Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.

Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.

Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.

Abstract: A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwards the content request. The content is received by the intermediary server, which returns it to the requesting application, such as by way of the VPR. Real IP addresses may be returned by the intermediary server such that subsequent content requests to the domain name may bypass the intermediary server. Requests for certain domains, ports, and/or protocols may bypass the intermediary server such that the VPR resolves the domain names to real IP addresses.

Abstract: A client and content provider are connected by a plurality of simultaneous transport connections. The number of the transport connections that are used to transfer data is selected based on the size of the data to be transferred and may change after transfer of data has commenced based on the amount of data left and the attributes of the transport connections. In another aspect, data to be transmitted over the transport connections is organized into frames such that each frame includes data from only one data stream. The frames are sized to be less than or equal to a control window of the transport connection over which they are transmitted. Each frame may be assigned to a transport connection in a round robin fashion or based on the size of the frame and the sizes of the control windows of the transport connections.

Abstract: A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwards the content request. The content is received by the intermediary server, which returns it to the requesting application, such as by way of the VPR. Real IP addresses may be returned by the intermediary server such that subsequent content requests to the domain name may bypass the intermediary server. Requests for certain domains, ports, and/or protocols may bypass the intermediary server such that the VPR resolves the domain names to real IP addresses.

Abstract: A computer-implemented method for security risk assessment of wireless access point devices, the computer-implemented method comprising: receiving signals from one or more wireless access points by two or more mobile wireless devices visiting said access points, obtaining Basic Service Set Identifiers (BSSID) of visited access points and reporting values derived from BSSID and from an identifier of corresponding mobile device to a first database, receiving a request for a security risk assessment of evaluated wireless access point, said request containing value derived from BSSID of the evaluated access point, searching the first database for one or more entries corresponding to the evaluated access point, and processing search results to assess security risk of the evaluated access point, said processing comprises computing a component of said risk dependent on the count of unique identifiers of mobile devices reported for the evaluated access point.

Abstract: A provider computer announces content to the provider computer and establishes a secure connection to a VPN server. Requests for the content are received in one protocol (HTTPS) from the consumer computer and forwarded to the VPN server in a less secure protocol (HTTP) by a protocol conversion proxy, which then forwards the request to the provider computer. A public URL and secure URL may be associated with the same content. The public URL is announced to a consumer computer. A public server receives the public URL and returns the secure URL, which consumer computer uses to establish a secure connection to the provider computer. Upon the secure URL being compromised, a new secure URL is associated with the public URL. The source IP addresses of requests for the public and secure URLs may be compared to determine whether the secure URL is compromised.

Abstract: A computer-implemented method for security risk assessment of wireless access point devices, the computer-implemented method comprising: receiving signals from one or more wireless access points by two or more mobile wireless devices visiting said access points, obtaining Basic Service Set Identifiers (BSSID) of visited access points and reporting values derived from BSSID and from an identifier of corresponding mobile device to a first database, receiving a request for a security risk assessment of evaluated wireless access point, said request containing value derived from BSSID of the evaluated access point, searching the first database for one or more entries corresponding to the evaluated access point, and processing search results to assess security risk of the evaluated access point, said processing comprises computing a component of said risk dependent on the count of unique identifiers of mobile devices reported for the evaluated access point.

Abstract: The inventive technology enables the search engine operator to charge the advertisers who place their links on the search engine only if the user uses the search results to visit the advertiser's web portal(s) and generates revenue for the advertiser. This concept is especially attractive to the advertisers because it eliminates the risk, which the advertisers face in conventional search engines, when they are changed by the search engine per user click irrespectively of whether the user's visit resulted in advertiser's revenue.

Abstract: A computer-implemented method performed in a system comprising a first endpoint, the first endpoint comprising at least one central processing unit, a memory, a storage system and a network interface unit, the system being accessible by a user, the method involving: generating a message at the first endpoint for sending to a second endpoint, the message incorporating a message body and a message metadata, the message metadata comprising a secure channel invitation for the second endpoint to securely communicate with the first endpoint, the secure channel invitation being hidden within the message metadata; communicating the message from the first endpoint to the second endpoint; receiving a response message, at a first endpoint, from the second endpoint; and establishing the secure communication channel between the first endpoint and the second endpoint based on the received response message.

Abstract: An extensible personality-based secure messaging infrastructure deployed in a computerized system comprising at least one central processing unit, a memory, a storage system and a network interface unit, the system being accessible by a user, the system comprising: an application resource database configured to store at least one resource entry; a contact information database comprising at least one peer personality entry and an own personality entry, the at least one peer personality entry corresponding to at least one resource entry in the resource database; a key storage operatively coupled to the contact information database and comprising a plurality of communication channel key entries, a plurality of peer personalities key entries and a plurality of application resource key entries, and at least one of the plurality of the peer personalities key entries corresponding to at least one peer personality entry in the contact information database.

Abstract: System enables users to surf the web and engage in social networking interaction through a downloadable peer-to-peer client that stores all user's private information locally on the user's computer. System establishes communication between the computers of multiple users participating in social interaction without having to store users' personal information on central servers. All user data, including, without limitation, pictures, ideas, personal information and communications with friends is maintained locally on the user's own computer and the social communication takes place between two or more users' computers. This provides the users with greater control over the dissemination of their personal information. In addition, the system randomly selects peer-to-peer social networking clients that are online at any given time and enable such clients to randomly and automatically connect with one another.

Abstract: Systems and methods for implementing a web browser which operates to secure all Internet connections of the user using SSL and HTTPS protocols. One implementation is a browser that operates to send all browser navigation commands and send and receive all web traffic through SSL encryption tunnel. In other words, the browser turns all web pages that support only HTTP protocol into HTTPS-enabled web pages. As would be appreciate by those of skill in the art, the use of the SSL and HTTPS secures the user's connection and provides security for user's data. The system may be used to secure email communications, login information for websites, selection of shopping items and all other online activity of the user. All of the above information is encrypted by the inventive system using highly-secure SSL encryption.

Abstract: A computer-implemented method for storing content, the stored content being accessible by a computerized system comprising at least one central processing unit, memory, storage system and a network interface unit, computerized system being accessible by a user, the method comprising: generating first cryptographic key; encrypting the content with the first cryptographic key; storing the encrypted content in a data storage system, the data storage system comprising at least one data storage medium; a data storage controller and a network interface module, the data storage system being a part of a cloud-based distributed storage system, the cloud based storage system being connected via a data network with computerized system accessible by the user; generating a second cryptographic key; and re-encrypting the content with the second cryptographic key and storing the re-encrypted content in data storage system, wherein the re-encryption of the content is performed within cloud-based distributed storage system.

Abstract: Web-based VPN system and corresponding service. The inventive web VPN system/service could be accessed by the users using only a conventional web browser without the need to install any specialized VPN client software on the user terminal, as it is the case with conventional VPN systems. User's terminal could be a user's desktop computer, notebook or a mobile device, such as a cell prone or a PDA, or any other computing platform what so ever, used by the user to access various network resources, such as web pages. One aspect is a web VPN service that encrypts, using, for example, SSL encryption, all web traffic going between the user's terminal and the Internet. System comprises a VPN server/proxy and an associated web server accessible by the user via a communication network, such as Internet.

Abstract: A computer-implemented method for securing personal information of a user on social networks. The method involves: receiving personal information from a user in an unencrypted textual form by a client computer; transmitting the received personal information via a secure virtual private network (VPN) connection to a dedicated VPN server/proxy; receiving the personal information at the dedicated VPN server/proxy; encrypting the received personal information at the dedicated VPN server/proxy using an encryption key; and transmitting the encrypted personal information from the dedicated VPN server/proxy to the social network. Other users of the social network also use the dedicated VPN server/proxy in order to decrypt (access) the personal information of the user, which has been encrypted as specified above.

Abstract: The invention provides an improved algorithm for selecting paid advertisements for inclusion with search engine results or with any resource retrieved from the Internet. The algorithm collects personalized data of each user and feeds the collected personalized data into search queries of search engines, to retrieve paid advertisements. The advertisements are retrieved based not only on search keywords input by the user, but also based on personal preferences, interests and demographics of the user, as well as the location of the user and the time when the search is performed. In other words, the inventive technology enables each user to receive very targeted, localized and personalized advertising materials.

Abstract: Described are various implementations of location-targeted online services. When a user accesses the Internet from a supported location, he'll be able to use premium or exclusive online services (premium content, member-only discounts etc.) for free and without going through an elaborate subscription process. The location owner may promote these services before the user enters the location. Example: in addition to mentioning “free Internet”, the hotel owner can attract new customers by mentioning “free Netflix movies” or “free access to premium content, from Zagat reviews to stock reports”. It allows the location owner to utilize a network (WIFI) service provider as a means of increasing its core business and not just as a source of incremental advertisement income.

Abstract: A computer-implemented system including a memory, a storage device and a processing unit, the memory storing a set of instructions, which, when executed by the processing unit cause the processing unit to perform a method for displaying promotional materials to a user using a browser executing on a client computer. The method involves determining websites in a browsing history of the browser; sending a request to one or more internet resources, the requests being related to the determined websites; receiving the promotional materials from the one or more internet resources in response to the request; associating the received promotional materials with the websites in the browsing history of the browser; and displaying websites in the browsing history of the browser together with the associated promotional materials.