Abstract: Aspects of the subject matter described herein relate to a reverse proxy architecture. In aspects, a client that seeks to access a Web document via a proxy sends a request to the reverse proxy. The reverse proxy obtains the Web document from a server indicated by the request and modifies links therein so that if the links are clicked on or otherwise fetched by the client, the communication goes back to the reverse proxy. The reverse proxy may also modify cookies, if needed, so that the cookies refer to a domain or hostname associated with the reverse proxy.

Abstract: A system for protecting against information security breaches comprises a credential module that maintains a list of protected security credentials that are each associated with a known computing system and that detects when a security credential in the list is used. The system also includes a protection module that detects use of the security credential in connection with a computing system other than the known computing system with which the security credential is associated and that reports such use to a security server. Methods for using the system are also provided.

Abstract: Systems and methods that resist malicious attacks on an intelligent storage device via an access control component that supplies security at a dual layer of defense. Such dual layer defense encompasses both resistance to brute force (e.g., unauthorized users), and resistance to a replay attack (e.g., a malicious code residing on a machine that hosts the intelligent storage device.) Accordingly, an access control component includes an anti malicious user component and an anti malicious code component, which can resist malicious attacks from both a person and a host unit with a malicious code residing thereon.

Abstract: A digital imaging device such as a digital camera is used to obtain multiple digital images of all of a text document segment. The text document segment could be the entire text document so that each digital image would be of the entire text document. The multiple images are obtained while lateral jittering is imparted between the digital imaging device and the text document. The lateral jittering may be in a pair of transverse (e.g., perpendicular) directions. An enhanced resolution representation of the text document is formed from the multiple laterally displaced images and de-blurred as a multi-frame reconstruction.

Abstract: Systems and methods that establish trust between a receiver (e.g., a user) and a sender of a message by authenticating such sender through demonstration of knowledge for a shared secret—yet without revealing such secret. A messaging component can convey messages as directed by the shared secret to communication systems that are under control of the user. Accordingly, the user can readily determine that the sender of the message is what such sender claims to be, since the sender has demonstrated a knowledge of the shared secret by sending the message to the communication system as determined by the user. Moreover, by not actually revealing the shared secret during communication, robustness of the secret is typically ensured.

Abstract: A minimum area rectangle inscription method and system for automatically generating a minimum area rectangle that inscribes and bounds an approximately rectangular object (or “noisy” object) contained within scanned image data. The minimum area rectangle inscription method chooses an interior point located inside the object boundary and determine perimeter points located on the boundary. A convex hull is constructed from at least some of the perimeter points such that each side of the convex hull is convex. Inscribing rectangles, equal in number to the sides of the convex hull, are constructed such that each inscribing rectangle shares a side with the convex hull and circumscribes approximately the entire convex hull. The area of each of the inscribing rectangles is calculated, and the inscribing rectangle having the least amount of area is designated as the minimum area rectangle.

Abstract: A unique system and method that facilitate automatic tracking of user data and providing on-demand site or merchant reputation information is provided. The system and method involve monitoring user input such as by keystrokes over a period of time and forming a long continuous string of characters. The string of characters can be monitored for repeating substrings or non-repeating substrings that indicate sensitive user information such as SSN or credit card number (CCN). The substrings can be displayed to the user in a digest form and order according to frequency of occurrence, for example. Thus, the user can readily view where and when their sensitive information has been entered. In addition, the typing of certain substrings such as CCNs or other sensitive field data can trigger a reputation service to retrieve the reputation data for the current site or merchant to mitigate dealing with fraudulent sites or merchants.

Abstract: The claimed subject matter provides systems and/or methods that facilitate utilizing a shared secret to obscure a password within a sequence of characters. The sequence of characters can include the password as well as noise. The shared secret can leverage utilizing a set of known images that a user can uniquely distinguish from random images. By employing the imaged based shared secret, the user can login to a server from an untrusted machine suspected to be infected with spyware such as a keylogger that tracks user input.

Abstract: Systems and methods facilitate secure one-time-password access to an account in a remote server from an untrusted client. The system consists of an intermediary component whose salient components are a proxy component, a webserver component, and an encryption/decryption component, and it preserves the characteristics of both the server and client. In a man-in-the-middle fashion, the proxy substitutes a one-time password entered at a login interface with a true password, and forwards it to the remote login server. True passwords are encrypted using a seed associated with user identifiers, and a list of one-time passwords is generated/updated and stored on media or transmitted to an electronic device. Substitution takes place by decrypting the one-time password with the seed used for encryption, ensuring the proxy avoids storing the true password.

Abstract: A system and method that facilitates and effectuates detection of malware secreted and/or hidden in plain sight on a machine. The system and method in order to achieve its aims generates a list of all loaded modules, identifies from the list a set of modules common to more than a threshold number of processes, and eliminates from the list those modules included in an authentication list. The resultant list is prioritized based, in one instance, on the number of occurrences a particular module makes in the resultant list, and thereafter the list is distributed analyst workstations.

Abstract: A system and method for data distribution is disclosed. A bulletin board is employed to maintain a list of requests from nodes in the system. The requests indicate data requested and identify the node making the request. Nodes are able to post requests for data as long as they maintain a minimum performance level. Additionally, the nodes periodically check in with the bulletin board and receive the list of requests from the bulletin board. On determining to satisfy a particular request by a node, the node (serving node) contacts a requesting node (identified in the request) and transfers the requested data to the requesting node. After successful completion of the transfer, the requesting node reports to the bulletin board that the node has filled the request and the request is removed from the list of requests.

Abstract: A system and method for data distribution is disclosed. A bulletin board is employed to maintain a list of requests from nodes in the system. The requests indicate data requested and identify the node making the request. Nodes are able to post requests for data as long as they maintain a minimum performance level. Additionally, the nodes periodically check in with the bulletin board and receive the list of requests from the bulletin board. On determining to satisfy a particular request by a node, the node (serving node) contacts a requesting node (identified in the request) and transfers the requested data to the requesting node. After successful completion of the transfer, the requesting node reports to the bulletin board that the node has filled the request and the request is removed from the list of requests.

Abstract: Confidential information is provided to a proxy computer in communication between an unsecured computer and a computer having information desired by a user. The proxy computer receives the confidential information in either an encrypted form or having arbitrary information combined therewith. The proxy computer ascertains the confidential information and forwards it to the computer having the information desired by the user.

Abstract: A unique system and method that facilitate automatic tracking of user data and providing on-demand site or merchant reputation information is provided. The system and method involve monitoring user input such as by keystrokes over a period of time and forming a long continuous string of characters. The string of characters can be monitored for repeating substrings or non-repeating substrings that indicate sensitive user information such as SSN or credit card number (CCN). The substrings can be displayed to the user in a digest form and order according to frequency of occurrence, for example. Thus, the user can readily view where and when their sensitive information has been entered. In addition, the typing of certain substrings such as CCNs or other sensitive field data can trigger a reputation service to retrieve the reputation data for the current site or merchant to mitigate dealing with fraudulent sites or merchants.

Abstract: A computer-implemented method and apparatus are provided for populating an electronic form from an electronic image. The method and apparatus identify a size, orientation and position of an object within the electronic image, and identify information elements from pixels within the image that correspond to the object. Fields of the electronic form are displayed to a user along with the identified information elements through a graphical user interface. The information elements are parsed into tagged groups of different information types. At least some of the fields of the electronic form are populated with the tagged groups to produce a populated form. The user is allowed to edit the populated fields through the graphical user interface.

Abstract: Apparatus and methods for detecting multiple images in digital image data are described. In one aspect, an edge map is generated from image data. The edge map is analyzed to determine a set of boundaries of the one or more objects by. This analysis is accomplished by: (a) determining a set of transitions between the set of boundaries and a background color; (b) identifying a set of characteristics from the set of transitions, wherein the set of characteristics are used to indicate whether the image data comprises a single object or whether the image data comprises a plurality of objects; and (c) if the image data corresponds to a plurality of objects, assigning particular ones of the set of boundaries to particular ones of the plurality of objects based on a set of rules. The one or more objects are segmented based on the set of boundaries.

Abstract: Disclosed are methods and systems for a receiver to autonomously allocate bandwidth among its incoming communications flows. The incoming flows are assigned priorities. When it becomes necessary to alter the allocation of bandwidth among the flows, the receiver selects one of the lower priority flows. The receiver then causes the selected flow to delay sending acknowledgements of messages received to the senders of the messages. In most modern protocols, senders are sensitive to the time it takes to receive acknowledgements of the messages they send. When the acknowledgement time increases, the sender assumes that the receiver is becoming overloaded. The sender then slows down the rate at which it sends messages to the receiver. This lowered sending rate in turn reduces the amount of bandwidth used by the flow as it comes into the receiver. This frees up bandwidth which can then be used by higher priority flows.

Abstract: The described subject matter automatically detects the boundaries of multiple objects in digital image data such as scanned image data. To accomplish this, a background color such as a scanner lid background color is detected. An edge map is generated based on a set of transitions between the determined background color and other colors that correspond to the scanned image data. A set of straight lines, or boundaries that correspond to one or more objects in the image data is determined by analyzing the generated edge map. The straight lines are assigned to respective objects based on a set of rules.

Abstract: A computer-implemented method and apparatus are provided for populating an electronic form from an electronic image. The method and apparatus identify a size, orientation and position of an object within the electronic image, and identify information elements from pixels within the image that correspond to the object. Fields of the electronic form are displayed to a user along with the identified information elements through a graphical user interface. The information elements are parsed into tagged groups of different information types. At least some of the fields of the electronic form are populated with the tagged groups to produce a populated form. The user is allowed to edit the populated fields through the graphical user interface.

Abstract: A system and method for data distribution is disclosed. A bulletin board is employed to maintain a list of requests from nodes in the system. The requests indicate data requested and identify the node making the request. Nodes are able to post requests for data as long as they maintain a minimum performance level. Additionally, the nodes periodically check in with the bulletin board and receive the list of requests from the bulletin board. On determining to satisfy a particular request by a node, the node (serving node) contacts a requesting node (identified in the request) and transfers the requested data to the requesting node. After successful completion of the transfer, the requesting node reports to the bulletin board that the node has filled the request and the request is removed from the list of requests.