Abstract: A tunneled direct link set-up (TDLS) capable wireless network may comprise a router such as an access point (AP) and a plurality of stations (STA) including service consumer and service provider station. A service consumer station may generate and send a layer-2 query frame to the plurality of stations. A service provider station may generate a layer-2 service frame in response to receiving the layer-2 query frame. The service consumer station may discover the service provider station and the services offered by the service provider station based on the layer-2 service frame. Also, the service consumer may discover the service provider station using layer-2 query frame and may discover the services offered by the service provider station using higher layer service discovery procedure.

Abstract: In an embodiment, a method includes registering applications and network services for notification of an out-of-band introduction, and using the out-of-band introduction to bootstrap secure in-band provisioning of credentials and policies that are used to control subsequent access and resource sharing on an in-band channel. In another embodiment, an apparatus implements the method.

Abstract: A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access.

Abstract: In an embodiment, a method includes registering applications and network services for notification of an out-of-band introduction, and using the out-of-band introduction to bootstrap secure in-band provisioning of credentials and policies that are used to control subsequent access and resource sharing on an in-band channel. In another embodiment, an apparatus implements the method.

Abstract: A first message is transmitted over a communication channel to initiate a transaction. The first message contains a random number and a public key of a device. Continuing the transaction, a second message is received. The second message also contains a random number and a public key of a second device. At least one message is received that contains a proof-of-possession of the device's password, along with a credential that is encrypted with a credential key.

Abstract: A tunneled direct link set-up (TDLS) capable wireless network may comprise a router such as an access point (AP) and a plurality of stations (STA) including service consumer and service provider station. A service consumer station may generate and send a layer-2 query frame to the plurality of stations. A service provider station may generate a layer-2 service frame in response to receiving the layer-2 query frame. The service consumer station may discover the service provider station and the services offered by the service provider station based on the layer-2 service frame. Also, the service consumer may discover the service provider station using layer-2 query frame and may discover the services offered by the service provider station using higher layer service discovery procedure.

Abstract: A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access.

Abstract: A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access.

Abstract: A method includes receiving a specification for translating a network policy from a first schema to a second, different schema and translating the network policy into the second different schema based on the specification. A network system is configured based on the translated policy.

Abstract: A method for combining speech recognition with near field communication (NFC) to enable a user to enter, store, and use web addresses on portable devices. A user of a portable device having a NFC reader, a voice input interface, a speech recognition system, and memory enables the NFC reader of the portable device to touch a NFC tag or reader found on an object. The object containing information of interest to a user of the portable device; wherein when the NFC reader and the NFC tag or reader touch, the portable device receives a URI and default keywords associated with the URI. The portable device stores the URI in a persistent storage of the portable device based on the default keywords, and date, time, and location of when and where the URI was obtained.

Abstract: Resource authorization includes receiving a resource request from a first requester. The resource request includes credentials and identifies an operation to be performed with respect to a resource. The resource request is mapped to a resource identifier, and the resource data structure is searched for a resource node based on the resource identifier. A determination is made whether the first requester is authorized to perform the operation with respect to the resource based on whether the credentials in the resource request match a resource authorization level associated with the resource node.

Abstract: A processor integrating and controlling at least two A/V devices by constructing a control model, referred to as a filter graph, of the at least two A/V devices as a function of a physical connection topology of the at least two A/V devices and a desired content to be rendered by one of the at least two A/V devices. The filter graph may be constructed as a function of at least two device filters corresponding to the at least two A/V devices, in which the device filters include certain characteristics of the at least two A/V device. These characteristics may include the input or output pins for each device, the media type that the A/V device may process, the type of functions that the device may serve, etc. The desired content may be received as a user input which is entered via a keyboard, mouse or other comparable input devices.

Abstract: Managing policies includes receiving policy data associated with a resource from a resource owner over a network, authenticating the resource owner to determine whether to accept the received policy data, and storing the received policy data in a centralized data structure if the resource owner is authenticated.

Abstract: A rule processing system is implemented that allows for the integration of external applications into a common operational framework. External applications are permitted to define nodes in the rule processing system, and users are permitted construct rules in a rule graph using the defined nodes via a browser interface. Rules may be constructed in a hierarchical format, such that the rules are traversed by a rule engine an executed in a structured manner. Integration between external applications and the rule processing system may be via object oriented software techniques, such as the Component Object Model for object interfacing.

Abstract: A method and system for mapping network attacks onto a strategy game is presented. A log file generated by network security monitoring tools is received by a transformer. The log file is transformed by the transformer into a set of characters with associated action inputs, such that each of the characters is associated with an action input.

Abstract: Briefly, in accordance with one embodiment of the invention, a user system may access a network such as the Internet via a local Internet service provider that the user may not have an agreement with by using wireless Internet service provider roaming. When a user sends a request to access the network, the local Internet service provider may intercept the request and return a login page to the user. In one embodiment, the returned login page may include extensible markup language meta information that provides information how the form should be filled out. A client on the user system may read the meta information and automatically complete the login form without user intervention. Upon completion of the login form, the user may be authenticated and allowed to access the network.

Abstract: A paging system uses a stationary personal computer to receive paging signals. The personal computer executes an instruction set, or software, which allows the personal computer to forward or process received page signals. By using a stationary personal computer, received page signals can be used to control the personal computer to contact external devices such as: other personal computers, telephones, fax machines, Internet locations, pagers, and household devices. The personal computer can store received page signals including origination identification information. A multiplex forwarding system can be used by providing identification header information.

Abstract: Extending driver objects, such as device driver objects. In one embodiment, a system including a driver object, an auto-aggregator object, and a driver extension object. The driver object has a set of at least one standard interface. The auto-aggregator object is aggregated to the driver object by a blind aggregation mechanism. The driver extension object is aggregated to the driver object by an auto-aggregation mechanism invoked by the auto-aggregator object to provide a custom interface for the driver object. In another embodiment, an aggregation map is used to map the driver object to the driver extension object.

Abstract: A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access.

Abstract: Managing policies includes receiving policy data associated with a resource from a resource owner over a network, authenticating the resource owner to determine whether to accept the received policy data, and storing the received policy data in a centralized data structure if the resource owner is authenticated.