Abstract: A diagnostic tool for identifying a configuration of a private network that may disrupt operations involving communication between two devices on the network. The tool, when run on a device in the network, can identify a “double NAT” configuration in which the device may be separated from other devices on the private network by a NAT device. The tool, when run on a computing device, identifies a NAT device, such as a router, to which the device is connected. The tool then identifies a list containing one or more other devices that may be connected to the NAT device. The tool tests whether these other devices also perform NAT functions and are on the private network. Both the NAT device and the devices that may be connected to the NAT device are identified and a determination is made of whether those devices are on the private network by sending requests using one or more protocols that devices on a private network conventionally use but are not conventionally used by devices on other networks.

Abstract: Methods and computer readable mediums are described that facilitate inviting user entities on a network. The method may include initiating a first application for sending an invitation by a first user entity on a first endpoint, selecting a second user entity to receive the invitation, and selecting an activity. The method may also include sending from the first endpoint to the second user entity the invitation to participate in the activity if the first endpoint determines the activity is supported by a computing application on the first endpoint.

Abstract: Systems and methods are described that facilitate the management of contact information, at least some of the contact information related to entities in a serverless, peer-to-peer system. A contact store may store information regarding which other entities of a plurality of other entities are authorized to monitor presence of a user entity. Presence of an entity may generally indicate the willingness and/or ability of the entity to communicate and/or collaborate with other entities, for example. The contact store may also store information regarding which other entities of the plurality of other entities the presence of which should be monitored by the system. A user entity may be able to add contacts to and/or delete contacts from the contact store, for example.

Abstract: A set of collaborative contacts may be selected with an invitation user interface. An invitation to participate in a collaborative activity may be sent to the selected contacts from the invitation user interface or from a collaborative application. The invitation may be received by a collaborative services platform. A user of the collaborative services platform may be presented with the invitation along with an ability to choose one of accept, decline and ignore in response to the invitation. The user may choose to accept, decline or explicitly ignore the invitation, and a response may be sent to the sender of the invitation indicating the user's choice. An application programming interface for a collaborative invitation service of the collaborative services platform may include an invitation element, a send invitation element, a respond to invitation element and a cancel invitation element. The cancel invitation element may be used to cancel issued invitations.

Abstract: A computer configured to provide caller-specific network views, even when multiple callers are active on the computer. The operating system of the computer is configured to selectively perform network operations based on the identity of the caller. Network views are implemented by making subsets of networking objects available to each caller, such as a user or an application. Components that execute networking functions can, based on the identify of the caller, select networking objects to use in performing a requested function or verify that required networking objects are available to the caller. The network views may be stored as visibility masks in a database. APIs may be provided to create, modify, and delete visibility masks in the database. The masks may support arbitrary and potentially overlapping subsets of networking objects for the callers.

Abstract: Collaboration between collaborative endpoints may be facilitated by a serverless publication service of a collaborative services platform. The serverless publication service may be configured to accept communicative connections from the collaborative endpoints. Users of the collaborative services platform may publish their associated collaborative presences with the serverless publication service. For example, the collaborative presence of a user may include information with respect to valid collaborative endpoints for the user and collaborative capabilities at those endpoints. Subscriptions to published collaborative presences may be placed through the serverless publication service. A collaborative presence subscribe message may specify a subscription to a collaborative presence of a user. Upon receipt of a presence subscribe message, if there is no subscription policy with respect to the sender, the recipient may be queried for a subscription policy with respect to the sender.

Abstract: Systems and methods are described that facilitate the management of contact information, at least some of the contact information related to entities in a serverless, peer-to-peer system. A contact store may store information regarding which other entities of a plurality of other entities are authorized to monitor presence of a user entity. Presence of an entity may generally indicate the willingness and/or ability of the entity to communicate and/or collaborate with other entities, for example. The contact store may also store information regarding which other entities of the plurality of other entities the presence of which should be monitored by the system. A user entity may be able to add contacts to and/or delete contacts from the contact store, for example.

Abstract: A method of determining a source address to publish and a destination address to use for a network, including a PNRP network, is disclosed such that the probability of reaching a network node without repeated re-tries is maximized.

Abstract: Discovery of a network to which a device is in communication and classifying the network is disclosed. The network may be classified as a network already known or a new network signature may be created where the network signature is made up of a network id, a link id and a hop id.

Abstract: Disclosed are a connectivity platform that allows for proprietary connectivity modules to plug into the operating system and also allows the operating system users and various existing networking applications in the operating system that are authorized by those providers to use that connectivity via existing APIs without the need for the applications to change or for extra configuration of the application to be performed. In an example disclosed herein, the providers provide NAT or firewall traversal and implement the appropriate transport mechanism. This allows for applications and computing devices to communicate in environments where connectivity is prevented by intermediate systems.

Abstract: Disclosed are an approach form managing and assigning addresses in a connectivity platform that allows for proprietary connectivity modules (Providers) to plug into the operating system. In this disclosure, when a user/application/computing device, connects to another user on another computing device an address is generated for that user. However, because of a limited number of addresses that are available in an address space, it is necessary to ensure that a conflicting address is not present. To ensure this the connectivity platform determines if the address assigned is in conflict with another address associated with users that are located on the other computing devices. If an address is found to be in conflict the connectivity platform reassigns the address until a non-conflicting address is found. If a non-conflicting address cannot be found the connectivity platform blocks the connection between the user and the other user.

Abstract: Systems and methods are described that facilitate the management of contact information, at least some of the contact information related to entities in a serverless, peer-to-peer system. A contact store may store information regarding which other entities of a plurality of other entities are authorized to monitor presence of a user entity. Presence of an entity may generally indicate the willingness and/or ability of the entity to communicate and/or collaborate with other entities, for example. The contact store may also store information regarding which other entities of the plurality of other entities the presence of which should be monitored by the system. A user entity may be able to add contacts to and/or delete contacts from the contact store, for example.

Abstract: For a method and system for managing concurrent access to multiple resources, resources are assigned to sets in such a way that it is safe to concurrently access any combination of resources in a resource set. For each resource set, a virtual machine is defined and associated with the resource set. An application is assigned to a virtual machine. When an application requests access to a resource not in the application's virtual machine, access control lists are consulted to determine whether the access should be allowed, given the other resources already accessed by the application.

Abstract: Communication functionality is described for conducting communication among a plurality of participants in peer-to-peer fashion. The communication functionality comprises peer-to-peer overlay functionality configured to establish a peer-to-peer overlay network that includes a plurality of participants. The peer-to-peer overlay functionality relies on endpoint provider functionality for physically exchanging information among the plurality of participants in the peer-to-peer overlay network. The endpoint provider functionality exchanges information using a transport mechanism. The transport mechanism accommodates multiple different transport protocols for exchanging information among the plurality of participants, allowing different pairs of participants to communicate with each other using different respective transport protocols.

Abstract: A network diagnostics system allows determining a root cause for a network problem caused by a local or a remote component of the network, wherein the network diagnostic system may receive the symptoms of such a problem from an application. The network diagnostic system uses a plurality of helper classes, each of the plurality of helper classes providing diagnostic information about an object or a class of objects on the network. Moreover, the network diagnostic system may also use one or more extensible helper classes that are designed to receive information from third party helper classes.

Abstract: A gateway device that interfaces an upstream network to one or more downstream networks and provides network address translation may disable network address translation when it is determined that network address translation is already being performed by a device upstream. The gateway device may analyze an address assigned to the upstream network port to determine if it is the range of IP addresses associated with network address translation, typically, 192.168.x.x. Alternately, the gateway device may disable network address translation responsive to a signal from either the device upstream or from an external system manager. DHCP may also be enabled or disabled in conjunction with network address translation.

Abstract: The present invention is directed to a method and system for managing concurrent access to multiple resources. Resources are assigned to sets in such a way that it is safe to concurrently access any combination of resources in a resource set. For each resource set, a virtual machine is defined and associated with the resource set. An application is assigned to a virtual machine. When an application requests access to a resource not in the application's virtual machine, access control lists are consulted to determine whether the access should be allowed, given the other resources already accessed by the application.

Abstract: Disclosed is an authentication mechanism that enables an information recipient to ascertain that the information comes from the sender it purports to be from. This mechanism integrates a private/public key pair with selection by the sender of a portion of its address. The sender derives its address from its public key, for example, by using a hash of the key. The recipient verifies the association between the address and the sender's private key. The recipient may retrieve the key from an insecure resource and know that it has the correct key because only that key can produce the sender's address in the message. The hash may be made larger than the sender-selectable portion of the address. The recipient may cache public key/address pairs and use the cache to detect brute force attacks and to survive denial of service attacks. The mechanism may be used to optimize security negotiation algorithms.

Abstract: The present invention is directed to a method and system for managing concurrent access to multiple resources. Resources are assigned to sets in such a way that it is safe to concurrently access any combination of resources in a resource set. For each resource set, a virtual machine is defined and associated with the resource set. An application is assigned to a virtual machine. When an application requests access to a resource not in the application's virtual machine, access control lists are consulted to determine whether the access should be allowed, given the other resources already accessed by the application.

Abstract: Disclosed is an authentication mechanism that enables an information recipient to ascertain that the information comes from the sender it purports to be from. This mechanism integrates a private/public key pair with selection by the sender of a portion of its address. The sender derives its address from its public key, for example, by using a hash of the key. The recipient verifies the association between the address and the sender's private key. The recipient may retrieve the key from an insecure resource and know that it has the correct key because only that key can produce the sender's address in the message. The hash may be made larger than the sender-selectable portion of the address. The recipient may cache public key/address pairs and use the cache to detect brute force attacks and to survive denial of service attacks. The mechanism may be used to optimize security negotiation algorithms.