Abstract: A method and apparatus for performing a reputation based analysis on a malicious infection to secure a computer. In one embodiment, the method includes monitoring application activity occurring at computers, generating reputation information associated with the application activity, in response to a malicious infection to at least one of the computers, examining the reputation information to access unreputed portions of the application activity that occurred at the at least one of the computers and determining a malicious signature based on the unreputed portions of the application activity.

Abstract: Technologies for wireless device authentication are disclosed.

Abstract: Configurations providing a non-zero threshold for verifying a root file system of an operating system stored on blocks of a boot storage are disclosed. In particular, the root file system is verified during a boot sequence for the operating system. For each block of the root file system of the boot storage, the subject technology verifies a respective block of the boot storage. A counter tracking a number of verification failures is incremented if the block fails verification. In some configurations, the subject technology determines whether the counter meets a predetermined non-zero threshold. If the counter meets the predetermined non-zero threshold, the root file system is marked as corrupted. A recovery mode for the operating system is then initiated. If the counter does not meet the predetermined non-zero threshold, the operating system is reset in order to verify the root file system during a subsequent boot sequence.

Abstract: Disclosed is a novel system, computer program product, and method for allowing access to an application on a handheld device. This is also known as logging on or password entry. The method begins with detecting a change in at least one of orientation and position of a handheld device relative to a given plane. At least one of a keyboard, a touch screen, a gesture, and voice recognition engine input is received. Based on a combination of the at least one of orientation and position of the handheld and the user input received matching a previously stored value, unlocking access to an application running on the handheld device. The detecting of the change in orientation or position or both can occur simultaneously with the user input or previous to the user input or after the user input.

Abstract: A system and method for generating a notification of privacy settings difference is disclosed. A request is received. A first set of privacy settings is received from a first social network, and a second set of privacy settings is received from at least one other social network. The first set of is compared to the second set. A difference between the first set and the second is detected, and a notification is generated. The notification includes an indication that a difference was detected. The notification is sent for display to the user. In one embodiment, the notification allows the user to request to view, or edit, the first set of privacy settings. In one embodiment, the notification sends the user to a webpage on the first social network where the first set is typically displayed and/or edited. In another embodiment, the notification displays the first set and/or receives the edits.

Abstract: Handset, computer software and method for protecting sensitive network information, available in the handset, from disclosure to an unauthorized server, by using an abstraction function module, the handset being connected to a network.

Abstract: A method and apparatus for dynamically protecting content in a system for managing use of the content in accordance with usage rights. A request is received from a user device for content stored on a server. Information is gathered from at least one source to build the content in accordance with the request and the content is mapped to usage rights. A reply including the usage rights is sent to the user device, and use of the content is permitted based on the usage rights under control of a security module for enforcing usage rights.

Abstract: A terminal includes an acquisition unit to acquire sensor data, a storage unit to store a policy table which defines a management policy for each sensor data or each service using the sensor data, and a control unit to acquire the management policy corresponding to the sensor data or the service with reference to the policy table and to manage the sensor data on a basis of the management policy.

Abstract: A technique allowing an improvement in the confidentiality of information stored in a memory device. A memory controller includes a key generation part that newly generates key information for use in encryption and decryption of information at every predetermined timing, and a data conversion circuit that encrypts information to be outputted to a memory device based on the information and decrypts encrypted information inputted from the memory device based on the key information. In the data conversion circuit, each time the key generation part generates new key information, key information is updated so as to set the new key information as the key information.

Abstract: One embodiment of the present invention provides a system for tracing information leaks. The system introduces linguistic and syntactic changes to a document, and associates these changes with a user identifier, which facilitates identification of a user that may have leaked the document. During operation, the system receives a document. The system then determines a most similar original document based on the received document. The system determines difference between the most similar original document and the received document, and determines a user identifier based on the determined difference.

Abstract: A system and method for adjusting privacy protection for a user in a plurality of applications is disclosed. A privacy protection request is sent to a user device. In one embodiment, the request is displayed on user device in the form of a pop-up window. In another embodiment, the request is displayed in a privacy settings area. The privacy protection request includes a plurality of protection levels. Once a protection level is selected the protection level is sent back and received by the system. Privacy settings are adjusted according to the selected privacy protection level based on information stored in a master template. In some embodiments, the privacy protection level is translated to associated privacy settings. Once the privacy settings have been adjusted, the privacy settings are applied to a plurality of online applications associated with the user based on the privacy protection level selected.

Abstract: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.

Abstract: Gap analysis is performed on security capabilities of a computer system compared to a desired or targeted security model according to one or more security requirement by providing a data structure of security capabilities of a computer system under analysis, wherein each capability is classified in a formal security capability reference model with a mean having a set of attributes and a goal; determining the security capabilities of the deployed system-under-analysis; matching the security capabilities of the deployed system-under-analysis with the security capabilities defined in the data structure; determining one or more gaps in security capabilities between the deployed system and a security reference model goal; and displaying the gaps to a user in a report.

Abstract: Login credentials for at least one website, such as a social networking website, are received from a user purporting to act on behalf of an entity, for example, in the context of registering the entity with a system for electronic bill payment. Social data relating to the entity is retrieved from the websites using the login credentials. The social data comprises a plurality of social connections, each reflecting a respective relationship between the entity and a respective third party. A plurality of relevant social connections comprising at least a subset of the plurality of social connections is determined, each social connection of the plurality of relevant social connections reflecting a relationship to a respective third party that is deemed to be reliable. A reliability rating of the entity is then determined based on the plurality of relevant social connections.

Abstract: A communication system includes a certificate authority for performing authentication, a roadside device, a vehicle-mounted terminal, a first server, and a second server. The vehicle-mounted terminal transmits position information to the first server. The certificate authority acquires information about a vehicle-mounted terminal likely to appear according to place and time from the first server. The certificate authority allows the second server to verify validity of a certificate for a vehicle-mounted terminal acquired from the first server. The certificate authority generates a first list of vehicle-mounted terminals having valid certificates and a second list of vehicle-mounted terminals having invalid certificates according to place and time based on a verification result. The certificate authority transmits the first and second lists to the roadside device and the vehicle-mounted terminal.

Abstract: A method and apparatus are utilized to conveniently and swiftly render stored information inaccessible. Sensitive information is stored in an encrypted form and by eliminating the key or keys which are needed for decryption, the stored information becomes virtually destroyed. A variety of mechanisms and policies can be used to manage, set and eliminate decryption keys. In some cases decryption keys can be stored in volatile storage elements so that by merely interrupting power to the storage element, the decryption keys are eliminated. In this way, a manually controlled mechanism can be used to allow a user to accomplish a “self-destruct” of the stored information instantly without the need for the operation of any processor and without the need to change any stored information.

Abstract: The present invention relates to a Femtocell providing services to a UE, and it proposes a method for authenticating a UE registered in a first operating domain of a communication network (e.g. a mobile core network), when the UE requests the service provided by a second operating domain (e.g. a fixed access network, a backhaul network). An authentication server in the first operating domain allocates the needed information to access the service provided by the second operating domain for the UE, and stores. After receiving the needed information, the UE sends an authentication request message to an authentication server in the second operating domain, wherein the authentication server in the second operating domain forwards the authentication request message to the authentication server in the first operating domain.

Abstract: Methods and systems are provided for processing application-level content of network service protocols. According to one embodiment, one or more content processing configuration schemes are defined within a firewall device. Each of the one or more content processing configuration schemes including multiple content processing configuration settings for one or more network service protocols. The one or more content processing configuration schemes are stored by the firewall device. One or more of the stored content processing configuration schemes are associated with a firewall policy by the firewall device.

Abstract: Systems and methods for facilitating confirmation of completion of a transaction(s) for state synchronization over a non reliable network using signature processing are described. One of the methods includes receiving a read request from a first client, sending a last known signature with a context object to the first client in response to receiving the read request, and receiving an appended signature from the first client with a context object for a transaction at the first client. The appended signature includes the last known signature and an increment by the first client. The operation of receiving the appended signature occurs upon execution of the transaction at the first client. The method further includes updating the last known signature to the appended signature and sending the updated last known signature to the first client to facilitate marking of the transaction as complete resulting in a definitive state synchronization.

Abstract: Methods and apparatus include securely launching a web browser from a privileged process of a workstation to minimize enterprise vulnerabilities. The workstation includes a restricted-capability web browser pointed toward a web server. An executable file is wrapped about the browser and imposes restrictions, such as preventing the writing to a registry or installing ActiveX controls. It also has functionality to prevent users from linking to web locations in other than an https protocol or following links beyond an original host. Upon indication of a forgotten password/credential, the restricted-capability web is launched browser toward a web server. Upon authentication of identity, the user changes their password/credential for later logging-on to the workstation, but in a capacity without the limited functionality or the imposed browser restrictions.