Abstract: A method and system of detecting the activity of “bots” in an online community, by measuring the time elapsed between user actions and comparing this time to a timespan established as normal for users performing the same user actions without the assistance of bots. The timespan may be adjusted when other suspicion characteristics are detected. When detecting actions suspected to be bot-assisted, the method and system respond by executing one or more response instructions against the user suspected of using the bot, with the aim of preventing further bot activity. The response instructions are stored by associating them with a type of user action and a total number of suspect user actions. As a result, the response instructions may be set to increase in severity with each additional suspect act by a user.

Abstract: An initial trust status is assigned to a first object, the trust status representing one of either a relatively higher trust level or a relatively lower trust level. Based on the trust status, the first object is associated with an event type to be monitored, where the event type is selected from among: essential events, occurrence of which is informative as to trust status evaluating for an object, and critical events, including the essential events, and additional events, occurrence of which is informative as to execution of suspicious code. Occurrences of events relating to the first object are monitored. In response to the first object being assigned the relatively higher trust level, only the essential events are monitored. In response to the first object being assigned the relatively lower trust level, the critical events are monitored. A need for performing malware analysis is determined based on the trust status of the first object and the event type.

Abstract: A restricted transmogrifying driver platform is described herein. In one or more implementations, a platform is provided that enables a restricted execution environment for virtual private network (VPN) drivers and other transmogrifying drivers. The platform may be implemented as an operating system component that exposes an interface through which drivers may register with the platform and be invoked to perform functions supported by the platform. The restricted execution environment places one or more restrictions upon transmogrifying drivers that operate via the platform. For instance, execution may occur in user mode on a per-user basis and within a sandbox. Further, the platform causes associated drivers to run as background processes with relatively low privileges. Further, the platform may suspend the drivers and control operations of the driver by scheduling of background tasks. Accordingly, exposure of the transmogrifying drivers to the system is controlled and limited through the platform.

Abstract: A system provides a remote electronic device with secure access to a web service. The system generates an alphanumeric character set, encodes the character set in a barcode, and outputs the barcode on a login page. When the system receives an access request from a remote electronic device, it will determine whether the request or a following communication includes the character set and a unique identifier for an authentication application that is installed on the remote electronic device. If so, then the system will use the unique identifier to identify a user account for a user who is using the remote device, generate a home page that includes one or more functions for which the user account is authorized, and output the home page. The system will output the home page in a manner that permits the remote electronic device to securely access and display the home page.

Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.

Abstract: An apparatus for communicating content includes an image capturing module that captures a rendering of at least a portion of a first still image. The first still image includes a shot from a sequence of images of a video. The first still image includes an embedded cryptographic representation of a code. The code corresponds to the sequence of still images comprising the video. The apparatus includes a decoding module that decodes the embedded cryptographic representation of the code to identify the code, a content retrieval module that retrieves the sequence of still images of the video corresponding to the code, and a display module that displays the sequence of still images of the video. A first displayed shot of the video includes the first still image and a remainder of the video includes a remaining series of images from the sequence of images of the video displayed in chronological order.

Abstract: An initial trust status is assigned to a first object, the trust status representing one of either a relatively higher trust level or a relatively lower trust level. Based on the trust status, the first object is associated with an event type to be monitored, where the event type is selected from among: essential events, occurrence of which is informative as to trust status evaluating for an object, and critical events, including the essential events, and additional events, occurrence of which is informative as to execution of suspicious code. Occurrences of events relating to the first object are monitored. In response to the first object being assigned the relatively higher trust level, only the essential events are monitored. In response to the first object being assigned the relatively lower trust level, the critical events are monitored. A need for performing malware analysis is determined based on the trust status of the first object and the event type.

Abstract: Disclosed are a method and device for a proxy access of an open platform for solving technical problems that resource occupancy is excessive, a password security is low, and a local file cannot be uploaded. In the present invention, an official application is established in a user terminal, and the official application interacts with the open platform by an SDK provided by the open platform; the official platform is bound by applying for a protocol with the URL format from an operating system of the user terminal, and provides an interaction interface for the third party application through the protocol with the URL format. Therefore, the present invention reduces the system resource which the third party application occupies in the user terminal and the development cost of the third party application, and protects the security of the user's account.

Abstract: Novel solutions for detecting and/or treating malware on a subscriber's premise network. Such solutions can include, but are not limited to, tools and techniques that can detect, and/or enable the detection of, malware infections on individual subscriber devices within the subscriber's network. In a particular embodiment, for example, a premise gateway, or other device on the subscriber's premise network, is configured to analyze packets traveling through the premise gateway and, based on that analysis, identify one or more subscriber devices that are infected with malware.

Abstract: A system, method and computer program product are provided. In use, execution of a portion of internal code of an interface is identified. Further, in response to the execution of the portion of internal code, at least one aspect of an invocation of the interface is monitored and/or analyzed.

Abstract: Methods and systems for allowing customer or third party testing of secure programmable code are disclosed and may include verifying code loaded in a set-top box utilizing a test hash or a production hash prior to execution of the code, where the test hash and production hash may be stored in a memory, such as an OTP, within the set-top box, and may allow migration from corresponding test code to production code, which may be verified utilizing the test hash and production hash, respectively. The test and production hashes may be customer specific. The migration from test code to production code may be authenticated using at least a set-top box specific password. The test hash may be stored in a first portion of a one-time programmable memory and the production hash in a remaining portion, with the first portion being less than or equal to the remaining portion.

Abstract: A system including a computer and having a part that stores identification data and status data in association with the identification data, a part that receives a request to acquire a license corresponding to a designated identification data, a part that receives a designation of an electronic device, a part that designates the identification data, obtains license data corresponding to the designated identification data, and updates the status data associated with the designated identification data, the updated status data indicating that the license is being used, a part that transmits the license data to the electronic device via a network and instructs the electronic device to acquire the license, and a part that provides a part that receives an instruction for re-executing obtaining of the license data depending on whether the status data is updated and instructs to re-execute the obtaining of the license data.

Abstract: A system and method for realizing specific security features for a mobile device that may store sensitive and private data by providing secured communications to a paired remote device. In this respect, both the mobile device (which may be a mobile phone, for example) and the paired remote device (which may be a keychain, for example) include a SIM card that may have identification data stored therein. Once paired, the two devices may communicate encrypted security messages back and forth in order to implement various security measures to protect data and wireless communications. Such messages may be generated from initial information known only to each respective device such as a randomly generated offset number and a common time reference.

Abstract: In one embodiment, a first instruction prescribing a setting for a feature is defined. A second instruction prescribing a first action is defined. A third instruction prescribing a second action is defined. It is determined whether the feature is present in a computing device, and if present, whether the feature is set to the setting. The first action is initiated if the feature is present and not set to the setting. The second action is initiated if the feature is not present.

Abstract: A smart card installed in a device receives from the device data to be scanned and determines whether a virus exists in the data. Accordingly, security of the device may be enhanced without using substantial resources of the device.

Abstract: A system for managing adaptive security zones in complex business operations, comprising a rules engine adapted to receive events from a plurality of event sources and a security manager coupled to the rules engine via a data network, wherein upon receiving an event, the rules engine determines what rules, if any, are triggered by the event and, upon triggering a rule, the rules engine determines if the rule pertains to security and, if so, sends a notification message to the security manager informing it of the triggered event, and wherein the security manager, on receiving a notification message from the rules engine, automatically establishes a new security zone based at least in part on the contents of the notification message, is disclosed.

Abstract: Methods, systems, and apparatus are disclosed which enable flexible insertion of forensic watermarks into a digital content signal using a common customization function. The common customization function flexibly employs a range of different marking techniques that are applicable to a wide range of forensic marking schemes. These customization functions are also applicable to pre-processing and post-processing operations that may be necessary for enhancing the security and transparency of the embedded marks, as well as improving the computational efficiency of the marking process. The common customization function supports a well-defined set of operations specific to the task of forensic mark customization that can be carried out with a modest and preferably bounded effort on a wide range of devices. This is accomplished through the use of a generic transformation technique for use as a “customization” step for producing versions of content forensically marked with any of a multiplicity of mark messages.

Abstract: An authentication processing device receives biometric data to be checked from a biometric measuring device; transforms the biometric data that is input from the biometric measuring device by using a checking transformation parameter that is different from a registration transformation parameter; and creates checking biometric data. Then, the authentication processing device performs a differential transformation process on the created checking biometric data by using a differential parameter by which a transformation state transformed by the checking transformation parameter and a transformation state transformed by the registration transformation parameter have the same state. Thereafter, the authentication processing device checks the transformed checking biometric data against the registration biometric data stored in a transformation registration data DB and performs authentication.

Abstract: A method begins with a processing module receiving a data retrieval request and obtaining a real-time indicator corresponding to when the data retrieval request was received. The method continues with the processing module determining a time-based data access policy based on the data retrieval request and the real-time indicator and accessing a plurality of dispersed storage (DS) units in accordance with the time-based data access policy to retrieve encoded data slices. The method continues with the processing module decoding the threshold number of encoded data slices in accordance with an error coding dispersal storage function when a threshold number of the encoded data slices have been retrieved.

Abstract: A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.