Abstract: A system and method for network authentication is provided. A network access device is operable to establish a communications with an internal network. A client device is operable to request and establish the communications over the internal network by interfacing with the network access device. A processor is operable to interface with the network access device to establish the communications between the client device and the internal network. The processor is also operable to establish a communications level for the communications based on the location of the client device.

Abstract: In accordance with at least one embodiment of the present invention, a communication apparatus includes a communication unit configured to send and receive messages on a network. Each message has a message header configured to include a plurality of header fields, where the message header includes a suppression header field that indicates a request to suppress at least one header field in at least one subsequently sent or received message. The communication apparatus is configured to establish a suppressed header field message exchange session with a peer on the network so that at least one subsequent message exchanged between the communication apparatus and the peer is free of at least one suppressible header field.

Abstract: Distributed application virtualization provides for the distribution, configuration and control of multiple application components, layered file systems, and configuration settings that may be applied on top of an operating system of each system configured to work in conjunction with other systems within a single distributed virtualization layer. A distributed software virtualization manager or service handles communication between systems within each distributed virtual layer. One distributed virtualization operation activates components, selected based on user-defined parameters, on systems across the network belonging to a selected distributed virtual application layer. Other virtualization operations, whether local and/or distributed, include capturing file system and configuration activity associated with the detected event and storing data representative of the captured file system and configuration activity to a virtual layer, such as a local or distributed application layer.

Abstract: The inventive system for providing strong security for UDP communications in networks comprises a server, a client, and a secure communication protocol wherein authentication of client and server, either unilaterally or mutually, is performed using identity based encryption, the secure communication protocol preserves privacy of the client, achieves significant bandwidth savings, and eliminates overheads associated with certificate management. VDTLS also enables session mobility across multiple IP domains through its session resumption capability.

Abstract: The present invention discloses a method of dual stack access, wherein a network device authenticates the first protocol address of a requesting client, stores the user name, first protocol address, and address status information of the client in the user information table if the authentication succeeds, assigns a second protocol address to the client, stores this second protocol address and address status information in the user information table, generates control rules for the client according to its user information, and controls dual stack access of the client according to the rules. This invention provides effective authentication-based access control of dual stack users.

Abstract: A method and arrangement in a multimedia gateway connected to a multimedia service network, for providing access to multimedia services for communication devices connected to a private network. In the multimedia gateway, a communication unit receives a request from a device in the private network for a public identity associated with the multimedia gateway. An identity manager then selects and allocates an associated public identity from a pool of public identities associated with the multimedia gateway which have been predefined as valid in the multimedia service network. The communication unit then registers the device by activating the allocated associated public identity in the multimedia service network. Thereby, the multimedia gateway can establish a multimedia session on behalf of the device, using the allocated associated public identity.

Abstract: There are provided a method, a system and an initiator server for a secure execution of workflow tasks of a workflow to be executed according to a given execution pattern in a distributed workflow management system within a decentralized network system with a plurality of servers (b0, b1, . . . , bn) including at least an initiator server and at least a number of groups of servers of the plurality of servers. Each group satisfies a policy (poli) of a vertex, and thus, knows a corresponding policy key pair including a policy private key (SKpoli) and a policy public key (PKpoli), respectively. Each vertex denotes a set of workflow tasks to be executed in accord with the execution pattern and is assigned a vertex key pair including a vertex private key and a vertex public key.

Abstract: Technologies are generally described for secure authentication tokens that employ hardware public physically unclonable functions. Each unique token can be implemented as hardware such that manufacturing variations provide measurable performance differences resulting in unique, unclonable devices or systems. For example, slight timing variations through a large number of logic gates may be used as a hardware public physically unclonable function of the authentication token. The authentication token can be characterized such that its physical characteristics may be publicly distributed to authenticators. Authenticators may then simulate the result from a particular input vector and then request the authentication token to generate the same result in a very short amount of time. The time may be specified such that the result could not be simulated by an imposter for a timely response.

Abstract: An image forming apparatus for executing a processing flow including a plurality of steps, includes a determination unit which determines whether or not a processing flow to be executed includes an instruction required step that requires an instruction of a user, a selection unit which selects, when the processing flow to be executed includes the instruction required step, a notification destination of information required to display an operation window for accepting the instruction of the user, a notification control unit which notifies the notification destination selected by the selection unit of the operation window, and an execution unit which executes processing of the instruction required step according to instruction contents input via the operation window.

Abstract: An embodiment generally relates to a method of updating clients from a server. The method includes maintaining a master copy of a software on a server and capturing changes to the master copy of the software on an update disk image, where the changes are contained in at least one chunk. The method also includes merging the update disk image with one of two client disk images of the client copy of the software.

Abstract: A network audio system allows AV files existing in a PC to be readily registered and music to be reproduced using a client machine. The client machine is connected to the PC and a server application and a controller application are installed in the PC. Music is reproduced using the client machine based on an AV file existing in a user folder, when the user drags and drops an icon for the AV folder to an icon for the client machine. In response to the operation, the controller application produces music piece information including the artist name and the like based the tag information of the AV file. When the music piece information is not yet registered, the server application provides the music piece information with a music piece ID for registration in the content information database. The controller application transmits a command including the ID to the client machine.

Abstract: In various embodiments, data processing apparatus, software, or machine-implemented methods can optimize NFSv3 asynchronous write requests or MSRPC calls that traverse a wide area network, for example, by receiving, from a client, a first request directed to a server across a wide area network; determining whether a related second request has been received previously; when a related second request has been received previously, sending, to the client, a first reply to the second request and forwarding the first request to the server, and otherwise forwarding the first request to the server without sending any reply to the client for the first request. Sending local replies from a WAN optimizer induces the client to send continuous requests, improving throughput, but at least one client request remains unreplied to, and one server error reply is always reported to the client, facilitating correct error processing at the client.

Abstract: A supervision feasible apparatus capable of operating in a supervisory mode directed to supervising supervision information related to a plurality of apparatuses detects, when set at a supervisory mode, an apparatus attaining a data access enable state and an apparatus attaining a data access disable state with respect to a network, and updates supervisory information based on information related to the detected apparatus.

Abstract: Techniques for delivering content to an end user device are disclosed. A policy server performs an ingest process in which multiple versions of a content object are created. The multiple versions of the content object are associated with a single network identifier which can be distributed to publishers of the content object. When the content object is requested using the single network identifier, the policy server determines a preferred version and delivery orchestration scheme from among the multiple versions for delivery to an end user device based on several criteria. The policy server may thereafter orchestrate delivery of the preferred version of the content object to the end user device. The single network identifier may be associated with an edge location in a content delivery network (CDN) and the policy server may orchestrate delivery in cooperation with servers at the CDN edge location.

Abstract: The present invention provides systems, methods and a computer program product for the management of electronic work items by providing uniform methodology across an enterprise. Work items are electronically received by an organization and routed to available users depending upon the business rules of the organization and certain parameters of the work items. Service level commitments may be assigned, tracked and reported as capturing standard reporting across the enterprise specifically with respect to electronic work items.

Abstract: A customer initiated password reset system resets user passwords on a variety of network entities, such as internal systems, allowing simultaneous reset with a minimum number of user specified passwords that nonetheless satisfy the password specifications of these internal systems. Thereby, the user avoids the tedium of logging into each of these systems, changing their password, logging out, etc., for each system with the likelihood of creating unique passwords for each system that have to be remembered. By further incorporating a score metric based upon how many character sets are touched, a required degree of complexity can be measured and enforced against the password specifications. Advantageously, a table-based approach to enforcing password reset against the multiple password specifications facilitates making and fielding updates.

Abstract: A method and system to exchange information between computer applications are provided. The system may include a source operating system, a destination operating system and an offload stack, all residing on the device. The source operating system and the destination operating system appear to users as distinct network entities. The offload stack may be configured to function as an intermediate network device for the source operating system. The offload stack, in one embodiment, comprises a back end to receive a message from the source operating system to the destination operating system, an analyzer to determine that the destination operating system resides on the device and a cut though socket module to process the message such that a network layer of the offload stack is bypassed.

Abstract: The present invention relates to a secure method for reconstructing a reference measurement of a confidential datum on the basis of a noisy measurement of this datum. The method proposes a phase of enrolling a reference datum w having n digits, comprising at least the following steps: selecting an error correcting code C of a length L greater than n; generating an extended datum we by increasing the size of the reference datum w with L-n digits making up a key Sk; choosing a word c of the selected error correcting code C; generating the reconstruction datum s by combining the said word c with the said extended datum we. The invention applies notably to the authentication of individuals and to the generation of cryptographic keys, using for example biometric data or the physical characteristics intrinsic to an electronic component.

Abstract: A method for indicating probability of spam for email comprises tracking network traffic characteristics for the email, and comparing the tracked characteristics for the email to characteristics for email from trusted or known spam sources.

Abstract: System and method for managing the configuration of resources in an enterprise. Embodiments of the present invention gather, store, and maintain institutional knowledge of configurations of IT resources of an enterprise. A configuration database serves as a temporal record of the configurations of the resources. The configuration database can reflect a dimensional model of the enterprise configuration where various configuration items are linked together. A configuration change can be analyzed and approved, and then reflected in a change to a configuration item (CI) which imposes an appropriate change to other configuration items based on upstream, downstream, peer relationships and/or views. A system according to an embodiment of the invention can also include a change database, an inventory database, a problem database, and/or a service level management subsystem to ensure changes to an enterprise's configuration are consistent with service level agreements and/or operating level agreements.