Abstract: A distributed system includes first-tier entities, and a master entity in communication with each first-tier entity. The master entity provides a single access point through which an administrator can submit commands to manage all entities. The master entity maintains a table of virtual slots. Each virtual slot points to one of the first-tier entities, and each first-tier entity is pointed to by at least one virtual slot. The processor runs an RPC (remote procedure call) client to submit RPC requests to the first-tier entities, and determines a destination first-tier entity for a given RPC request in response to which virtual slot the administrator submits a command. The distributed system can include second-tier entities, each indirectly communicating with the master entity through a first-tier entity. The table has a virtual slot for each second-tier entity, which points to the first-tier entity acting as proxy for the second-tier entity.

Abstract: Methods may provide peak load processing on a computer system. A method may include receiving at a remote computer system a request from a local computer system, coupled to the remote computer system by a network, to replicate at the remote computer system a local instance of an application executing on the local computer system that is subject to user requests received at the local computer system. The method may further include replicating on the remote computer system a remote instance of the application and redirecting user requests from the local computer system to the remote computer system. The method may further include executing on the remote computer system the remote instance of the application, including processing with the remote instance of the application user requests redirected from the local computer system to the remote instance of the application.

Abstract: A resource allocation framework is described herein which allocates items (conceptualized as balls) to item-receiving slots (conceptualized as bins) in a domain-agnostic manner. A user instantiates the resource allocation framework to a particular allocation problem by generating a specification that describes the allocation problem in a declarative fashion. Among other features, the specification maps real-world entities to the balls and bins, and describes the constraints associated with the allocation problem. The specification also provides a utilization function that computes the consumption of resources for a proposed assignment of a particular ball to a particular bin. According to another aspect, the resource allocation framework uses many processing elements (e.g., GPU threads, CPU threads, etc.), operating in parallel, to attempt to find a solution to the allocation problem.

Abstract: A method and system for providing secure access to a device initiating communications using a peer-to-peer signaling protocol, such as a SIP or H.323. In a device registration phase, the device contacts a secure access server, and authenticates to the secure access server by providing an identification, such as its factory ID. The secure access server then issues a device ID and private key to the authenticated device. A client can then initiate a further communication session and be authenticated by the secure access server. The secure access server returns the device identification and the device's public key to the client. The client and device can then perform a symmetrical key exchange for their current communication session, and can communicate with appropriate encryption. The device's private key can be set to expire after one or more uses.

Abstract: Embodiments of methods to communicate a timestamp to a storage system are generally described herein. Other embodiments may be described and claimed.

Abstract: Systems and methods which prevent or limit access to protected content (e.g., value bearing indicia (VBI)) by a general purpose user interface application (e.g., web browser) are shown. Embodiments implement techniques to avoid displaying protected content by a general purpose user interface application, or displaying protected content during a time in which a user does not have access to particular functions of the general purpose user interface application, to protect the content from various operations, such as repeated printing, electronic copying, etc. Data presentation formatting control in the form of style sheets may be utilized to control access to content. Additionally or alternatively, executable code or an executable object may be implemented within a page or other content to control access to content. Similarly, separate areas, such as windows or pages, may be utilized to control access to content.

Abstract: Systems and methods for binding of cryptographic content using unique device characteristics with server heuristics in accordance with embodiments of the invention are disclosed. One embodiment includes a processor and memory includes collecting a combination of device characteristics that uniquely identify the device using information stored on the device and accessible to the device using the device processor, generating device match data based upon the collected combination of device characteristics using the device processor, generating a device protection key using the device match data, encrypting the cryptographic data using the device protection key, and storing the encrypted cryptographic data in device memory using the device processor.

Abstract: Systems and computer program products may provide peak load processing on a computer system. A first computer system may include a processor and a memory storage device operatively coupled to the processor. The memory storage device may store instructions that are executed by the processor to receive from a second computer system coupled to the first computer system by a network, a request to replicate at the first computer system a first instance of an application executing on the second computer system, replicate on the first computer system the first instance of the application and execute the first instance of the application on the first computer system, including processing user requests related to the application received from the second computer system.

Abstract: To prevent a transfer of an authority from being useless as much as possible, an authority transfer unit includes a decision unit for making a decision that an authority of a user with respect to a management unit is transferred to a processing request unit.

Abstract: A method for downloading information into a secure non-volatile memory of a secure embedded device (SED) during a manufacturing or personalization process. The method involves communicating the information and a software program from a device to a temporary storage memory of the SED. The method also involves starting the software program provided to facilitate an initialization of a first key and to facilitate a transfer of at least a portion of the information from the temporary storage memory to the secure non-volatile memory. In response to starting, the software program, the first key is initialized and the portion of information is transformed into transformed information locally at the SED using at least one of a scramble algorithm and a cipher algorithm. Thereafter, the transformed information is written to a memory element of the secure non-volatile memory.

Abstract: Some embodiments provide a director agent, a server agent, and a specialized hand-off protocol for improving scalability and resource usage within a server farm. A first network connection is established between a client and the director agent in order to receive a content request from the client from which to select a server from a set of servers that is responsible for hosting the requested content. A second network connection is established between the server agent that is associated with the selected server and a protocol stack of the selected server. The first network connection is handed-off to the server agent using the specialized hand-off protocol. The server agent performs network connection state parameter transformations between the two connections to create a network connection through which content can be passed from the selected server to the client without passing through the director.

Abstract: Systems and methods for installing network certificates on a client computing device are provided. In some aspects, a method includes automatically determining that the certificate associated with the network is not installed on the computing device. The method also includes determining that the certificate can be installed on the computing device without assistance. The method also includes determining whether end-user input is required to install the certificate. The method also includes, if end-user input is required to install the certificate, displaying a graphical component which prompts an end-user for an input associated with generating the certificate, receiving the input, and providing a request to generate the certificate based on the input. The method also includes, if end-user input is not required to install the certificate, providing a request to generate the certificate. The method also includes storing the certificate. The method also includes connecting to the network using the certificate.

Abstract: System, method and apparatus for securely distributing content via an encrypted file wherein a Publisher Key (PK) associated with an authorized publisher enables presentation of the content by the authorized user via a Limited Capability Viewer (LCV), the LCV lacking the capability to forward, print, copy or otherwise disseminate the content to be presented.

Abstract: Provided is a technology which creates an autorun file that is used in autorun for preventing the autorun of a USB-based portable storage, thereby allowing an arbitrary user or worm virus not to manipulate the autorun file. A method for preventing autorun of portable storage accesses at least one of a master file table entry of a root directory and a master file table entry of an autorun file, and sets non-autorun in the at least one accessed master file table entry.

Abstract: A method, apparatus, and system are directed to managing traffic towards a tunnel in a network. The invention enables a network device, to extract data from a received packet. A deep packet inspection is employed that enables examination of the extracted data at virtually any layer of an OSI layered protocol of the packet. If the extracted data does not satisfy the flow criteria, a second packet may be inspected at a deep packet level to determine whether the data of the first and second packet satisfies the flow criteria. If the extracted data satisfies the flow criteria a tunnel is determined based, in part, on the flow criteria. The packet is associated with and forwarded towards the determined tunnel.

Abstract: Encrypted storage often introduces unwanted latency in access. This delay can result in a processor having to wait for critical data thus slowing performance. Generally speaking, the latency is at most an issue when reading from encrypted storage, since the processor may need the information read from encrypted storage to proceed. During a write operation, there typically is not an issue because the processor does not need to wait for the end of the write operation to proceed. A variant of counter (CTR) mode for a block cipher can be used to perform the majority of the decryption operation without knowledge of the ciphertext, therefore the majority of the decryption operation can be performed concurrently with the retrieval of the ciphertext from memory. In order to further secure the encrypted storage, a light encryption can be performed to further obfuscate the ciphertext.

Abstract: Aspects of the disclosed subject matter are directed to facilitating peer-to-peer data exchange in a common domain. In accordance with one embodiment, a method is provided for obtaining content from one or more peers that are connected to the domain. The method includes registering a peer with a super-peer when a connection to the domain is established. Then, the connecting peer obtains data that describes various network conditions and identifies chunks of content available from other peers. In downloading content from other peers, heuristics are applied to select between available chunks that are potentially encoded at different bitrates. The heuristics account for the network conditions between peers and balance the potential need to quickly access content with the desire to obtain high quality content.

Abstract: Provided are techniques for the specification of templates for the orchestration of workflows such as, but not limited to, computer system server, storage, network, virtualization and cloud infrastructure management operations and tasks. The disclosed techniques support non-scripted native representations of the workflows, the addition of new object types or operation sets or services, atomicity, transactional semantics of workflows and the ability to configure parameters for execution of workflow.

Abstract: An image processing system includes: a relay apparatus; a service providing apparatus for an electronic-file storing service; and an image processing apparatus, which are connected to a network. The image processing apparatus includes: a first-address-get-request transmitting unit that transmits a request for getting a first address representing a location of an electronic file to be downloaded from the service providing apparatus to the relay apparatus; a first downloading unit which, upon receiving the first address from the relay apparatus after the request for getting the first address is transmitted, downloads the electronic file stored at the first address; and a storage control unit that controls a storage unit to store the electronic file downloaded by the first downloading unit. The relay apparatus includes: a first-address-get-program storage unit; a first-address getting unit; and a first-address transmitting unit.

Abstract: A method of routing data that is part of a grid job including steps of: receiving a data packet at a routing device; determining whether the data packet is identified as part of a grid job; and routing the data packet that is identified as part of a grid job through the Internet to an external node.