Abstract: Methods and apparatus for arranging event opportunities are disclosed. For example, the method detects the event opportunity that matches user profiles of at least two users who are unassociated with one another, verifies a safety parameter for one of the at least two users, wherein the safety parameter is defined by the one of the at least two users, and if the safety parameter is satisfied, sending an invitation to the event opportunity to each of the at least two users.

Abstract: Technologies are described herein to manage the replacement of routing rules. Some example technologies may receive a request to replace one or more active rules in a routing device with one or more stored rules. Each of the active rules and the stored rules may specify a routing rule that specifies how to route packets within a network. The active rules may be routing rules that are actively being used by the routing device. The stored rules may be routing rules that are not currently in use by the routing device. A determination may be made as to whether a number of active rule replacements for the routing device exceeds a threshold. In response to determining that the number of the active rule replacements exceeds the threshold, the request to replace the one or more active rules in the routing device may be denied.

Abstract: An Ethernet local management interface (E-LMI) protocol for use at a user-to-network interface (UNI) of a Metro Ethernet Network (MEN) is disclosed. The E-LMI protocol allows configuration and status information for the services at the UNI to be transferred from the MEN to a customer edge device coupled to the MEN at the UNI. Various embodiments involve sending or receiving a message via a User-to-Network Interface (UNI) of a Metro Ethernet Network (MEN). A customer edge device extracts configuration and status information for the services at the UNI from a received message. The configuration and status information can correspond to a multipoint Ethernet Virtual Connection (EVC).

Abstract: A traffic management device or other intermediate network device is configured to enable the device to support connection splitting and/or connection aggregation or to otherwise process network transactions for an arbitrary transaction-oriented protocol. The configuration may be accomplished by providing one or more traffic management rules defined by way of a scripting language and provided to an interpreter. The traffic management rule may follow a basic approach common to many protocols and is adapted to the particular protocol being supported. The rule may configure the network device to inspect incoming data, extract length and record type specifiers, buffer an appropriate amount of data to determine transactions or transaction boundaries, and perform other operations.

Abstract: A computer implemented method, server computer and computer program for securely storing a data file via a computer communication network and open cloud services. The method includes: providing a user's computer with code for providing a unique user name; asking the user for a password; generating an asymmetric key pair having one public key and one private key; encrypting the private key via a hash of the password; generating a file-specific symmetric key specific for the data file; encrypting the data file via the file-specific symmetric key; encrypting the file-specific symmetric key via the public key; where the code is executed by a web browser on the computer; storing the encrypted file-specific symmetric key as a header part of the encrypted data file, and interacting with the file exchange interface of a cloud service which receives the encrypted data file, and storing the encrypted data file and header part.

Abstract: A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key.

Abstract: In a method, implemented by a first device connected to a wireless network, for assisting in provisioning a second device for connection to the wireless network, the first device receives, via the wireless network and from a remote server, a public key corresponding to a private key stored in the second device. The first device uses the public key to encrypt network security information stored in the first device, the network security information including information that is useable to securely connect to the first wireless network. The first device wirelessly transmits, for reception by the second device, a signal carrying the encrypted network security information.

Abstract: An apparatus and method for adaptively bundling media frames in a data packet for transmission in a wireless data network. When a wireless device is ready to transmit an audio communication, a message is sent from the wireless device to a communication server that checks for network usage conditions and adaptively determines a bundling factor for the audio communication. The bundling factor is transmitted to the wireless device, and the wireless device bundles media frames into a data packet according to the bundling factor.

Abstract: A method for controlling an analysis system is presented. The method comprises receiving, by an encryption unit, authentication data of a user. In the case of a successful authentication, a user-specific security code is generated by the encryption unit. The security code is outputted by the encryption unit to the authenticated user. The security code and the user-ID are received by an authentication unit coupled to the analysis system via a user-interface coupled to the authentication unit. The security code is decrypted by the authentication unit. If the decrypted security code matches with the user-ID, the user is authenticated at the authentication unit and an authentication signal is generated by the authentication unit for permitting the user to initialize at least one function of the analysis system.

Abstract: A system and method of processing data, including identifying a first data processing criteria, communicating the first data processing criteria from a data processing application to a network element, receiving sensor data from a plurality of sensors at the network element, operating on the sensor data at the network element to process the data according to the identified first data processing criteria, resulting in a first processed data result, transmitting the first processed data result from the network element to the data processing application, and processing the first processed data result at the data processing application resulting in a second processed data result. The criteria can be dynamically updated.

Abstract: Techniques for secure data management in a distributed environment are provided. A secure server includes a modified operating system that just allows a kernel application to access a secure hard drive of the secure server. The hard drive comes prepackaged with a service public and private key pair for encryption and decryption services with other secure servers of a network. The hard drive also comes prepackaged with trust certificates to authenticate the other secure servers for secure socket layer (SSL) communications with one another, and the hard drive comes with a data encryption key, which is used to encrypt storage of the secure server. The kernel application is used during data restores, data backups, and/or data versioning operations to ensure secure data management for a distributed network of users.

Abstract: Embodiments of the invention address deficiencies of the art in respect to PXE processing and provide a method, system and computer program product for selective PXE subnet filtering. In an embodiment of the invention, a PXE server subnet filtering method can be provided. The method can include selectively referring a PXE client to different boot logic depending upon at least a portion of a network assigned address for the PXE client. In this regard, selectively referring a PXE client to different boot logic depending upon at least a portion of a network assigned address for the PXE client can include selectively referring a PXE client to a different boot image notification layer (BINL) service providing a different filename for a different network bootstrap program depending upon at least a portion of an Internet protocol (IP) assigned address for the PXE client by a network resident dynamic host control protocol (DHCP) server in response to a previous DHCP request provided by the PXE client.

Abstract: A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the server module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed.

Abstract: Method and apparatus for communication between client and service provider using external server, and a method and apparatus for controlling communication between a client and a service provider are provided. The method includes: receiving from the service provider a first authentication token indicating that the service provider has authenticated communication with the client by logging on the service provider; storing, in the external server, authentication information containing the first authentication token and additional information relating to communication with the service provider; receiving, when there is a request to access the service provider, authentication information corresponding to the request from the external server; and communicating with the service provider using the received authentication information.

Abstract: A method and apparatus for concealing data to be transmitted within an environment. A sound frequency map is identified based on sounds detected within the environment. A number of audio symbols for use in representing a number of data blocks in the data to be transmitted within the environment are selected using the sound frequency map. An encrypted audio signal is formed using the number of audio symbols.

Abstract: A device (e.g., a phone) can be provided by an entity (e.g., a business) to a user (e.g., an employee). The device includes a profile manager that allows the user to configure a personal profile comprising any of applications, settings, and stored data. The device is also configurable with an entity profile determined by the entity that also may include applications, settings, and stored data. The user can select from operating modes comprising at least a personal mode, and a unity mode; an entity mode also may be available for selection. The profile manager, based on the selected mode, determines whether entity profile data and applications are available to the user, and which applications from either profile may conduct user-perceptible activities. The profile manager may periodically verify entity profile rights with a server, and if verification fails, then the profile manager can restrict entity profile data and applications access, regardless of operating mode.

Abstract: Embodiments of the invention are directed to identifying network resources or other topics that are of interest to members of multiple online communities to which a user belongs. Online communities include blogs, websites, games, e-commerce systems, messaging systems, wikis, etc. For each online community, click activity or other client behaviors are tracked and analyzed to determine statistical metrics about community activity, such as which articles, links, services, or other network resources are popular in the online community. At least some of the tracking or analysis can be performed by clients that access the online communities, by a server of each online community, and/or by a central tracking system. The results for each community may be further analyzed relative to each other. The results are provided for all communities with which a given user is associated. For example, a list of the most popular links in the user's selected online communities.

Abstract: Described herein are systems, methods, and apparatus for automatically establishing secure connections to wireless networks using a wireless local area network access point which calls for acceptance of terms and conditions of use. During an initial connection, the user is prompted to review and accept terms and conditions associated with use of that wireless network. Once accepted, future connections at that or other access points, which use those same terms and conditions, occur free from user intervention.

Abstract: Devices, methods, and systems capable of an enabling transmission and receipt of secure and non-secure data are discussed in this document. According to some embodiments, a network apparatus can transmit ciphered and unciphered data. The network apparatus transmits a first signal indicating a cipher to be used and transmits a second signal indicating that non-secure data is to be transmitted and received unciphered. The network apparatus can cipher secure data and transmits ciphered-secure data and unciphered-non-secure data. A wireless terminal can receive the first and second signals, the ciphered secure data, and the unciphered non-secure data. The wireless terminal can deciphers the received secure data and does not decipher the received non-secure data. System embodiments can include both network-side and network terminal components. Embodiments of the present invention enable secure transmission of data in concert with efficient processing.

Abstract: A script hosting server receives a script from an authenticated source, associates the script with a certificate profile for digital certificates based on input from the authenticated source, receives user enrollment information for the certificate profile from the authenticated source, receives a script request of a client device, the script request identifying the certificate profile and a user of the client device, determines whether the user is enrolled in the certificate profile based on the user enrollment information, and, upon determining that the user is enrolled, providing the scripts to the client device.