Abstract: One embodiment of the present invention provides a system that performs inference detection based on Internet advertisements. In doing so, this system first receives a set of topic words, performs a search query on each topic word using a search engine, and gathers a set of Uniform Resource Locators (URLs) associated with sponsored advertisement from the search results corresponding to each search query. Then, the system determines a correlation between two topic words based on their corresponding URLs associated with sponsored advertisement, and produces a result which indicates groups of correlated topic words.

Abstract: One embodiment of the present invention provides a system that facilitates filtering outbound content via inference detection. During operation, the system identifies content sent to a first address and extracts keywords from the identified content. The system then issues queries based on these keywords and extracts expected-content keywords from the hits returned in response to the queries. The system then searches the outbound content for occurrences of the expected-content keywords and produces a result which allows a user to determine whether the outbound content is proper. In a further embodiment, the system extracts keywords from a piece of outbound content, and issues queries based on these keywords. The system then extracts keywords from the hits, and present at least one keyword to a user, thereby allowing the user to determine whether the outbound content is proper.

Abstract: One embodiment of the present invention provides a system for automatically authenticating a user. During operation, the system receives a user's request for authentication. The system then extracts information associated with the user from user-specific information stored in an enterprise computer. The extracted user information does not explicitly relate to a password. The system further generates one or more challenges based on the extracted user information, and receives the user's response to the challenges. Subsequently, the system compares the user's response to the extracted user information, and authenticates the user.

Abstract: One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates one or more challenges based on the extracted user information, thereby facilitating the verification of the user's identity.

Abstract: One embodiment provides a computer system for detecting associations between a reviewer and an entity under review. During operation, the system estimates a relationship strength between the reviewer and the entity under review, and determines whether the relationship strength between the reviewer and the entity under review exceeds a predetermined threshold.

Abstract: A targeted advertising system performs context-based association mining using a publicly available corpus to identify a product or brand name that, under a given context, is associated with a product or brand being marketed. The system analyzes documents within the publicly available corpus that are associated with the given context, and identifies products or brand names that have a high association to the product or brand being marketed. The system can also analyze the publicly available corpus to determine contextual information which is correlated to two or more products or brand names. This contextual information includes a set of terms that facilitates filtering the publicly available corpus into an optimal set of documents that has a high association to a desired market category or demographic.

Abstract: One embodiment provides a system for facilitating sanitizing a modified version of a document relative to one or more sensitive topics. During operation, the system determines a privacy risk for a term in the modified version relative to the sensitive topics, wherein the privacy risk measures the extent to which the sensitive topic(s) can be inferred based on the term. Next, the system determines an information utility and privacy loss or gain for the modified version, where the information utility reflects the extent to which the modified version has changed and the privacy loss or gain reflects the extent to which the modified version is reduced in sensitivity.

Abstract: A system is provided for augmenting a privacy policy. During operation, the system obtains a set of training documents and at least one seed keyword associated with the privacy policy. The system extracts a number of candidate keywords from the training documents and formulates at least one query based on the candidate keywords. The system then issues the query to a corpus. In response to the query, the system receives a set of result documents. The system further determines whether a respective keyword extracted from the result documents matches at least one seed keyword. The system then augments the privacy policy by associating the candidate keyword corresponding to the respective keyword with the privacy policy based on the determination. In addition, the system applies the augmented privacy policy to a subject document and produces a result to indicate whether the subject document is in violation of the privacy policy.

Abstract: One embodiment provides a system that detects sensitive passages. During operation, the system receives a document and disassembles the document into a plurality of passages. For a respective passage, the system performs a search through a non-sensitive-passage database to determine whether the passage is a known non-sensitive passage. If so, the system marks the passage as non-sensitive, and if not, the system determines whether the passage triggers a cut-and-paste attack detection. If so, the system forwards the passage to an administrator and allows the administrator to determine whether the passage is non-sensitive and, further, to add the passage to the non-sensitive-passage database responsive to the administrator determining the passage to be non-sensitive.

Abstract: One embodiment of the present invention provides a system that detects sensitive content in a document. In doing so, the system receives a document, identifies a set of terms in the document that are candidate sensitive terms, and generates a combination of terms based on the identified terms that is associated with a semantic meaning. Next, the system performs searches through a corpus based on the combination of terms and determines hit counts returned for each term in the combination and for the combination. The system then determines whether the combination of terms is sensitive based on the hit count for the combination and the hit counts for the individual terms in the combination, and generates a result that indicates portions of the document which contain sensitive combinations.

Abstract: One embodiment of the present invention provides a system which allows a document owner to redact content from a document and allows a recipient of the redacted document to challenge the appropriateness of the redaction. During operation, the system allows the document owner to redact a string Mi from location i in the document. In doing so, the system produces a commitment Ci=C(Mi, Ri) based on string Mi and a string Ri used as randomness and communicates Ci to the recipient. When the recipient challenges the redaction, the system receives a topic string T from the recipient, and produces a string RT. The system then communicates RT to the recipient, thereby allowing the recipient to produce a commitment CT=C(T, RT) based on strings T and RT, and compare CT with Ci. Comparing commitment CT with Ci allows the recipient to test redactions for string equality.

Abstract: A server system maintains records and their associated attributes in a secure database. A plurality of queries generated by encrypting indices identifying a records and their associated attributes, by homomorphic encryption is received from a client system. A secret key is generated at a certain query count and is divided into randomly generated key shares. A key share sequence is homomorphically encrypted. A table is formed by encrypting the indices, secret key and attributes. Query responses, which each comprise the attributes for each of the records of the table of entries are provided. The key shares are decrypted sufficient to recover the secret key subject to a non-inference enabling query.

Abstract: One embodiment of the present invention provides a method for adjusting security status on a mobile device, the method comprising: collecting security-related contextual information which includes information of nearby mobile devices and/or the geographic location of the intelligent mobile device; evaluating a threat level based on the collected security-related contextual information; invoking a security policy; and adjusting the security status of the mobile device based on the threat level and the security policy.

Abstract: A targeted advertising system performs context-based association mining using a publicly available corpus to identify a product or brand name that, under a given context, is associated with a product or brand being marketed. The system analyzes documents within the publicly available corpus that are associated with the given context, and identifies products or brand names that have a high association to the product or brand being marketed. The system can also analyze the publicly available corpus to determine contextual information which is correlated to two or more products or brand names. This contextual information includes a set of terms that facilitates filtering the publicly available corpus into an optimal set of documents that has a high association to a desired market category or demographic.

Abstract: One embodiment provides a system for facilitating sanitizing a modified version of a document relative to one or more sensitive topics. During operation, the system determines a privacy risk for a term in the modified version relative to the sensitive topics, wherein the privacy risk measures the extent to which the sensitive topic(s) can be inferred based on the term. Next, the system determines an information utility and privacy loss or gain for the modified version, where the information utility reflects the extent to which the modified version has changed and the privacy loss or gain reflects the extent to which the modified version is reduced in sensitivity.

Abstract: One embodiment provides a system that detects sensitive passages. During operation, the system receives a document and disassembles the document into a plurality of passages. For a respective passage, the system performs a search through a non-sensitive-passage database to determine whether the passage is a known non-sensitive passage. If so, the system marks the passage as non-sensitive, and if not, the system determines whether the passage triggers a cut-and-paste attack detection. If so, the system forwards the passage to an administrator and allows the administrator to determine whether the passage is non-sensitive and, further, to add the passage to the non-sensitive-passage database responsive to the administrator determining the passage to be non-sensitive.

Abstract: A selectively encrypted data unit is generated from an unencrypted data unit. This is accomplished by accessing a list of attributes related to the unencrypted data unit that identify classifications of sensitive information within the unencrypted data unit. In addition, a protection key that is responsive to a random number is selected and auxiliary values computed from the attributes of the sensitive information and the random number are produced. The sensitive information is encrypted with the protection key to create an encrypted version of the sensitive information. The encrypted version is associated with the auxiliary values and linked to an attribute vector that classifies the sensitive information in the encrypted version. Data from the unencrypted data unit and the encrypted version of the sensitive information is stored as the selectively encrypted data unit.

Abstract: A capability key is generated that provides access to sensitive information within a selectively encrypted data unit created from an unencrypted data unit. A user specifies access rights as a monotone boolean relationship between a selection of a list of attributes related to the unencrypted data unit. This relationship is used to compute a key descriptor. Next one or more shares of a master secret is generated responsive to the monotone boolean relationship and a random number. Next a unique capability key is computed from one or more cryptosystem parameters, the one or more shares and the random number. The unique capability key and the key descriptor together enable decryption of sensitive information within a selectively encrypted data unit created from an unencrypted data unit. Finally, the unique capability key and the key descriptor are provided to allow decryption of sensitive information within the selectively encrypted data unit.

Abstract: A system is provided to detect email spam. During operation, the system receives an email, extracts a set of keywords from the email body, and constructs a first search query based a keyword extracted from the email body. The system further constructs a second search query based on the keyword in the first query and one additional word which pertains to a known spam word or to the subject of the email. Next, the system receives a first number of hits and a second number of hits in response to the first and second search queries, respectively. The system then determines whether the email is spam based on the first number and the second number. The system can also perform Website filtering using inference detection which is based on search results received in response to search queries formulated with keywords extracted from Websites.

Abstract: A selectively encrypted data unit includes an encrypted version of sensitive information (capable of being decrypted to reveal the sensitive information), a plurality of auxiliary values, and an attribute vector associated with the encrypted version of the sensitive information. The selectively encrypted data unit and a unique capability key are accessed. The unique capability key is associated with a key descriptor and is responsive to one or more cryptosystem parameters, one or more random numbers and one or more shares of a master secret. Next the technology determines whether the attribute vector is filtered or enabled by the key descriptor. If so, a protection key is acquired that is responsive to the one or more cryptosystem parameters, the plurality of auxiliary values, the key descriptor and the unique capability key. Once acquired, the protection key is used to decrypt the encrypted version to generate the sensitive information which is presented.