Abstract: Provided are a method, system, and computer program product for a local authorization extension to provide access authorization for a module to access a computing system. A memory stores information on a first validity range comprising position coordinates for a module seeking to access the computing system and a second validity range comprising position coordinates for a location authorization extension for a computing system. A determination is made of a first position signal from a first receiver of the module and of a second position signal from a second receiver of the location authorization module. Determinations are made as to whether the first position signal is within the first validity range and whether the second position signal is within the second validity range. The module is granted access to the computing system in response to determining that the first position signal is within the first validity range and the second position signal is within the second validity range.

Abstract: A method begins with a processing module receiving a data retrieval request and obtaining a real-time indicator corresponding to when the data retrieval request was received. The method continues with the processing module determining a time-based data access policy based on the data retrieval request and the real-time indicator and accessing a plurality of dispersed storage (DS) units in accordance with the time-based data access policy to retrieve encoded data slices. The method continues with the processing module decoding the threshold number of encoded data slices in accordance with an error coding dispersal storage function when a threshold number of the encoded data slices have been retrieved.

Abstract: A computer-implemented method for negotiating a time and a medium for communications between users is described. The method is performed at a server including one or more processors and memory storing one or more programs. The method includes receiving a request from a first user to negotiate a time and a medium for communication with a second user. The request includes a plurality of acceptable mediums of communication. The method also includes generating a first notification based on the request. The first notification includes the plurality of acceptable mediums of communication. The method furthermore includes transmitting the first notification to the second user, and receiving a response to the first notification from the second user. The response indicates whether the second user has accepted one of the acceptable mediums of communication.

Abstract: A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image.

Abstract: Systems and methods for use in secure network communication. A physical network interface receives a network packet associated with a security level. The network packet is transmitted from the physical network interface to a security policy component. The network packet is routed to a stack offload engine by the security policy component based on a network address associated with the network packet and the security level associated with the network packet. The network packet is provided by the stack offload engine to a software application via trusted memory interface that transfers the packet to a memory portion of a plurality of memory portions. The memory portion corresponds to the security level.

Abstract: In a first embodiment of the present invention, a method for operating a presence server in a home network is provided, the method comprising: receiving a request for presence information; sending an event notification to all subscribed control points informing them of the request for presence information; receiving an action from one of the subscribed control points accepting or rejecting the request for presence information; and if the action received from the one of the subscribed control points accepts the request for presence information, causing presence information regarding the one of the subscribed control points to be sent to the entity that sent the request for presence information.

Abstract: A processing device comprises a processor coupled to a memory and is configured to receive authentication information from a user, to generate a message authentication code based at least in part on the received authentication information, to generate a credential for a particular access control interval based at least in part on the message authentication code and an intermediate value of a hash chain, and to provide the credential to a user in order to allow the user to access a protected resource in the particular access control interval. The message authentication code may be generated over a message payload that includes a password provided by the user. The credential may comprise a combination of the message authentication code and the intermediate value of the hash chain.

Abstract: A method for interpreting messages, user-defined alert conditions, voice commands and performing an action in response is described. A method for annotating media content is described. A method for presenting additional content associated with media content identified based on a fingerprint is described. A method for identifying that an advertisement portion of media content is being played based on a fingerprint derived from the media content is described. A method of one media device recording particular media content automatically in response to another media device recording the particular media content is described. A method of concurrently playing media content on multiple devices is described. A method of publishing information associated with recording of media content is described. A method of deriving fingerprints by media devices that meet an idleness criteria is described. A method of loading, modifying, and displaying a high definition frame from a frame buffer is described.

Abstract: Resources may be managed in a topology for audio/video streaming. DisplayPort is a digital audio/video interconnect standard of the Video Electronic Standards Association (VESA). It allows video and audio to be coupled from a computer to a video display or an audio playback system. The topology includes audio/video sources and sinks and intervening branch devices. Messages between these sources, sinks, and branch devices may be used for resource management.

Abstract: Systems, methods, and apparatus for generating and validating product keys. In some embodiments, a product key includes security information and identification information identifying at least one copy of a software product. The identifying information may be used to access validation information from at least one source other than the product key, and the validation information may be used to process the identification information and the security information to determine whether the product key is valid. In some further embodiments, the security information includes a first portion to be processed by a first validation authority using first validation information and a second portion to be processed by a second validation authority using second validation information, wherein the second validation information is stored separately from the first validation information.

Abstract: A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image.

Abstract: A method for associating a web event with a member of a group of users is implemented at a first computing device. The method includes: receiving a data access request from a second computing device; determining whether the user has previously provided personal information and authorization to the first computing device through the second computing device; if the user's personal information and authorization are found: generating a record for the data access request; if the user's personal information is found but the user's authorization is not found: generating a record for the data access request; and if neither of the user's personal information and authorization is found: identifying one or more user identifiers that are associated with the second computing device; and returning personal information associated with the one or more user identifiers to the second computing device.

Abstract: A lightweight solution enables the exchange of multimedia information in a secure manner. Exchanged cryptographic material can be used to encipher multimedia message-oriented communications between devices. This lightweight solution can be used by common off the shelf devices such as smartphones, tablets, feature phones, or special purpose machine to machine devices for private communications, such as command and control, location services, video, audio, electronic attachments, etc. using insecure voice or data communication paths, such as MMS.

Abstract: Systems and methods are provided for FAA-certified avionics devices to safely interface with non-certified mobile telecommunications devices before, during, and after flight. Data transmitted to the certified devices do not affect functionality of the certified device unless and until a user acknowledges and/or confirms the data on the certified device. Thus, the integrity of the certified device is maintained.

Abstract: A request for information or services available on an intranet may be made by users on an extranet outside the intranet. An email is generated in an external server on the extranet in response to the request for information or services, and then sent from the external server to an internal server inside the intranet. The email comprises one or more approved forms based on the request, wherein specifics of the request are embedded into the body of the email. The email is processed at the internal server, in order to generate a response to the request, wherein the response is returned by the internal server to the external server in a reply email. The reply email includes an attachment containing the results of the processing performed by the internal server. The external server allows the user to access these results via an external graphical user interface.

Abstract: In a system and method for managing mainframe computer usage, preferred values for service class defined performance goals are determined to optimize workload performance in service classes across a logical partition. A method for managing mainframe computer system usage can include receiving a performance optimization goal for workload performance in a service class, the service class having a defined performance goal. Achievement of the performance optimization goal is assessed, and a preferred value for the defined performance goal is determined based on assessing achievement of the performance optimization goal. Workload criticality can be taken into account, and automatic changes to the performance goal authorized.

Abstract: Application programming interface (API) for starting and accessing distributed routing table (DRT) functionality. The API facilitates bootstrapping into the DRT by one or more devices of a group of devices (a mesh) seeking to collaborate over a serverless connection, establishing a node of the DRT, where each node is an instance of an application that is participating in the mesh, and node participation by allowing the application to search for keys published by other nodes in the mesh, or by becoming part of the mesh by publishing a key. The API facilitates optimization of the routing table for quickly finding a root of a specific key in the mesh by finding the key directly in a cache or by asking a root node of the key that is in the local routing table that is closest numerically to the key being searched.

Abstract: An apparatus and method for generating a group key using the status of a wireless channel are provided. The apparatus includes a representative channel response selection unit for selecting a representative channel response signal from among pilot signals received from slave terminals. A key generation unit generates a group key based on a representative channel response value of the representative channel response signal. A hash value generation unit generates a hash value corresponding to the group key. A transmission pilot control unit adjusts power intensities of transmission pilots of the respective slave terminals using the channel response value of the representative channel response signal and channel response values and transmission power intensities of the slave terminals. A communication unit is individually connected to the slave terminals and configured to transmit pilot signals, power intensities of which have been adjusted, and the hash value to the slave terminals.

Abstract: Methods and systems for child authentication are described. In one embodiment, a communication enablement request may be received to enable electronic communications between a first child and a second child. A confirmation acceptance code may be electronically generated. The confirmation acceptance code may be associated with the first child and the second child. The confirmation acceptance code may be received from a parental representative of the second child. The electronic communication may be enabled between the first child and the second child based on the receiving of the confirmation acceptance code from the parental representative of the second child. Additional methods and systems are disclosed.

Abstract: Embodiments of the disclosure relate to identifying email resources associated with client devices, identifying resource rules, determining whether the email resources satisfy the resource rules, and modifying the email resources as well as the ability to access the email resources based on the resource rules if the resource rules are not satisfied by the email resources.

Abstract: Managing access to resources shared among multiple processes within a computer system. Multiple program instances of an application are almost simultaneously executed on multiple processors for fault tolerance. The replication solution supports the recording and subsequent replay of reservation events granting the shared resources exclusive access rights to the processes, when one program code instruction may request access to a set of shared resources in a non-deterministic order.

Abstract: Systems and methods for verifying human users through cognitive processes that computers cannot imitate are described herein. Human cognitive language processing techniques may be used to verify human users. Visual patterns and tests may be used to distinguish between humans and computers because computer-based visual recognition is fundamentally different from human visual processing. Persistent plugins and tests may be used to continuously verify human users.

Abstract: A method and apparatus for authenticating a signal received at a wireless node. The signal is received at the wireless node. The wireless node is one of a plurality of wireless nodes in a communications network. A set of parameters is identified for the signal. A distance between the wireless node and a source of the signal is identified using a location of the wireless node and the set of parameters for the signal. A determination as to whether the source of the signal is an authorized source is made using the distance identified.

Abstract: A low resource mobile device, such as a smart phone or a tablet running a mobile operating system, requests a cloud computer system to inspect a mobile application for malicious content. The cloud computer system downloads the mobile application from a mobile application source, and installs the mobile application in a virtual machine sandbox. The cloud computer system inspects the mobile application for malicious content while the mobile application executes in the virtual machines sandbox. The result of the inspection is sent to the user in accordance with a setting that may be indicated in a cloud sandbox agent running on the mobile device.

Abstract: Methods, systems, and computer-readable media for exception handling of interactive communications privileges governing interactive communications with entities outside a domain are disclosed. The interactive communications privileges may have been learned through domain administrator configuration or may have been self-learned without domain administrator input. The interactive communications privileges can be used to process interactive communications requests between entities inside a domain and entities outside the domain. Exceptions to the interactive communications privileges can be requested by user entities inside the domain for interactive communications with entities outside the domain. In this manner, if the interactive communications privileges are not sufficient according to user entities inside the domain, the user entities inside the domain can request exceptions for other interactive communications privileges with entities outside the domain.

Abstract: Provided is a license management system comprising: a license check device that independently operates on a platform; and an information processing device that is connected to the license check device, in which the license check device includes: a license check unit that checks for presence or absence of a license of the information processing device; a first start unit that starts the license check unit in response to a call instructed by the platform; and a calling unit that calls, when the license check unit determines that the license is present, the information processing device, and in which the information processing device includes: an information processing unit that performs a specific information processing; and a second start unit that starts the information processing unit only in response to the call from the license check device.

Abstract: A system and method of maintaining a user profile for a handheld computer in a shared, scalable computing resource is described. The method includes receiving user profile data from the handheld computer at the shared, scalable computing resource, the user profile data comprising a user security factor. The user profile data is received via a secure wireless communication protocol having authentication of an identity of the handheld computer. The method includes storing the user profile data on the shared, scalable computing resource as a portion of a user profile, the user profile further comprising user preference data. The method further includes receiving the user security factor from a second computing device. The user security factor is received via a secure wireless communication protocol having authentication of an identity of the second computing device. The method further includes downloading user preference data to the second computing device.

Abstract: Embodiments facilitate confidential and secure sharing of anonymous user profile data to improve the delivery of customized content. Embodiments of the invention provide a data appliance to an entity such as a business to convert profile data about the business's customers into anonymous identifiers. A similar data appliance is provided to a content provider in one embodiment to generate identifiers for its user profile data. Because the anonymous identifiers are generated with the same anonymization method, identical identifiers are likely generated from profile data of the same users. Therefore, the identifiers can be used to anonymously match the customers of the business to the users of the content provider. Therefore, data can be shared to improve customized content such as advertisements that the business wishes to place with the content provider without requiring the business to disclose customer data in an unencrypted form, and any non-matched data can remain confidential.

Abstract: A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit.

Abstract: According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents.

Abstract: According to one embodiment, an information processor includes an operator and an address protector. The address protector includes a register access interface, an address table, and an access determination module. The register access interface is configured to receive address protection information from the operator. The address table is configured to store the received address protection information. The access determination module is configured to determine whether an access to an address specified by the operator is allowable based on the address protection information, and configured to output an interrupt signal to the operator when the access is unallowable.

Abstract: Techniques for project lifecycle staged-based access control are provided. Access control rights are defined for a stage of a project's lifecycle. As requestors transition to the stage, the access control rights are enforced on top of any existing security restrictions. In an embodiment, selective resources are not visible to requestors within the stage in response to the access control rights.

Abstract: A method for digitally signing a document, a secure device, and a computer program product for implementing the method. The method employs a secure device which is protected against malicious software or malware and is adapted to establish a secure connection to a recipient via a host. The method includes: connecting to a terminal; accessing the contents of a document received by the secure device; instructing at the secure device to communicate the accessed contents to an output device other than the terminal such that the contents can be verified by a user; ascertaining at the secure device a command received to digitally sign the document; executing at the secure device the ascertained command; and instructing to send a digitally signed document to a recipient over a connection established via the host connected to a telecommunication network.

Abstract: Access to virtual machine inputs and outputs are controlled. Controlling access to virtual machine inputs and outputs may comprise locking inputs and outputs of a virtual machine from within the virtual machine, other than a predefined limited access input, detecting a request to unlock the inputs and outputs of the virtual machine; determining if a requester is authorized to unlock the inputs and outputs of the virtual machine and unlocking, temporarily, the inputs and outputs of the virtual machine if the requester is authorized. The predefined limited access input is configured to receive an input device with a private secret for unlocking the inputs and outputs of the virtual machine. The inputs and outputs are unlocked when an input device having a shared password is attached.

Abstract: A distributed operation is performed using at least one first and second computer-based object, wherein control information is used to influence or determine a property, a function of the first and/or second computer-based objects. The control information includes details of a parameter identifier, a value associated with the parameter identifier, a range of validity and a remote access attribute. The control information is provided in a retrievable manner, according to the included range of validity, in a memory organized according to ranges of validity and is associated with the first computer-based object. During a function or service call for performing the distributed operation, which is sent from the first computer-based object to the second, the control information is transmitted to the second computer-based object, provided in a retrievable manner in the memory organized according to the ranges of validity and associated with the second computer-based object.

Abstract: A system and method wherein an intermediary process provides access to a restricted object associated with a source process on behalf of a destination process. The intermediary process may be a trusted process that is available as a service to other processes on the computing platform. The intermediary process may assume one or more privileges associated with the source process whereby the restricted object may be accessed by the intermediary process on behalf of the destination process. Secure access to the restricted object and the risk of malicious exploitation are mitigated since the intermediary process is a trusted service that is known to provide specific functionality.

Abstract: Machine implemented method and system for transferring replicated information from a first storage location managed by a storage operating system at a first storage system node and accessible to a client computing system to a second storage location managed by a second storage system node are provided. A resource pool having a plurality of tokens is maintained for authorizing a replication engine to transfer replicated information from the first storage location to the second storage location. The number of available tokens is increased when traffic due to client requests for accessing the first storage location is less than a first threshold level. The number of available tokens is decreased for reducing transfer of information via the replication engine, when latency in responding to the client requests reaches a second threshold value and the traffic due to client requests reaches the first threshold value.

Abstract: A roaming method and a data transmission system for a portable terminal in a Wireless Local Area Network (WLAN) are provided. The method includes transitioning to an active mode, by a control unit in a standby mode in response to a request from a WLAN module during roaming from a first Access Point (AP) to a second AP, and performing authentication in conjunction with a server, by the control unit in the active mode. As a result, when a portable terminal roams in a WLAN, the network connection is not disrupted.

Abstract: In a device registration system, user authentication and device authentication of a CE device are executed in a single session, and the user and the CE device are associated with each other if these authentications succeed. The CE device obtains information for user authentication from an IC card and portable memory, and sends the information and device authentication information to a device registration unit. The device registration unit sends the information for the user authentication to a user authentication unit, and the device authentication information to a device authentication unit. The user authentication unit executes a user authentication process and sends information of the user to the device registration unit if authentication succeeds. The device authentication unit executes a device authentication process and sends information of the device to the device registration unit if authentication succeeds.

Abstract: A computer-based system, method and computer program product for controlling access to protected personal information is disclosed. Protected personal information that is accessible by an information management application program is stored in a computer memory. In response to a request from an authenticated user for information, which includes protected personal information, information is displayed indicating that user has requested protected personal information, but the protected personal information is not displayed. In response to receiving user input requesting access to the protected personal information, a determination is made as to whether the user is authorized to access the requested protected personal information. If so, requested protected personal information is displayed to the user and information is stored relating to the user's access to protected personal information.

Abstract: A method of sharing data is disclosed. A request from a client node to access data in a share associated with a server node is received. A communication from a management nexus is received. The communication includes a confirmation of an identity of the client node and a confirmation of an authorization for the client node to access the data in the share associated with the server node. The client node is allowed to access the data in the share associated with the server node based on the communication from the management nexus. However, the data is not sent to the management nexus.

Abstract: A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified.

Abstract: Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

Abstract: Some embodiments provide a system that executes an application. During operation, the system obtains a resource list associated with the application and stores a set of resources including a native code module from the resource list through communications over a network connection, wherein the resources are stored in persistent local storage. The application then loads the application in the web browser and loads the native code module into a secure runtime environment. Next, the application executes the application independently of the network connection using the native code module and the stored resources.

Abstract: An improved system and method for controlling access of components to industrial automation system resources by reference to the various operational states of the industrial automation system. A central access control system includes a processing circuitry, interface circuitry configured to receive information pertaining to the operational state of an automation system, memory circuitry, and a display and user interface. In operation, access to automation components are either allowed or denied based on the designation of an operational state of an automation system.

Abstract: A method, system and apparatus for controlling access to a media server are provided. A browse request is received at a computing device, from a remote computing device to browse a memory structure including content files. Authentication of the remote computing device is initiated. Prior to the remote computing device being authenticated, a response is transmitted to the remote computing device indicative that the memory structure is empty of the content files, regardless of actual content of the memory structure. After the remote computing device is authenticated, a further response is transmitted to the remote computing device indicative of the actual content of the memory structure.

Abstract: In an embodiment, a method enables authentication of devices connected to a network. The method also enables the devices to digitally sign communication on the network with private keys. When a new device is added to the network, a mobile device may be connected to the new device. The mobile device receives identification from the new device and sends the identification to an authorization server, over a public network. The mobile device also sends a request for a private key to the authorization server. The authorization server contains an inventory of the devices authorized to communicate over the network. If the identification of the new device exists in the inventory, the authorization server sends a private key to the mobile device, over the public network. The mobile device forwards the private key to the new device.

Abstract: A system, method, and apparatus for the authentication of the physical location of a target node are disclosed herein. In one or more embodiments, the authentication of the target node's physical location is achieved by using ping ranging measurements obtained from the amount of time that elapses during ping messages being sent between the target node and at least one trusted node with a known physical location. The physical location of the trusted node(s) is obtained by using satellite geolocation techniques. The accuracy of the ranging measurements may be improved upon by using pre-coordination and/or priority determination of the ping messages being sent between the target node and the trusted node(s). In at least one embodiment, the ping messages are sent by dedicated ping response hardware that is associated with the target node and/or the trusted node(s). In some embodiments, the ping messages include a pseudo random code bit sequence.

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract: A method for providing an operating system access to devices, including enumerating hardware devices and virtualized devices, where resources associated with a first hardware device are divided into guest physical resources creating a software virtualized device, and multiple instances of resources associated with a second hardware device are advertised thereby creating a hardware virtualized device. First and second permission lists are generated that specify which operating systems are permitted to access the software virtualized device and the hardware virtualized device, respectively. First and second sets of virtual address maps are generated, where each set maps an address space associated with either the software virtualized device or the hardware virtualized device into an address space associated with each operating system included in the corresponding permission list.