Abstract: A lightweight group signature system and method with short signatures according to the exemplary embodiments of the present invention can provide security characteristics similar to group signature mechanisms providing the existing known controllable linkability but can make a revocation method simple by outputting a short signature and providing excellent operation efficiency at the time of signature generation, signature verification, and revocation on smart terminals, and can be widely applied to various anonymity-based application environments, making by making operation efficiency excellent at the time of signature generation and verification and outputting very short signature lengths.

Abstract: A technique dynamically restores original attributes of a Traffic Engineering Label Switched Path (TE-LSP) that are provided in a source domain for a destination domain when traversing one or more intermediate domains that may translate the TE-LSP attributes in a computer network. According to the novel technique, a head-end node requests an interdomain TE-LSP having one or more original TE-LSP attributes (e.g., priority, bandwidth, etc.) using a signaling exchange. The head-end node may also request restoration of the original TE-LSP attributes upon entrance into the destination domain. Intermediate domains (e.g., border routers of the domains) receiving the request may translate the original TE-LSP attributes into corresponding intermediate domain TE-LSP attributes. When the request reaches the destination domain, the intermediate domain TE-LSP attributes of the requested TE-LSP are restored into the original TE-LSP attributes.

Abstract: The disclosed embodiments are directed to improving the efficiency of guaranteeing data consistency to clients, such as for one or more objects stored on a plurality of volumes configured as a Striped Volume Set. In particular, the disclosed embodiments optimize requests from clients which span multiple Data Volumes and which require strong serialization. The disclosed embodiments provide a “viral ticket book” model that provides lower latency while improving compatibility with client protocols.

Abstract: A mechanism is disclosed for enabling a network address to be shared by multiple containers. By allowing multiple containers to share a network address, a limit on network addresses does not limit the number of containers that can be implemented. Despite the fact that the network address is shared by multiple containers, the uniqueness and isolation of each container is still maintained. In one implementation, this is achieved by associating a unique label with each container. With this unique label, it is possible to forward a packet destined for the shared network address to a specific container despite the fact that multiple containers share the same network address. Thus, with this mechanism, it is possible to achieve container isolation and uniqueness without limiting container scalability.

Abstract: A disclosed anonymous authentication system comprises a group management device, an authentication-subjected user device, a verification device and an authentication-subjected user identification device. A user previously registers a verification key in the group management device such that his signature can be verified. For authentication, the user generates his or her own signature using the authentication-subjected user device, and encrypts the signature using an encryption key of the group to generate authentication data. The verification device authenticates the signature in collaboration with a verification assistant who has a decryption key of the group. The authentication-subjected user identification device that has the decryption key of the group decrypts the authentication data as required to identify a user who is to be authenticated.

Abstract: Disclosed are method and system for determining the validity of a command line, comprising the steps of: maintaining a first IP address database including first IP address information or at least one terminal specification information associated with the first IP address information, in which the first IP address information includes IP address information of a proxy server or that of a terminal using a dynamic IP address; receiving a command line from a terminal of a user; extracting a request content, second IP address information, or second terminal specification information included in the command line; generating log information including the request content, the second IP address information, the second terminal specification information or input time point information with respect to the input time point of the command line; recording the log information associated with the command line in a log database; identifying the terminal by referring to the first IP address database and the log database; and d

Abstract: An information distribution system includes a visit determination unit (42), a distribution range evaluation unit (43), and a distribution range change unit (44). The visit determination unit (42) determines whether a user of a mobile terminal (2) to which evaluation information has been distributed has visited a facility in the evaluation information, and upon determining affirmatively, calculates a visit distance indicating the distance between the location of the mobile terminal indicated by distribution time terminal location information and the location of the facility in the evaluation information. The distribution range evaluation unit (43) determines whether the distribution range is effective based on the visit distance.

Abstract: In certain embodiments, a method includes receiving, at a proxy, a request for access to a network from an application on an endpoint. The method also includes determining, by the proxy, information about the application on the endpoint by examining one or more headers of the request received at the proxy from the application. The method further includes determining, by the proxy, whether the one or more headers comprise expected information based on the determined information about the application. In response to determining that the one or more headers do not comprise the expected information, the method includes denying, by the proxy, the request for access to the network. In addition, in response to determining that the one or more headers comprise the expected information, the method includes forwarding, by the proxy, the request to the network on behalf of the application.

Abstract: Content delivery by a network node is optimized. The network node is communicatively coupled between multiple end user devices and at least one content service provider. A request for a media streaming service available from the content service provider is intercepted from a first requestor device. It is determined if the media streaming service is registered for delivery optimization based on at least one service rule specific to the media streaming service. It is determined if a second requestor device is currently receiving the media streaming service from the content service provider. In response to the media streaming service being received by the second requestor device, delivery optimization of the media streaming service is performed by replicating the media streaming service for delivery to the first requestor device. The replicated media streaming service is sent to the first requestor device.

Abstract: A distributed device architecture includes a master device and one or more member devices. A simple network management protocol (SNMP) agent of a master device receives an SNMP request from a managing device. Where the SNMP request pertains to a given member device, and where the SNMP request requires involvement of the given member device to fulfill the SNMP request, the master device generates a non-SNMP request corresponding to the SNMP request and transmits the non-SNMP request to the given member device. A non-SNMP agent of the given member device processes the non-SNMP request and transmits processing results back to the master device. The master device generates an SNMP response corresponding to the processing results, and the SNMP agent of the master device transmits the SNMP response back to the managing device.

Abstract: A technique optimizes routing of application data streams on an Internet Protocol (IP) backbone in a computer network. According to the novel technique, a client router learns of server states (e.g., number of pending requests, etc.) of a plurality of application servers and also determines metrics of intermediate links between the application servers and the client router (intermediate link metrics), e.g., particularly link metrics in a direction from the application servers to the client router. Upon receiving an application request from an application client (“client request”), the client router determines to which of the application servers the client request is to be sent based on the server states and intermediate link metrics, and sends the client request accordingly.

Abstract: An order-preserving encryption apparatus includes an initializer for setting a total space of a ciphertext with respect to a total space of a plaintext by considering security of the ciphertext, and setting a secret key for encryption and a pseudo-random number generator for generation of a pivot. Further, the order-preserving encryption apparatus includes a pivot generator for applying the secret key to the established pseudo-random number generator to generate a pivot for the plaintext to be encrypted. Further, the order-preserving encryption apparatus includes a ciphertext generator for generating information about size of a bit constituting the ciphertext by comparing the generated pivot and the plaintext; and a plaintext adjusting unit for adjusting a magnitude of the total plaintext space and a magnitude of the plaintext according to the ciphertext.

Abstract: A document processing method and system divides a document into document pages, and encrypts the document pages by first key to obtain a plurality of encrypted pages; picks a part of words from the document pages and encrypts them by second key to obtain a Significant Word Set (SWS); picks a part of words from the picked part of words and encrypts them by third key to obtain a Most Relevant Word Set (MRWS). The encrypted pages, the SWS and the MRWS are transmits to a remote server for storage. When user search a keyword in the document, the keyword is encrypted by the second and third keys for performing two query. The first query result is decrypted to obtain the search result. The second query result is decrypted and then checked whether it is a subset of the first decrypted query result for detecting unfaithful execution.

Abstract: Routing and displaying instant messages includes receiving a first request to establish a first instant messaging session associated with an instant messaging online identity assigned to a user using a first instant messaging controller. The first instant messaging session is established in response to the first request, where the first instant messaging session includes a first state. A second request from the user is received to establish a second instant messaging session associated with the instant messaging online identity assigned to the user using a second instant messaging controller that differs from the first instant messaging controller. The second instant messaging session is established in response to the second request, where the second instant messaging session includes a second state. An instant message designated for the instant messaging online identity assigned to the user is received and a determination is made on where to route the instant message based on routing criteria.

Abstract: Techniques for managing direct communication between two devices are disclosed. Each of the device is behind a network address translator. According to one embodiment, a server, in responding to a request from a requesting device for needed data, is configured to determine some of devices in service to be candidates from a database, where the database has many entries, each of the entries pertaining to one of the devices. The candidates are determined in accordance with at least compatibility of respective network address translators with a network address translator of the requesting device. Among the candidates, the server then designates a finalist that is preferably not designated to be a supplying device more often than it should be on average. The server then notifies either the requesting device or the supplying device so that the requesting device can get the needed data directly from the supplying device.

Abstract: Messages are received and retained in memory and are batch processed including transferring the messages to a cell pool having cells of predetermined size. The location and size of the messages are recorded in a table map with other pertinent information as is required. Messages in the cell pool are processed and delivered asynchronously.

Abstract: A system receives identification of at least one data structure to contain the network management data associated with the managed resource. The system receives notification that at least one type adapter structure has been created. The type adapter is associated with the data structure. The system receives identification of at least one key common to the data structure, and the network management data. The system receives notification that methods within the at least one type adapter structure have been implemented to enable the network management data to be mapped from the at least one data structure to a managed object database.

Abstract: A method to expose information about a set of data objects to a master device is provided. A benchmark sequence indicator is used in connection with a set of sequence indicators that are each related to data objects (such as media files on a device) to satisfy multiple independent requests for information about certain objects that satisfy sequence criteria conveyed from multiple requesting applications. An embodied data structure includes a set of properties associated with a data object as well as a sequence-identification field that also corresponds to the data object and that is populated with an object sequence indicator that indicates when a change occurred to the data object.

Abstract: Presence subscriptions for messaging services are managed by automatically subscribing contacts to a user's contact lists based one or more rules, subscription states and contact types. In some embodiments, presence subscriptions are managed by: identifying a set of contacts with respect to an identified user; applying subscription rules to the contacts; selecting a subset of contacts based on one or more subscription rules; and automatically establishing presence subscriptions for the subset of contacts.

Abstract: Embodiments of the invention relate to apparatuses and methods for identity verification. For example, in one embodiment, a financial institution has a system to generate authentication questions to be used when authenticating a customer when the customer is trying to access and/or use the customer's account. The authentication system is configured to ask one or more authentication questions each time the customer tries to access or use the account, where the authentication questions are generally out-of-wallet questions that constantly change from one authentication attempt to the next. For example, in one embodiment, the questions include behavioral, historical, and transaction based questions generated from information available about a customer's financial account.