Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

Abstract: Systems and methods of application integration, including constructing an application integration adapter in dependence upon a profile including data describing the adapter, receiving instructions to alter the adapter, and altering the adapter in dependence upon the instructions. Exemplary embodiments of the invention include communicating integration messages among applications through the adapter as altered. In typical embodiments, receiving instructions to alter the adapter includes detecting changes in the adapter profile. In such embodiments, detecting changes in the adapter profile includes creating a copy of the profile, and periodically comparing the profile and the copy. In other exemplary embodiments, receiving instructions to alter the adapter includes receiving from an application an administrative integration message bearing the instructions to alter the adapter. In such embodiments, altering the adapter in dependence upon the instructions includes updating the profile.

Abstract: A method, programmed medium and system are provided for enabling a user to move a piece of data or context to another page in a mashup application. Rather than linking directly between pages, pages are “linked” by a drag-and-drop action of the user. To move a piece of data or context to another page, the user drags an item from the current mashup page onto the tab of a target page to which the data item is to be moved. The dropping of a text item on, for example, a tab of a target page causes an event to be fired on the target page, which may be wired to widgets contained within the target page. The target tab is then brought into focus and its page contents displayed. Visual indicators are also provided on source pages to indicate the target pages, which will “accept” the dragged contents.

Abstract: Mechanisms for creating global sessions across different protocols and multiple converged protocol applications are provided. By creating a global session, state information for each of the individual protocol sessions may be communicated across protocols and utilized in performing operations across converged protocol applications. An edge server is used at the edge of a data network to correlate client interactions over different protocols and to associate them with a global session. The edge server acts as a session reference counter for individual client sessions that are part of a larger global session. The global session is created after the creation of the first protocol session and exists across the creation of future sessions on other protocols and other converged applications. Logical names and global session tokens are utilized to manage the various global sessions handled by the edge server.

Abstract: A network cluster is provided herein having a plurality of cluster members. In order to control the admission of client requests sent to the cluster, one member of the cluster is elected “reservation coordinator.” The reservation coordinator runs a reservation algorithm for controlling the distribution of rate capacity across members of the cluster. For example, each member of the cluster may reserve some amount of rate from the coordinator to allow for passing of client requests. To ensure that each member is provided with the appropriate rate capacity, each member of the cluster runs an estimation algorithm to determine whether or not additional rate capacity should be reserved from the reservation coordinator, or released back into the cluster for redistribution. The estimation algorithm is run in real-time and allows the admission control algorithm to adapt to changes in rate distribution.

Abstract: A system for managing failover in a server cluster. In response to detecting a failed server, subscription message processing of a failover server is stopped. A subscription queue of the failed server is opened. A marker message is published to all subscribers of a particular messaging topic. The marker message includes an identification of the failover server managing the subscription queue of the failed server. Messages within the subscription queue of the failed server are processed. In response to determining that a message in the subscription queue of the failed server is the marker message, the subscription queue of the failed server is closed. Then, the failover server resumes processing of its original subscription queue looking for the marker message, while processing yet unseen messages from the queue. Once the marker message is found in the original subscription queue, normal operation is resumed.

Abstract: Mechanisms for distributing rate limits and tracking rate consumption across members of a cluster are provided. One member of the cluster is responsible for controlling the distribution of rate capacity across members of the cluster. Rate capacity may be distributed in a hierarchical fashion to account for the needs of the various services, applications, and/or operations provided by the cluster members. A hierarchical tree structure may be formed by distributing rate capacity among a plurality of nodes arranged at a global, service, application or operation level of the tree. In some cases, rate capacity may also be distributed at a requester level to account for the needs of requesters who are granted access to the services, applications and operations provided by the cluster members.

Abstract: A network is provided herein comprising a plurality of network resources, and at least one network cluster having a plurality of cluster members. Each member of the cluster may be configured for utilizing one or more of the network resources and for tracking usage thereof. For example, each member of the cluster may include one or more token buckets for tracking that member's usage of the network resources. At least one member of the cluster (i.e., a “reservation coordinator”) may include a first set of computer-executable instructions for receiving network traffic destined for a particular network resource at a first rate (i.e., a maximum average sustained rate). In addition, the reservation coordinator may include a second set of computer-executable instructions for distributing the first rate among at least a subset of the cluster members.

Abstract: A method and apparatus for generating and authenticating documents having stored electrostatic pattern information provides security with respect to the authenticity of documents. A liquid medium including a plurality of electrostatic monopoles is applied to the surface of a document, which embeds a permanent electrostatic pattern in the document. The pattern is then readable by an electrostatic scanner. The monopoles may be associated with differing colors, including black and white, may be transparent or have a neutral color. The patterns may embed data, certificates or shapes. The monopoles may provide a watermark or visible image. The apparatus may be a pen or printer, and may include multiple selectable vessels containing ink and/or electrostatic liquid medium of one or both charge states. Visible features of the document can be compared with the detected pattern, or the pattern may be compared to a database or decrypted with a key.

Abstract: A multi-protocol authentication and authorization system including a request interceptor configured to receive from a requestor a first request using a first transport protocol and a second request using a second transport protocol, and an authenticator for validating a digest received from the requestor, where the request interceptor is configured to authenticate the requestor if the digest is valid and if at least one multi-protocol criterion applied to the requests is met.

Abstract: Mechanisms for burst traffic smoothing for Session Initiation Protocol (SIP) processing elements are provided. A dispatch queue management engine determines whether a received packet is a TCP or UDP packet. If the packet is a TCP packet, the packet is automatically added to the dispatch queue. If the packet is a UDP packet, a value for a drop function ƒ is generated and a random or pseudo-random number r is generated. If r has a predetermined relationship to ƒ, then the UDP packet is added to the dispatch queue, otherwise the UDP packet is discarded. The value for ƒ is based on the current dispatch queue load, the network quality, the retransmission rate, and the allowable drop rate. Thus, the determination as to whether to drop UDP packets or not is configurable by an administrator and also adaptable to the current network and dispatch queue conditions.

Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Abstract: Methods, systems, processes and devices are provided for optimizing throughput and quality of service of a presence enabled managed service. The method includes at least a first entity requesting from an aggregator of presence services presence information of a second entity. The method includes looking up a profile of the aggregator stored in a cache of a presence server hosted by the presence enabled managed service. The method includes determining from the profile an aggregator level of service the aggregator has subscribed to from the presence enabled managed service, wherein the aggregator level of service is one of high level service, medium level service, and low level service. The method includes storing presence information of the second entity on a presence document on the cache and returning the presence information to the first entity based upon the aggregator level of service.

Abstract: A multi-protocol authentication and authorization system including a request interceptor configured to receive from a requestor a first request using a first transport protocol and a second request using a second transport protocol, and an authenticator for validating a digest received from the requestor, where the request interceptor is configured to authenticate the requestor if the digest is valid and if at least one multi-protocol criterion applied to the requests is met.

Abstract: An apparatus, method, and program product are provided for parsing a document. A match point tuple is passed to a parser instance. The match point tuple comprises a match point. The parser instance stream parses an XML stream. In response to a match point statement in the XML stream matching the match point expression in the match point tuple, the parser instance constructs a DOM instance comprising XML content matching the match point. In a sample embodiment, the match point tuple further comprises a filter, and the parser instance adds XML statements that pass the filter to the DOM instance and discards statements that do not pass the filter.

Abstract: A method and apparatus for generating documents having stored electrostatic pattern information provides security with respect to the authenticity of documents. A liquid medium including a plurality of electrostatic monopoles is applied to the surface of a document, which embeds a permanent electrostatic pattern in the document. The pattern is then readable by an electrostatic scanner. The monopoles may be associated with differing colors, including black and white, may be transparent or have a neutral color. The patterns may embed data, certificates or shapes. The monopoles may provide a watermark or visible image. The apparatus may be a pen or printer, and may include multiple selectable vessels containing ink and/or electrostatic liquid medium of one or both charge states. Visible features of the document can be compared with the detected pattern, or the pattern may be compared to a database or decrypted with a key.

Abstract: A cache server receives a request from a client that includes a requesting entity tag. In turn, the cache server extracts a starting identifier and an ending identifier from the requesting entity tag. The starting identifier is associated with a starting entry and the ending identifier is associated with an ending entry. Next, the cache server determines whether a subsequent entity tag exists that includes a subsequent starting identifier that matches the requesting entity tag's ending identifier. When the cache server identifies a subsequent entity tag, the cache server sends the subsequent entity tag and one or more update entries corresponding to the subsequent entity tag to the client.

Abstract: Provided is an apparatus for detecting fraudulent passwords so that computer break-in attempts can be distinguished from authorized users incorrectly entering their passwords. An actual password is mapped against a computer keyboard and the resultant data is stored in memory. The profile of an entered password is compared to the stored profile. If the profile of the entered password differs significantly from the stored profile. then the login attempt is flagged as an attempted intrusion. In one embodiment of the current invention, passwords are mapped according to the distance subsequent keystrokes arc from each other. Different embodiments may have different mapping schemes. For example, mapping data may correspond to statistical data that corresponds to the likelihood that a particular character is typed by mistake when another character is intended.

Abstract: A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling.

Abstract: A mechanism for ensuring the authenticity of written and printed documents. With the mechanism of the present invention, electronic ink is deposited onto a document, wherein the electronic ink deposited comprises at least one mark visible to a user. Current is applied to the electronic ink while the electronic ink is wet. The current is applied to the electronic ink in order to imprint a pattern in the ink. The electronic ink deposited on the document is then allowed to dry. The pattern in the electronic ink may then be examined to verify the authenticity of the document.