Abstract: We disclose techniques for varying the caching of content provided by a content server as a function of the server's load. When the server is lightly loaded, freshness of the content is maintained. As server load increases, caching time increases, to trade off freshness against transmission time. Similarly, when the server is heavily loaded, users might quickly be served cached content that is only slightly stale—as opposed to content that was fresh at the time of the request, but which becomes materially stale by the time the server completes serving the response. The server's load can be measured by its response time to a request, or otherwise. Optionally, the system can override the load-based caching by defining classes of requests that automatically trigger updating or refreshing (e.g., cache expiration) of related information in the cache.

Abstract: A proxy server is deployed between the user and a content server accessed by an application being accessed by the user. The proxy server intercepts a user's request for content, logs the time the request was received, and forwards the request to the content server. When the content server responds to the request with a document, the proxy server intercepts the document, modifies the document by inserting one or more time-reporting script(s), and forwards the modified document to the user's browser for rendering. At the browser, the script sends a report back to the proxy server when rendering is completed. The elapsed time between when the proxy server first receives the request for content, and when the proxy server receives a “rendering complete” report, is a measure of the responsiveness of the application.

Abstract: Techniques are disclosed for anticipating a user's request for documents or other content from a server (typically via a URL), precomputing the anticipated content, and caching the precomputed information at a cache in proximity to the content server. The cache stores the response to the anticipated request, until the user requests the same content. The anticipated requests can be precomputed based on triggers reflecting users' historical access patterns.

Abstract: We disclose techniques for varying the caching of content provided by a content server as a function of the server's load. When the server is lightly loaded, freshness of the content is maintained. As server load increases, caching time increases, to trade off freshness against transmission time. Similarly, when the server is heavily loaded, users might quickly be served cached content that is only slightly stale—as opposed to content that was fresh at the time of the request, but which becomes materially stale by the time the server completes serving the response. The server's load can be measured by its response time to a request, or otherwise. Optionally, the system can override the load-based caching by defining classes of requests that automatically trigger updating or refreshing (e.g., cache expiration) of related information in the cache.

Abstract: A proxy implements automated version management of objects embedded in a document to eliminate/reduce network delays associated with requests to validate the objects in a browser (or other) cache. In an exemplary embodiment, the proxy obtains the document, assigns a unique URL to an embedded object, assigns an extended cache life to the object (via a header), updates the object's URL reference in the document, and sends the modified document to the user. When the user requests the object, the proxy obtains the object, attaches the new header, and transmits the object to the user. Because of its extended cache life, the object can subsequently be reused without time-consuming validation with the content server. In another embodiment, storage and validation of objects at the proxy (rather than at the cache) achieves reduced (and faster) validation while allowing refreshing prior to expiration.

Abstract: Techniques are disclosed for constructing web (or other networked) documents as parameterized forms of other networked documents. For example, a document may be represented as a collection of changes to be applied to a first document which is incorporated by reference in the second document. Instead of delivering the entire document over a slower network connecting the content server to the content browser, the document is delivered as a collection of changes to previously delivered documents that are much closer to the user's content browser. In an exemplary embodiment of the invention, special software is not necessarily required at the end user for reconstructing the second document from the set of base documents and the set of modifications to the base documents.

Abstract: A computer-representable object (including, without limitation, a cryptographic key, or a graph or a Boolean description of a system) is secured using a generalized camouflaging technique. The secured object need not be stored in the system, not even in encrypted form. Instead, the technique employs a composition function that regenerates the secured object when one inputs a valid password (which may be any computer-representable information held by a user). By regenerating the secured object each time a valid password is entered, there is no need to store the secured object. If one inputs an invalid password, the technique may generate an incorrect object, such that the user is unable to distinguish this incorrect object from the secured object. If the user tries to use the incorrect object, the user can be exposed as unauthorized, without the user's knowledge that he has been exposed.

Abstract: A roaming user needing an his authentication credential (e.g., private key) to access a computer server to perform an electronic transaction may obtain the authentication credential in an on-demand fashion from a credential server accessible to the user over a computer network. In this way, the user is free to roam on the network without having to physically carry his authentication credential. Access to the credential may be protected by one or more challenge- response protocols involving simple shared secrets, shared secrets with one-to-one hashing, or biometric methods such as fingerprint recognition. If camouflaging is used to protect the authentication credential, decamouflaging may be performed either at the credential server or at the user's computer.

Abstract: A roaming user needing an his authentication credential (e.g., private key) to access a computer server to perform an electronic transaction may obtain the authentication credential in an on-demand fashion from a credential server accessible to the user over a computer network. In this way, the user is free to roam on the network without having to physically carry his authentication credential. Access to the credential may be protected by one or more challenge-response protocols involving simple shared secrets, shared secrets with one-to-one hashing, or biometric methods such as fingerprint recognition. If camouflaging is used to protect the authentication credential, decamouflaging may be performed either at the credential server or at the user's computer.

Abstract: A digital wallet stores an cryptographically camouflaged access-controlled datum, e.g., a private key encrypted under the user's PIN. Entry of the correct PIN will correctly decrypt the stored key. Entry of certain pseudo-valid PINs will also decrypt the stored key, but improperly so, resulting in a candidate key indistinguishable from the correct key. Such pseudo-valid PINs are spread thinly over the space of PINs, so that the user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies, which lack pseudo-valid PINs, only the correct PIN produces a decrypted key; thus, hackers can find the correct PIN by entering all possible PINs until a key is produced. The present invention's plurality of candidate keys prevent a hacker from knowing when he has found the correct key. In addition, hacker detection may be moved off-line into devices accepting messages signed with candidate keys, and/or the lockout threshold may be increased.

Abstract: A digital wallet stores an cryptographically camouflaged access-controlled datum, e.g., a private key encrypted under the user's PIN. Entry of the correct PIN will correctly decrypt the stored key. Entry of certain pseudo-valid PINs will also decrypt the stored key, but improperly so, resulting in a candidate key indistinguishable from the correct key. Such pseudo-valid PINs are spread thinly over the space of PINs, so that the user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies, which lack pseudo-valid PINs, only the correct PIN produces a decrypted key; thus, hackers can find the correct PIN by entering all possible PINs until a key is produced. The present invention's plurality of candidate keys prevent a hacker from knowing when he has found the correct key. In addition, hacker detection may be moved off-line into devices accepting messages signed with candidate keys, and/or the lockout threshold may be increased.