Abstract: A system and method for efficiently accessing Web resources. A directory service and an authentication service may be used to determine whether a login session attempt on a deployed device is successful. At least one deployed device in a system receives credentials from a user during a login request and requests authorization using the received credentials for both a login session and for accessing Web resources. The device sends the authorization request to Web services on a server hosting the Web resources. The Web services interact with an authentication service to verify authentication for the user. The device receives an access token upon verification for authorization for the given user and securely stores it. When a client program executing on the device requests access to the Web resources, the device sends an access request with a copy of the stored access token to the server hosting the Web resources.

Abstract: A method, system, apparatus, and computer-readable memory containing instructions include receiving, at an agent operating on a client device, a (domain name system) DNS resolution request for a domain name. The DNS resolution request is transmitted to a first DNS server including a firewall service and a second DNS server within a local network to the client device. Responses to the DNS resolution request from the first and second DNS server are received. The agent determines how to resolve the DNS resolution request based on one or more of the received responses.

Abstract: A certificate manager allows a particular entity such as an individual computer system, computer application, or network service, to define a customized set of rules that are used to identify digital certificates that are trusted by the particular entity. When a digital certificate is presented to the entity, the certificate manager determines whether the digital certificate is trustworthy by examining the characteristics of the certificate such as the expiration of the certificate, the characteristics of the certificate authorities that signed the digital certificate, or the signing algorithms used to generate the digital signatures on the certificate. The certificate manager may be combined with trusted root CA stores, pinned certificate stores, and other certificate management systems to define a customized set of potentially trusted certificates based on the characteristics of the particular entity.

Abstract: Mapping and obscuring digital representations of a number of user accounts on a social network map includes identifying a primary user account from a number of user accounts of a social network, determining, based on metadata associated with the user accounts, a relationship for each of the user accounts relative to the primary user account, mapping, based on the relationship for each of the user accounts relative to the primary user account, a digital representation of each of the user accounts to a territory on a social network map, determining, based on the relationship for each of the user accounts relative to the primary user account, an obscurity level for each of the user accounts, and obscuring, based on the obscurity level, the territory associated with the digital representation of each of the user accounts on a social network map from the primary user account.

Abstract: A method improves information security by generating a key with which a first multimedia content is encrypted into a second multimedia content. The method generates a first representation for the first multimedia content and a second representation for the second multimedia content on a complex plane, and improves the information security by generating the key by determining a relationship between the first representation and the second representation on the complex plane such that the first multimedia content is encrypted into the second multimedia content with the relationship as the key.

Abstract: On an endpoint that encrypts local files to protect against data leakage and other harmful malware events, newly detected files are dynamically encrypted when they are detected as long as the endpoint is not compromised. If a compromised state is detected, the newly detected file will not be added to the encrypted files until the endpoint can be remediated and the compromised state resolved.

Abstract: The present disclosure provides a method for protecting personal information based on a mobile terminal including establishing and storing a new content provider module for storing application data and a new position manager module for storing geographical position data in the mobile terminal in advance, and writing default new application data and default new geographical position data into the new content provider module and the new position manager module, respectively; monitoring, in real time, whether an original content provider and an original position manager module in the mobile terminal include a request for reading data from transmitted by an application; if yes, disabling the original content provider and the original position manager module, and displaying the default new application data and the default new geographical position data. The present disclosure protects the personal information of a user.

Abstract: High conversion rate content can be displayed with primary content from one or more publishers in order to determine whether the content is being displayed to human users or provided to automated processes such as robots. Convertible content such as advertising will generally result in conversions or other actions within an expected range of occurrences. Convertible content performing significantly below the range can be indicative of robotic traffic. Such determinations can be difficult for publishers with low volume traffic, however, as there may not be sufficient data to make an accurate determination. For such publishers, or users viewing content for such publishers, high conversion rate content can be displayed that will allow such determinations to be made with fewer data points. The rates can be used to determine robotic users, which can be blocked, as well as to determine poorly performing placements of the content by the publishers.

Abstract: A method, computer program product, and computing system for receiving a key indicator and an encrypted password concerning an electronic device to be accessed. The key indicator may be processed to identify a decryption key. The encrypted password may be processed with the decryption key to generate a decrypted password.

Abstract: Encryption of sensitive data on consumer devices is provided with format-preserving cryptography and feedback via the use of security identifiers. A request to access the sensitive data will specify user credentials for the access. The submitter is requested to confirm a security identifier for the requested access. An incorrect security identifier will be presented for incorrect credentials, which will be easy for a user to identify but not for an attacker or other unauthorized user. If the incorrect security identifier is confirmed, the device assumes the request was received from an unauthorized source. The sensitive data is stored under format-preserving cryptography, such that false data values can be generated that have the correct format. An unauthorized user receiving the false data will not be readily able to determine the data received is incorrect, and will be likely to discontinue the attack, particularly for an automated process.

Abstract: Implementations disclosed herein provide for a third-party application an ability to access a first-party notification interface without receiving credentials linked to a first-party user account. In addition, a device-level permission is established such that each third-party application operating on a client device does not need to seek permission to access the notification interface. A third-party application may request an access code from a client device. The access code may be presented to an authentication server. The authentication server may provide an access token and a refresh token to the third-party application. The third party application may provide the access token and data to be included in a notification to the first-party notification interface.

Abstract: In a method for generating a digital key in a first communication device and in a second communication device, the first communication device transmits a first electromagnetic signal to the second communication device, which extracts the digital key from the received first electromagnetic signal. The second communication device transmits a second electromagnetic signal to the first communication device, which likewise extracts the digital key from the received second electromagnetic signal. A direct signal component, transmitted on a direct signal path between the first communication device and the second communication device, of the first electromagnetic signal and of the second electromagnetic signal is attenuated.

Abstract: Methods and systems for the secure exchange of data within a network are provided. A method includes, registering, by a computer system, one or more stubs installed on at least one computing device. The method further includes constructing a virtual routing table using endpoint address information of the one or more stubs. The method further transmitting a portion of the virtual routing table to the one or more stubs such that the one or more stubs are configured to create a virtual pipe for exchanging data between the at least one computing device and at least one other computing device using the portion of the virtual routing table.

Abstract: A system includes download location information in an unprotected Uniform Resource Locator (“URL”), where the download location information identifies a download location for downloading an application provided by a cloud system. The system further includes login server information in the unprotected URL, where the login server information identifies a login server that is configured to be logged in before downloading the application from the download location. Based on the unprotected URL, the application is configured to be downloaded on a mobile device from the download location and after logging into the login server. The application may be developed by accessing a web-based application development server in the cloud system, and after the application is developed, the web-based application development server generates the unprotected URL.

Abstract: Embodiments of the present invention provide a secure element management method and a terminal. The method includes: when a first secure element is connected to a secure element interface, acquiring identification information of the connected first secure element; acquiring preset identification information, where the preset identification information is used to identify an exclusive secure element; matching the identification information of the first secure element with the preset identification information; and when the identification information of the first secure element matches the preset identification information, setting the first secure element to a normal working state, and setting connected other secure elements on the terminal to a non-normal working state. According to the embodiments of the present invention, the terminal supports a management mode of an exclusive secure element, a requirement of an exclusive secure element issuer for taking control of a secure element of the terminal is met.

Abstract: A method includes receiving a data packet including a header having a structure from an operating system at a virtualization layer, where the virtualization layer is above a physical layer and below all other layers. The method also includes performing an operation on a portion of the data packet other than the header, thereby creating a modified data packet and maintaining the original header structure. The method further includes transmitting the modified data packet, including the original header structure, to the physical layer.

Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.

Abstract: Systems and methods for detection of malicious exploitations in a multimedia file are disclosed. In one embodiment, such an approach includes parsing the compiled bytecode of a multimedia file to detect identified key instructions and determine if such key instructions are repeated in specific patterns that signify the presence of malicious exploitation. The approach may also include examining the contents of the constant pool table in a compiled multimedia file to detect specific shellcode strings that are indicative of presence of malicious exploitation. When the bytecode or the constant pool table indicates that malicious exploitation is present, an approach may be utilized to reduce instances of false positive identification of malicious exploitation.

Abstract: A method for identifying people in common (PIC) between two users on a social networking service includes: receiving a request for a set of people in common between a first user and a second user on a social networking service, determining publicly visible connections of the first user and the second user from the social networking service; determining connections visible only to members of an accessible group of the first user and the second user from the social networking service, access to the connections visible only to members of the accessible group being controlled by security permissions; determining a set of people in common between the first user and the second user using the publicly visible connections, the connections and using security permissions from a perspective of the first user; and providing the set of people in common to the first user.

Abstract: A computer-implemented method for automatically generating passwords that comply with password restrictions may include (1) maintaining a database that stores password criteria for a plurality of websites, (2) determining that a user is accessing a website that requests creation of a password, (3) determining a set of password complexity rules for the website by querying the database that stores the password criteria, (4) using the set of password complexity rules to automatically generate the password for the website such that the password complies with the password criteria for the website, and (5) providing the password for use in the website that requested creation of the password. Various other methods, systems, and computer-readable media are also disclosed.