Abstract: One embodiment provides a computer system for detecting associations between a reviewer and an entity under review. During operation, the system estimates a relationship strength between the reviewer and the entity under review, and determines whether the relationship strength between the reviewer and the entity under review exceeds a predetermined threshold.

Abstract: One embodiment of the present invention provides a system that detects inferences from documents. During operation, the system receives one or more documents and extracts a first set of knowledge relevant to the documents. The system further formulates one or more queries to one or more reference corpora based on the first set of knowledge. The system then extracts a second set of knowledge from results received in response to the queries. Additionally, the system produces a mapping relationship between at least one document and a piece of the second set of knowledge which is not within the first set of knowledge, the mapping relationship indicating an inference from the documents.

Abstract: One embodiment of the present invention provides a system for automatically authenticating a user. During operation, the system receives a user's request for authentication. The system then extracts information associated with the user from user-specific information stored in an enterprise computer. The extracted user information does not explicitly relate to a password. The system further generates one or more challenges based on the extracted user information, and receives the user's response to the challenges. Subsequently, the system compares the user's response to the extracted user information, and authenticates the user.

Abstract: One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates one or more challenges based on the extracted user information, thereby facilitating the verification of the user's identity.

Abstract: Techniques for protecting non-public information in a mobile environment are provided. A request for non-public information about users in a mobile environment is received. Privacy policies, non-public and optional public information about the users affected by the request are determined. An optional privacy impact indicator is determined based on how satisfying the request increases the current public information about the users. Crowds of users having similar attribute name/values are optionally determined. User and optional requestor privacy policies which associate threshold release criteria such minimum crowd size, minimum consideration with the non-public information are determined. A privacy agreement is reached for the disclosure of the requested non-public information based on the compatibility of the requester and user privacy policies. Privacy protecting transformations are optionally determined and applied to create crowds or groups associated with the requested attribute.

Abstract: One embodiment of the present invention provides a system that detects sensitive content in a document. In doing so, the system receives a document, identifies a set of terms in the document that are candidate sensitive terms, and generates a combination of terms based on the identified terms that is associated with a semantic meaning. Next, the system performs searches through a corpus based on the combination of terms and determines hit counts returned for each term in the combination and for the combination. The system then determines whether the combination of terms is sensitive based on the hit count for the combination and the hit counts for the individual terms in the combination, and generates a result that indicates portions of the document which contain sensitive combinations.

Abstract: One embodiment of the present invention provides a system that performs inference detection based on Internet advertisements. In doing so, this system first receives a set of topic words, performs a search query on each topic word using a search engine, and gathers a set of Uniform Resource Locators (URLs) associated with sponsored advertisement from the search results corresponding to each search query. Then, the system determines a correlation between two topic words based on their corresponding URLs associated with sponsored advertisement, and produces a result which indicates groups of correlated topic words.

Abstract: One embodiment of the present invention provides a method for adjusting security status on a mobile device, the method comprising: collecting security-related contextual information which includes information of nearby mobile devices and/or the geographic location of the intelligent mobile device; evaluating a threat level based on the collected security-related contextual information; invoking a security policy; and adjusting the security status of the mobile device based on the threat level and the security policy.

Abstract: One embodiment of the present invention provides a system which allows a document owner to redact content from a document and allows a recipient of the redacted document to challenge the appropriateness of the redaction. During operation, the system allows the document owner to redact a string Mi from location i in the document. In doing so, the system produces a commitment Ci=C(Mi, Ri) based on string Mi and a string Ri used as randomness and communicates Ci to the recipient. When the recipient challenges the redaction, the system receives a topic string T from the recipient, and produces a string RT. The system then communicates RT to the recipient, thereby allowing the recipient to produce a commitment CT=C(T, RT) based on strings T and RT, and compare CT with Ci. Comparing commitment CT with Ci allows the recipient to test redactions for string equality.

Abstract: One embodiment of the present invention provides a system that facilitates filtering outbound content via inference detection. During operation, the system identifies content sent to a first address and extracts keywords from the identified content. The system then issues queries based on these keywords and extracts expected-content keywords from the hits returned in response to the queries. The system then searches the outbound content for occurrences of the expected-content keywords and produces a result which allows a user to determine whether the outbound content is proper. In a further embodiment, the system extracts keywords from a piece of outbound content, and issues queries based on these keywords. The system then extracts keywords from the hits, and present at least one keyword to a user, thereby allowing the user to determine whether the outbound content is proper.

Abstract: A system is provided to detect email spam. During operation, the system receives an email, extracts a set of keywords from the email body, and constructs a first search query based a keyword extracted from the email body. The system further constructs a second search query based on the keyword in the first query and one additional word which pertains to a known spam word or to the subject of the email. Next, the system receives a first number of hits and a second number of hits in response to the first and second search queries, respectively. The system then determines whether the email is spam based on the first number and the second number. The system can also perform Website filtering using inference detection which is based on search results received in response to search queries formulated with keywords extracted from Websites.

Abstract: A system is provided for augmenting a privacy policy. During operation, the system obtains a set of training documents and at least one seed keyword associated with the privacy policy. The system extracts a number of candidate keywords from the training documents and formulates at least one query based on the candidate keywords. The system then issues the query to a corpus. In response to the query, the system receives a set of result documents. The system further determines whether a respective keyword extracted from the result documents matches at least one seed keyword. The system then augments the privacy policy by associating the candidate keyword corresponding to the respective keyword with the privacy policy based on the determination. In addition, the system applies the augmented privacy policy to a subject document and produces a result to indicate whether the subject document is in violation of the privacy policy.

Abstract: One embodiment of the present invention provides a system that detects inferences from documents. During operation, the system receives one or more documents and extracts a first set of knowledge relevant to the documents. The system further formulates one or more queries to one or more reference corpora based on the first set of knowledge. The system then extracts a second set of knowledge from results received in response to the queries. Additionally, the system produces a mapping relationship between at least one document and a piece of the second set of knowledge which is not within the first set of knowledge, the mapping relationship indicating an inference from the documents.

Abstract: Systems and methods that allow the formation and distribution of session keys amongst a dynamic group of users communicating over an unreliable, or lossy, network.

Abstract: One embodiment of the present invention provides a system that detects malicious data in an ad-hoc network. During operation, the system receives data at a node in the ad-hoc network, wherein the data was sensed and redundantly communicated to the node by other nodes in the ad-hoc network. Note that in this ad-hoc network, a given node senses data associated with itself and with proximate nodes in the ad-hoc network. In this way, proximate nodes in the ad-hoc network can redundantly sense data about each other. Next, the system determines at the node if the received data, along with data sensed locally by the node, is consistent. If not, the system uses a model which accounts for malicious nodes to determine an explanation for the inconsistency.

Abstract: Given the recent changes in the policy governing Internet content distribution, such as the institution of per listener royalties for Internet radio broadcasters, content distributors now have an incentive to under-report the size of their audience. Previous audience measurement schemes only protect against inflation of audience size. We present the first protocols for audience measurement that protect against both inflation and deflation attempts by content distributors. The protocols trade-off the amount of additional information the service providers must distribute to facilitate audience inference with the amount of infrastructure required and are applicable to Internet radio, web plagiarism, and software license enforcement. The protocols can be applied to other situations, such as auditing website screen scrapers and per-seat licensed software installations.

Abstract: A selectively encrypted data unit is generated from an unencrypted data unit. This is accomplished by accessing a list of attributes related to the unencrypted data unit that identify classifications of sensitive information within the unencrypted data unit. In addition, a protection key that is responsive to a random number is selected and auxiliary values computed from the attributes of the sensitive information and the random number are produced. The sensitive information is encrypted with the protection key to create an encrypted version of the sensitive information. The encrypted version is associated with the auxiliary values and linked to an attribute vector that classifies the sensitive information in the encrypted version. Data from the unencrypted data unit and the encrypted version of the sensitive information is stored as the selectively encrypted data unit.

Abstract: A capability key is generated that provides access to sensitive information within a selectively encrypted data unit created from an unencrypted data unit. A user specifies access rights as a monotone boolean relationship between a selection of a list of attributes related to the unencrypted data unit. This relationship is used to compute a key descriptor. Next one or more shares of a master secret is generated responsive to the monotone boolean relationship and a random number. Next a unique capability key is computed from one or more cryptosystem parameters, the one or more shares and the random number. The unique capability key and the key descriptor together enable decryption of sensitive information within a selectively encrypted data unit created from an unencrypted data unit. Finally, the unique capability key and the key descriptor are provided to allow decryption of sensitive information within the selectively encrypted data unit.

Abstract: A selectively encrypted data unit includes an encrypted version of sensitive information (capable of being decrypted to reveal the sensitive information), a plurality of auxiliary values, and an attribute vector associated with the encrypted version of the sensitive information. The selectively encrypted data unit and a unique capability key are accessed. The unique capability key is associated with a key descriptor and is responsive to one or more cryptosystem parameters, one or more random numbers and one or more shares of a master secret. Next the technology determines whether the attribute vector is filtered or enabled by the key descriptor. If so, a protection key is acquired that is responsive to the one or more cryptosystem parameters, the plurality of auxiliary values, the key descriptor and the unique capability key. Once acquired, the protection key is used to decrypt the encrypted version to generate the sensitive information which is presented.

Abstract: Given the recent changes in the policy governing Internet content distribution, such as the institution of per listener royalties for Internet radio broadcasters, content distributors now have an incentive to under-report the size of their audience. Previous audience measurement schemes only protect against inflation of audience size. We present the first protocols for audience measurement that protect against both inflation and deflation attempts by content distributors. The protocols trade-off the amount of additional information the service providers must distribute to facilitate audience inference with the amount of infrastructure required and are applicable to Internet radio, web plagiarism, and software license enforcement. The protocols can be applied to other situations, such as auditing website screen scrapers and per-seat licensed software installations.