Abstract: A search engine includes a network interface that receives a search query and a search module. The search module determines a consideration set of applications corresponding to the search query based on application data stored for a plurality of applications, determines a respective number of source objects associated with each of the applications in the consideration set, determines whether each of the applications is a spam application based on the respective number of source objects associated with each of the applications, applies respective penalties to selected ones of the applications based on the determination of whether each of the applications is a spam application, generates search results based on the respective penalties applied to the selected ones of the applications, and provides the search results to be transmitted by the network interface.

Abstract: Preserving privacy related to networked media consumption activity. Source privacy zones are defined and associated with privacy standards. Privacy standards include frequency criteria governing the storage of datasets including information associated with networked media consumption activity collected from the source privacy zone. Transaction requests including a networking protocol address are received over a network from a client device at a target location by a networked privacy system. The source privacy zone associated with the client device is identified. Using the networking protocol address to access characteristics having characteristic value(s), a dataset can be created including associating the networked media consumption activity with the characteristic and characteristic value(s). The dataset is pre-processed to comply with the privacy standards. The networking protocol address is discarded.

Abstract: A method provides device access security via use of periodically changing Quick Response (QR) codes. The method includes: generating (706) a first authentication QR code and assigning (708) the generated QR code as the current authentication mechanism for accessing the device. Contemporaneously with the generation of the QR code, at least one QR code validity parameter is established (710) to define when access to the device can be provided to a second device that provides the correct authentication QR code along with the access request. The method includes, in response to a pre-defined trigger (712) of the QR code validity parameter: generating (704) a new authentication QR code, different from a previously generated authentication QR code; assigning (708) the new authentication QR code as the current authentication mechanism for accessing the device; and enabling access to the first device to only second devices that provide the current authentication QR code.

Abstract: A method for secure cryptographic communication includes transmitting information that identifies a group key from a first device to a second device. The method further includes, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device.

Abstract: A policy arbitration system manages the fundamental communications and isolation between executable components and shared system resources of a computing device, and controls the use of the shared resources by the executable components. Some versions of the policy arbitration system operate on a virtualized mobile computing device to dynamically compile and implement policy rules that are issued periodically by multiple different independent execution environments that are running on the computing device. Semi-dynamic policy changes allow for context enabled policy changes that enforce the desired system and component “purpose” while simultaneously denying the “anti-purpose”.

Abstract: A storage cluster of symmetric nodes includes a data privacy scheme that implements key management through secret sharing. The protection scheme preferably is implemented at install time. At install, an encryption key is generated, split, and the constituent pieces written to respective archive nodes. The key is not written to a drive to ensure that it cannot be stolen. Due to the secret sharing, any t of the n nodes must be present before the cluster can mount the drives. To un-share the secret, a process runs before the cluster comes up. It contacts as many nodes as possible to attempt to reach a sufficient t value. Once it does, the process un-shares the secret and mounts the drives locally. Given bidirectional communication, this mount occurs more or less at the same time on all t nodes. Once the drives are mounted, the cluster can continue to boot as normal.

Abstract: An arrangement for enabling users to set and modify privacy policies is described. User attributes and existing privacy policies are used to determine the similarity between users. On this basis, the nearest-neighbors to a particular user are determined. When a user is required or wishes to provide or modify a policy, the policies of those nearest neighbors are used to recommend a privacy policy to the user.

Abstract: A system, apparatus, and methods are provided for facilitating payment for a third party's use of an application by a current user. The current user, or payor, initiates the process within the application by selecting one or more recipients. The system that hosts the application then determines which of the third parties are eligible. A target recipient may be ineligible because her application subscription never expires, because it doesn't expire within a threshold period of time, or for some other reason. The system identifies the target recipients that are eligible, and the payor may configure the gift payment (e.g., by choosing a duration of the subscription). The payor then chooses a method of electronic payment and, depending on the method selected, may redeem a coupon with the application host system, or the process may complete automatically. The payor and/or the recipient(s) may be notified of successful activation of the subscription(s).

Abstract: Consolidating encrypted image backups without decryption. In one example embodiment, a method for consolidating encrypted image backups without decryption may include individually encrypting, using a single encryption function, each block in a first set of blocks in a source storage, storing the first set of encrypted blocks in a first encrypted image backup, individually encrypting, using the single encryption function, each block in a second set of blocks in the source storage, storing the second set of encrypted blocks in a second encrypted image backup, and creating a consolidated encrypted image backup that includes a single encrypted block for each of multiple unique block positions represented by the first and second sets of encrypted blocks without decrypting any of the encrypted blocks.

Abstract: A Pervasive Intermediate Network Attached Storage Application (PINApp) enables users to digitally assign (pin/tack) a folder or drive to a public cloud storage service for the purpose of sharing their digital content with others. The PINApp enables users to engage the cloud storage services without the need to upload the digital content to the cloud in order for it to be viewed or shared. The PINApp can be used to unify all of the digital content stored on multiple devices and cloud services for a single owner or user.

Abstract: Methods and apparatuses are provided for automatically optimizing application program code for minimized access to privacy data. A privacy-oriented code optimizing module process and/or facilitate a processing one or more code segments, one or more execution logs associated with the one or more code segments, or a combination thereof to determine at least one privacy intrusion signature associated with the one or more code segments. Further, the privacy-oriented code optimizing module determines one or more recommendations for one or more alternate code segments based, at least in part, on the at least one privacy intrusion signature.

Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically analyze a suspected malware file, or group of files. Automatic analysis of the suspected malware file(s) may include one or more automatic analysis techniques. Automatic analysis of may include production and gathering of various items of information related to the suspected malware file(s) including, for example, calculated hashes, file properties, academic analysis information, file execution information, third-party analysis information, and/or the like. The analysis information may be automatically associated with the suspected malware file(s), and a user interface may be generated in which the various analysis information items are presented to a human analyst such that the analyst may quickly and efficiently evaluate the suspected malware file(s).

Abstract: There is provided an information processing device including a secret key generator that generates a secret key from a random number received from an external device that provides a service, and a given value, a public key generator that generates a public key on the basis of the secret key by using a function identically set in a plurality of the services, a transmitter that transmits the public key to the external device, and an authentication processor that conducts authentication with the external device using the secret key.

Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.

Abstract: A method performed by a login server with memory and one or more processors are described. The method includes receiving a login request from a computer system; determining whether an identity of the computer system matches a preset standard; and, in accordance with a determination that the identity of the computer system does not match the preset standard, denying the login request. The login server and its components, and a computer readable storage medium storing one or more programs for execution by one or more processors of the login server are also described.

Abstract: Sensitive user information management system and method. In accordance with some embodiments of the subject innovations, a RESTful “custodial” web service is provided to online service applications of an online service for storing and retrieving sensitive user information. More particularly, the custodial web service offers an operational interface to the online service applications accessible over a data network. The operational interface comprises two operations: STORE and RETRIEVE. The STORE operation allows an online service application to store sensitive user information with the custodial web service. The RETRIEVE operation allows the online service application to later retrieve the sensitive user information from the custodial web service. The custodial web service also ensures that received sensitive user information is cryptographically encrypted when in the custody of the web service.

Abstract: An execution of a data object is identified by a computing device. In response to identifying the execution of the data object, it is determined that the data object has requested a sensitive action of the computing device before interacting with a user of the computing device. In response to determining that the data object has requested the sensitive action, the data object is classified as a high-risk data object.

Abstract: A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value.

Abstract: Disclosed are various embodiments relating to managed clones of applications. In one embodiment, an application is received. If it is determined that the application should be managed, a managed clone of the application is generated. The managed clone of the application is configured for coexistence along with the application upon a client device under management. The managed clone of the application may then be deployed to the client device under management.

Abstract: Collaborative computing and electronic records are disclosed. An entity that may be able to help achieve an objective is discovered and a connection to the entity established. A meta-language is used to exchange with the entity a description of the objective and a description of the entity. The meta-language is used to negotiate with the entity a contract to help achieve the objective. In the event a contract to help achieve the objective is reached, performing a self-configuration in accordance with the contract.