the resource owner and one or more legacy access tokens used to access the legacy system. Another request is formed with the new request including the legacy access tokens. The new request is transmitted to the legacy system and a response is received back from the legacy system. The response received from the legacy system is transmitted back to the requestor.

Abstract: A technique for intelligent automated consent is described by which a client may be automatically authorized to access a resource owner's protected information (e.g., a profile) based on the owner's previous authorization decisions and/or other client classifications. Using this approach to granting consent, the resource owner is not required to intervene during the authorization step for each client that is requesting access. Clients may be categorized, and authorization given to individual clients based on the category to which they belong and/or the scope of the access request. The technique may be implemented with user-centric identity protocols, as well as with delegated authorization protocols. The technique provides for policy-based consent grants.

Abstract: A method, apparatus and computer program product for detecting that a computing device may not be secure based on inconsistent identity associations identified during Federated Single Sign-On (F-SSO). A detection proxy detects when a user with a particular session is accessing an identity provider (IdP) that is associated with an account that is not the current user's account. When a user performs a login to an F-SSO-enabled IdP, the proxy performs an F-SSO, and the results are compared with known aliases for that particular federation partner. If an anomaly is detected (e.g., the in-line device sees that a user logs into a web site as someone else), a workflow is initiated to perform a given action, such as blocking access, issuing an alert, or the like.

Abstract: A technique to enforce mobile device security policy is based on a “risk profile” of the individual device, where the risk profile is fine-grained and based on the types of applications installed on the device, the services they are accessing, and the operation(s) the user granted the device authorization to perform. Thus, the approach takes into account not only the actual applications installed on the device (and those actively in use), but also the services those applications are accessing, and the scope of operations the user has granted the device authorization to perform. By combining this information to create the risk profile, a suitable security policy, including one that does not unnecessarily degrade device usability, may then be applied.

Abstract: An intermediary (such as a web reverse proxy), which is located between a web browser and one or more backend applications, manages cookies that are provided by the backend applications and returned to the web browser during a user session. The intermediary decides which cookies should be sent to the browser and which cookies should be stored therein. Preferably, this determination is made in an automated manner by examining the response for any cookie-dependent code (e.g., scripting) included in the response.

Abstract: An authorization method is implemented in an authorization engine external to an authorization server. The authorization server includes a cache. The external authorization engine comprises an authorization decision engine, and a policy analytics engine. The method begins when the authorization decision engine receives a request for an authorization decision. The request is generated (at the authorization server) following receipt of a client request for which an authorization decision is not then available at the server. The authorization decision engine determines an authorization policy to apply to the client request, applies the policy, and generates an authorization decision. The authorization decision is then provided to the policy analytics engine, which stores previously-generated potential cache directives that may be applied to the authorization decision. Preferably, the cache directives are generated in an off-line manner (e.g.

Abstract: An intermediary (such as a web reverse proxy), which is located between a web browser and one or more backend applications, manages cookies that are provided by the backend applications and returned to the web browser during a user session. The intermediary decides which cookies should be sent to the browser and which cookies should be stored therein. Preferably, this determination is made in an automated manner by examining the response for any cookie-dependent code (e.g., scripting) included in the response.

Abstract: A confidence-based authentication discovery scheme is implemented at a proxy. The scheme assumes that some level of unauthenticated browsing is allowed prior to enforcing authentication at the proxy. Once a known and trusted set of identity providers has been accessed and the user is required to authenticate at the proxy (e.g., as a result of policy), the proxy initiates Federated Single Sign-On (F-SSO) to one or more (or, preferably, all) known sites accessed by the browser. This F-SSO operation is performed seamlessly, preferably without the user's knowledge (after the user allows an initial trust decision between the proxy acting as a service provider and the external identity provider). The proxy collates the results and, based on the trust it has with those sites, produces a confidence score. That score is then used as input into policy around whether or not a user should be permitted to access a particular site.

Abstract: A method, apparatus and computer program product for detecting that a computing device may not be secure based on inconsistent identity associations identified during Federated Single Sign-On (F-SSO). A detection proxy detects when a user with a particular session is accessing an identity provider (IdP) that is associated with an account that is not the current user's account. When a user performs a login to an F-SSO-enabled IdP, the proxy performs an F-SSO, and the results are compared with known aliases for that particular federation partner. If an anomaly is detected (e.g., the in-line device sees that a user logs into a web site as someone else), a workflow is initiated to perform a given action, such as blocking access, issuing an alert, or the like.

Abstract: An approach is provided to access resources at legacy systems. In this approach, a resource request destined to a legacy system is receiving from a requestor with the resource request including an access token and being on behalf of a resource owner. A validation process is performed on the access token. If the access token is valid, the approach identifies the resource owner and one or more legacy access tokens used to access the legacy system. Another request is formed with the new request including the legacy access tokens. The new request is transmitted to the legacy system and a response is received back from the legacy system. The response received from the legacy system is transmitted back to the requestor.

Abstract: An approach is provided in which a number of requests are received from a variety of clients over a computer network. The system uses a processor to calculate request priority values pertaining to the received requests. The calculation of the request priority values is based on one or more attributes that correspond to the respective requests. For example, the attributes could include network level attributes, session attributes, and application specific attributes. Each of the requests is assigned a request priority value. A request may receive the same request priority value as other requests. The requests are queued in a memory based on the request priority values that were assigned to the requests. The queued requests are then serviced in order of request priority so that queued requests assigned higher request priority values are processed before queued requests with lower request priority values.