Abstract: A system and method of tracking high-level network transactions. At least one switching node on a network may collect low-level data packets, the low-level data packets forming collectively a corresponding stream of high-level messages as parts of high-level transactions involving network resources of the network. Identifiers of the network resources in the network serving the high-level transactions may be identified from the low-level data packets. The data content of the high-level messages may be determined. The high-level messages may be grouped into groups of high-level messages having similar data content. Commonalities in the occurrences of high-level messages having different data content may then be identified.

Abstract: A system to facilitate a service oriented email client application. The system includes a service registry, a service address book coupled to an email client, and an email composer coupled to the service address book. The service registry includes service information. The service information describes how to invoke a web service. The service address book includes a web service entry linked to the service information for the web service in the service registry. The email composer generates a user input form with a custom input field corresponding to the service information for the web service.

Abstract: A network comprises at least one network device and a plurality of unconnected network ports, the apparatus comprising: a send component for sending an identification message to each network device; a receive component, responsive to the send component sending the identification message, for receiving at least one identification response from the network; an analyze component, responsive to the receive component receiving an identification response, for determining the plurality of unconnected network ports comprising a first network port; an identify component, responsive to the analyze component determining the plurality of unconnected network ports, for determining the first network port; and a send component, responsive to the identify component determining the first network port, operable for sending a first location message to the first network port.

Abstract: One embodiment of the present invention relates to a system for distributing audio/video convent via a network, comprising: a client software application, and a channel control software application, wherein the client software application and the channel control software application are operatively connected together via the network such that the client software application receives at least one control message from the channel control software application, wherein the at least one control message causes the client software application to access at least: i) a first audio/video data element and ii) a second audio/video data element, and wherein the at least one control message causes the client software application to composite together at least: i) the first audio/video data element and ii) the second audio/video data element and to render at least the composited first and second audio/video data elements at a client device running the client software application.

Abstract: According to one embodiment, an interface apparatus includes a connector which establishes connection with a plurality of Session Initiation Protocol (SIP) terminals which each include communication functions defined by SIP and with an SIP network to one port, a first processor which executes exchange processing for the plurality of SIP terminals, a second processor which executes exchange processing for the SIP network, and a sorting unit which sorts a control signal into the first processor or the second processor based on transmission destination identification information or transmission origin identification information in the control signal regarding exchange received by the connector.

Abstract: A method includes receiving, at a carrier network provider, a request from a requestor's mobile device to locate an instant messaging (IM) friend from the requestor's IM friends list; authenticating the request for use of location-based services on the carrier network; receiving geographic location coordinates from the requestor's mobile device; adding random error to the geographic location coordinates; sending the request to locate an IM friend and the geographic location coordinates with random error to an IM portal; receiving a list of the requestor's IM friends within a particular region near the geographic location coordinates with random error; and sending to the requestor's mobile device the list of IM friends within the particular region near the geographic location coordinates with random error.

Abstract: A network system includes a reconfigurable network and a network management system. The network management system can represent the network in the form of a network image. Network image objects, corresponding to network objects, can be selected as copy sources and paste targets. A copy-and-paste operation modifies the network image to indicate a potential modification of the actual network in which the configuration of the network object corresponding to the selected copy source object is applied to the network object corresponding to the selected image object. In addition, the copy-and-paste operation can automatically represent a common connection of a source object input and a target object input to a common data source. Furthermore, the copy-and-paste operation can automatically connect outputs of source and target objects to a comparison function so that the implementation of the copy-and-paste operation on the actual network can be validated.

Abstract: Methods and systems to guard against attacks designed to replace authenticated, secure code with non-authentic, unsecure code and using existing hardware resources in the CPU's memory management unit (MMU) are disclosed. In certain embodiments, permission entries indicating that pages in memory have been previously authenticated as secure are maintained in a translation lookaside buffer (TLB) and checked upon encountering an instruction residing at an external page. A TLB permission entry indicating permission is invalid causes on-demand authentication of the accessed page. Upon authentication, the permission entry in the TLB is updated to reflect that the page has been authenticated. As another example, in certain embodiments, a page of recently authenticated pages is maintained and checked upon encountering an instruction residing at an external page.

Abstract: A system for managing a user's access rights to avionic information, loaded on board an aircraft, that includes at least one identification device able to read the user's identity information contained on a personal card, and an avionic computer having means of managing access rights able to authenticate the user and determine access rights to avionic information based on the user's identity.

Abstract: 401 stores, in 302, key d? obtained by subtracting random number 2r held in 201 from key d held in 105. When an operation starts, the values “?C” and “?C2” are calculated respectively, and the resultant values are stored in a multiplication table memory 205 together with value “C”. In a first operation cycle, 107 selects and outputs an intermediate value 108 held in an in-operation data register 103, and thereby makes a modular-multiplication operation circuit 104 perform squaring. In the second operation cycle, 107 selects and outputs one of three values held in 205 in accordance with the combination of key bit value d?i and random number bit value ri, and thereby makes the modular-multiplication operation circuit 104 perform multiplication. Thereby, a cryptographic processing device that requires a short operation time period, small circuit scale, and has sufficient security can be realized.

Abstract: Provided are, among other things, systems, methods and techniques for managing associations between keys and values within a computer processing system. In one exemplary implementation, requests to store associations between keys and data values corresponding to the keys are input, and the associations are stored in entry nodes within a data structure represented as a hash-based directed acyclic graph (HDAG). Upon receipt of a data value request and accompanying request key, together with satisfaction of any additional access criterion, a return data value corresponding to the request key automatically is provided, the return data value having been generated based on at least one of the associations that involve the request key.

Abstract: The invention relates to message-based communication between at least two units (100; 200) participating in a communications session. A first communications unit (100) generates and stores a state (10) comprising unit-associated data applicable for multiple messages to be communicated between the unit (100) and a second unit (200). A copy of this state (10) is then transmitted to the second unit (200), where it is stored. The state (10) and state copy can now be used in message processing for the purpose of reducing the message size and reducing utilization of communications resources. Data contained in the state (10) or state copy and found in the message (m1) is removed from the message prior transmission thereof. The resulting reduced-size message (m1?USD) is transmitted to the receiving unit, where the message (m1?USD) is anew processed by re-entering the data, removed by the transmitting unit, into the message (m1?USD) using the state copy or state. The original message (m1) is then recreated.

Abstract: A system and method provides a remote direct memory access over a transport medium that does not natively support remote direct memory access operations. An emulated VI module of a storage operating system emulates RDMA operations over such a medium, e.g., conventional Ethernet, thereby enabling storage. Storage appliances in a cluster configuration utilize the non-RDMA compatible transport medium as a cluster interconnect.

Abstract: Methods are provided for processing a packet received by a mesh-enabled access point (MAP). When a first MAP receives a packet it can determine whether the packet is destined for a mesh portal based on the destination address. If so, the first MAP can retrieve an encryption key corresponding to the mesh portal, use the encryption key to encrypt the packet and set a mesh forwarding flag in the packet to indicate that the packet is destined for a mesh portal, and is encrypted with an encryption key corresponding to the mesh portal, and then forward the packet to the next hop MAP towards the a mesh portal. The mesh forwarding flag indicates that the packet is destined for a mesh portal, is encrypted with an encryption key corresponding to the mesh portal, and is to be forwarded to the next hop MAP without performing decryption/re-encryption processing on the packet. When a MAP receives a packet, the first MAP it determines whether a mesh forwarding flag is set in the packet.

Abstract: An encryption and decryption processing system for achieving SMS4 cryptographic procedure can be provided. The system includes a repeating encryption and decryption data processing device comprising a first constant array storing unit, a first data registering unit and a first data converting unit. The first constant array storing unit stores a first constant array and send it to N-data converting sub-units of the first data converting unit. The first data registering unit registers data, deliver the registered data to a first data converting sub-unit. The N-data converting sub-units perform a data conversion processing, and transmit the obtained conversion data to a next data converting sub-unit for subsequent processing until the data conversion processing processes are completed, a particular number of the completed processed being equal to a value of a data depth.

Abstract: An approach is provided to receive a request at a first computer system from a second system. The first system generates an encryption key, modifies retrieved source code by inserting the generated encryption key into the source code, and compiles the modified source code into an executable. A hash value of the executable program is calculated and is stored along with the encryption key in a memory area. The executable and the hash value are sent to the second system over a network. The executable is executed and it generates an encrypted result using the hash value and the embedded encryption key. The encrypted result is sent back to the first system where it is authenticated using the stored encryption key and hash value.

Abstract: A novel technique is provided for preventing routing loops by disseminating Border Gateway Protocol (BGP) attribute information in an Open Shortest Path First (OSPF) configured network. Specifically, a new OSPF sub-type-length-value (TLV) is introduced for transporting a conventional BGP autonomous system (AS) path attribute through the OSPF-configured network. Like the BGP AS-path attribute, the new OSPF AS-path sub-TLV is configured to store a set of AS numbers corresponding to the AS path of one or more advertised routes. Thus, when a network device receives an OSPF link-state advertisement (LSA) containing the novel AS-path sub-TLV, the network device determines whether it resides in an autonomous system whose AS number is stored in the sub-TLV. If so, the network device does not install the LSA's advertised routes in its link-state database since the routes, if installed, could result in routing loops.

Abstract: Techniques are provided through which “suspicious” websites may be identified automatically. A suspicious website is one that is associated with many changes or an inconsistent number of changes in web registry information over time. Registry information is received when changes to the registry information occur. The registry information is referred to as a transaction. A transaction is comprised of a plurality of values that each correspond to a characteristic. A characteristic is a property of a website, such as the website's contact information. A count associated with a particular characteristic-value pair is updated each time the particular value is identified in a transaction. A high count indicates that the website associated with the particular value is associated with a lot of changes. Therefore, a website associated with a high count is suspicious. Other factors that may be used for identifying a “suspicious” website include how often and how much the count changes.

Abstract: A data processing system features a hardware trusted platform module (TPM), and a virtual TPM (vTPM) manager. When executed, the vTPM manager detects a first request from a service virtual machine (VM) in the processing system, the first request to involve access to the hardware TPM (hTPM). In response, the vTPM manager automatically determines whether the first request should be allowed, based on filter rules identifying allowed or disallowed operations for the hTPM. The vTPM manager may also detect a second request to involve access to a software TPM (sTPM) in the processing system. In response, the vTPM manager may automatically determine whether the second request should be allowed, based on a second filter list identifying allowed or disallowed operations for the sTPM. Other embodiments are described and claimed.

Abstract: A system, method, and owner node for securely changing a mobile device from an old owner to a new owner, or from an old operator network to a new operator network. The old owner initiates the change of owner or operator. The old owner or operator then commands the mobile device to change a currently active first key to a second key. The second key is then transferred to the new owner or operator. The new owner or operator then commands the mobile device to change the second key to a third key for use between the mobile device and the new owner or operator. Upon completion of the change, the new owner or operator does not know the first key in use before the change, and the old owner does not know the third key in use after the change.