Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, facilitate cross-platform content muting. Methods include detecting a request from a user to remove, from a user interface, a media item that is provided by a first content source and presented on a first platform. One or more tags that represent the media item are determined. These tags, which indicate that the user removed the media item represented by the one or more tags from presentation on the first platform, are stored in a storage device. Subsequently, content provided by a second content source (different from the first content source) on a second platform (different from the first platform) is prevented from being presented. This content is prevented from being presented based on a tag representing the content matching the one or more tags stored in the storage device.

Abstract: Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.

Abstract: A system and method for generating privacy-enhanced aggregate statistics within a social network system is provided. Data is collected and processed to gather information to generate the aggregate statistics. A threshold is assigned. The threshold includes a criterion used in making a determination on what aggregate statistic will be generated. In some embodiments, the threshold is a numerical value. In some embodiments, the numerical value, or quantitative data is then translated into qualitative descriptors. In some embodiments, noise is then added to randomize the assigned threshold. In other embodiments, noise is added to the collected data. In some embodiments, checks to guard against attacks from adversarial users are performed. Examples of indications of adversarial behavior include, but are not limited to, manipulation of profiles, continuous manipulation of affinity groups, and manipulation of preferences for one or more users. The threshold is applied and aggregate statistics are generated.

Abstract: Reflective factors are used in combination with a, one-time password (OTP) in order to strengthen a system's ability to prevent man in the middle (MITM) phishing attacks. These reflective factors may include information such as URL information, HTTPS, a server's certificate, a session key, or transaction information. These reflective factors help to ensure that a client that wishes to access a server is the legitimate client, because even if a phisher (including a phisher attacking the legitimate client in real time) records identifying information from the legitimate client, it cannot replicate the reflective information to authenticate itself with the server.

Abstract: A method for performing user security operations using a mobile communications device includes, storing at least one security credential for a user in the mobile communications device, receiving a request from a client computer to perform an action requiring the stored at least one security credential, wherein the request includes information regarding a service application for which the action is requested, determining a response to the request based upon at least one user configured personal security preference at the mobile communications device, and transmitting the determined response to the client computer. Corresponding system and computer program products are also described.

Abstract: A method for performing user security operations using a mobile communications device includes, storing at least one security credential for a user in the mobile communications device, receiving a request from a client computer to perform an action requiring the stored at least one security credential, wherein the request includes information regarding a service application for which the action is requested, determining a response to the request based upon at least one user configured personal security preference at the mobile communications device, and transmitting the determined response to the client computer. Corresponding system and computer program products are also described.

Abstract: A method for performing user security operations using a mobile communications device includes, storing at least one security credential for a user in the mobile communications device, receiving a request from a client computer to perform an action requiring the stored at least one security credential, wherein the request includes information regarding a service application for which the action is requested, determining a response to the request based upon at least one user configured personal security preference at the mobile communications device, and transmitting the determined response to the client computer. Corresponding system and computer program products are also described.

Abstract: Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.

Abstract: Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.

Abstract: An auction verification subsystem provides verification, without revealing actual bid values, that bid values remained sealed prior to a closing time for the auction and that an announced winning bidder for the auction provided a highest bid. The verification subsystem receives encrypted bids from bidders and generates commitment data based on the bids and provides the commitment data to each of the bidders. In response to receiving the commitment data, the bidders provide decryption keys for the encrypted bids. In turn, the bids are decrypted and an auction is performed using the decrypted bids. The results of the auction can be verified based on bid representations that do not reveal the actual values of bids, thereby maintaining the secrecy of bids. Providing access to an exchange between bidders and the verification subsystem facilitates verification that the auction is performed as a sealed bid auction.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for facilitating aggregated product requests. In one aspect, a method includes receiving product request data from a plurality of users and determining that an offer request condition has occurred, where the offer request condition specifies a condition under which offers are requested from advertisers. In response to occurrence of the offer request condition, offer request data are provided to advertisers. The offer request data specify a quantity of users from which product request data were received. Offer data are received from advertisers. The offer data specify an offer associated with the particular product and an amount that an advertiser will pay for distribution of the offer. An offer is selected to be provided to the users and presentation data that cause presentation of the selected offer are provided.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for facilitating aggregated market transactions. In one aspect, a method includes receiving inventory data from sellers, where the inventory data specifies an ask price for a particular product and a discount function associated with the product. User input is received from users, where the user input requests information about a particular product. In response to the user input, data are provided that cause presentation of a product request user interface. Bids for the particular product are received from multiple users, and a final price is selected using ask prices, discount function, and bids. In turn, the particular product is allocated to a set of users that specified a bid that meets the final price.

Abstract: An auction verification subsystem provides verification, without revealing actual bid values, that bid values remained sealed prior to a closing time for the auction and that an announced winning bidder for the auction provided a highest bid. The verification subsystem receives encrypted bids from bidders and generates commitment data based on the bids and provides the commitment data to each of the bidders. In response to receiving the commitment data, the bidders provide decryption keys for the encrypted bids. In turn, the bids are decrypted and an auction is performed using the decrypted bids. The results of the auction can be verified based on bid representations that do not reveal the actual values of bids, thereby maintaining the secrecy of bids. Providing access to an exchange between bidders and the verification subsystem facilitates verification that the auction is performed as a sealed bid auction.

Abstract: An auction verification subsystem provides verification, without revealing actual bid values, that bid values remained sealed prior to a closing time for the auction and that an announced winning bidder for the auction provided a highest bid. The verification subsystem receives encrypted bids from bidders and generates commitment data based on the bids and provides the commitment data to each of the bidders. In response to receiving the commitment data, the bidders provide decryption keys for the encrypted bids. In turn, the bids are decrypted and an auction is performed using the decrypted bids. The results of the auction can be verified based on bid representations that do not reveal the actual values of bids, thereby maintaining the secrecy of bids. Providing access to an exchange between bidders and the verification subsystem facilitates verification that the auction is performed as a sealed bid auction.

Abstract: Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.

Abstract: A method for providing a warranty relating to a transaction between two parties, each party having a data communications device, in a system which includes an infrastructure composed of a plurality of locations each associated with a respective institution which provides services to clients, each location having a computer system, a database coupled to the computer system and storing information about each client of the institution and a data communications device coupled to the computer system for communication with the data communications device of any one party, each party being a client of at least one of the institutions, the method containing the steps of: