Abstract: Architecture that enables alerts and notifications to have priorities and time/space durations. Non-critical alerts can be displayed in a non-obtrusive manner and alert/notifications coalesced. Alerts/notifications can be assigned priorities, thereby enabling the alerts/notifications to be non-intrusive to the user. Methods include detecting when the user is using a mobile phone (or other suitable device) and then sending the alert/notification in response to the detected use based on threshold criteria relative to an accumulated sum of alerts/notifications, and an importance level (e.g., of each). Additionally, alert/notification priority can be changed (e.g. elevated, lowered) according to time (when) and space (where), thereby enabling the user to be intrusively notified based on the level, even if not previously signaled. Time and space bounds (criteria) can be assigned to alerts/notifications for merger/grouping and/or set to be auto-dismissed if no longer applicable.

Abstract: A proximity matching system may use broadcast wireless identifiers transmitted by users' devices to match users with other nearby users. The identifiers may be collected by a plurality of agents, then the identifiers may be matched with pre-defined profiles to generate physically proximate users by a remote service. The group of proximate users may be provided to various applications and consumed with summarized properties or individual properties, depending on the approved privacy settings as selected by the users. In some embodiments, the broadcast wireless identifiers may be personal area network identifiers, local area network identifiers, cellular network identifiers, or other broadcast identifier. In some embodiments, the agents may not establish a peer to peer or other connection with the broadcasting device. The agents may be fixed or mobile agents, and the proximity of users may be generated through links between nearby agents in a meshed fashion.

Abstract: Turn-by-turn directions can guide a user to a dynamic destination, such as a person or a rendezvous location. The turn-by-turn directions enable one user to follow another or, alternatively, multiple people to rendezvous with each other. The selection can be via identifiers used in network contexts, such as social networking Individuals can select the circumstances under which their location can be revealed. Turn-by-turn directions enabling following utilize anticipated locations or predictions of likely destinations based on historical and contextual information. Turn-by-turn directions enabling rendezvous reference a rendezvous location, which is either the same for all users, or which differs among them. Also, the directions can reference intermediate, “staging”, locations from which further intermediate, or ultimate, destinations can be routed to.

Abstract: Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online.

Abstract: Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts.

Abstract: A rating mechanism may calculate a rating based on a user's effort and duration of input to an input mechanism. The more effort and time a user exerts, the more extreme the rating. In one embodiment, a mobile telephone may have a wheel, slider, or other mechanism that may change a rating based on how fast and how long a user may activate the input mechanism. In another embodiment, the rating may be based on how furiously an accelerometer within a device is activated, such as by shaking the device repeatedly.

Abstract: Computer-readable medium having a data structure stored thereon for defining a schema for expressing a network security policy. The data structure includes a first data field including data defining a parameter to be applied based on the network security policy. The network security policy defines at least one of the following: a firewall rule and a connection security rule. The data structure also includes a second data field having data specifying restrictions of the parameter included in the first data field. The parameter in the first data field and the restrictions in the second data field form the schema for expressing the network security policy to be processed. The network security policy manages communications between a computing device and at least one other computing device.

Abstract: Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts.

Abstract: User input actions from one or more user input devices can be received, and unfiltered user input information about the user input actions can be collected at a client computing environment. The unfiltered user input information can be filtered to produce filtered user input information. The filtered user input information can exclude personal information and include non-personal information. In addition, a user profile can be created using the filtered user input information.

Abstract: Information is automatically located which is relevant to source content that a user is viewing on a user interface without requiring the user to perform an additional search or navigate links of the source content. The source content can be, e.g., a web page or a document from a word processing or email application. The relevant information can include images, videos, web pages, maps or other location-based information, people-based information and special services which aggregate different types of information. Related content is located by analyzing textual content, user behavior and connectivity relative to the source. The related content is scored for similarity to the source. Content which is sufficiently similar but not too similar is selected. Similar related content is grouped to select representative results. The selected content is filtering in multiple stages based on attribute priorities to avoid unnecessary processing of content which is filtered out an early stage.

Abstract: A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.

Abstract: The dynamic updating of firewall parameters is described. One exemplary embodiment includes receiving a policy rule that includes a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, receiving a firewall parameter value, and populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range, thereby updating the policy rule.

Abstract: Techniques to manage social connections are described. An apparatus may comprise a processor communicatively coupled to a memory. The memory may be arranged to store a social analysis component that when executed by the processor is operative to receive a list of members in a social network, receive at least one relationship indicator derived from multiple member attributes of a member, and generate a social identifier based on the relationship indicator, the social identifier representing a social connection type for a social connection or potential social connection between two or more members of the list of members in the social network. Other embodiments are described and claimed.

Abstract: A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.

Abstract: Discovery of intermediate network devices is performed using a technique that piggybacks upon the existing standard TCP (Transport Control Protocol) “SACK” (Selective Acknowledgment) option in a SYN/ACK packet so that discovery information may be shared between pair-wise-deployed peer intermediate devices when a TCP/IP connection (Transport Control Protocol/Internet Protocol) is first established between network endpoints using a conventional three-way handshake. Use of the SACK option is combined with another technique which comprises modifying the original 16-bit value of the TCP receive window size to a special arbitrary value to mark a SYN packet as being generated by a first peer device. The marked SYN when received by the second peer device triggers that device's discovery information to be piggybacked in the SACK option of the SYN/ACK packet. The first device then piggybacks its discovery information in the SACK option of the ACK packet which completes the three-way handshake.

Abstract: A rating mechanism may calculate a rating based on a user's effort and duration of input to an input mechanism. The more effort and time a user exerts, the more extreme the rating. In one embodiment, a mobile telephone may have a wheel, slider, or other mechanism that may change a rating based on how fast and how long a user may activate the input mechanism. In another embodiment, the rating may be based on how furiously an accelerometer within a device is activated, such as by shaking the device repeatedly.

Abstract: Discovery of intermediate network devices is performed using a technique that piggybacks upon the existing standard TCP (Transport Control Protocol) “SACK” (Selective Acknowledgment) option in a SYN/ACK packet so that discovery information may be shared between pair-wise-deployed peer intermediate devices when a TCP/IP connection (Transport Control Protocol/Internet Protocol) is first established between network endpoints using a conventional three-way handshake. Use of the SACK option is combined with another technique which comprises modifying the original 16-bit value of the TCP receive window size to a special arbitrary value to mark a SYN packet as being generated by a first peer device. The marked SYN when received by the second peer device triggers that device's discovery information to be piggybacked in the SACK option of the SYN/ACK packet. The first device then piggybacks its discovery information in the SACK option of the ACK packet which completes the three-way handshake.

Abstract: A proxy service receives requests from a remote caller to configure a main service. The proxy service authenticates the caller and validates the request. The proxy service then passes the request along to the main service if the caller can be authenticated and if the request can be validated. The proxy service runs at a non-privileged level, but when the proxy service passes the request to the main service, the proxy service impersonates the caller so that the request to the main service is made at the original caller's level of privilege. The main service can block all inbound network traffic, since network requests to configure the main service are received by the proxy, which is a local object from the perspective of the main service. Additionally, the proxy can block inbound traffic other than a certain class of requests (e.g., Remote Procedure Calls).

Abstract: User information corresponding to a plurality of users can be received at a user information collector computing environment and stored in a user information computer database. A general offer from a purchaser to purchase at least part of the user information can be received at a user information broker. Also at the broker, individual offers for the users can be processed. Each of the individual offers can be an offer to purchase access by the purchaser to user information corresponding to one of the users. Acceptances of the individual offers can be received by the broker from accepting users. A broker payment to the broker can be received from the purchaser, and a user payment can be sent to each of the accepting users. In addition, user information corresponding to the accepting users can be sent to the purchaser. User information data mining can also be done.

Abstract: User input actions from one or more user input devices can be received, and unfiltered user input information about the user input actions can be collected at a client computing environment. The unfiltered user input information can be filtered to produce filtered user input information. The filtered user input information can exclude personal information and include non-personal information. In addition, a user profile can be created using the filtered user input information.