Abstract: Leveraging an established authenticated session in obtaining authentication to a client application includes receiving a request for access to a client application requiring authentication of a requestor and determining whether there exist characteristics of leverageable authentications corresponding to established sessions having an authenticated state at a time of the determination. When the determination reveals characteristics of at least one leverageable authentication corresponding to an established session, and attempt is made to obtain access for the requestor to the client application based on the at least one leverageable authentication, and the requestor is provided with a notification related to the 1 attempt to obtain access for the requestor to the client application.

Abstract: A new approach is proposed that contemplates systems and methods to support user identity verification based on social and personal information of the user. Under the approach, customers/users are required to grant identity verifying party a degree of access to their social network information, including but not limited to, account data and social graph information on social networks. The identity verifying party then acquires information of a current or potential user's online presence in addition to other information of the user and utilizes such information to verify the user's identity in the real world and/or to assess the fraud risk of a specific financial transaction requested by the user.

Abstract: Leveraging an established authenticated session in obtaining authentication to a client application includes receiving a request for access to a client application requiring authentication of a requestor and determining whether there exist characteristics of leverageable authentications corresponding to established sessions having an authenticated state at a time of the determination. When the determination reveals characteristics of at least one leverageable authentication corresponding to an established session, and attempt is made to obtain access for the requestor to the client application based on the at least one leverageable authentication, and the requestor is provided with a notification related to the 1 attempt to obtain access for the requestor to the client application.

Abstract: Leveraging an established authenticated session in obtaining authentication to a client application includes receiving a request for access to a client application requiring authentication of a requestor and determining whether there exist characteristics of leverageable authentications corresponding to established sessions having an authenticated state at a time of the determination. When the determination reveals characteristics of at least one leverageable authentication corresponding to an established session, and attempt is made to obtain access for the requestor to the client application based on the at least one leverageable authentication, and the requestor is provided with a notification related to the 1 attempt to obtain access for the requestor to the client application.

Abstract: A new approach is proposed that contemplates systems and methods to support authentication and authorization of an application running on a computing device or a mobile device to a web-based service provided by a remote server using a third-party push notification service available to the computing and/or mobile device. The application is only allowed to access and interact with the remote service after the application has been authenticated and authorized by the service provider. Unlike previous approaches, the proposed approach does not rely on any application-specific secrets associated with the application and stored on the computing or mobile device. Instead it utilizes the generic third-party push notification service security mechanisms that are available to the computing and/or mobile device.

Abstract: A system and method to synchronize the processing of messages in areas of an execution graph affected by primitives with potential for substantial delay is provided. A continuous processing system identifies primitives with potential for substantial delay. For each potentially-delayed primitive that is not in a loop, the continuous processing system creates a “timezone” downstream of such primitive. The output(s) of the potentially-delayed primitive is an input to the timezone. The continuous processing system then identifies all other inputs to the timezone and places a synchronizer across such inputs. In cases where the potentially-delayed primitive is within a loop, the timezone includes such primitive, as well all primitives downstream of such primitive.

Abstract: The present invention provides a method for obtaining predicable and repeatable output results in a continuous processing system. The method involves processing messages and primitives in accordance with the following rules: (1) Messages are processed in accordance with timestamps, where messages are divided up into “time slices”; (2) message order within a data stream is preserved among messages with the same time stamp; (3) subject to rule #4, for each time slice, a primitive is executed when either the messages within such time slice show up in the input stream for such primitive or the state of the window immediately preceding such primitive changes due to messages within such time slice; and (4) for each time slice, primitives that are dependent on one or more upstream primitives are not executed until such upstream primitives have finished executing messages in such time slice that are queued for processing.

Abstract: A computer software language capable of expressing registered queries that operate on one more or more data streams continuously. The language of the present invention is based on a publish/subscribe model in that queries subscribe to data streams and publish to data streams. Also, the language of the present invention can express queries that operate directly on data streams. Since queries expressed in the language of the present invention may be executed continuously and directly on data streams, the language includes a clause for specifying time-based and/or row-based windows for the input data stream. Operations are then performed on the data within such windows. In one embodiment, the language is also SQL-like and includes a clause for defining named windows (which can be used in any number of queries); a clause for detecting a pattern, and correlated database subqueries for correlating data stream data with database tables.

Abstract: A new approach is proposed that contemplates systems and methods to support user identity verification based on social and personal information of the user. Under the approach, customers/users are required to grant identity verifying party a degree of access to their social network information, including but not limited to, account data and social graph information on social networks. The identity verifying party then acquires information of a current or potential user's online presence in addition to other information of the user and utilizes such information to verify the user's identity in the real world and/or to assess the fraud risk of a specific financial transaction requested by the user.

Abstract: The present invention provides a system and method for measuring latency in a continuous processing system. The invention involves generating “tracer” messages that are specifically designed for measuring latency. A tracer message is configured to pass through and be outputted by each primitive in the tracer message's path regardless of the function of the primitive and without changing the state of the primitive. Tracer messages are not filtered by filter primitives or delayed by time-delay primitives. Tracer messages are detected and discarded within loops. These rules provide for predictable behavior of tracer messages, thereby making them reliable indicators of latency and liveness in the continuous processing system. A tracer message is inserted into the continuous processing system at a desired start point for measuring latency. At a desired end point for measuring latency, latency is measured by calculating the amount of time the tracer message took to travel from the start point to the end point.

Abstract: A method for processing messages ensures that every message that enters a continuous processing system is fully processed in its entirety, even in the event of a failure within the system. Messages are pushed through an execution plan that includes a set of connected “primitives” that process the message, where the primitives may be distributed across a group of servers. Messages are pushed through in accordance with a protocol that does not permit unprocessed messages to be permanently lost as they travel from input sources, between primitives, and to output sources within the execution plan. The input queue, output queue, and state (if any) associated with each primitive are saved in persistent storage at select checkpoints. If a failure occurs on a server, the server, after it starts up again, restores the primitives on that server to the input queues, output queues, and states saved at the last applicable checkpoint.

Abstract: A method, in a continuous computation system, for processing a set of registered queries over a cluster of servers includes creating an execution plan for processing a set of queries over a cluster of servers, where the continuous computation system creates the execution plan by analyzing the semantics and requirements of the queries to determine how to distribute processing across the cluster. Analysis of a query can include determining whether input messages for the query can be processed independent of each other, whether input messages for the query can be partitioned into groups that can be processed independent of each other, whether the query includes an aggregator function, and whether the query includes a subquery.

Abstract: Leveraging an established authenticated session in obtaining authentication to a client application includes receiving a request for access to a client application requiring authentication of a requestor and determining whether there exist characteristics of leverageable authentications corresponding to established sessions having an authenticated state at a time of the determination. When the determination reveals characteristics of at least one leverageable authentication corresponding to an established session, and attempt is made to obtain access for the requester to the client application based on the at least one leverageable authentication, and the requestor is provided with a notification related to the attempt to obtain access for the requester to the client application.

Abstract: A Continuous Query Processor processes queries on continuously updating data sources or data streams and includes a Publication Manager for accepting published structured elements of data from data stream Publishers, a Subscription Manager for giving structured elements of data to one or more data stream Subscribers, a Query Module Manager for processing queries represented by Query Modules, a Query Module Store for maintaining deployed Query Modules, a Query Primitive Manager performing processing for various primitives that comprise a Query Module, and a Schedule Manager for coordinating when a primitive within a Query Module gets processed in order to maintain that each continuous query is continuously updated immediately upon the arrival of structured element data affecting any part of a continuous query.

Abstract: An apparatus and method is provided for allowing users to share services without sharing identities. Specifically, the apparatus and method allow users to share pseudonyms instead of actual user names, thus protecting both users from unwanted emails, IM messages, and the like. The invention provides an introduction scheme, which comprises a simple and secure way of establishing a user to user link. A preferred embodiment incorporates services of a linked federation network service, such as AOL's Liberty Alliance service, without exposing real user names to other users.

Abstract: A metadata database lookup system provides a database is that contains a cross-reference of metadata information to a service provider ID number or universal resource identifier (URI). A service provider ID number is keyed to metadata information about a specific resource from a service provider. The metadata information can contain a description of the resource, the universal resource locator (URL) for the resource, and any other pertinent information that may be associated with the resource. The invention uses a constant ID number for a service provider and its resource. A resource requestor uses the ID number for the desired service provider resource. The ID number is cross referenced with the proper metadata information for the resource and the resource requestor uses the metadata information as needed and accesses the resource using the URL in the metadata. The resource requester is unaffected by updates to a resource's description or address by the service provider.

Abstract: An apparatus and method is provided for allowing users to share services without sharing identities. Specifically, the apparatus and method allow users to share pseudonyms instead of actual user names, thus protecting both users from unwanted emails, IM messages, and the like. The invention provides an introduction scheme, which comprises a simple and secure way of establishing a user to user link. A preferred embodiment incorporates services of a linked federation network service, such as AOL's Liberty Alliance service, without exposing real user names to other users.

Abstract: The invention comprises a server-side plug in as a security filter that processes HTTP requests before any other Web service plug-ins or applications. Using a highly customizable set of pattern rules based on regular expressions, the security filter predictably intercepts all attacks of known patterns. The set of rules is updated whenever a new pattern of attack is discovered.