Abstract: One embodiment of the present invention provides a system that facilitates filtering outbound content via inference detection. During operation, the system identifies content sent to a first address and extracts keywords from the identified content. The system then issues queries based on these keywords and extracts expected-content keywords from the hits returned in response to the queries. The system then searches the outbound content for occurrences of the expected-content keywords and produces a result which allows a user to determine whether the outbound content is proper. In a further embodiment, the system extracts keywords from a piece of outbound content, and issues queries based on these keywords. The system then extracts keywords from the hits, and present at least one keyword to a user, thereby allowing the user to determine whether the outbound content is proper.

Abstract: A system is provided to detect email spam. During operation, the system receives an email, extracts a set of keywords from the email body, and constructs a first search query based a keyword extracted from the email body. The system further constructs a second search query based on the keyword in the first query and one additional word which pertains to a known spam word or to the subject of the email. Next, the system receives a first number of hits and a second number of hits in response to the first and second search queries, respectively. The system then determines whether the email is spam based on the first number and the second number. The system can also perform Website filtering using inference detection which is based on search results received in response to search queries formulated with keywords extracted from Websites.

Abstract: A system is provided for augmenting a privacy policy. During operation, the system obtains a set of training documents and at least one seed keyword associated with the privacy policy. The system extracts a number of candidate keywords from the training documents and formulates at least one query based on the candidate keywords. The system then issues the query to a corpus. In response to the query, the system receives a set of result documents. The system further determines whether a respective keyword extracted from the result documents matches at least one seed keyword. The system then augments the privacy policy by associating the candidate keyword corresponding to the respective keyword with the privacy policy based on the determination. In addition, the system applies the augmented privacy policy to a subject document and produces a result to indicate whether the subject document is in violation of the privacy policy.

Abstract: A method and apparatus for local device management. A signing server can generate a local provisioning packet and send the local provisioning packet to a requesting device management server. The device management server can transfer the local provisioning packet to a wireless communication device. The wireless communication device can compare a device identifier to a unique identifier in the wireless communication device and install a bootstrap packet in the wireless communication device if the device identifier matches the unique identifier in the wireless communication device. The wireless communication device may also verify that the packet was signed by the signing server as a condition on installing the bootstrap packet.

Abstract: A method and system for protecting information in an electronic device (100) is provided. The method includes calculating a MAC value (112) of a meta-file (110). The meta-file comprises file information of at least one file (108) in the electronic device. The method further includes tagging the meta-file with an identifier value (206). The identifier value is the same as a value stored in a secure hardware monotonic counter (204).

Abstract: A method and wireless mobile device invokes (802), under control of at least one of a plurality of applications, such as JAVA applications that run in a plurality of different execution environments, one or more common application interface (API), such as a JSR, that is common for use by the plurality of applications. The method and wireless mobile device also invoke (804) a zone permission check, in response to the invocation of the common API, that determines which execution environment a calling application is in, in response to zone identification data associated with each call in a group of calls in a call stack for the shared API. Once the environment is determined, a security permission check is invoked in a determined execution environment for the calling application to check permissions associated with the calling application.

Abstract: A communication unit (101) includes a transceiver (105) for communication over a communication network (107), and a processor (103). The processor (103) can install software components, including a first software component and a second software component. Responsive to a boot, the processor (103) can verifying the first software component against a first pre-determined value corresponding to at least the first software component; and subsequent to completion of the boot, verify the second software component against a second pre-determined value corresponding to at least the second software component.

Abstract: A method and wireless mobile device employs a virtual file system (706) and a digital rights management file system (708), at an operating system level, and a user space digital rights manager (712), at an application or user space level. The user space digital rights manager (712) is operative to manage digital rights associated with content that is stored in the digital rights management file system (708). For example, although an application may request content that has digital rights associated with it from the virtual file system (706), and the virtual file system (706) communicates with the digital rights management file system (708) at the operating system level, the DRM file system (708) redirects the calls to the user space digital rights manager (712) at the user space level which performs the digital rights operations.

Abstract: There is provided a communication device, and a method thereof, for managing access to protected content. The communication device comprises an application (302), a trusted file system service (316), a trusted agent (318) and a trusted content renderer (320). The application (302) requests performance of an action for the protected content (306). The trusted file system service (316) identifies the protected content (306) to the application (302). The trusted agent (318) identifies rights associated with the protected content (306) to the application (302). The trusted content renderer (320) performs the action in response to determining that the application (302) is an untrusted application having sufficient rights to perform the action.