Abstract: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be to indicated and protective action may be taken.

Abstract: Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issued may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.

Abstract: Architecture that utilizes the strong authentication mechanisms of network operators to provide authentication to mobile applications by identity federation. When a mobile client initiates request for access to an application outside the network operation infrastructure, the request is passed to an associated application secure token service. The application secure token service has an established trust and identity federation with the network operator. The application secure token service redirects the request to a network operator security token server, which then passes the request to a network operator authentication server for authentication against an operator identity service. Proof of authentication is then issued and returned from the network operator security token server to the application secure token service and the application, which allows the mobile client to access the application.

Abstract: Content retrieval techniques are described. In an implementation, a determination is made as to whether a client is permitted to receive content requested by the client. When the client is permitted to receive the content, a communication is formed to be communicated via a wide area network that includes a hash list having a hash of each of a plurality of blocks of the content, each hash being configured to enable the client to locate a corresponding one of the blocks of the content via a local area network.

Abstract: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be to indicated and protective action may be taken.

Abstract: A networked computer system in which a trusted intermediary device is allowed access to packets transmitted through a secured connection. An endpoint to a secured connection identifies a trusted intermediary device, such as by certificate provided by the intermediary device or by using identification information provided by a trusted server. The endpoint shares with the trusted intermediary device connection information that enables the intermediary device to access packets transmitted through the secured connection. Using the connection information, the intermediary device may modify authenticated packets, such as to perform network address translation, without disrupting the underlying secured connection. Similarly, the intermediary device may use the security information to read encrypted information and perform functions such as network traffic monitoring or filtering of unwanted network traffic.

Abstract: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be indicated and protective action may be taken.

Abstract: Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issues may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.

Abstract: Architecture that utilizes the strong authentication mechanisms of network operators to provide authentication to mobile applications by identity federation. When a mobile client initiates request for access to an application outside the network operation infrastructure, the request is passed to an associated application secure token service. The application secure token service has an established trust and identity federation with the network operator. The application secure token service redirects the request to a network operator security token server, which then passes the request to a network operator authentication server for authentication against an operator identity service. Proof of authentication is then issued and returned from the network operator security token server to the application secure token service and the application, which allows the mobile client to access the application.

Abstract: Described is a technology in which client content requests to a server over a wide area network (WAN) are responded to with hash information by which the client may locate the content among one or more peer sources coupled to the client via a local area network (LAN). The hash information may be in the form of a segment hash that identifies multiple blocks of content, whereby the server can reference multiple content blocks with a single hash value. Segment boundaries may be adaptive by determining them according to criteria, by dividing streamed content into segments, and/or by processing the content based on the content data (e.g., via RDC or content/application type) to determine split points. Also described is content validation using the hash information, including by generating and walking a Merkle tree to determine higher-level segment hashes in order to match a server-provided hash value.

Abstract: Described is a technology in which client content requests to a server over a wide area network (WAN) are responded to with hash information by which the client may locate the content among one or more peer sources coupled to the client via a local area network (LAN). The hash information may be in the form of a segment hash that identifies multiple blocks of content, whereby the server can reference multiple content blocks with a single hash value. Segment boundaries may be adaptive by determining them according to criteria, by dividing streamed content into segments, and/or by processing the content based on the content data (e.g., via RDC or content/application type) to determine split points. Also described is content validation using the hash information, including by generating and walking a Merkle tree to determine higher-level segment hashes in order to match a server-provided hash value.

Abstract: Described is a technology in which client content requests to a server over a wide area network (WAN) are responded to with hash information by which the client may locate the content among one or more peer sources coupled to the client via a local area network (LAN). The hash information may be in the form of a segment hash that identifies multiple blocks of content, whereby the server can reference multiple content blocks with a single hash value. Segment boundaries may be adaptive by determining them according to criteria, by dividing streamed content into segments, and/or by processing the content based on the content data (e.g., via RDC or content/application type) to determine split points. Also described is content validation using the hash information, including by generating and walking a Merkle tree to determine higher-level segment hashes in order to match a server-provided hash value.

Abstract: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be indicated and protective action may be taken.

Abstract: The present invention provides for generating inputs that can be provided to a message classification module to facilitate more reliable classification of electronic messages, such as, for example, as unwanted and/or unsolicited. In one embodiment, a sending messaging server provides an appropriate response to address verification data thereby indicating a reduced likelihood of the sending messaging server using a forged network address. In another embodiment, it is determined if a messaging server is authorized to send electronic messages for a domain. In yet another embodiment, electronic message transmission policies adhered to by a domain are identified. In yet a further embodiment, a sending computer system expends computational resources to solve a computational puzzle and includes an answer document in an electronic message. A receiving computer system receives the electronic message and verifies the answer document.

Abstract: A system and method are disclosed for transparently providing certificate validation and other services without requiring a separate service request by either a relying customer or subscribing customer. In a preferred embodiment, after the subscribing customer digitally signs a document (e.g., a commercial document such as a purchase order), it forwards the document to a trusted messaging entity which validates the certificates of both the subscribing customer and relying customer and the respective system participants of which they are customers. If the certificates are valid, the trusted messaging entity appends a validation message to the digitally-signed document and forwards the document to the relying customer. A validation message is also preferably appended to a digitally-signed receipt from the relying customer and transmitted to the subscribing customer. In this way, both the relying customer and subscribing customer obtain certification of their respective counterparty to the transaction.

Abstract: Described is a technology in which client content requests to a server over a wide area network (WAN) are responded to with hash information by which the client may locate the content among one or more peer sources coupled to the client via a local area network (LAN). The hash information may be in the form of a segment hash that identifies multiple blocks of content, whereby the server can reference multiple content blocks with a single hash value. Segment boundaries may be adaptive by determining them according to criteria, by dividing streamed content into segments, and/or by processing the content based on the content data (e.g., via RDC or content/application type) to determine split points. Also described is content validation using the hash information, including by generating and walking a Merkle tree to determine higher-level segment hashes in order to match a server-provided hash value.

Abstract: Content retrieval techniques are described. In an implementation, a determination is made as to whether a client is permitted to receive content requested by the client. When the client is permitted to receive the content, a communication is formed to be communicated via a wide area network that includes a hash list having a hash of each of a plurality of blocks of the content, each hash being configured to enable the client to locate a corresponding one of the blocks of the content via a local area network.

Abstract: A system, apparatus, method, and computer-readable medium are provided for secure P2P caching. In one method, a requesting peer obtains a hash of requested data from a server. The requesting peer then transmits a request for the data to other peers. The request proves that the requesting peer has the hash. If a caching peer has the data, it generates a reply to the request that proves that it has the requested data. If the requesting peer receives a reply from a caching peer, the requesting peer establishes a connection to the caching peer and retrieves the data from the caching peer. If the requesting peer does not receive a reply to the request from any other peer, the requesting peer establishes a connection to the server and retrieves the data from the server. The requesting peer stores the data for use in responding to requests from other peers.

Abstract: A user is authenticated for a relying computing entity (e.g., an enterprise) through an authentication broker service, wherein a trust relationship exists between the relying computing entity and the authentication broker service. The authentication broker service has a trust relationship with the relying computing entity and the authentication service that issued the identity of the user. The relying computing entity asks the authentication broker service to authenticate the identity of the user. The authentication broker service captures the user's credential (or directs the authentication service to do so) and sends an authentication response (e.g., a token) to the relying computing entity in order to authenticate the identity of the user to the relying computing entity. The relying computing entity verifies the authentication response based on the trust relationship between the relying computing entity and the authentication broker service.

Abstract: The present invention provides for generating inputs that can be provided to a message classification module to facilitate more reliable classification of electronic messages, such as, for example, as unwanted and/or unsolicited. In one embodiment, a sending messaging server provides an appropriate response to address verification data thereby indicating a reduced likelihood of the sending messaging server using a forged network address. In another embodiment, it is determined if a messaging server is authorized to send electronic messages for a domain. In yet another embodiment, electronic message transmission policies adhered to by a domain are identified. In yet a further embodiment, a sending computer system expends computational resources to solve a computational puzzle and includes an answer document in an electronic message. A receiving computer system receives the electronic message and verifies the answer document.