Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch processor that is used to validate authentication and authorization data that is valid only for an epoch. The epoch processor can maintain a public key that can be used to decrypt the authentication and authorization data during the epoch that the key is valid. The epoch processor can receive a new public key during each epoch. The epoch processor can also determine if the authentication or authorization data was fraudulently generated based on the contents of the data, and verifying whether the data is valid for the epoch in which it was decrypted.

Abstract: Methods, systems, and apparatus, including computer program products, for data structure locking. In one aspect, a proper subset of variables of a set of variables in a data structure are received. An access privilege to modify variables in the data structure to administrator accounts is assigned. A first administrator access request to modify a variable in the proper subset of variables is received, and the access privilege to modify the variable in the proper subset of variables for the first administrator account. A second administrator access request to modify the variable in the proper subset of variables is received, and an access timer that expires after a time period is initiated; the access privilege is disabled for the first administrator account in response to expiration of the access timer; and the access privilege for the second administrator account is enabled in response to expiration of the access timer.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate token can be transmitted with each subsequent request that includes authentication or authorization data. The source processor can use the associate token to verify that the source associated with the initial request is the same as the source associated with subsequent authentication and authorization requests.

Abstract: Systems, methods and apparatus monitor networks to identify when the networks are not operating normally, for instance, because of malware. During a sample interval sample data is collected that corresponds to a plurality of system activities, the sample data collected from a plurality of monitored networks and representing normal operations of the plurality of monitored networks. Subsequent to the sample interval, observed data is collected from the plurality of monitored networks, the observed data corresponding to at least some of the system activities. A determination is made whether the observed data represents the normal operation of the monitored networks, and an alert is generated if the observed data does not represent the normal operation of the monitored networks.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch manager that is used to generate authentication and authorization data that remain valid only for an epoch. The epoch manager can generate an epoch key pair that can be used to encrypt and decrypt the authentication and authorization data during the epoch that the key is valid. The epoch manager can also associate the contents of the data with the epoch in which it was created, so that at decrypting the epoch that the data was generated in can be identified.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a state manager that is used to identify and maintain the source associated with a client browser that submits requests to the state manager. The state manager can allow requests that are authorized and request authorization for requests that are not. The state manager can maintain the states associated with each domain to reduce the number of transaction needed to authenticate and/or authorize subsequent requests to the same domain or to different domains.

Abstract: Systems, methods and apparatus for handling security messages in a distributed security system. Requests, replies, and/or updates have varying time constraints. Processing node managers and authority node managers determine the best transmission times and/or the ignoring of such data to maximize information value.

Abstract: Login credit is monitored over a credit time period. Continuous invalid login attempts decrease the login credit for the duration of the credit time period. Login credit accumulates with time. If the login credit is less than a credit threshold, login processing is precluded. A common invalid login notification for presentation to a user is generated if login processing is precluded or if login processing indicates that the login credentials are invalid.