Abstract: A first computing device connected to an internal network de-anonymizes data. A record including a surrogate key is received from a second computing device connected to an external network to the internal network. Each identity data record includes a second surrogate key, an entity identifier field value, a record type field value, and a de-identified field value. The second surrogate key uniquely identifies the respective record. The surrogate key is compared to the second surrogate key to identify a matching record. The matching entity identifier field value is selected and compared to the entity identifier field value of the plurality of records to identify a master record for the surrogate key. The record type field value includes an indicator indicating whether the record is the master record. The de-identified field value included in the identified master record is selected. The received record is supplemented with the selected de-identified field value.

Abstract: An authentication scheme in which an instance of a designated element is shifted to proximity with a designated target to gain access a device may be enhanced by creating conditions that allow for either the designated element or the designated target to be different for each instance of authentication. In one embodiment, a secondary display portion may be used to provide an indication of a dynamic designated element. In another embodiment, a secondary display portion, in combination with a tertiary display portion, may be used to provide an indication of a dynamic designated target.

Abstract: A method comprises receiving a first cryptographic token for one search term and a second cryptographic token is generated using the one search term and at least another search term. A first search is conducted using the first cryptographic token to generate a first result set, and the second cryptographic token is used for computing a subset of results of the first result set.

Abstract: The present invention provides for an authenticity marker to be embedded within web page and/or email content which allows a user to validate that the content originates from the true source of the content and is not merely a copy. The method includes a user requesting content in the form of a web page and/or email from a server using a web browser or email client. The server receives the request, retrieves the content and forwards it to an authentication server. The authentication server inserts into the retrieved content a unique fractal icon and/or information only known between the owner of the content and the user.

Abstract: In a binary patching system for alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced.

Abstract: Methods and systems for periodically generating and managing passwords for one or more websites of users are disclosed. The users are provided with the ability to automatically replace their old passwords with new passwords for their one or more website accounts. The users can set a pre-determined frequency at which their passwords are to be updated and replaced with new passwords. The users can further define additional one or more rules based on which their passwords are updated. The methods and systems are further configured to auto log into user's website accounts with the updated passwords.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for sharing information. The methods, systems, and apparatus include actions of receiving user information entered by a user through a user interface and generating a user profile based at least on the user information. Additional actions include receiving an identification of a particular storage provider location from the user through the user interface, storing the user profile at the particular storage provider location, and receiving privacy settings from the user. Additional actions include receiving a request from the user to access a network resource associated with a particular user information consumer.

Abstract: A peer enrollment method, a route updating method, a communication system, and relevant devices to improve security of a peer-to-peer (P2P) network. The peer enrollment method includes: receiving an enrollment request from a peer, where the enrollment request carries identity information of the peer; verifying the identity information of the peer, and if the verification succeeds, obtaining peer location information of the peer and generating a peer credential according to the peer location information; and sending the peer credential carrying the peer location information to the peer so that the peer joins the P2P network according to the peer credential. Embodiments of the present application further provide a route updating method, a communication system, and relevant devices. Embodiments of the present application may improve security of the P2P network effectively.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract: Systems and computer-implemented methods for authorizing respective access by each of a plurality of Internet users to a respective one or more Internet services provided by each of a plurality of Internet service providers. A system includes a processor, and non-transient computer readable storage media, at a single identity provider.

Abstract: In a general aspect, a secret generator is used in an elliptic curve cryptography (ECC) scheme. In some aspects, an elliptic curve subgroup is specified by a public generator of an ECC system, and the secret generator is an element of the elliptic curve subgroup. In some instances, the secret generator is used to generate an ECC key pair that includes a public key and a private key, and the private key is used to generate a digital signature based on a message. In some instances, the public key and the secret generator are used to verify the digital signature.

Abstract: A method and system for authenticating a user device includes an identity provider reading service and an external service provider receiving a request to access content from a user device and communicating the request to access content from a service provider to the reading service. The request to access content includes cookie data. The external service requests an identity provider token from the cookie data from the reading service based on the request to access. The identity provider reading service communicates the identity provider token to the external service provider. An identity provider communicates with the service provider. The external service generates and communicates an authentication request to the identity provider having the identity provider token and a service provider identifier. The identity provider communicates an assertion signal to the service provider when the cookie data is resolved at the identity provider.

Abstract: The disclosed apparatus may include a secure storage device that securely stores an initial geographic location of a network device that facilitates network traffic within a network. This apparatus may also include a processing unit communicatively coupled to the secure storage device. The processing unit may determine a current geographic location of the network device. The policy-enforcement unit may then detect evidence of theft of the network device by (1) comparing the current geographic location of the network device with the initial geographic location of the network device and (2) determining, based at least in part on the comparison, that the current geographic location of the network device does not match the initial geographic location of the network device. Finally, the processing unit may perform at least one security action in response to detecting the evidence of theft of the network device.

Abstract: A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A method of building a content detection system includes establishing a first communication link between a central station and an update station, the central station configured to transmit content detection data to the update station, and establishing a second communication link between the update station and a content detection module.

Abstract: A system, method and computer readable medium pertaining to evaluation of events from a computer system to assess security risks to that system. Events are evaluated according to the aspects of each event and the aspects are used to make a preliminary determination regarding violation of a security rule. In addition to a preliminary determination of a rule violation, exceptions to the rule may be identified.

Abstract: A method and system for verifying a target attribute of a company profile record. It is ascertained that a database stores the company profile record including the target attribute and a validity attribute associated with the target attribute. The validity attribute has a VALID or INVALID value respectively indicating that the target attribute in the company profile record has a valid or invalid value within the database. It is insured that the database stores a first and second user profile record, that a first user of a requisition transaction corresponds to the first user profile record, that the first user profile record includes the target attribute having a value identical to a value of the target attribute of a first company profile record associated with a first company represented by the first user, and that the validity attribute of the first company profile record has the VALID value.

Abstract: A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.

Abstract: A method and system. All Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports on a gateway computer at a network perimeter of a network are scanned to determine whether an unauthorized application outside the network perimeter and/or at least one unauthorized service from the unauthorized application is available within the network perimeter via the gateway computer. Penetration tests are executed on the gateway computer to attempt to exploit a vulnerability of the gateway computer as revealed by scanning the ports on the gateway computer. A first component associated with a first respective connection to the network is identified. It is determined that the first component complies with a corresponding industry benchmark for security. A second component associated with a second respective connection to the network is identified. It is determined that the second component complies with a corresponding security policy of a company associated with the network.

Abstract: A differential message security policy includes receiving information regarding activities of a user, determining a security risk for the user based on the activities of the user, and setting a security policy for the user based on the security risk. The security policy of the user may be modified based on a change in the security risk of the user or the security risk of the user exceeding a predetermined level. The security risk may be determined based on an aggregated scoring system that uses security variables related to the activities of the user.

Abstract: A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.