Abstract: In some embodiments, a processor-based system may include a processor, the processor having a processor identification, one or more electronic components coupled to the processor, at least one of the electronic components having a component identification, and a hardware security component coupled to the processor and the electronic component. The hardware security component may include a secure non-volatile memory and a controller. The controller may be configured to receive the processor identification from the processor, receive the at least one component identification from the one or more electronic components, and determine if a boot of the processor-based system is a provisioning boot of the processor-based system. If the boot is determined to be the provisioning boot, the controller may be configured to store a security code in the secure non-volatile memory, wherein the security code is based on the processor identification and the at least one component identification.

Abstract: Matches between search queries and potential targets of such search queries are automatically brokered by (i) comparing search criteria specified in the search queries with profile criteria describing the potential targets, and (ii) reporting instances of acceptable correspondence between the search criteria and the profile criteria, provided that access controls associated with the profile criteria of the targets permit such reporting in light of access levels assigned to the search inquiries. Initiators, using client applications at various remote locations, may formulate the search queries and the brokering may be performed at one or more server locations communicatively coupled (e.g., via the Internet) thereto. The profile criteria may include portions of rich descriptive profiles of the potential targets.

Abstract: Systems and methods for accessing location-based content include retrieving, via a web browser, a list of one or more trusted online services. The retrieved list may be used to determine whether an online service from which content is to be requested. If so, the location of the requesting device may be provided to the service in conjunction with the content request.

Abstract: Routing of content, including: receiving a request to access a content item from a device; determining at least one of status, location, and format of the content item; and planning a procedure to fulfill the request to access the content item, wherein the procedure includes a method and a route.

Abstract: A executable content message stream filter applies a plurality of executable content filters to a stream of parsed elements of a network message. Each of the plurality of executable content filters targets executable content and is instantiated based on a set of one or more rule sets selected based, at least in part, on a type of the network message. For each of the plurality of executable content filters, it is determined if one or more of the stream of parsed elements includes executable content targeted by the executable content filter. The executable content message stream filter modifies those of the stream of parsed elements that include the executable content targeted by the plurality of executable content filters to disable the executable content.

Abstract: A method performed by a network device may include assembling a multiprotocol label switching (MPLS) echo request, the echo request including an instruction for a transit node to forward the echo request via a bypass path associated with the transit node, and an instruction for an egress node to send an echo reply indicating that the echo request was received on the bypass path. The method may also include sending the MPLS echo request over a functioning label switched path (LSP).

Abstract: A storage system having a plurality of optical disc devices allows other optical disc devices inside the storage system to reproduce the optical disc recorded by a certain optical disc device but inhibits optical disc devices outside the storage system to reproduce the optical disc. A device key as a base for generating an encryption key is common to the plurality of optical disc devices. In the optical disc devices, a guest key other than the device key can be used temporarily to generate the encryption key. An authentication list containing a reproduction condition is recorded with the key information to the optical disc.

Abstract: Cookies may be stored in the cloud, such as on one or more servers. A request, from a client, for a webpage, may be received and it may be determined whether the request includes a browser cookie that represents a key value that references state information relating to web browsing by the client. When the request is determined to include the browser cookie that represents the key value, at least a portion of the state information may be obtained using the key value. The webpage corresponding to the request may be determined based on the obtained state information. The webpage may be transmitted to the client. The transmitted webpage may include a new key value when the request does not include a key value.

Abstract: A method is provided for playing back media from a network. The method includes receiving a search criteria from a network enabled device. The method further includes accessing a database comprising a plurality of network addresses, where the database associates each address with one or more classes of information. The addresses in the database each access a media network resource. The method further includes selecting at least one address in the database using the search criteria, and signaling the selected address to the network enabled device. The method also includes controlling the network enabled device so as to automatically access and play back the media resource of the selected address.

Abstract: In a Machine-to-Machine (M2M) network, efficient subscription of a M2M network application to a potentially very large number of device applications executing on remote devices is facilitated by the use of a shared “link-subscription identifier.” Each related device application (e.g., utility meter reading applications) includes a shared link-subscription identifier in its registration to a M2M network gateway or a M2M services capability (SC). The gateways maintain a binding between link-subscription identifiers in the device applications associated with them. To subscribe to all related device applications, a network application includes the link-description identifier in a subscription request to the M2M SC. The M2M SC, in turn, includes the link-subscription identifier in subscription requests it forwards to gateways and directly-connected remote devices.

Abstract: A method for video conferencing includes receiving, at one or more computers from at least some remote clients from a plurality of remote clients, information representing a plurality of media frames. The method also includes receiving, at the one or more computers from at least some of the plurality of remote clients, a plurality of video-based speech activity signals each associated with a respective media frame from the plurality of media frames. The method further includes selecting, at the one or more computers, at least some media frames from the plurality of media frames based on the video-based speech activity signals, decoding the selected media frames, generating a mixed media stream by combining the decoded media frames, transmitting, from the one or more computers to at least some remote clients from the plurality of remote clients, the mixed media stream.

Abstract: An automated agent, such as an instant message robot, is be used to facilitate introduction of a chat participant to a small group of other chat participants in a chat room. To do so, for example, a BOT may present a chat participant who desires to be introduced to a small group of chat participants in a chat room with a series of multiple-choice questions, identify a subset of chat participants based on responses to the multiple-choice questions, and provide introductions among the chat participants in the subset to facilitate conversation therebetween. For example, the introductions provided by the BOT may indicate areas of mutual interest among chat participants in the subset, similar responses to one or more multiple-choice questions, and/or diverse responses to one or more multiple-choice questions.

Abstract: An apparatus, method, and machine-readable medium are described for securely and efficiently exchanging connection data for a peer-to-peer (“P2P”) session on a network comprising. For example, in one embodiment, a connection data exchange (“CDX”) service can perform the function of a central exchange point for connection data. In one embodiment, the CDX service can perform the operations of receiving a connection data structure, sometimes referred to herein as a “ticket,” created by a matchmaker or an invitation service in response to requests from a group of mobile computing devices attempting to establish peer-to-peer (“P2P”) connections. The ticket can identify each of the group of mobile computing devices and can include encrypted NAT hole punch data associated with each of the mobile computing devices.

Abstract: A technique processes an email message. The technique involves receiving the email message from a network, and performing an authenticity analysis operation to determine authenticity of the email message. The technique further involves forwarding a copy of the email message to an external central hub through the network when a result of the authenticity analysis operation indicates that the email message is not authentic, and refraining from sending the copy of the email message to the external central hub through the network when the result of the authenticity analysis operation indicates that the email message is authentic. Such an embodiment is well suited for identifying spear phishing attacks within email messages routinely handled by an email server.

Abstract: A data control system allows non-point of sale devices (135, 155) on the LAN to receive data from an external network (160) when established conditions are met. The data control system may allow the data to be sent to a non-point of sale device (135, 155) only if the data has not been received via a secure connection reserved for point of sale devices (125, 145). The secure connection is, for example, a virtual private network connection. The data control system may also allow the data to be sent to a non-point of sale device (135, 155) only if the data is associated with a communication session initiated by the non-point of sale device (135, 155). The data control system may also allow the data to be sent to the non-point of sale device (135, 155) only if it is not received from a restricted source. The restricted source may be, for example, a payment host (170), a secure host (180) or any unidentified source.

Abstract: A method includes receiving an upload request to retrieve a master image. The method further includes retrieving the master image in response to the upload request. The method also includes storing the retrieved master image. The method further includes generating a composite image file using the retrieved master image. The composite image file can be used to create a plurality of images derived from the master image.

Abstract: In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree.

Abstract: According to one embodiment, an access control apparatus suspends the resource access event prior to access of the resource access device when the resource access event is started. The access control apparatus acquires attribute information from the attribute management device by using the deny-type policy in the access control policy and decides the permission or the denial of the access based on this attribute information and the deny-type policy. The access control apparatus releases the suspension when a result of decision in the supplied access decision result is indicative of the permission and no obligation-type policy is present in the access decision response.

Abstract: Cloud based security is the common core of any cloud based service offering and includes in-line inspection of transaction for its customers, meaning that transactions are analyzed in real-time and a decision is made on the spot whether to allow or block the transaction based on a variety of criteria. In depth content analysis for illicit activities does not scale well to in-line transaction review. The present application discloses systems, methods and computer programs to conduct content analysis based upon a fixed time periods worth of in-line transactions, where the results of the content analysis can identify malicious sites and incorporate the identified sites into subsequent in-transaction review.

Abstract: Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data. A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server.