Abstract: Determining reputation information is disclosed. A honey token is included in an online identity data. The honey token is to monitor for misuse of all or part of the online identity data. Optionally, information associated with at least one use of the honey token is aggregated with other reputation information.

Abstract: A computer-implemented method may include assigning a transport-agnostic identifier to a computing device. The computer-implemented method may include identifying a first attempt by the computing device to access a first network. The first attempt may be made via a first media-transport technology that identifies the computing device with a first transport-specific identifier. The computer-implemented method may also include receiving the transport-agnostic identifier from the computing device. The computer-implemented method may further include using the transport-agnostic identifier, instead of the first transport-specific identifier, to determine whether to allow the computing device to access the first network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Method and apparatus for accepting a digital identity of a user based on transitive trust among parties are described. One aspect of the invention relates to managing a digital identity of a user. The digital identity is provided to a first party, where the digital identity includes a self-asserted claim. An acceptance token is obtained from the first party. The acceptance token purports authenticity of the self-asserted claim according to the first party. The digital identity and the acceptance token are provided to a second party to request validation of the self-asserted claim by the second party based on the acceptance token.

Abstract: Monitoring for potential misuses of identity information is disclosed. A profile comprising a user's identity information is received. An indication from a third party website that at least a portion of the identity information in the user's profile is being or has been provided to register at the third party website, alter user information stored by the third party website, or both is received. Whether the indicated use of the identity information is a potential misuse is evaluated.

Abstract: Providing security for a network is disclosed. Network traffic associated with a host is monitored. If an activity pattern associated with a configuration change of the host is observed, access by the host to the network is restricted based at least in part on the observed activity pattern.

Abstract: Detection of network devices (e.g., stealth devices) and mapping network topology are performed via network introspection by collaborating endpoints/nodes. The method includes receiving (e.g., by a node on a network) an assignment to be a supernode that will manage multiple agents of a subnetwork within an overall network. This assigned supernode instructs two or more of the agents to perform a set of network traffic fingerprinting tests of the subnetwork by passing information across the subnetwork to each other. The supernode receives results of the tests from the clients and detects one or more intermediate devices located between the clients based on an effect of the intermediate devices on the information passed between the clients. The supernode can further map the topology of the subnetwork (including the detected devices) which can be used in mapping the overall network topology.

Abstract: A method and apparatus for providing collaborative claim verification using an identification management (IDM) system. The IDM system collaborates with at least one trusted authority that provides information to a validity database within the IDM system. The database information collected from the at least one trusted authority is used to verify a user's entered identification information i.e., a user's identity claim. Such validation through a plurality of trusted authorities can provide a statistical truth to the identity claims provided by a user.

Abstract: By placing computer specific remotely originated application data under control of a central identity management system, users can seamlessly run remotely originated applications after logging on to different computers in the enterprise. Cached application content received from a streaming server or network file system, as well as additional application specific data (e.g., files created by the application, configuration changes made by the application on the local computer, etc.), can be configured as central identity management system profile object, using a central identity management system such as Active Directory. This data is thus automatically treated as part of the user settings/profile, and made available on any computer within the enterprise. This results in an optimal application experience for users, regardless of which managed computer they logon to within the enterprise.

Abstract: A streaming server which streams an application to a client computer (“endpoint”), as well as the client on which the streamed application runs, makes predictions as to what sections of the application the client is likely to execute in the future. Upon receipt of an indication (e.g., from a system administrator) of a planned service outage of the server or the network, the server transmits the application content that is predicted to be needed by the client during the outage in order to continue executing the application without interruption. The client receives and caches the content. Provided that the prediction is sufficiently accurate, the client can continue to seamlessly execute the application during the service outage.

Abstract: A method and apparatus for providing claim validation without storing user information within the IDM system. During enrollment, the IDM system creates a hash representative of the identification information provided by a user. The user information is discarded, i.e., not stored within the IDM system. Only a hash representing that information is stored within the system. Upon a user providing information to a service provider, the service provider requests that the user's information be authenticated by a third party IDS system. The service provider will request such authentication from the IDM system identified by the user. The IDM system generates, from the user's information that was provided to the service provider, a signed token that is sent to the user for use by the user to access the service provider's services. In this manner, the IDM system does not store identification information of the user.

Abstract: Method and apparatus for securing confidential data related to a user in a computer is described. In one example, rules are obtained that provide a representation of the confidential data. A storage system in the computer is searched using the rules to detect a file having at least a portion of the confidential data. The file is encrypted the in-place within the storage system using symmetric encryption based on a secret associated with the user.

Abstract: A computer-implemented method for defragmenting virtual machine prefetch data. The method may include obtaining prefetch information associated with prefetch data of a virtual machine. The method may also include defragmenting, based on the prefetch information, the prefetch data on physical storage. The prefetch information may include a starting location and length of the prefetch data on a virtual disk. The prefetch information may include a geometry specification of the virtual disk. Defragmenting on physical storage may include placing the prefetch data contiguously on physical storage, placing the prefetch data in a fast-access segment of physical storage, and/or ordering the prefetch data according to the order in which it is accessed at system or application startup.

Abstract: Techniques are disclosed for implementing dynamic endpoint management. In accordance with one embodiment, whenever an endpoint joins a managed network for the first time, or rejoins that network, a local security module submits a list of applications (e.g., all or incremental) to a security server. The server validates the list and sends back a rule set (e.g., allow/block rules and/or required application security settings) for those applications. If the server has no information for a given application, it may further subscribe to content from a content provider or service. When the server is queried regarding an unknown application, the server sends a query to the service provider to obtain a trust rating for that unknown application. The trust rating can then be used to generate a rule set for the unknown application. Functionality can be shifted from server to client, and vice-versa if so desired.

Abstract: A parental policy is enforced for online purchases. A parent enters a parental policy indicating items that are prohibited for a child. When the child attempts to add an item to a wish list, it is determined whether the item is permitted according to the policy. If so, the addition of the item to the wish list is allowed to proceed. If the policy prohibits the item, the addition of the item to the wish list is blocked. Additionally, the parent can be informed (via email, telephone, etc.) of the attempt to add the item to the wish list. The same logic can be applied to attempts to purchase items for children, or attempts to purchase items by children.

Abstract: A computer-implemented method for managing authentication may include identifying authentication-capabilities information of an online service. The computer-implemented method may also include identifying, within the authentication-capabilities information, a specification indicating how a remote computing agent may interact with the online service to perform an authentication function supported by the online service. The computer-implemented method may further include using the specification to interact with the online service to perform the authentication function. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for protecting identity information comprises determining identity information required by a resource utilized by a user, determining strength of the identity information used by the user to access the resource, and performing an action in view of the strength.

Abstract: Remote activation of covert service channels is provided. A remote host can initiate and establish a connection with a target host without exposing a service channel or communications port to an unauthenticated host. Triggers can be received by and sent to a host and an associated operating system, under direction of a stealth listener. The stealth listener provides can control and direct an operating system to respond to incoming data packets, but can also open and close ports to enable access to services on a host. Using a variety of transport mechanisms, protocols, and triggers to covertly enable a connection to be established between a service and a remote client, the disclosed techniques also enable reduction of processing and storage resources by reducing the amount of host or client-installed software.

Abstract: A method and apparatus for enabling e-mail routing and filtering based on dynamic identities is presented. In one embodiment, the method includes provisioning a new e-mail address, and notifying an e-mail backend of the provisioned address wherein the provisioned address includes a list of authorized senders.

Abstract: A page list comprising a list of transitions between network resources is established. Subsequently, a transition is detected between a first network resource and a second network resource. An expected security level associated with the transition is identified based on the page list. Responsive to the detected security level being determined to be lower than the expected security level, a remedial action is performed.

Abstract: Computer-implemented methods, systems, and computer-readable media for automatically generating computer-assistance videos based on remote interactive-guidance sessions are disclosed. In one example, an exemplary method for performing such a task may comprise: 1) detecting initiation of a remote interactive-guidance session between a local computing device and a remote computing device, 2) recording the remote interactive-guidance session, 3) storing the recorded interactive-guidance session in a media file, and then 4) providing access to the media file.