Abstract: An apparatus comprises a processing device configured to establish a first connection to a specified network time source via a network-connected device, and to acquire first timing information from the specified network time source via the network-connected device, the first timing information comprising a current time value and first accuracy information for the specified network time source. The processing device is also configured to set and maintain an internal real-time clock based on the current time value. The processing device is further configured to establish a second connection to an endpoint device and to provide second timing information to the endpoint device, the second timing information comprises a current time measurement of the internal real-time clock and second accuracy information for the internal real-time clock, the second accuracy information for the internal real-time clock being based on the first accuracy information for the specified network time source.

Abstract: This disclosure describes a process for securely instantiating a virtual machine on a server cluster. The virtual machine just after instantiation has access to persistent storage that includes an encrypted region and lacks access to an encryption key configured to provide access to data stored within the encrypted region. The virtual machine receives a communication from a management server associated with the server cluster that includes the encryption key configured to provide access to the data stored within the encrypted region. After the virtual machine receives the encryption key, the server cluster runs services that depend upon the data stored within the encrypted region to operate after receiving the communication from the management server.

Abstract: A network environment is described for securely storing data for anonymized contact tracing while an application is executing in a background state. An application can receive a message containing data while the application is executing in a background state. The data is encrypted using a public key. Next, the application can store the encrypted data in an alternate data store. Subsequently, and upon user authentication, the application can decrypt a secure data store decrypt the encrypted data. The application can then store the decrypted data in the decrypted secure data store. The application can receive user input indicating a positive test result for a communicable disease with an incubation period, and anonymously upload the data stripped of any uniquely identifying information.

Abstract: Disclosed are various embodiments for securely storing data while an application is executing in a background state. An application can receive a message containing data, wherein the message is received by the application while the application is executing in a background state. The application can then encrypt the data in the message using a public key accessible to the application to generate encrypted data. Next, the application can store the encrypted data in an alternate data store. Subsequently, the application can authenticate a user of the computing device and switch execution to the foreground in response. Then, the application can decrypt a secure data store using an application specific encryption key. Next, the application can decrypt the encrypted data using a respective private key for the public key to generate decrypted data. The application can then store the decrypted data in the decrypted secure data store.

Abstract: This disclosure describes a process for securely instantiating a virtual machine on a server cluster. The virtual machine just after instantiation has access to persistent storage that includes an encrypted region and lacks access to an encryption key configured to provide access to data stored within the encrypted region. The virtual machine receives a communication from a management server associated with the server cluster that includes the encryption key configured to provide access to the data stored within the encrypted region. After the virtual machine receives the encryption key, the server cluster runs services that depend upon the data stored within the encrypted region to operate after receiving the communication from the management server.

Abstract: A method, computer program product and server for use managing connection requests to a pool of servers identified by a given URL. The method begins in response to a connection request from a given client machine that initiates a user session for associating a session identifier with a given server in the pool. The session identifier is then used to generate a “virtual” URL that redirects the connection request to the given server. Thereafter, any additional connection requests issued from the given client machine during the user session are redirected to the given server so that all content is served to the client from the same location. When the user session terminates, the virtual URL is inactivated and the given server is returned to the pool so that it can then be assigned a new user session to manage.

Abstract: A method for preventing time of check to time of use exploits includes receiving a system call from a user space at a system call intercept and copying user space parameters from the user space to a kernel space responsive to the system call. The method also includes copying the user space parameters from the kernel space to a secure location in the user space, receiving the user space parameters from the secure location at the system call intercept, and executing the system call based on the received user space parameters. A computer readable medium including computer readable code and a system for executing the method steps are also disclosed.

Abstract: A computer implemented method, apparatus, and computer usable program code for processing event data. In response to receiving an event, a size of the event data for the event is compared to a threshold size to form a comparison. The information about an event and event data is stored in a first entry in a main table in a database if the comparison indicates that the size of the event data is one that can be stored in the main table. The information about the event is placed in the first entry in the main table if the size is greater than the threshold size. The event data is stored in a second entry in an overflow table if the size is greater than the threshold size, wherein the entry includes a pointer to the first entry. The main table and overflow table form a live set and hold the current live data.

Abstract: A computer implemented method, apparatus, and computer usable program code for creating normalized data from markup language data. User defined parameters are received for retrieving event data, wherein the parameters define a type of event and a subset of attributes for the type of event. In response to receiving the parameters, a process is configured using the type of event and the subset of attributes for the type of event to form a configured process. A set of records is processed using the configured process, wherein the configured process places data corresponding to each attribute in the subset of attributes for the type of event from the set of records into a table to form the normalized data.

Abstract: A computer implemented method, apparatus, and computer usable program code for creating normalized data from markup language data. User defined parameters are received for retrieving event data, wherein the parameters define a type of event and a subset of attributes for the type of event. In response to receiving the parameters, a process is configured using the type of event and the subset of attributes for the type of event to form a configured process. A set of records is processed using the configured process, wherein the configured process places data corresponding to each attribute in the subset of attributes for the type of event from the set of records into a table to form the normalized data.

Abstract: A computer implemented method, apparatus, and computer usable program code for processing event data. In response to receiving an event, a size of the event data for the event is compared to a threshold size to form a comparison. The information about an event and event data is stored in a first entry in a main table in a database if the comparison indicates that the size of the event data is one that can be stored in the main table. The information about the event is placed in the first entry in the main table if the size is greater than the threshold size. The event data is stored in a second entry in an overflow table if the size is greater than the threshold size, wherein the entry includes a pointer to the first entry. The main table and overflow table form a live set and hold the current live data.

Abstract: A method for preventing time of check to time of use exploits includes receiving a system call from a user space at a system call intercept and copying user space parameters from the user space to a kernel space responsive to the system call. The method also includes copying the user space parameters from the kernel space to a secure location in the user space, receiving the user space parameters from the secure location at the system call intercept, and executing the system call based on the received user space parameters. A computer readable medium including computer readable code and a system for executing the method steps are also disclosed.

Abstract: A method of enabling a proxy to participate in a secure communication between a client and a server. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to the server. Thereafter, the client and the server negotiate a session master secret. Using the first secure session, this session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the server. After receiving the session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding, monitoring, encryption/decryption, caching, or the like) on the client's behalf and without the server's knowledge or participation.

Abstract: An Internet client is provided with a SOCKS server. The client comprises a processor having an operating system, and a suite of one or more Internet tools. The SOCKS proxy server includes means for intercepting and servicing connection requests from the Internet tools. Preferably, the proxy server has a predetermined Internet Protocol address, preferably the loopback address. If the loopback address is not available on the protocol stack, a redirecting mechanism is used to redirect connection requests associated with stale IP addresses to a current IP address. The SOCKS server includes a filtering mechanism for filtering connection requests to particular servers, and a monitoring mechanism for monitoring network IP activity.

Abstract: Initially, a client requests a specific document and provides the preferences, including readability level preferences of the document, locale preferences, content filtering instructions preferences, governmental regulations preferences, natural language preferences, and document syntactic format preferences. The transcoding proxy requests and receives the document from the origin server, with the document having origin semantic characteristics. The document from the origin server has an origin readability level and origin locale, is conformant with origin content filtering instructions and origin governmental regulations, and is in origin natural language and in origin document syntactic format. Using the client semantics preferences, the transcoding proxy revises the document in a sequential or parallel fashion. The origin semantics characteristics of the document are, thus, revised to the semantic preferences specified by the client.

Abstract: A set of program elements (e.g., transcoders) are grouped together as an administrative unit. Instead of caching the individual outputs of each program element, preferably only the aggregate output of the set of program elements, taken as a whole, is cached. The inventive technique enables the effective re-use of intermediate content. In an illustrative client-server based implementation involving a transcoding service located at a server, the cached information may be shared across multiple server instances to obviate redundant processing. With the present invention, a caching mechanism in a complex software system may be extended in a user-configurable manner by setting up optimal intermediate caching points that are defined by groups of programs used in long computations.

Abstract: A method of enabling a proxy to participate in a secure communication between a client and a set of servers. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to a first server. Thereafter, the client and the first server negotiate a first session master secret. Using the first secure session, this first session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the first server. After receiving the first session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding) on the client's behalf and without the first server's knowledge or participation.

Abstract: A method for transcoding an input stream to a desired output format using a transcoder framework. In response to a given transcoder of the framework recognizing an external reference that it cannot transcode, the method calls a subseries of specialized transcoders to transcode the external reference. After the subseries of specialized transcoders generates a transcoded external reference, that reference is returned back to the given transcoder, where it is incorporated into the transcoder's output. Transcoder sub-chains are used in this manner as modular, building blocks in the transcoder framework.

Abstract: A method of managing events in a pervasive computing client device having a browser. Upon loading of a page in a browser window, the browser issues an outstanding HTTP request to a specified port. Thereafter, upon generation of an asynchronous event on another port, the routine identifies an appropriate message and builds a response to the outstanding HTTP request. The response, which includes the message, is then delivered to the specified port, whereupon the browser renders the message to the user. Thereafter, the browser automatically re-issues the outstanding HTTP request and waits for another asynchronous event.

Abstract: A method of controlling how a Web document is presented for display on a browser of a Web appliance. The Web appliance typically includes a television class monitor associated therewith. The Web document typically is formatted according to a markup language such as HTML. The method uses a client side HTTP caching proxy to intercept the Web document and then dynamically rewrite the document before it is displayed on the browser of the Web appliance. In particular, as the Web document is received from the server, the HTML is parsed to identify the format of the document and the information therein. A filter mechanism is then used to reformat the Web document according to some given protocol, and the re-formatted Web document is then passed to the browser for display on the monitor. Dynamic alteration of the HTML in this manner enables control of the “look and feel” of the browser display irrespective of the monitor resolution and/or quality.