Abstract: Embodiments of the present invention provide a method and apparatus for recognizing image contents. In one embodiment of the present invention, there is provided a method for recognizing image contents, comprising: providing at least a first image pair and a second image pair to a user; obtaining a first answer and a second answer from the user, wherein the first answer and the second answer respectively indicate the user's determination on whether the image contents in the first image pair and the second image pair are same or not; and modifying a weight of the second image pair in response to the first answer matching a predetermined answer. In one embodiment of the present invention, there is provided an apparatus for recognizing image contents.

Abstract: Techniques may automatically detect bots or botnets running in a computer or other digital device by detecting command and control communications, called “call-backs,” from malicious code that has previously gained entry into the digital device. Callbacks are detected using a distributed approach employing one or more local analyzers and a central analyzer. The local analyzers capture packets of outbound communications, generate header signatures, and analyze the captured packets using various techniques. The techniques may include packet header signature matching against verified callback signatures, deep packet inspection. The central analyzer receives the header signatures and related header information from the local analyzers, may perform further analysis (for example, on-line host reputation analysis); determines using a heuristics analysis whether the signatures correspond to callbacks; and generally coordinates among the local analyzers.

Abstract: Disclosed are an access authentication method and device for a WLAN hotspot. The method comprises: an access password of a WLAN hotspot is updated according to a preset update time interval; and access for a wireless workstation which is accessing to the WLAN hotspot through a soft AP is authenticated according to the updated access password. The disclosure can solve the problem in the related art that other users can use traffic without limitation once they have stolen the password which causes great damage to users who pay the bill because the access password of the WLAN hotspot can only be manually updated.

Abstract: Techniques for configuring and managing remote security devices are disclosed. In some embodiments, configuring and managing remote security devices includes receiving a registration request for a remote security device at a device for configuring and managing a plurality of remote security devices; verifying the registration request to determine that the remote security device is an authorized remote security device for an external network; and sending a response identifying one or more security gateways to the remote security device, in which the remote security device is automatically configured to connect to each of the one or more security gateways using a distinct Layer 3 protocol tunnel (e.g., a virtual private network (VPN)).

Abstract: A computer-implemented method for detecting malicious use of digital certificates may include determining that a digital certificate is invalid. The method may further include locating, within the invalid digital certificate, at least one field that was previously identified as being useful in distinguishing malicious use of invalid certificates from benign use of invalid certificates. The method may also include determining, based on analysis of information from the field of the invalid digital certificate, that the invalid digital certificate is potentially being used to facilitate malicious communications. The method may additionally include performing a security action in response to determining that the invalid digital certificate is potentially being used to facilitate malicious communications. Various other methods, systems, and computer-readable media are disclosed.

Abstract: Concepts and technologies are disclosed herein for preventing spoofing attacks for bone conduction applications. According to one aspect, a device can receive an authentication signal that has propagated through a body. The device can prevent an adversary from using the authentication signal to spoof a user to be authenticated by the device. The device can also authenticate the user.

Abstract: A request to establish a connection to a server application executed by a server device is received at a client-side authenticated-connection application programming interface (API) from a client application executed by a client device. The connection request is sent from the client device to a server-side authenticated-connection API executed by the server device. The connection request includes user identification information usable to authenticate a user of the client application with the server-side authenticated-connection API to access the server application. A connection establishment acknowledgement is received from the server-side authenticated-connection API. A handler that represents an established connection to the server application is returned to the client application as a connection establishment acknowledgement.

Abstract: A system and a method are disclosed for computing a reputation score for user profiles of a social network according to actions taken by user profiles of the social network. The reputation score may be based on interactions of a user profile with a content item or based on interactions of user profiles with other user profiles. Actions may be weighted differently in calculating a reputation score as a sum of products of action counts and actions weights. Reputation scores calculated may be used to rank user profiles and to determine reputation levels for user profiles based on exceeding a threshold in reputation score or reputation ranking.

Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

Abstract: A computer-implemented method entails steps of receiving user input signifying that an application on a computing device is to be locked and, in response to the user input, locking a user within the application to thereby permit the user to utilize functionalities of the application without exiting from the application or switching to another application on the computing device.

Abstract: Methods and apparatus for providing protected content to subscribers of a managed (e.g., MSO) network via a content source accessible via an internetwork such as the Internet. In one embodiment, a user accesses a programmer website, and requests content. The programmer determines whether the requesting user is permitted to access the content, and what rights or restrictions are associated with the user. This includes authenticating the user as a subscriber of the MSO, and determining the subscriber's subscription level. In another embodiment, a user's account with the MSO and programmer may be federated, thus a given user will have MSO-specific information regarding its identity (such as login information, GUID, etc.) and/or information regarding subscription level and service details, stored at the programmer. Messages received from the MSO representing permission for the user to access content may also be stored at the programmer site for later reference.

Abstract: The present document provides a method and apparatus for controlling digital living network alliance contents. One Media Access Control (MAC) recording unit is extended at the Digital Living Network Alliance (DLNA) device side for recording which MAC addresses are permitted to access or use the service of the DLNA device or prohibited from accessing or using the service of the DLNA device; one service control program is extended at the DLNA device side, and when there is another DLNA device transmitting a request to the DLNA device, the MAC address of the DLNA device is compared with the MAC address recorded by the MAC recording unit; and if the MAC address of the DLNA device is in the permission list or the MAC address of the DLNA device is not in the prohibition list, then the request will be permitted; otherwise the request will be rejected.

Abstract: A message flooding prevention system (1) has multiple interceptors (2, 3, 4), each with an interceptor unit linked with an RCS server, and SMSC, or an MMSC. The interceptors (2, 3, 4) are connected to flood detect nodes (10) for receiving messages at a point in a communications network, extracting data from a message, generating at least one code from extracted data, and comparing the code or codes with one or more previous codes. The flood detect nodes (10) determine according to the comparison if the received message is suspected to be a flooding message and if so, performs code generation including hashing. The flood detect nodes (10) save the code to one of a set of database buckets (21), each bucket being associated with a code, and select a bucket according to the generated code, and increment a fill parameter of the selected bucket.

Abstract: A computer encrypts only a restricted tag element from among a plurality of content elements to be electronically published as a message for access by a plurality of users, wherein decryption of the encrypted restricted tag element is limited to a selection of at least one user from among the plurality of users. The computer outputs the plurality of content elements for electronic publication through an interface accessible to the plurality of users, wherein the plurality of users are enabled to access the plurality of content elements of the message published through the interface, wherein only the selection of at least one user is enabled to decrypt the encrypted restricted tag element in the plurality of content elements to access the underlying restricted tag element within the message published through the interface.

Abstract: The various aspects provide for a computing device and methods implemented by the device to ensure that an application executing on the device and seeking root access will not cause malicious behavior while after receiving root access. Before giving the application root access, the computing device may identify operations the application intends to execute while having root access, determine whether executing the operations will cause malicious behavior by simulating execution of the operations, and pre-approve those operations after determining that executing those operations will not result in malicious behavior. Further, after giving the application root access, the computing device may only allow the application to perform pre-approved operations by quickly checking the application's pending operations against the pre-approved operations before allowing the application to perform those operations.

Abstract: A computer-implemented method for authenticating devices may include (1) identifying a request from a device for a credentialing service to issue a credential to the device, the request including an application identifier encrypted with a first encryption key, the first encryption key having been derived by the device based on a token provisioned to the device by a vendor of the device, (2) transmitting the request to the credentialing service, (3) receiving, from the credentialing service, the credential encrypted using a second encryption key, the second encryption key having been derived by the device based on the token, and (4) providing the encrypted credential to the device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The inventive systems and methods aggregate network information to accompany file information in an indicator and warning environment. This system also provides a user interface to search for files using network attributes or file attributes, such as message digest. The system can include threat scoring functionality that can be configured to calculate a threat score based on a combination of the result of file analysis on one or more files and associated network data capture information.

Abstract: A computer-implemented process receives a request to utilize one or more virtual data center (VDC) resources at a virtual data center and determines a particular service level applicable to request. Based on the particular service level and mapping information that indicates associations between VDC resource utilization policies and service levels, the process determines a particular VDC resource utilization policy corresponding to the request and causes completion of the request according to the particular VDC resource utilization policy. Another process determines that a resource utilization performance is incompatible with a requested service level and selects a new resource utilization based in part on the resource utilization performance information and mapping information. The process causes data distributed according to a prior resource utilization policy to be distributed according to the new resource utilization policy in one or more resources at a virtual data center.

Abstract: A cellular telephone or mobile device with several methods of touch, voice, and gesture based input is described. A user is able to interact with a touch screen display on the device to select one or more keys, expand keys, and customize legends or toolbars. A user may deliver spoken audio to the device and actuate a series of commands on the device including search on the device, search on the Internet, accessing an Internet resource, or downloading a document. A user may be able to execute one or more macros on the device. The device may further have a plurality of authentication methods based on the activities on the device. Authentication requests may be made for specific applications or the device. An authentication request may include identifying pictures taken on the device and engaging in activities with the photos.

Abstract: The present invention provides an information processing device which can detect illegal authorization setting efficiently in a short period of time. The information processing device includes a database which stores electronic documents, a means for storing rank values of users of the database, a means for storing the authorization degree of an electronic document or an electronic document group and authorization degrees of respective document classes of the database, a means for analyzing the electronic documents and combining together documents having mutual similarity in a degree equal to or higher than a certain level into a similar document group, and a means for analyzing authorization degrees of respective document classes in the database with reference to the rank values of the users, and thus detecting an electronic document or an electronic document group whose authorization setting is improper.