Abstract: One embodiment of the present invention provides a system for facilitating session migration. During operation, the system receives a communication packet from a client destined to a remote server. The system determines whether the communication packet belongs to a pre-existing communication session, and whether session state information associated with the session is available locally. In response to the communication packet belonging to a pre-existing communication session and the session state information being unavailable locally, the system constructs an interest requesting the session state information, disseminates the interest over a network, and receives the session state information.

Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticated data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.

Abstract: A system is provided to facilitate tag-based organization of documents. During operation, the system receives an original user query. The system extends the query to include documents with an IN-tag and exclude documents with an OUT-tag. The system then performs a search based on the extended query to indicate a collection of documents which satisfy the extended query. The system further allows a user to add a document to the collection of documents or remove a document from the collection of documents. Next, the system modifies a tagging property of the document.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.

Abstract: A system is provided to facilitate tag-based organization of documents. During operation, the system receives an original user query. The system extends the query to include documents with an IN-tag and exclude documents with an OUT-tag. The system then performs a search based on the extended query to indicate a collection of documents which satisfy the extended query. The system further allows a user to add a document to the collection of documents or remove a document from the collection of documents. Next, the system modifies a tagging property of the document.

Abstract: Apparatus and methods are provided for protecting network resources, particularly in association with automatic provisioning of new client devices. A global PKI (Public Key Infrastructure) scheme is rooted at a globally available server. Roots of PKIs for individual organizations also reside at this server or another globally available resource. To enable access to an organization's network, one or more authenticators are deployed, which may be co-located with access points or other network components. After a client device enabler (CDE) and an authenticator perform mutual authentication with certificates issued within the global PKI, the CDE is used to provision a new client device for the organization. After the client is provisioned, it and an authenticator use certificates issued within the per-organization PKI to allow the client access to the network.

Abstract: A method for establishing a secondary communication channel between at least two computing devices over a network medium through use of a primary channel connects a first computing device with a first telephonic unit and a second computing device with a second telephonic unit. If the two telephonic units are in communication with each other over a primary channel, and communication channels are established between the computing devices and their respective telephonic units, then the first computing device transmits its location information to the second computing device over the primary channel. A connection is then established between the second computing device and the first computing device over a secondary communication channel.

Abstract: Apparatus, methods, and program products that enable an audience member of a local device to navigate, by activation of user selectable controls, through an experiential data stream presented on the local device.

Abstract: One embodiment provides a system to facilitate directed reading of a selected portion of an original document by a recipient. During operation, the system creates a transfer document based at least on the original document and the selected portion. The transfer document, when viewed by the recipient, enables the following operations: opening the transfer document to the selected portion without requiring manual navigation to the selected portion, highlighting the selected portion, obscuring a context surrounding the selected portion based at least on a distance metric from the selected portion, and directly navigating from one highlighted portion to another highlighted portion in the transfer document without requiring manual navigation within obscured contexts. After the system creates the transfer document, it sends the transfer document to the recipient.

Abstract: One embodiment provides a system for printing a document from a portable device. During operation, the system obtains the document to be printed. Next, the system obtains a document optical code that identifies the document. Subsequently, the system displays the document optical code on the portable device in such a way that the document optical code can be scanned and recognized by a scanner associated with the printer. Next, the system allows the printer to retrieve and print the document based at least on the document optical code.

Abstract: One embodiment provides a system for facilitating document printing from a portable device. During operation, the system receives a document at a server. Next, the system generates a document optical code corresponding to the document. Subsequently, the system communicates the document optical code to the portable device, thereby allowing the portable device to display the document optical code to a scanning mechanism associated with a printer, Next, the system receives a request, indicating the optical code, from the printer. Subsequently, the system retrieves the document in response to the request, and sends the document to the printer.

Abstract: One embodiment provides a system for facilitating document printing from a portable device. During operation, the system receives at an email server an email which includes an attached document. Next, the system generates at the email server a document optical code associated with the document, wherein the document optical code can be scanned and recognized by a scanning mechanism associated with a printer. Subsequently, the system attaches the optical code as an additional attachment to the email, thereby allowing a portable device to print the attached document by displaying the optical code to the scanning mechanism associated with the printer.

Abstract: A method of accessing a data resource identifies the data resource, the data resource accessible through a first device and associated with a resource locator, the first device configured to provide access to the data resource responsive to possession of a whitelisted credential. The method includes receiving a second-device credential from a second device by a personal domain controller, the personal domain controller and the first device within a first trusted relationship and provides, by the personal domain controller, the second-device credential to the first device for whitelisting subject to the first trusted relationship. The method uses, by the second device, the second-device credential to access the data resource responsive to the resource locator.

Abstract: Apparatus, methods, and a computer-usable storage medium storing instructions that, when executed by a computer, cause the computer to establish a control link, establish a human communication channel, and create a shared social space that enables a local audience member and a remote audience member to simultaneously experience a recorded experiential data stream, whereby the local audience member and the remote audience member are enabled to communicate over the human communication channel about the experiential data stream.

Abstract: One embodiment of the present invention provides a system that facilitates access to encrypted data on a computing device based on a security-posture of the computing device. During operation, the system assesses the security-posture of the computing device upon which the encrypted data is stored. If the assessed security-posture meets specified criteria, the system provides the computing device with a key which enables the computing device to access the encrypted data.

Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including enabling secure communications to components of a vehicle, and enabling secure communications between the vehicle and associated infrastructure.

Abstract: One embodiment of the present invention provides a system for establishing temporary and permanent credentials for secure remote data access. The system includes a temporary smart card configured to provide a temporary credential for a first device, thereby providing the first device with temporary secure access to a remote data source when the temporary smart card is used with the first device. Additionally, the system includes an enrollment smart card configured to provide a permanent credential for a second device, thereby providing the second device with permanent secure access to the remote data source without presence of the enrollment smart card or the temporary smart card.

Abstract: A system for facilitating voice calls over a content centric network (CCN) receives from a CCN user an expressed interest in receiving voice calls directed to the CCN user, wherein information in the CCN can be addressed, located, and disseminated by its content identifier and wherein data packets in the CCN are self-authenticating. Next, the system receives from a second network a packet for a voice call directed to the CCN user. The system then forwards to the CCN user the packet received from the second network with a CCN identifier corresponding to the interest expressed by the CCN user and forwards a packet from the CCN user for the voice call to the second network.

Abstract: One embodiment of the present invention provides a system for controlling the spread of interests and content in a content centric network (CCN). During operation, the system maintains a routing policy for content data. The system also receives a packet associated with a piece of content or an interest for the content. Next, the system determines that the structured name included in the packet is within the namespace specified in the routing policy. The system further determines that the packet satisfies the condition in the routing policy. Subsequently, the system routes the packet based on in part the action corresponding to the condition as specified in the routing policy.