Abstract: Methods and systems for style and/or layout caching of Web content are usable to build reusable style caching trees and cacheable layout calculations. Such style caching trees may be used to avoid recalculating style content of Web pages for document object model (DOM) elements that have not changed. Additionally, the cacheable layout calculations may be used to avoid recalculating the layout content of Web pages that are subsequently accessed.

Abstract: Methods and systems for parallel Web page processing are usable to parallelize Web page document parsing, Web page layout calculations, Web page style formatting, and Web page script engine processing. Such parallelized parsers may be used to enhance Web page processing and exploit multi-core and multi-processor computing device resources. The parallelized script engine may be used to enhance Web page processing when independent scripting events exist in the Web page document. Additionally, the parallelized layout calculations and style formatting may be used to further enhance Web page processing by allowing multi-core and multi-processor computing devices to take advantage of their parallel processing abilities.

Abstract: Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.

Abstract: A security-enhanced login technique that provides a convenient and easy-to-use two factor technique to enhance the security of passwords without requiring any changes on the server side of a client-server network. The technique employs a convenient and easy-to-use two-factor technique to generate strong passwords for Web and other applications. In this technique, a convenient or personal device such as a mouse is used as the other factor besides a user password. A secret stored in the mouse or other personal device is hashed together with the password entered by a user and the server ID, to generate a strong, server-specific password which is used to authenticate the user to the server. This password enhancement operation is carried out inside the personal device.

Abstract: A cross-module detection system and method for detecting and monitoring control flow transfers between software modules in a computer system. The system and method detect and monitor control flows entering and exiting the software modules. For a particular module, a checking model is extracted from the binary file of that module. In addition, a relaxed shadow stack is generated. If the module is an original module, meaning that the control flow originated from that module, then the checking model is used to check the validity of the control flow transfer. Otherwise, the relaxed shadow stack is used. An interception module is used to intercept and terminate invalid control flow transfers. If an invalid control flow transfer is detected, then the transfer is terminated. Otherwise, the control flow transfer is allowed to continue.

Abstract: A manipulable human interactive proof (HIP) displays at most a portion of verification information. A user performs at least one manipulation on the HIP display to obtain full verification information.

Abstract: Techniques for an image-based CAPTCHA for object recognition are described. The disclosure describes adding images to a database by collecting images by querying descriptive keywords to an image search engine or crawling images from the Internet. The disclosure describes generating the image-based CAPTCHA. The image is retrieved from the database, along with objects having significant values. An object is cropped from its image. The portion on the image where the object has been cropped is filled with image inpainting. The process obtains other objects from the database. The object is mixed among the other objects to from a set of candidate objects. A user is asked to select “the object” from the set of candidate objects that fits or matches the image. The image-based CAPTCHA evaluates whether a response, the selection, is from a human or a bot.

Abstract: The HIP creation technique described herein pertains to a technique for creating a human interactive proof (HIP) by applying tearing and/or a conformal transformation to a string of characters while maintaining readability of text. In one embodiment, the technique tears a character string into two or more pieces and applies conformal transformation to warp the pieces in order to create a HIP. The transformation changes the shape and orientation of the characters but preserves angles of the characters which makes it easy for humans to recognize the characters after the transformation. Other embodiments of the technique create HIPs by applying tearing only to a string of characters, or by applying conformal transformation only to the character string.

Abstract: Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.

Abstract: Technologies for a human computation framework suitable for answering common sense questions that are difficult for computers to answer but easy for humans to answer. The technologies support solving general common sense problems without a priori knowledge of the problems; support for determining whether an answer is from a bot or human so as to screen out spurious answers from bots; support for distilling answers collected from human users to ensure high quality solutions to the questions asked; and support for preventing malicious elements in or out of the system from attacking other system elements or contaminating the solutions produced by the system, and preventing users from being compensated without contributing answers.

Abstract: A “proxy re-signature system” provides various techniques for transforming a delegatee's signature on a message m into a delegator's on the same message m. Various embodiments of non-interactive re-signature generation processes are described. Various embodiments to aggregate part of signatures to reduce the size of re-signed signatures are also described. Various combinations of the proxy re-signature process and the re-signature conversion process result in an overall process that is unidirectional, multi-use, private, and non-interactive. As such, the proxy re-signature system is applicable for use with a wide range of applications.

Abstract: A “Performance Evaluator” provides various techniques for tracking system events to diagnose root causes of application performance anomalies. In general, traces of system events involved in inter-thread interactions are collected at application runtime. These traces are then used to construct inter-thread dependency patterns termed “control patterns.” Control patterns are then evaluated to determine root causes of performance anomalies. Where an application terminates abnormally or full traces cannot be collected for some reason, partial control patterns are constructed for that application. In various embodiments, “fingerprints” are then generated from full or partial control patterns and are matched to fingerprints corresponding to operations in other control patterns extracted from reference traces collected on the same or similar systems. Matched fingerprints or control patterns are then used to deduce the root cause of application performance anomalies associated with full or partial traces.

Abstract: A cross-module detection system and method for detecting and monitoring control flow transfers between software modules in a computer system. The system and method detect and monitor control flows entering and exiting the software modules. For a particular module, a checking model is extracted from the binary file of that module. In addition, a relaxed shadow stack is generated. If the module is an original module, meaning that the control flow originated from that module, then the checking model is used to check the validity of the control flow transfer. Otherwise, the relaxed shadow stack is used. An interception module is used to intercept and terminate invalid control flow transfers. If an invalid control flow transfer is detected, then the transfer is terminated. Otherwise, the control flow transfer is allowed to continue.

Abstract: A component-oriented web mashup system and method for communicating between component-oriented Web gadgets to facilitate secure Web mashups. Embodiments of the system and method redefine the traditional definition of gadget to mean a Web component having a verifiable controlled communication channel (a CompoWeb gadget). A CompoWeb gadget is created and defined using new HTML tags and global script objects and functions that extend the functions of the browser. CompoWeb gadget content is treated as a component that is isolated from other gadgets and frames by a browser, and only those allowed access can view data and code therein. Called functions of a CompoWeb gadget are run in the callee's environment instead of the caller's environment. This adds security, because all the requesting CompoWeb gadget receives is the run result. Embodiments of the system and method also include delayed binding of CompoWeb gadgets, such that binding is performed at run time.

Abstract: A security-enhanced login technique that provides a convenient and easy-to-use two factor technique to enhance the security of passwords without requiring any changes on the server side of a client-server network. The technique employs a convenient and easy-to-use two-factor technique to generate strong passwords for Web and other applications. In this technique, a convenient or personal device such as a mouse is used as the other factor besides a user password. A secret stored in the mouse or other personal device is hashed together with the password entered by a user and the server ID, to generate a strong, server-specific password which is used to authenticate the user to the server. This password enhancement operation is carried out inside the personal device.

Abstract: Technologies for a Consumer Privacy Digital Rights Management system based on stable partially blind signatures that enable a license server to provide licenses for delivery to users without knowing the corresponding digital contents that users access with the license. Therefore consumer privacy is protected during license acquisition. Further, if the client DRM module in the DRM system does not disclose any information about a user's digital content access, and the messages that the client DRM module sends out are in plain text enabling verification that the client DRM module is not disclosing such information, then consumer privacy is fully protected by the DRM system.