Abstract: A method for determining a derived geographic location of a target Internet host includes identifying plural landmark Internet hosts communicatively coupled with the target Internet host by a network. The method also includes measuring network latencies of probe packets transmitted to the target and landmark Internet hosts along different network pathways and calculating relative distances between the target Internet host and one or more of the landmark Internet hosts based on the network latencies. The method further includes comparing the relative distances to identify at least one of the landmark Internet hosts that is geographically closer to the target Internet host than one or more other landmark Internet hosts and determining the derived geographic location of the target Internet host based on a geographic location of the at least one of the landmark Internet hosts that is geographically closer to the target Internet host.

Abstract: Described is a technology by which a relay is coupled (e.g., by a wire) to a network and (e.g., by a wireless link) to an endpoint. Incoming data packets directed towards the endpoint are processed by the relay according to an error correction scheme, such as one that replicates packets. The reprocessed packets, which in general are more robust against packet loss, are then sent to the endpoint. For outgoing data packets received from the endpoint, the relay reprocesses the outgoing packets based upon the error correction scheme, such as to remove redundant packets before transmitting them to the network over the wire. Also described are various error correction schemes, and various types of computing devices that may be used as relays. The relay may be built into the network infrastructure, and/or a directory service may be employed to automatically find a suitable relay node for an endpoint device.

Abstract: A method for profiling user activity in a mobile network, including extracting user identifiers from application sessions identified from a mobile network, analyzing the application sessions to determine session blocks based on shared IP address and a minimum separation time threshold, extracting a traffic marker from the session blocks based on a user identifier, identifying a first portion of the session blocks based on the user identifier, wherein the first portion is associated with first mobile network activities of a user identified by the user identifier, identifying a second portion of the session blocks based on the traffic marker, wherein the second portion is associated with second mobile network activities of the user, and analyzing the first portion and the second portion to determine a measure of a mobile network activity of the user.

Abstract: The present invention relates to a method of profiling an Internet endpoint associated with an Internet Protocol (IP) address, an IP prefix, or a domain name, the method includes generating a profiling rule using an Internet search engine, obtaining a search result by inputting the IP address, the IP prefix, or the domain name to the Internet search engine, and classifying the Internet endpoint based on the search result using the profiling rule.

Abstract: A method for content transmission in a cellular network having a collection of cellular zones. The method includes obtaining a statistical trace associated with the cellular network, comprising attributes of historical content chunks received from prior users of the cellular network and trajectories of the prior users moving within the cellular zones, analyzing the statistical trace to identify a portion of the cellular zones as drop zones, allocating drop zone transmission bandwidth to the drop zones based on a pre-determined criterion, receiving, subsequent to the allocating, a transmission request for a content chunk from a mobile device of a user outside the drop zones, delaying transmission of the content chunk while the mobile device remains outside of the drop zones, and transmitting the content chunk in response to detecting the mobile device within the drop zones.

Abstract: A method for providing location based service in a cellular data service network (CDSN) by analyzing accounting data packets of the CDSN to determine a user mobility pattern, classifying application data packets of the CDSN into pre-determined application categories, analyzing the accounting data packets and the application data packets to associate the user mobility pattern and one of the pre-determined application category, comparing a newly received accounting data packet and the user mobility pattern to identify a match, and providing, in response to identifying the match, the location based service to a user based on the pre-determined application category.

Abstract: A system is provided that includes an artificial connection generator and a probe machine. The artificial connection generator is configured to establish one or more artificial connections with a server that at least partially hosts one or more services or applications for access by clients. The probe machine is configured to control a number of artificial connections with the server by the artificial connection generator. The probe machine also is configured to establish a probing connection with a server to determine a service time of the server that is indicative of a time period involved with execution by the server of one or more requests to the server. The probe machine is configured to derive a number of actual connections between the clients and the server based on changes in the service time of the server when the number of artificial connections with the server is varied.

Abstract: Systems and methods for pseudonymous public keys based authentication are described that enable an authentication to achieve pseudonymity and non-repudiation, for example, at the same time. Pseudonymity may provide, for example, that a user can show to different parties different digital identifiers for authentication instead of, for example, always using a single digital identifier everywhere, which may lead to a breach of privacy. Non-repudiation may provide, for example, that the authentication data at the server side can be used, for example, to verify a user's authentication request, but not to generate an authentication request, which might lead to user impersonation. A user may use a physical token to generate the authentication request corresponding to the user's identity to pass the authentication.

Abstract: A method for determining a derived geographic location of a target Internet host includes identifying plural landmark Internet hosts communicatively coupled with the target Internet host by a network. The method also includes measuring network latencies of probe packets transmitted to the target and landmark Internet hosts along different network pathways and calculating relative distances between the target Internet host and one or more of the landmark Internet hosts based on the network latencies. The method further includes comparing the relative distances to identify at least one of the landmark Internet hosts that is geographically closer to the target Internet host than one or more other landmark Internet hosts and determining the derived geographic location of the target Internet host based on a geographic location of the at least one of the landmark Internet hosts that is geographically closer to the target Internet host.

Abstract: A user proceeds from one location to another location inside of a building by traveling in a sequence of several hops in response to different visual cues. A portable handheld device may provide the visual cues to the user. The user reaches the destination through the sequence of hops using the portable handheld device.

Abstract: The present invention relates to a method of profiling an Internet endpoint associated with an Internet Protocol (IP) address, the method includes generating a profiling rule using an Internet search engine, obtaining a search result by inputting the IP address to the Internet search engine, and classifying the Internet endpoint based on the search result using the profiling rule.

Abstract: Described is a technology by which a relay is coupled (e.g., by a wire) to a network and (e.g., by a wireless link) to an endpoint. Incoming data packets directed towards the endpoint are processed by the relay according to an error correction scheme, such as one that replicates packets. The reprocessed packets, which in general are more robust against packet loss, are then sent to the endpoint. For outgoing data packets received from the endpoint, the relay reprocesses the outgoing packets based upon the error correction scheme, such as to remove redundant packets before transmitting them to the network over the wire. Also described are various error correction schemes, and various types of computing devices that may be used as relays. The relay may be built into the network infrastructure, and/or a directory service may be employed to automatically find a suitable relay node for an endpoint device.

Abstract: An identity validation system and method for the Internet provides user accountability while supporting user privacy to counter SPAM, Internet vandalizers, and predators, as well as cyber bullies who use the Internet to communicate with actual or potential victims. The system includes network authority software that issues a permanent identity and secret code to a user and disseminates different hashed versions of the permanent identity and secret code to different agents. A user hardware Internet passport generates hashed versions of the permanent identity and secret code as well as a passcode that is generated from the hashed secret code and user software generates a temporary identity from the hashed permanent identity. The user software transmits the temporary identity and passcode to a selected agent that performs the actual identity validation.