Abstract: A system and method for selecting a user profile for use with a platform based on an optimal persona of the user includes inferring a context of a user based on data received from a plurality of data sources, determining a persona of the user according to the context of the user from a plurality of user personas, and selecting a user profile associated with a platform that corresponds to the persona, in response to detecting that the user is accessing the platform.

Abstract: A system may include a memory and a processor in communication therewith configured to perform operations. The operations may include receiving an audio file and a text file related to the audio file, analyzing the audio file to produce an analysis, and determining a portion of the audio file is similar to a segment of the text file. The operations may include identifying a first terminal signal and corresponding the first terminal signal to a first terminal tag in the text file such that the first terminal tag is aligned with the first terminal signal; the first terminal signal identifies a first portion terminal end of the portion and the first terminal tag identifies a first segment terminal end of the segment. The operations may include generating a converted text from the analysis and inserting the segment into the converted text.

Abstract: A method for dynamically establishing a communication path for a requestor by assessing an authenticity of the requestor and a communication request is provided. The method may include, in response to receiving the communication request, dynamically determining whether to establish a communication path for the requestor to a destination though a communication network by assessing the requestor based on one or more authentication rules, wherein the one or more authentication rules are based on first information associated the communication network, second information about the requestor, and third information from the requestor. The method may further include, in response to determining that the requestor satisfies the one or more authentication rules, dynamically establishing the communication path for the requestor on the communication network according to one or more communication attributes associated with the requestor.

Abstract: A computer-implemented method, system and computer program product for utilizing multi-factor authentication to authenticate an Internet of Things (IoT) device. The identity credentials of neighboring IoT device(s) are obtained by the IoT device to be authenticated. Upon providing a request to the authentication system to prove its identity, the IoT device provides the authentication system a first factor credential, such as a username and password. The authentication system, upon confirming the accuracy of the first factor credential, challenges the IoT device to provide the second factor credential. After receiving the challenge from the authentication system to provide the second factor credential, the IoT device returns the second factor credential that was generated based on the obtained identity credentials from the neighboring IoT device(s).

Abstract: A method for dynamically establishing a communication path for a requestor by assessing an authenticity of the requestor and a communication request is provided. The method may include, in response to receiving the communication request, dynamically determining whether to establish a communication path for the requestor to a destination though a communication network by assessing the requestor based on one or more authentication rules, wherein the one or more authentication rules are based on first information associated the communication network, second information about the requestor, and third information from the requestor. The method may further include, in response to determining that the requestor satisfies the one or more authentication rules, dynamically establishing the communication path for the requestor on the communication network according to one or more communication attributes associated with the requestor.

Abstract: A computer-implemented method, system and computer program product for utilizing multi-factor authentication to authenticate an Internet of Things (IoT) device. The identity credentials of neighboring IoT device(s) are obtained by the IoT device to be authenticated. Upon providing a request to the authentication system to prove its identity, the IoT device provides the authentication system a first factor credential, such as a username and password. The authentication system, upon confirming the accuracy of the first factor credential, challenges the IoT device to provide the second factor credential. After receiving the challenge from the authentication system to provide the second factor credential, the IoT device returns the second factor credential that was generated based on the obtained identity credentials from the neighboring IoT device(s).

Abstract: A method, apparatus and computer program product for use in identifying and blocking operation of compromised or potentially compromised IoT device(s) on a network, such as a local network behind a router or firewall. To this end, the technique provides for automated and seamless on-boarding of a “guard” system for IoT devices, preferably as those devices join (or re-join) into the network via a Dynamic Host Configuration Protocol message exchange. In operation, and in response to receipt of a DHCP discover message that includes a network location, a DHCP server uses the network location to locate and retrieve a set of flow attributes for the device. Those attributes are then associated with the IP address to be assigned to the IoT device in a network control device. The network control device then selectively identifies and/or blocks operation of the IoT device when the IoT device is compromised or potentially compromised, thereby protecting the network (or network resources) from damage or misuse.

Abstract: A method, apparatus and computer program product for use in identifying and blocking operation of compromised or potentially compromised IoT device(s) on a network, such as a local network behind a router or firewall. To this end, the technique provides for automated and seamless on-boarding of a “guard” system for IoT devices, preferably as those devices join (or re-join) into the network via a Dynamic Host Configuration Protocol message exchange. In operation, and in response to receipt of a DHCP discover message that includes a network location, a DHCP server uses the network location to locate and retrieve a set of flow attributes for the device. Those attributes are then associated with the IP address to be assigned to the IoT device in a network control device. The network control device then selectively identifies and/or blocks operation of the IoT device when the IoT device is compromised or potentially compromised, thereby protecting the network (or network resources) from damage or misuse.

Abstract: Embodiments for selecting a remote service for a core program are provided. A request for a remote service is received. Information associated with each of a plurality of remote services is received from at least one information source. A score for each of the plurality of remote services is calculated based on the information associated with each of the plurality of remote services and at least one remote service evaluation criteria.

Abstract: Embodiments for selecting a remote service for a core program are provided. A request for a remote service is received. Information associated with each of a plurality of remote services is received from at least one information source. A score for each of the plurality of remote services is calculated based on the information associated with each of the plurality of remote services and at least one remote service evaluation criteria.

Abstract: Embodiments for managing computing network security by one or more processors are described. A signal that is representative of authorized anomalous behavior is received. The signal includes at least one of an identity and a type of activity associated with the authorized anomalous behavior. A security incident is detected. If the detected security incident corresponds to the authorized anomalous behavior, the generating of an alert in response to the detecting of the security incident is suppressed.

Abstract: A system and method for selecting a user profile for use with a platform based on an optimal persona of the user includes inferring a context of a user based on data received from a plurality of data sources, determining a persona of the user according to the context of the user from a plurality of user personas, and selecting a user profile associated with a platform that corresponds to the persona, in response to detecting that the user is accessing the platform.

Abstract: An embodiment of the invention provides a method for selectively using degree confidence for image validation to authorize transactions, wherein a request to authorize a transaction is received, the request including a user's name, a photo of the user, and a transaction value. A database is queried with the user's name to identify one or more reference photos of the user; and, the received photo of the user is compared to the reference photo of the user with an analysis engine to generate a confidence value. An authorization threshold is determined with a processor based on the transaction value. The transaction is authorized when the confidence value is equal to and/or greater than the authorization threshold.

Abstract: A method, apparatus and computer program product for protecting enterprise Information Technology (IT) infrastructures by automatically instantiating individualized network flow controls and/or network access controls specific to an IoT device. In this approach, an IoT device is identified, e.g., via network scanning or other observational sensors, or by receipt of information from a network administrator. In response to receiving information about the new IoT device, a control component obtains applicable network flow control and/or access control rules for the IoT device. These rules are obtained from one or more authoritative (trusted) sources, e.g., querying a website of the IoT vendor, an industry site, or an enterprise site. In this manner, applicable network flow control and/or access control rules are obtained.

Abstract: A method, apparatus and computer program product for protecting enterprise Information Technology (IT) infrastructures by automatically instantiating individualized network flow controls and/or network access controls specific to an IoT device. In this approach, an IoT device is identified, e.g., via network scanning or other observational sensors, or by receipt of information from a network administrator. In response to receiving information about the new IoT device, a control component obtains applicable network flow control and/or access control rules for the IoT device. These rules are obtained from one or more authoritative (trusted) sources, e.g., querying a website of the IoT vendor, an industry site, or an enterprise site. In this manner, applicable network flow control and/or access control rules are obtained.

Abstract: A method, apparatus and computer program product for use in monitoring and controlling network behavior of Internet of Things (IoT) devices connected to a network. According to this approach, a set of network characteristics of an IoT device (e.g., as published by the device manufacturer) are assigned various risk values and then monitored over an initial time period to generate a “fingerprint” of the device's network flow. This flow is then transformed into one or more flow control rules representing “normal” or abnormal behavior of the IoT device. Preferably, the rules are instantiated into a network boundary control system (NBCS), such as an enterprise router, gateway, or the like, and then enforced, e.g., to generate alerts or others actions when the rules are triggered. The approach enables dynamic and automated threat detection and prevention based on anomalous and/or known-bad behavior.

Abstract: Examples of techniques for determining security access based on user behavioral measurements are disclosed. In accordance with aspects of the present disclosure, a computer-implemented method is provided. The method may comprise performing a trust evaluation to calculate a trust penalty value for a user based on a plurality of measured user attributes. The method may further comprise determining, by a processing device, a security access level based on a predefined trust threshold and the trust penalty value for the user. The method may also comprise applying the security access level to the user.

Abstract: A method for allocation of application licenses includes establishing a computing environment comprising a licensed application or service accessed by at least two users, each user having an associated computer system; establishing an ordered list of users for a licensed application or service, in which users have a predefined priority based on a business value or function; establishing at least one user attribute comprising whether a user's virtual machine will be archived and saved for later resumption if the user's license is at least one of suspended, removed, or reallocated; and establishing at least one disqualification threshold for at least one user.

Abstract: A method, apparatus and computer program product for protecting enterprise Information Technology (IT) infrastructures by automatically instantiating individualized network flow controls and/or network access controls specific to an IoT device. In this approach, an IoT device is identified, e.g., via network scanning or other observational sensors, or by receipt of information from a network administrator. In response to receiving information about the new IoT device, a control component obtains applicable network flow control and/or access control rules for the IoT device. These rules are obtained from one or more authoritative (trusted) sources, e.g., querying a website of the IoT vendor, an industry site, or an enterprise site. In this manner, applicable network flow control and/or access control rules are obtained.

Abstract: A method, apparatus and computer program product for use in identifying and blocking operation of compromised or potentially compromised IoT device(s) on a network, such as a local network behind a router or firewall. To this end, the technique provides for automated and seamless on-boarding of a “guard” system for IoT devices, preferably as those devices join (or re-join) into the network via a Dynamic Host Configuration Protocol message exchange. In operation, and in response to receipt of a DHCP discover message that includes a network location, a DHCP server uses the network location to locate and retrieve a set of flow attributes for the device. Those attributes are then associated with the IP address to be assigned to the IoT device in a network control device. The network control device then selectively identifies and/or blocks operation of the IoT device when the IoT device is compromised or potentially compromised, thereby protecting the network (or network resources) from damage or misuse.