Abstract: A method for deriving a verification token from a credential may be provided. The credential may be a set of attributes certified by an issuer to a user using a public key of the issuer. The method may comprise generating the verification token out of the credential and binding the verification token to a context string, wherein the verification token may comprise at least one commitment. A commitment may be a blinded version of an attribute. The method may also comprise generating an opening key for the verification token enabling a generation of a confirmation for a validity of the attribute.

Abstract: A novel method of dealing with the problem of phishing, pharming, key-logging and man-in-the-middle attacks on internet-based applications which require the submission of valid login credentials, by permitting a user to control access to an internet-based application (3) (such as an internet banking website) by the simple transmission of a command via the internet to allow access to the internet-based application (3) whenever the user wishes to access the application, and by transmitting a command via the internet to deny access to the internet-based application at all other times, to prevent unauthorized access by any unscrupulous parties.

Abstract: Computer security threats are increasing in customization and complexity of attacks, expanding the burden on security companies in addressing the wide-array of threats. Functional classification is used here to determine the likely role a client and its user play to personalize computer security according to client/user role. A security module analyzes the client to identify data or applications present on the client or activities performed using the client. Based on this analysis, the security module predicts the role of the client or a user of the client. The module further dynamically generates a security policy that is personalized to and optimized for the client or the user based on the role predicted and on computer security threats expected to affect the client or user based on the role. The module then applies the security policy generated to provide personalized security.

Abstract: A device newly introduced to a network is automatically credentialed to be able to communicate over a network before the device first communicates with the network. For example, at a point of purchase, a user can provide network identification information to a merchant computing device that effects transfer of that information to the new device such that the new device can communicate directly with the network without initial credentialing directly between the unique device and the local network. In another example, the merchant computing device communicates with the local network to register a newly purchased device with the local network before the newly purchased device is introduced to the network. Accordingly, the network is configured to begin communications with the unique device without initial credentialing directly between the unique device and the local network.

Abstract: A first node of a networked computing environment initiates each of a plurality of different man-in-the middle (MITM) detection tests to determine whether communications between first and second nodes of a computing network are likely to have been subject to an interception or an attempted interception by a third node. Thereafter, it is determined, by the first node, that at least one of the tests indicate that the communications are likely to have been intercepted by a third node. Data is then provided, by the first node, data that characterizes the determination. Related apparatus, systems, techniques and articles are also described.

Abstract: Embodiments of the present disclosure describe an apparatus, method, and computer readable medium for processing a secure transaction. One embodiment describes an apparatus comprising: a processor; a secure element coupled to the processor; and a connectivity device coupled to the secure element, and configured to exchange communications with a device that is external to the apparatus, and receive and execute one or more unsolicited commands from the secure element.

Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access to the secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response sting to authenticate the identity of the requestor.

Abstract: Systems, devices, and methods are described herein for calculating a trust score. The trust score may be calculated between entities including, but not limited to, human users, groups of users, organizations, businesses/corporations, and locations. A system trust score may be calculated for an entity by combining a variety of factors, including verification data, a network connectivity score, publicly available information, and/or ratings data. A peer trust score targeted from a first entity to a second entity may also be calculated based on the above factors. In some embodiments, the peer trust score may be derived from the system trust score for the target entity and may take into account additional factors, including social network connections, group/demographic info, and location data. Finally, a contextual trust score may be calculated between the first and second entities based on a type of transaction or activity to be performed between the two entities.

Abstract: This disclosure is directed to methods and systems for managing difficulty of use and security for a transaction. A transaction manager operating on a computing device may determining a range of possible steps for a transaction comprising security measures available for the transaction. The transaction manager may identify a threshold for a security metric to be exceeded for authorizing the transaction, the security metric to be determined based on performance of steps selected for the transaction. The transaction manager may select for the transaction at least one step from the range of possible steps, based on optimizing between (i) a difficulty of use quotient of the transaction from subjecting a user to the at least one step, and (ii) the security metric relative to the determined threshold.

Abstract: A network environment includes a message-processing resource that receives a communication originated by a communication device and transmitted from the communication device over a wireless communication link. By way of non-limiting example, the communication can be a request for retrieval of content from server resource disposed in the network environment. The message-processing resource processes the communication transmitted over the wireless communication link to identify a network address assigned to the communication device. The message-processing resource maps the network address to corresponding status information associated with the communication device.

Abstract: A computing system intercepts a message generated by an application at runtime. The message has content to be logged in a log data store. The computing system identifies sensitive information in the message content and modifies the message content to protect the sensitive information. The computing system causes the modified message content to be logged in the log data store.

Abstract: Requests submitted to a computer system are evaluated for compliance with policy to ensure data security. Plaintext and associated data are used as inputs into a cipher to produce ciphertext. Whether a result of decrypting the ciphertext can be provided in response to a request is determined based at least in part on evaluation of a policy that itself is based at least in part on the associated data. Other policies include automatic rotation of keys to prevent keys from being used in enough operations to enable cryptographic attacks intended to determine the keys.

Abstract: Systems, methods, and computer-readable storage media are provided for managing policy and permissions profiles. Individuals or organizations are permitted to author profiles utilizing a profile template and publish such authored profiles for access and adoption by others. Users are able to import desired profiles and subsequently have those imported profiles applied each time he or she accesses an application or service to which the profile pertains. User interfaces from which users may view profiles associated with them, make alterations to settings of profiles associated with them, and/or select from a plurality of profiles for a particular application or service are also provided. Still further, recommendations may be provided to users for policy and permissions profiles based upon, for instance, crowd-sourcing, profiles adopted by social network connections of a user or other users that are “like” a user, prior profile selections made by the user, and/or prior user behavior.

Abstract: A device and a method for online storage, device and method for searching for similar content, a device and a method of transmission and a device and a method. Encrypted data is saved at a provider of online services. With the encrypted data, encrypted hashing data is saved with a public key and the content to save is encrypted with the encrypted hash. This advantageously enables data duplication at the online service provider to be prevented while preserving the private life of the users of the service. In order to search for content similar to reference multimedia data, fingerprints are also saved at the service provider. In order to limit the number of false positives returned, the fingerprint can further contain a search fingerprint, an encrypted selection fingerprint.

Abstract: Technologies for providing electronic security to a first network are disclosed. The system may include a user equipment, a gateway device configured to mediate communication between a first network and a second network for the user equipment, and an electronic security device communicatively coupled to the gateway device. The electronic security device may include a gateway interface module configured to assume an identity associated with the gateway device, a network interface module configured to present the identity to the second network, and a traffic inspection module configured to monitor traffic without substantially affecting a topology of the first network, wherein the electronic security device is configured to identify undesirable traffic; and implement a security policy.

Abstract: A method for authenticating communicating parties is disclosed. In the method biometric information associated with a first party is generated based on a recording of the first party presenting a predefined input parameter. Said biometric information may then be transmitted to a second party. Authenticity of a security parameter associated with the first party can then be verified based on said biometric information.

Abstract: This disclosure is directed to methods and systems for managing difficulty of use and security for a transaction. A transaction manager operating on a computing device may determining a range of possible steps for a transaction comprising security measures available for the transaction. The transaction manager may identify a threshold for a security metric to be exceeded for authorizing the transaction, the security metric to be determined based on performance of steps selected for the transaction. The transaction manager may select for the transaction at least one step from the range of possible steps, based on optimizing between (i) a difficulty of use quotient of the transaction from subjecting a user to the at least one step, and (ii) the security metric relative to the determined threshold.

Abstract: A computer-implemented method includes identifying first code for a content that has not been analyzed for purposes of transforming the first code before serving the code in response to future requests for the first code; analyzing the first code to identify portions of the first code that can be changed without affecting a manner in which the first code will function on client devices; subsequently receiving a request for the content; applying rules generated from analyzing the first code to a currently-served version of the first code, so as to obfuscated the currently-served version of the first code; and providing the obfuscated version of the currently-served version of the first code to a computing device that provide the request.

Abstract: A method, system, and apparatus for improving security level of a terminal when it surfs the Internet. The method includes receiving, by a network side, network security information reported by a terminal, generating a network security policy according to the network security information reported by each terminal, and transmitting a security indication to the network security policy to the terminal; providing, by the terminal, a security prompt for network information to be obtained or having been obtained according to the security indication. Various embodiments can improve the security level of the terminal when it surfs the Internet and save resources of the terminal.

Abstract: Methods and apparatus for website access control. The methods and apparatus include, at a user terminal: accessing a plurality of training websites over a network; training the user terminal by classifying the training websites in a content category based on a user input, extracting one or more features indicative of the content category from the training websites and determining a classifier based on the extracted features; classifying further requested websites using the determined classifier; and controlling access to the further requested websites based on the classification of the websites.