Abstract: One embodiment provides a system that verifies a user's identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user's password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester's response with the stored user response.

Abstract: One embodiment of the present invention provides a method for adjusting security status on a mobile device, the method comprising: collecting security-related contextual information which includes information of nearby mobile devices and/or the geographic location of the intelligent mobile device; evaluating a threat level based on the collected security-related contextual information; invoking a security policy; and adjusting the security status of the mobile device based on the threat level and the security policy.

Abstract: A targeted advertising system performs context-based association mining using a publicly available corpus to identify a product or brand name that, under a given context, is associated with a product or brand being marketed. The system analyzes documents within the publicly available corpus that are associated with the given context, and identifies products or brand names that have a high association to the product or brand being marketed. The system can also analyze the publicly available corpus to determine contextual information which is correlated to two or more products or brand names. This contextual information includes a set of terms that facilitates filtering the publicly available corpus into an optimal set of documents that has a high association to a desired market category or demographic.

Abstract: One embodiment provides a system for facilitating sanitizing a modified version of a document relative to one or more sensitive topics. During operation, the system determines a privacy risk for a term in the modified version relative to the sensitive topics, wherein the privacy risk measures the extent to which the sensitive topic(s) can be inferred based on the term. Next, the system determines an information utility and privacy loss or gain for the modified version, where the information utility reflects the extent to which the modified version has changed and the privacy loss or gain reflects the extent to which the modified version is reduced in sensitivity.

Abstract: Embodiments of the present disclosure provide a method and system for protecting privacy by generating artificial contextual data. The system collects real contextual data related to a user. The system then generates artificial contextual data, based on the collected real contextual data. The system also groups the generated contextual data into one or more groups. Each group of contextual data corresponds to a persona that can be presented as the user's persona. Subsequently, the system transmits the generated contextual data to an entity, thereby allowing the user to obscure the real contextual data related to the user.

Abstract: Embodiments of the present disclosure provide a method and system for implicitly authenticating a user to access controlled resources. The system receives a request to access the controlled resources. The system then determines a user behavior score based on a user behavior model, and recent contextual data about the user. The user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern. The recent contextual data, which comprise a plurality of data streams, are collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication. The plurality of data streams provide basis for determining the user behavior score, but a data stream alone provides insufficient basis for the determination of the user behavior score. The system also provides the user behavior score to an access controller of the controlled resource.

Abstract: A system is provided to detect email spam. During operation, the system receives an email, extracts a set of keywords from the email body, and constructs a first search query based a keyword extracted from the email body. The system further constructs a second search query based on the keyword in the first query and one additional word which pertains to a known spam word or to the subject of the email. Next, the system receives a first number of hits and a second number of hits in response to the first and second search queries, respectively. The system then determines whether the email is spam based on the first number and the second number. The system can also perform Website filtering using inference detection which is based on search results received in response to search queries formulated with keywords extracted from Websites.

Abstract: One embodiment provides a computer system for detecting associations between a reviewer and an entity under review. During operation, the system estimates a relationship strength between the reviewer and the entity under review, and determines whether the relationship strength between the reviewer and the entity under review exceeds a predetermined threshold.

Abstract: One embodiment of the present invention provides a system for resetting a user's forgotten password. During operation, the system receives a user's request for resetting the user's forgotten password and derives one or more challenges from the user's forgotten password. The system then presents the derived challenges to the user and receives a response from the user to the challenges. The system further compares the user's response to the one or more challenges with the user's forgotten password, thereby facilitating password resetting.

Abstract: One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates one or more challenges based on the extracted user information, thereby facilitating the verification of the user's identity.

Abstract: One embodiment of the present invention provides a system for automatically authenticating a user. During operation, the system receives a user's request for authentication. The system then extracts information associated with the user from user-specific information stored in an enterprise computer. The extracted user information does not explicitly relate to a password. The system further generates one or more challenges based on the extracted user information, and receives the user's response to the challenges. Subsequently, the system compares the user's response to the extracted user information, and authenticates the user.

Abstract: One embodiment provides a system that verifies a user's identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user's password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester's response with the stored user response.

Abstract: One embodiment of the present invention provides a system that detects sensitive content in a document. In doing so, the system receives a document, identifies a set of terms in the document that are candidate sensitive terms, and generates a combination of terms based on the identified terms that is associated with a semantic meaning. Next, the system performs searches through a corpus based on the combination of terms and determines hit counts returned for each term in the combination and for the combination. The system then determines whether the combination of terms is sensitive based on the hit count for the combination and the hit counts for the individual terms in the combination, and generates a result that indicates portions of the document which contain sensitive combinations.

Abstract: One embodiment of the present invention provides a method for adjusting security status on a mobile device, the method comprising: collecting security-related contextual information which includes information of nearby mobile devices and/or the geographic location of the intelligent mobile device; evaluating a threat level based on the collected security-related contextual information; invoking a security policy; and adjusting the security status of the mobile device based on the threat level and the security policy.

Abstract: One embodiment of the present invention provides a system that performs inference detection based on Internet advertisements. In doing so, this system first receives a set of topic words, performs a search query on each topic word using a search engine, and gathers a set of Uniform Resource Locators (URLs) associated with sponsored advertisement from the search results corresponding to each search query. Then, the system determines a correlation between two topic words based on their corresponding URLs associated with sponsored advertisement, and produces a result which indicates groups of correlated topic words.

Abstract: One embodiment of the present invention provides a system which allows a document owner to redact content from a document and allows a recipient of the redacted document to challenge the appropriateness of the redaction. During operation, the system allows the document owner to redact a string Mi from location i in the document. In doing so, the system produces a commitment Ci=C(Mi, Ri) based on string Mi and a string Ri used as randomness and communicates Ci to the recipient. When the recipient challenges the redaction, the system receives a topic string T from the recipient, and produces a string RT. The system then communicates RT to the recipient, thereby allowing the recipient to produce a commitment CT=C(T, RT) based on strings T and RT, and compare CT with Ci. Comparing commitment CT with Ci allows the recipient to test redactions for string equality.

Abstract: A system for displaying a set of selectable CAPTCHAs produces a first set of CAPTCHAs whose images are based at least partially on an alphanumeric sequence, where a respective CAPTCHA in the first set is associated with a CAPTCHA property. The system also produces a second set of CAPTCHAs whose images are based at least partially on an alphanumeric sequence, where a respective CAPTCHA in the second set is not associated with a CAPTCHA property. Next, the system displays the first and second sets of CAPTCHAs. Finally, the system makes respective CAPTCHAs in the first and second sets of CAPTCHAs selectable, thereby allowing a user to pass a CAPTCHA challenge by distinguishing the first set of CAPTCHAs from the second set of CAPTCHAs without typing the words associated with the images.

Abstract: One embodiment of the present invention provides a system that facilitates filtering outbound content via inference detection. During operation, the system identifies content sent to a first address and extracts keywords from the identified content. The system then issues queries based on these keywords and extracts expected-content keywords from the hits returned in response to the queries. The system then searches the outbound content for occurrences of the expected-content keywords and produces a result which allows a user to determine whether the outbound content is proper. In a further embodiment, the system extracts keywords from a piece of outbound content, and issues queries based on these keywords. The system then extracts keywords from the hits, and present at least one keyword to a user, thereby allowing the user to determine whether the outbound content is proper.

Abstract: A system is provided to detect email spam. During operation, the system receives an email, extracts a set of keywords from the email body, and constructs a first search query based a keyword extracted from the email body. The system further constructs a second search query based on the keyword in the first query and one additional word which pertains to a known spam word or to the subject of the email. Next, the system receives a first number of hits and a second number of hits in response to the first and second search queries, respectively. The system then determines whether the email is spam based on the first number and the second number. The system can also perform Website filtering using inference detection which is based on search results received in response to search queries formulated with keywords extracted from Websites.

Abstract: A system is provided for augmenting a privacy policy. During operation, the system obtains a set of training documents and at least one seed keyword associated with the privacy policy. The system extracts a number of candidate keywords from the training documents and formulates at least one query based on the candidate keywords. The system then issues the query to a corpus. In response to the query, the system receives a set of result documents. The system further determines whether a respective keyword extracted from the result documents matches at least one seed keyword. The system then augments the privacy policy by associating the candidate keyword corresponding to the respective keyword with the privacy policy based on the determination. In addition, the system applies the augmented privacy policy to a subject document and produces a result to indicate whether the subject document is in violation of the privacy policy.