Abstract: A computer system splits data to be transmitted into a plurality of reliable connections which are multiplexed through a smaller number of unacknowledged connections, such as connections that do not require acknowledgment and which may be VPN tunnels. A receiver then demultiplexes data received to obtain data flows over the reliable connections and transmits separate acknowledgements for each reliable connection. The computer system demultiplexes the acknowledgments and provides them to the corresponding reliable connections, which then retransmit any unacknowledged data. Delivery controllers executing on the computer system may be coupled to corresponding controllers executing on the receiver, with traffic between the delivery controllers (payload and acknowledgments) being multiplexed over one or more unacknowledged connections. In some embodiments, acknowledgments may be transmitted over a connection that is not multiplexed over the unacknowledged connections.

Abstract: A client and content provider are connected by a plurality of simultaneous transport connections. The number of the transport connections that are used to transfer data is selected based on the size of the data to be transferred and may change after transfer of data has commenced based on the amount of data left and the attributes of the transport connections. In another aspect, data to be transmitted over the transport connections is organized into frames such that each frame includes data from only one data stream. The frames are sized to be less than or equal to a control window of the transport connection over which they are transmitted. Each frame may be assigned to a transport connection in a round robin fashion or based on the size of the frame and the sizes of the control windows of the transport connections.

Abstract: A client and content provider are connected by a plurality of simultaneous transport connections. The number of the transport connections that are used to transfer data is selected based on the size of the data to be transferred and may change after transfer of data has commenced based on the amount of data left and the attributes of the transport connections. In another aspect, data to be transmitted over the transport connections is organized into frames such that each frame includes data from only one data stream. The frames are sized to be less than or equal to a control window of the transport connection over which they are transmitted. Each frame may be assigned to a transport connection in a round robin fashion or based on the size of the frame and the sizes of the control windows of the transport connections.

Abstract: A client and content provider are connected by a plurality of simultaneous transport connections. The number of the transport connections that are used to transfer data is selected based on the size of the data to be transferred and may change after transfer of data has commenced based on the amount of data left and the attributes of the transport connections. In another aspect, data to be transmitted over the transport connections is organized into frames such that each frame includes data from only one data stream. The frames are sized to be less than or equal to a control window of the transport connection over which they are transmitted. Each frame may be assigned to a transport connection in a round robin fashion or based on the size of the frame and the sizes of the control windows of the transport connections.

Abstract: A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwards the content request. The content is received by the intermediary server, which returns it to the requesting application, such as by way of the VPR. Real IP addresses may be returned by the intermediary server such that subsequent content requests to the domain name may bypass the intermediary server. Requests for certain domains, ports, and/or protocols may bypass the intermediary server such that the VPR resolves the domain names to real IP addresses.

Abstract: A client and content provider are connected by a plurality of simultaneous transport connections. The number of the transport connections that are used to transfer data is selected based on the size of the data to be transferred and may change after transfer of data has commenced based on the amount of data left and the attributes of the transport connections. In another aspect, data to be transmitted over the transport connections is organized into frames such that each frame includes data from only one data stream. The frames are sized to be less than or equal to a control window of the transport connection over which they are transmitted. Each frame may be assigned to a transport connection in a round robin fashion or based on the size of the frame and the sizes of the control windows of the transport connections.

Abstract: A computer-implemented method performed in a computerized system incorporating a central processing unit, a network interface and a memory, the computer-implemented method involving: using the network interface to receive a content and an associated access restriction from a client computer system directly accessible by a user; causing the received content to be stored in a content storage system; using the central processing unit to generate a self-destructing content link for the stored content based on the received associated access restriction, wherein the generated self-destructing content link is configured to de-activate pursuant to the received associated access restriction; storing a metadata corresponding to the generated self-destructing content link for the stored content; and using the network interface to provide the generated self-destructing content link to the client computer system.

Abstract: A client and content provider are connected by a plurality of simultaneous transport connections. The number of the transport connections that are used to transfer data is selected based on the size of the data to be transferred and may change after transfer of data has commenced based on the amount of data left and the attributes of the transport connections. In another aspect, data to be transmitted over the transport connections is organized into frames such that each frame includes data from only one data stream. The frames are sized to be less than or equal to a control window of the transport connection over which they are transmitted. Each frame may be assigned to a transport connection in a round robin fashion or based on the size of the frame and the sizes of the control windows of the transport connections.

Abstract: A computer system splits data to be transmitted into a plurality of reliable connections which are multiplexed through a smaller number of unacknowledged connections, such as connections that do not require acknowledgment and which may be VPN tunnels. A receiver then demultiplexes data received to obtain data flows over the reliable connections and transmits separate acknowledgements for each reliable connection. The computer system demultiplexes the acknowledgments and provides them to the corresponding reliable connections, which then retransmit any unacknowledged data. Delivery controllers executing on the computer system may be coupled to corresponding controllers executing on the receiver, with traffic between the delivery controllers (payload and acknowledgments) being multiplexed over one or more unacknowledged connections. In some embodiments, acknowledgments may be transmitted over a connection that is not multiplexed over the unacknowledged connections.

Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.

Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.

Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.

Abstract: A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwards the content request. The content is received by the intermediary server, which returns it to the requesting application, such as by way of the VPR. Real IP addresses may be returned by the intermediary server such that subsequent content requests to the domain name may bypass the intermediary server. Requests for certain domains, ports, and/or protocols may bypass the intermediary server such that the VPR resolves the domain names to real IP addresses.

Abstract: A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwards the content request. The content is received by the intermediary server, which returns it to the requesting application, such as by way of the VPR. Real IP addresses may be returned by the intermediary server such that subsequent content requests to the domain name may bypass the intermediary server. Requests for certain domains, ports, and/or protocols may bypass the intermediary server such that the VPR resolves the domain names to real IP addresses.

Abstract: A provider computer announces content to the provider computer and establishes a secure connection to a VPN server. Requests for the content are received in one protocol (HTTPS) from the consumer computer and forwarded to the VPN server in a less secure protocol (HTTP) by a protocol conversion proxy, which then forwards the request to the provider computer. A public URL and secure URL may be associated with the same content. The public URL is announced to a consumer computer. A public server receives the public URL and returns the secure URL, which consumer computer uses to establish a secure connection to the provider computer. Upon the secure URL being compromised, a new secure URL is associated with the public URL. The source IP addresses of requests for the public and secure URLs may be compared to determine whether the secure URL is compromised.

Abstract: A client and content provider are connected by a plurality of simultaneous transport connections. The number of the transport connections that are used to transfer data is selected based on the size of the data to be transferred and may change after transfer of data has commenced based on the amount of data left and the attributes of the transport connections. In another aspect, data to be transmitted over the transport connections is organized into frames such that each frame includes data from only one data stream. The frames are sized to be less than or equal to a control window of the transport connection over which they are transmitted. Each frame may be assigned to a transport connection in a round robin fashion or based on the size of the frame and the sizes of the control windows of the transport connections.

Abstract: A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwards the content request. The content is received by the intermediary server, which returns it to the requesting application, such as by way of the VPR. Real IP addresses may be returned by the intermediary server such that subsequent content requests to the domain name may bypass the intermediary server. Requests for certain domains, ports, and/or protocols may bypass the intermediary server such that the VPR resolves the domain names to real IP addresses.

Abstract: System protects user's data on social networking websites by creating a data filter, which operates between the user and the social networks accessed by the user. The filter may be deployed as a user's web browser plug-in and operates in the following way. First, the filter encrypts all or some information that is posted by the user on a social network using SSL encryption technology. Second, to enable select other users of the social networking site to view the encrypted information, the instances of the filter executing on the accessing users' computers verify whether these users have access permission from the owner of the content and, if so, use the decryption key to decrypt the private data and enable the users to view it. The decryption key may be automatically passed to the instances of the filter running on the accessing users' computers. In an alternative implementation, the encryption and access control may be performed by a security/privacy mediator deployed on the network.

Abstract: A computer-implemented method for security risk assessment of wireless access point devices, the computer-implemented method comprising: receiving signals from one or more wireless access points by two or more mobile wireless devices visiting said access points, obtaining Basic Service Set Identifiers (BSSID) of visited access points and reporting values derived from BSSID and from an identifier of corresponding mobile device to a first database, receiving a request for a security risk assessment of evaluated wireless access point, said request containing value derived from BSSID of the evaluated access point, searching the first database for one or more entries corresponding to the evaluated access point, and processing search results to assess security risk of the evaluated access point, said processing comprises computing a component of said risk dependent on the count of unique identifiers of mobile devices reported for the evaluated access point.

Abstract: A provider computer announces content to the provider computer and establishes a secure connection to a VPN server. Requests for the content are received in one protocol (HTTPS) from the consumer computer and forwarded to the VPN server in a less secure protocol (HTTP) by a protocol conversion proxy, which then forwards the request to the provider computer. A public URL and secure URL may be associated with the same content. The public URL is announced to a consumer computer. A public server receives the public URL and returns the secure URL, which consumer computer uses to establish a secure connection to the provider computer. Upon the secure URL being compromised, a new secure URL is associated with the public URL. The source IP addresses of requests for the public and secure URLs may be compared to determine whether the secure URL is compromised.