Abstract: A method for automated evaluation of a SPAM filter rates a sender-receiver pair based on traffic information related to the sender-receiver pair. A SPAM filter intercepts electronic messages transmitted between the sender-receiver pair and classifies them as either SPAM or HAM. On comparing the rating for the sender-receiver pair and the classification for an electronic message between the sender-receiver pair, the method generates a metric indicating the reliability of the spam filter. Repeating these steps for more than one electronic messages and related sender-receiver pairs, the method produces a set of metrics. One or more of the metrics from the set of metrics are used to calculate an evaluation factor for evaluating the SPAM filter.

Abstract: Login credit is monitored over a credit time period. Continuous invalid login attempts decrease the login credit for the duration of the credit time period. Login credit accumulates with time. If the login credit is less than a credit threshold, login processing is precluded. A common invalid login notification for presentation to a user is generated if login processing is precluded or if login processing indicates that the login credentials are invalid.

Abstract: In one general aspect, entity instances are monitored during a first interval, each entity instance being one of several types of entity instances. A first ranked list of entity instances is determined from the entity instances monitored during the first interval. The types of entity instances are ranked in the first list according to the number of times each type of entity instance occurred during the first interval and the first ranked list has a first cardinality of types of entity instances. Entity instances are monitored during a second interval. A second ranked list of entity instances is determined. The second ranked list has the first cardinality of types of entity instances. The first ranked list and the second ranked list are merged into a third ranked list of entities instances. The third ranked list has a second cardinality that is less than or equal to the first cardinality.

Abstract: Methods, systems, and apparatus, including computer program products, for selective presence notification are provided. In one general aspect, a plurality of presence notification messages are monitored. Each presence notification message may include address information identifying at least one of a recipient or a sender of the presence notification message. Based on the address information a determination is made as to whether a presence notification message is allowable. If it is determined that the presence notification message is allowable, the transmission of the presence notification message is allowed.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch processor that is used to validate authentication and authorization data that is valid only for an epoch. The epoch processor can maintain a public key that can be used to decrypt the authentication and authorization data during the epoch that the key is valid. The epoch processor can receive a new public key during each epoch. The epoch processor can also determine if the authentication or authorization data was fraudulently generated based on the contents of the data, and verifying whether the data is valid for the epoch in which it was decrypted.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate token can be transmitted with each subsequent request that includes authentication or authorization data. The source processor can use the associate token to verify that the source associated with the initial request is the same as the source associated with subsequent authentication and authorization requests.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a state manager that is used to identify and maintain the source associated with a client browser that submits requests to the state manager. The state manager can allow requests that are authorized and request authorization for requests that are not. The state manager can maintain the states associated with each domain to reduce the number of transaction needed to authenticate and/or authorize subsequent requests to the same domain or to different domains.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch manager that is used to generate authentication and authorization data that remain valid only for an epoch. The epoch manager can generate an epoch key pair that can be used to encrypt and decrypt the authentication and authorization data during the epoch that the key is valid. The epoch manager can also associate the contents of the data with the epoch in which it was created, so that at decrypting the epoch that the data was generated in can be identified.

Abstract: Systems, methods and apparatus for handling security messages in a distributed security system. Requests, replies, and/or updates have varying time constraints. Processing node managers and authority node managers determine the best transmission times and/or the ignoring of such data to maximize information value.

Abstract: Login credit is monitored over a credit time period. Continuous invalid login attempts decrease the login credit for the duration of the credit time period. Login credit accumulates with time. If the login credit is less than a credit threshold, login processing is precluded. A common invalid login notification for presentation to a user is generated if login processing is precluded or if login processing indicates that the login credentials are invalid.

Abstract: A method for maximizing server throughput while avoiding overload of a server is presented. The method involves intercepting, via an interface unit, a client request for information from the server. Next, the interface unit determines the current server performance, where the server performance is based on the number of connections opened to the server, the response time of the server and the rate at which the response time is changing. Finally, the interface unit forwards the client request to the server if the current server performance is close to an optimal performance, whereby avoiding overload of the server.