Abstract: Methods may display a URI of a resource. Methods may determine the presence of a non-public data element in the URI. Methods may generate a random number in response to the determination of the presence of the non-public data element. Methods may compute a resultant number based on the exclusive or of the random number and the non-public data element. Methods may substitute the resultant number for the non-public data element in the URI. Methods may transmit the URI and the random number to a server. Methods may receive a resource from the server, in response to the transmission of the URI and the random number to the server. Methods may compute the non-public data element using the random number and the resultant number. Methods may substitute the non-public data element for the resultant number in the URI. Methods may re-determine the URI of the resource.

Abstract: A method intercepts correlation instructions related to a plurality of meta-content elements associated with a primary content. The primary content or the meta-content elements may have associated privacy rules. At least one meta-content element of the group is selected as having privacy protected information specified in the privacy rules. A set of meta-content items, of meta-content element, are determined that are subject to a correlation restriction based on evaluation of the privacy rules with respect to each meta-content item contained in the meta-content element, and the privacy rules for the set of meta-content items are enforced.

Abstract: In one embodiment, a first message is obtained and encrypted to produce a ciphertext. The first message is encrypted such that decryption of the ciphertext utilizing a first key yields the first message, and decryption of the ciphertext utilizing a second key different than the first key yields a second message that is distinct from the first message but shares one or more designated characteristics with the first message. Encrypting the first message may more particularly comprise mapping the first key to a first seed, mapping the first message to a second seed, determining an offset between the first and second seeds, and generating the ciphertext based on the determined offset. Such an arrangement prevents an attacker from determining solely from the second message if decryption of the ciphertext has been successful or unsuccessful. Other embodiments include decryption methods, apparatus for encryption and decryption, and associated articles of manufacture.

Abstract: Concepts and technologies are disclosed herein for verifying sender information. According to various embodiments of the concepts and technologies disclosed herein, a verification service can determine, receive a request, or receive a call to verify sender information associated with data. The server computer generates and delivers a verification message to a sender device in response to determining that sender information verification is to be provided. The server computer receives a response indicating if the data was sent by the sender device. If the response indicates that the sender device did not send the data, the server computer can block delivery of the data, generate alarms or alerts, take other actions, and/or take no action. If the response indicates that the sender device sent the data, the server computer can deliver the data, provide a verification response to the recipient device, take no action, and/or take other actions.

Abstract: Actions of servers and other network devices within a network are monitored to detect whether the servers and network devices are performing tasks, using protocols, and communicating through ports that are consistent with legitimate (or “permissible”) purposes. That is, rather than attempting to belatedly identify malware signatures and screen all traffic into and out of a network for these signatures, embodiments of the present invention scrutinize devices (such as servers and other network infrastructure elements) for malware behavior that is inconsistent with an identified set of actions known to be consistent with legitimate tasks performed by the network device.

Abstract: An electronic key registration system includes an electronic key device having a key ID. A controller having a first piece of information is arranged in a communication subject. A registration tool having a second piece of information is configured to write the key ID to the controller. The controller compares, before electronic key registration, the first piece of information and the second piece of information. The controller permits electronic key registration when the comparison indicates that the first piece of information and the second piece of information conform to each other and prohibits the electronic key registration when the comparison indicates that the first piece of information and the second piece of information do not conform to each other.

Abstract: Systems and methods for reducing accuracy of web bugs are disclosed. In some implementations, a method includes, at a computing device, identifying an incoming electronic message addressed to an intended recipient. The incoming electronic message includes a plurality of content items provided by a content provider. The method also includes, before the intended recipient reviews the incoming electronic message, reducing accuracy of user activity tracking by the content provider, by: requesting on a modeled temporal basis, a download of a first media content item in the plurality of media content items. In some implementations, the first media content item is invisible to the intended recipient.

Abstract: Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.

Abstract: A WiFi network manager stores a unique identifier value such as a network address associated with a communication device as being a valid credential for the communication device to subsequently access a WiFi network including one or more access points. The WiFi network manager monitors use of the unique identifier value to access the WiFi network. In response to detecting misuse of the unique identifier value by two or more communication devices using the unique identifier value to use the WiFi network, the WiFi network manager at least temporarily prevents access to the WiFi network.

Abstract: To provide an information processing device that is capable of restricting the use of an application or content in an unauthorized device to which the application or the content is copied. A storage situation information storing unit (32) stores, in a storage unit (30) where an application or content is stored, storage situation information which indicates a storage situation of the application or the content at predetermined reference timing, as one of components of the application or the content. An execution restricting unit (34) restricts execution of the application or the content in a case where the execution of the application or the content is instructed and a current storage situation of the application or the content differs from a storage situation that is indicated by the storage situation information.

Abstract: The systems and methods of the invention provide a technique for authenticating a finance related transaction. The method may include providing a token which contains a token counter, the token counter periodically advancing to generate a changing token value, the token counter being synchronized to a base counter that generates an authenticating value; transforming the token value into a token output sequence using logic; and outputting at least part of the token output sequence to an authenticating authority, the authenticating authority having access to the authenticating value.

Abstract: A method or system for managing packet flow is disclosed. The packets each include an inserted application identifier identifying a registered application. The method includes receiving packets destined for one or more resources, determining, by a packet processor, the inserted application identifier for each of the respective packets received and managing the packet flow of each received packet sent from a security node based at least in part on the inserted application identifier of the received packet.

Abstract: The present disclosure includes apparatus, systems, digital logic circuitry and techniques relating to data encoding. A method performed by a system on a chip (SOC) includes receiving data to be output to a memory unit external to the SOC. Also a key for scrambling the received data is received. A proper subset of the key is identified and used to scramble the received data. The scrambled data is output to the memory unit external to the SOC.

Abstract: A method begins by a dispersed storage (DS) processing module receiving a certificate signing request (CSR) from a user device. The method continues with the DS processing module generating a set of hidden passwords based on the CSR and accessing a set of authenticating units to obtain a set of passkeys. The method continues with the DS processing module retrieving a set of encrypted shares and decrypting the set of encrypted shares to produce a set of encoded shares. The method continues with the DS processing module decoding the set of encoded shares to recapture a private key and generating a user signed certificate based on the private key. The method continues with the DS processing module discarding the private key to substantially protect the private key from the user device and outputting the user signed certificate to the user device.

Abstract: In one implementation, a method includes receiving a claim that identifies a first user profile page as allegedly impersonating a second user profile page on a social network, and retrieving first information associated with the first user profile page and second information associated with the second user profile page. The method can also include comparing the first information and the second information to identify indicators of impersonation. The method can further include, based upon the identified indicators of impersonation, determining that the first user profile page is likely impersonating the second user profile page on the social network, wherein first user profile page is determined to be likely impersonating the second user profile page when the first and second user profile pages are determined to be similar to each other; and returning a flag indicating that the first user profile page is likely impersonating the second user profile page.

Abstract: A system, apparatus, method, and machine readable medium are described for transparently requesting a new random challenge from a server within an authentication framework. For example, one embodiment of a method comprises: transmitting a random challenge and an indication of a timeout period associated with the random challenge from a server to a client within the context of a network registration or authentication process using authentication devices communicatively coupled to the client; automatically detecting that the random challenge is no longer valid based on the timeout period; and responsively transmitting a request for a new random challenge from the client to a server, wherein transmitting is performed transparently to a user of the client.

Abstract: A device management system is configured to manage access to electronic documents on client devices using policies. The policies specify one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices for example, particular hardware and software configurations that are required at client devices before data is permitted to be downloaded to those client devices. The policies may also specify other requirements that must be satisfied before data is permitted to be downloaded to those client devices, for example, user authentication.

Abstract: Some embodiments provide firewalls and methods for guarding against attacks by leveraging the Document Object Model (DOM). The firewall renders the DOM tree to produce a white-list rendering of the data which presents the non-executable elements of the data and, potentially, outputs of the executable elements of the data without the executable elements that could be used to carry a security threat. Some embodiments provide control over which nodes of the DOM tree are included in producing the white-list rendering. Specifically, a configuration file is specified to white-list various nodes from the DOM tree and the white-list rendering is produced by including the DOM tree nodes that are specified in the white-list of the configuration file while excluding those nodes that are not in the white-list. Some embodiments provide a hybrid firewall that executes a set of black-list rules over white-listed nodes of the DOM tree.

Abstract: Systems and methods are disclosed for generating and using multiple pre-signed cryptographic responses. In one implementation, the method includes generating multiple cryptographic datasets. Each cryptographic dataset has a different validity period. The method further includes upon a user request, identifying one or more cryptographic datasets that are still valid among the multiple cryptographic datasets. The method further includes identifying a cryptographic dataset having the shortest validity period among the one or more cryptographic datasets that are still valid. The method also includes providing the identified cryptographic dataset to the user.

Abstract: Techniques for relaying presence information of an entity to a user are provided. The techniques include obtaining a portion of the presence information of the entity from servers associated with the communications networks, and assembling an image in accordance with the at least one portion of the presence information of the entity, wherein at least a portion of the image represents a highest ranked communication option of a plurality of communication options for contacting the entity based on a rule set that evaluates the presence information of the entity, in its entirety, in accordance with at least one item of communication-related information, the image conveying presence information of the entity for at least the highest ranked communication option, and in accordance with communication parameters associated with the entity and the user, communication preferences of at least one of the entity and the user, and communication capabilities of the user.