Abstract: Techniques for maintaining dynamic configuration information of a multi-host off-cluster service on a cluster are described. An apparatus may comprise a dynamic configuration validation service component to execute to execute a dynamic configuration validation service for scanning files in a cluster of nodes. The dynamic configuration validation service component operative to validate a scanner version for each one of multiple scanners for scanning a file in a cluster of nodes, maintain the scanner version in a list of valid scanner versions for the multiple scanners, and scan the file by one of the one of multiple scanners having the scanner version contained in the list of the valid scanner versions.

Abstract: A user configurable interface view can be generated for a media device or other information handling system that is independent of any interface views defined by media content providers. Generating the user configurable interface view includes identifying content data streams that are included in user interface views defined by the media content providers and then selecting a desired subset of the data content streams. The selected data content streams are then aggregated and the user configurable interface view is generated. The resulting user interface view will be independent of any interface views defined by the media content providers.

Abstract: An electronic transmission system and method for converting and transmitting transmissions to provide secure communication between a plurality of users and protect or secure content of each transmission by preventing unauthorized individuals from capturing and viewing or hearing the transmitted content in its entirety. The electronic transmission system breaks a transmission apart into a random plurality of pieces and randomly transmits each piece separately to a plurality of remote servers. If an unauthorized party tries to intercept and access an electronic transmission, they will not be able to capture the entire transmission and will not be able to recompile its actual content, but rather misleading content. A password or other suitable authentication requirement(s) authenticates the intended recipient and allows the original pieces to be retrieved and re-compiled for viewing or hearing.

Abstract: A system is disclosed for tracking assets in a facility. The system may have at least one asset having a service processor containing identification information which uniquely identifies the at least one asset among a group of assets. The at least one asset may further have a module for reporting the identification information to a gateway device. A data center infrastructure management system may be used which is in communication with the gateway device for receiving the identification information. The identification information may subsequently be used with an asset tracking system.

Abstract: Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.

Abstract: A system performs tunneling for real-time communications (“RTC”). The system establishes an unencrypted tunnel between a tunneling server and a user equipment (“UE”). Upon establishing the unencrypted tunnel, the UE creates a socket on the unencrypted tunnel. The system determines that the socket requires encrypted RTC, and establishes an encrypted tunnel between the tunneling server and the UE. Upon establishing the encrypted tunnel, the UE moves the socket from the unencrypted tunnel to the encrypted tunnel, and the system performs the encrypted RTC via the socket over the encrypted tunnel.

Abstract: Techniques are disclosed for dividing a TCP handshake into multiple parts, in a system comprising an edge device, an intermediary computing node, and a destination computing node. A client sends a TCP SYN packet to the edge device, to establish a TCP connection with the destination computing node. The edge device performs the handshake, and then forwards an ACK packet to the intermediary computing node. The intermediary computing node uses that ACK packet to generate a second SYN packet, and uses that SYN packet to perform a TCP handshake with the destination computing node. Then, TCP sequence numbers are converted between what is expected by the client and destination in packets sent between the two.

Abstract: A delivery managing device to which a plurality of terminals are connected through a network includes a creating unit that creates display information based on operation information indicating an operation input accepted by a terminal; a converting unit that converts the display information into video information; and a delivery unit that delivers the video information to a terminal. When non-public operation information is received from a terminal, the non-public operation information indicating operation information not to be published to another terminal, the delivery unit delivers video information that is converted from display information not based on the non-public operation information, to the other terminal.

Abstract: A method for operating a mobile device, not assigned to a motor vehicle, via an electronic device with a display and operator control device of the motor vehicle is made available. The program has program parts for a user interface and for operator control sequences which are assigned a digital certificate. The user interface comprises fixed areas for displaying variable contents. The program parts are transmitted together with the digital certificate to the electronic device of the motor vehicle and are carried out when the certificate is successfully checked. The transmission of data without protection by a digital certificate is restricted to the variable contents for display in the fixed areas of the user interface.

Abstract: Disclosed are methods and systems for enabling a Home Node B (HNB) to discover the positioning capabilities of an HNB Gateway (HNB GW) in supporting particular positioning operations associated with transporting Positioning Calculation Application Part (PCAP) messages between the HNB and a standalone serving mobile location center (SAS).

Abstract: A method and system for securing continued operation of a primary cloud-based computing environment (CBCE) residing in a first cloud environment are disclosed. The system comprises gathering information respective of the primary CBCE; storing the gathered information in a storage space, wherein the gathered information substantially provides a baseline to initiate the creation of a reconstructed CBCE upon a need to recreate the primary CBCE; updating the gathered information with new information gathered respective of changes to the primary CBCE; receiving a periodic status notification from the primary CBCE; and initiating a reconstruction of the primary CBCE in the second cloud environment responsive to the status notification requesting one of: a reconstruction request and failure of the primary CBCE.

Abstract: A diagnostic virtual machine having access to resources of an infrastructure as a service cloud may be created. A user device may be provided access to the diagnostic virtual machine. In some embodiments, the diagnostic virtual machine may be configured to monitor a cluster of hypervisors, and the resources of the infrastructure as a service cloud which the diagnostic virtual machine has access to may include physical resources of the infrastructure as a service cloud that are associated with the cluster of hypervisors.

Abstract: A computer implemented method receives a client request message to initiate a network connection. In response to the client request, the method generates a key to represent the client request. The key is generated independent of information provided in the client request message and is generated to correspond to a desired address in a data structure used to track client request message. The method then enters the generated key at the desired address in the data structure and transmits a response message that includes the key back to the client. The network connection between the client and the computer system is established according to the key.

Abstract: Systems and methods for enabling a computing device to be registered and authorized for network access, while deferring device hardware address capture until a later time. Subsequently, when the computing device connects to a network location at which the hardware address can be detected registration and authorization can be fully completed. In some cases, the subsequent completion can be performed automatically and without user intervention.

Abstract: When a first device receives an indication to establish a communication with a second device, a feature character string is generated. The first device is associated with a first public key and a first private key. The second device is associated with a second public key and a second private key. The second public key of the second device is obtained. The second public key is used to encrypt the feature character string. A first identification of the first device is at least partly based on the encrypted feature character string and is published. When the feature character string is obtained after decryption, the first public key of the first device is obtained. The second identification is an identification encrypted by the first public key. In response to a determination that the feature character string is obtained after decryption of the second identification, the communication between the first device and the second device is established.

Abstract: Coupling circuitry couples a network to a host. The host operating system is configured for transfer of data between the host and at least one peer via the network using at least one stateful connection to a peer according to a connection-oriented protocol. The coupling circuitry processes received connection attempt indications by attempting to establish a stateful connection to an indicated peer. For a genuine attempt by a peer to establish a stateful connection with the host, the coupling circuitry interoperates with the peer to perform establishment-phase protocol processing of the attempted stateful connection. For each of the established stateful connections, the coupling circuitry operates to cause a state of that established stateful connection to be provided from the coupling circuitry to the host, wherein the operating system of the host handles data transfer phase protocol processing of that established stateful connection.

Abstract: A web-based scoring system for golf tournaments utilizes web-enabled mobile devices for entering scores. The system provides a streamlined scoring process that leverages modern technology using only web browsers on the mobile devices. The system handles all authentications and scorer positioning in the tournament using URL/hyperlinks entered on the mobile devices. The system does not require a special scoring application to be loaded to the mobile devices.

Abstract: Various metrics as may be deployed in an active, passive, or hybrid validation architecture are disclosed. A computing device configured to monitor network game activity may identify an inconsistency between user game data and a particular game metric governing a particular aspect of the network gaming environment. Upon identification of an inconsistency between game data and a game metric, which may indicative of illicit game play, a validation process (e.g., active, passive, and/or hybrid) may be implemented to further confirm the existence of illicit game. Alternatively, an action to maintain integrity of the gaming community may be executed without further confirmation whereby a purportedly illicit game device may be ejected from the network.

Abstract: A role-based access control method and/or system permits end users to securely pair their mobile devices via a pairing apparatus with one or more instruments to, for example, remotely monitor operations of the instruments. In an embodiment, the process includes a pairing apparatus receiving a pairing request from an instrument including a unique access code, and receiving a pairing request from an end user mobile device that includes an end user mobile device identifier and an access code. If the unique access code matches the end user's access code, then the end user mobile device identifier is added to a security group and a successful pairing message is transmitted to at least one of the instrument and the end user mobile device.

Abstract: Embodiments of the present disclosure relate to the field of computer networks, and disclose a data packet transmission method and a related device and system. In the method, a traditional communication protocol (such as TCP) handshake process is optimized, so that data packet transmission may be implemented in the handshake process. The data packet transmission does not depend on completion of the handshake, thereby effectively reducing a data packet transmission delay caused by an RTT delay existing in the handshake process.

Abstract: Technologies for secure input and display of a virtual touch user interface include a computing device having a security monitor that may protect memory regions from being accessed by untrusted code. The security monitor may use hardware virtualization features such as extended page tables or directed I/O to protect the memory regions. A protected touch filter driver intercepts requests for touch input and allocates a transfer buffer. The transfer buffer is protected by the security monitor. A touch screen controller may write touch input data into the protected transfer buffer. The touch input data may be shared by the touch filter driver with authorized applications through a protected communication channel. A graphical virtual user interface may be generated by trusted code and rendered into a hardware overlay surface. The user interface may include a virtual keyboard. The security monitor may protect the overlay surface. Other embodiments are described and claimed.

Abstract: Described systems and methods allow conducting computer security operations, such as detecting malware and spyware, in a bare-metal computer system. In some embodiments, a first processor of a computer system executes the code samples under assessment, whereas a second, distinct processor is used to carry out the assessment and to control various hardware components involved in the assessment. The described computer systems may be used in conjunction with a conventional anti-malware filter to increase throughput and/or the efficacy of malware scanning.

Abstract: The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol.

Abstract: An information handling system, method, and computer-readable media for obfuscating debugging filenames during a software build are described. The system comprises one or more processors, a memory, and one or more program modules stored on the memory and executable by the one or more processors. The one or more program modules compile a source code file of a plurality of source code files into a program, generate a debugging file including debugging information for the program, utilize a one-way deterministic function to generate an obfuscated filename for the debugging file, and include a link to the debugging file in the program, the link including the obfuscated filename.

Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.

Abstract: Automated systems and methods are provided for establishing or maintaining a personalized trusted social network for a community of users, with little or no input from any given user. To establish the personalized trusted social network, one or more trusted sources are identified for a given user. The identified trusted sources are added to a user profile for the given user. Also, identified are any annotations, bookmarks, or the like that the identified trusted sources have associated with any shared content. These annotations provide access to microcontent items that the identified trusted sources have integrated with the shared content to thereby enhance or enrich its context. One or more profiles are constructed or updated to track the associations between the identified trusted sources and their annotations. The profile information can be applied to enhance and personalize search and browsing experiences for the given user.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A computer-implemented method for blocking flanking attacks on computing systems may include (1) detecting a denial-of-service attack targeting a computing network, (2) inferring, based at least in part on detecting the denial-of-service attack, a secondary attack targeting at least one computing resource within the computing network, (3) determining that the computing resource is subject to additional protection based on inferring the secondary attack targeting the computing resource, and (4) protecting the computing resource against the secondary attack by adding an authentication requirement for accessing the computing resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system, computer-readable storage medium storing at least one program, and a computer-implemented method for controlling a local utility are disclosed. A first request originating from an application and including a first token is received at a local utility. The application received a web page, including a plurality of links and the first token, from a first server. The plurality of links are received by the application from a second server. The first token is authenticated. Authentication includes sending the first token to a third server. In response to authenticating the first token, a second token is generated at the local utility. The second token is sent to the application for inclusion in subsequent requests from the application.

Abstract: The distributed message handling system is created by using session states to represent the plurality of session contexts in the message handling system. The session states are flat representations of the session context which completely describe the session. Utilizing the session states to handle system message requests allows the message handling system to distribute the handling of the message requests to a plurality of state machines. Advantageously, the distributed messaging system allows the message handling system to dynamically allocate message handling resources to application instances based on demand. Such dynamic allocation allows providers to efficiently allocate resources to meet demand while meeting application execution demands.

Abstract: An information communication device is provided with a monitoring unit, a communication unit, a storage unit, a switching unit, an acquisition unit, a creation unit, and a transmission unit. In the event that the monitoring unit detects trouble in the basic network, the switching unit switches the communication function of the communication unit from a first communication function to a second communication function. In the event that the monitoring unit detects trouble in the basic network, the creation unit creates notification information about the trouble in the basic network. The transmission unit transmits the created notification information via the switched-to communication function to a contact retrieved from the storage unit.

Abstract: A method for preventing Domain Name System (DNS) spoofing includes: performing uppercase/lowercase conversion for letters of a DNS question field in a DNS request packet according to a preset rule; sending the DNS request packet; receiving a DNS response packet; obtaining uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet; and forwarding the DNS response packet to a target DNS client if the uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet complies with the preset rule. Corresponding to the method, a device for preventing DNS spoofing is disclosed. The method and device reduce occupation of storage resources of the device.

Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

Abstract: A method, apparatus, and computer program product are provided for adapting security level between a mobile node and a mobility anchor. In the context of a method, an IP mobility binding with an indication of a security mode is established for a mobile node connected to an IP sub-network and identified in the IP sub-network by a care of address. A trigger to adapt the security mode for the mobile node connected to the IP sub-network is detected. The security mode for the mobile mode connected to the IP sub-network and identified by the care of address is adapted in response to the trigger.

Abstract: In one embodiment, techniques are shown and described relating to attack mitigation using learning machines. A node may receive network traffic data for a computer network, and then predict a probability that one or more nodes are under attack based on the network traffic data. The node may then decide to mitigate a predicted attack by instructing nodes to forward network traffic on an alternative route without altering an existing routing topology of the computer network to reroute network communication around the one or more nodes under attack, and in response, the node may communicate an attack notification message to the one or more nodes under attack.

Abstract: Various embodiments pertain to ascertaining domain contexts. In one embodiment, an application receives content that may contain a script (i.e. code). In this case, the domain context is ascertained and the script is executed in the context of the domain associated with the received content, rather than requiring the application or some other component to navigate to a location, such as a web location, to attempt to ascertain the domain context of the script. In another embodiment, third party objects or code are required to provide their domain context to an application in order for the application to make a security-based decision.

Abstract: A virtual host computer is presented that includes a virtualization software platform, at least one virtual machine executed by the virtualization software platform, a private network segment configured to prevent communications with at least one external computer, a public network segment configured to facilitate communications with the at least one external computer, and a virtual routing module that is executed as a virtual image by the virtualization software platform. The virtual routing module is configured to communicate with the at least one virtual machine via the private network segment, communicate with the public network segment, and execute a tunneling layer to form a private virtual network segment between the at least one virtual machine and the at least one external computer.

Abstract: Some embodiments provide a physical forwarding element that hashes portions of packet headers using several novel hashing techniques. The techniques include a novel set of finishing operations that improve the quality of resulting hashes by increasing their distribution and improving their apparent-randomness. In addition, the finishing operations virtually guarantee that different length inputs will hash to different results, even when padded to be the same initial values. The techniques also include efficient handling of remainder sections when distributing sections of a hash input across multiple processing units. The remainders are hashed into various previously generated hashes based on how many remainders result. These hashing techniques are useful for many network applications.

Abstract: A mechanism for automatically organizing electronic messages is described herein. Social groups of a particular user that may be representative of topics, people, projects, and the like can be automatically learned based at least in part upon historical correspondence of the user. Moreover, messages can be automatically prioritized based at least in part upon historical correspondence patterns. Electronic messages may be presented to the user in accordance with group information and how important the messages are to the user.

Abstract: An example method is provided and, in an example embodiment, includes receiving a data packet at an ingress switch function, the data packet associated with a data packet flow; obtaining access control information associated with a destination of the data packet flow from a centralized service engine; and performing access filtering on the data packet flow at the ingress switch function using the access control information.

Abstract: The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation.

Abstract: A communication device includes a vibroscope or an accelerometer for detecting vibration or shock, a hard disk drive for storing data, and a wireless communication transceiver. In response to detecting vibration or shock, the communication device automatically broadcasts an alert message that identifies a physical location of the communication device at the time that the vibration or shock is sensed. In response to receiving an alert message from another communication device, the communication device automatically temporarily parks a read-write head of the hard disk drive to prevent damage from the vibration or shock.

Abstract: In one embodiment, a system includes a processor to receive network flows, for each of one of a plurality of event-types, compare each one of the network flows to a flow-specific criteria of the one event-type to determine if the one network flow satisfies the flow-specific criteria, for each one of the event-types, for each one of the network flows satisfying the flow-specific criteria of the one event-type, assign the one network flow to a proto-event of the one-event type, test different combinations of the network flows assigned to the proto-event of the one event-type against aggregation criteria of the one event-type to determine if one combination of the network flows assigned to the proto-event of the one event-type satisfies the aggregation criteria for the one event-type and identifies an event of the one event-type from among the network flows of the proto-event. Related apparatus and methods are also described.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for implementing real-time transport control protocol to obtain an end-to-end encryption and security status of a communication session. The system collects real-time transport control protocol messages associated with a communication session, wherein the real-time transport control protocol messages are generated by devices in the communication session, and wherein the real-time transport control protocol messages include security information associated with the communication session. Then, based on the real-time transport control protocol messages, the system determines a security status associated with the communication session. The system can also generate an indication of the security status associated with the communication session. Further, the system can generate an indication of the security status of a communication session on a per participant basis.

Abstract: Techniques for determining classifications of defense measures as described herein. Security tokens are identified to be used to test defense measures of a web application. Combinations of security tokens are determined, wherein the combinations of security tokens are related to classifications of the defense measures. A combination is executed at an input point of the web application. Based on the output of the web application received in response to the executed combination, a classification for a defense measure of the web application is determined.

Abstract: Methods, systems, and computer programs for transferring a call described. In some aspects, during a voice call, a mobile device detects proximity of an audio appliance. The mobile device determines that the audio appliance is permitted to carry an audio portion of the voice call. The mobile device establishes a bi-directional communication link operable to transfer audio data between the mobile device and the audio appliance. In some instances, the audio data for the voice call is routed between the mobile device and the audio appliance by the bi-directional communication link.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: Embodiments of the disclosure can include a method, system, and computer program product for using a secure delete operation within one or more storage devices using a parity-based storage scheme. The method can include receiving the location of an application block that includes one or more data blocks and one or more parity blocks stored within the one or more storage devices using the parity-based storage scheme. The method can also include determining a number of parity blocks to delete, wherein the number of parity blocks to delete is less than the total number of parity blocks. The method can also include performing a secure delete operation on the determined number of parity blocks. The method can also include performing a secure delete operation on the one or more data blocks.

Abstract: In one embodiment, an edge network device may monitor a network service that is provided at a network service device. Information related to the monitored network service may be temporarily stored at the edge network device and transmitted to a remote network device. In one embodiment, an administrative device may compare current extracted information with stored historical information to determine if a unique machine identifier of an end user device has been spoofed.

Abstract: There is provided a communication control apparatus including a parameter acquisition unit that acquires parameters to calculate coverage of secondary systems from a secondary usage node operating the secondary systems on a frequency channel allocated to a primary system, a calculation unit that calculates the coverage of the secondary systems using the parameters acquired by the parameter acquisition unit, and an interference control unit that notifies a detection node that detects neighboring secondary systems of the secondary systems, of coverage information representing the coverage of the secondary systems calculated by the calculation unit.