Abstract: A system for browsing real-time search results reliably on mobile computer device. In one embodiment, the system comprises a search application that runs on a mobile computing device equipped with a touch screen display, and obtains search results from a search back-end connected to the device through the Internet. A user submits a query and the search application renders results pertaining to a snapshot of a result set of the query in a scrollable visual container shown on the display. The user requests an increase in the number of results listed in the container by attempting to scroll the container beyond a maximally scrolled position, using a swipe gesture. The search application replaces the list of results shown in the container with a longer list of results pertaining to a more recent snapshot of the result set, highlighting those results that have not been previously shown to the user.

Abstract: A method for visiting a results page of a time-varying result set of a search query. The method includes displaying to a user a list of results belonging to the visited page, each result comprising a hyperlink to a document, a result being de-emphasized if the URL used in its hyperlink is present in a set of URLs of results that are deemed to have been seen by the user. When the user clicks or taps a page menu button to navigate to a different page, the method further includes adding to that set the URLs of the results of the visited page. Page menu buttons are highlighted if they pertain to pages containing results deemed to have been seen by the user.

Abstract: A method of downloading a file from a Web application to a client computer equipped with a Web browser including: the Web browser sending an original request to download the file to a first front server, the original request being addressed to a URL comprising a hostname portion that is independent of the file, the first front server sending a redirection response to the original request, the response specifying a URL comprising a hostname portion that is dependent on the file, the Web browser sending a follow-up request to download the file to a second front server, the follow-up request being addressed to the URL specified in the redirection response, and the second front server downloading the requested file in response to the follow-up request.

Abstract: A method for visiting a results page of a time-varying result set of a search query. The method includes displaying to a user a list of results belonging to the visited page, each result comprising a hyperlink to a document, a result being de-emphasized if the URL used in its hyperlink is present in a set of URLs of results that are deemed to have been seen by the user. When the user clicks or taps a page menu button to navigate to a different page, the method further includes adding to that set the URLs of the results of the visited page. Page menu buttons are highlighted if they pertain to pages containing results deemed to have been seen by the user.

Abstract: A method of controlling access to an interaction context of a multi-user application includes receiving and tracking over time login requests pertaining to one of a plurality of user accounts of a virtual application instance of the multi-user application, each login request including a login password and each user account including a user password. A login request for the user account is rejected when the login password fails to match the user password of the user account. Access to the user account is denied when a consecutive number of times a login request for the user account is rejected reaches a selected limit. The user is prompted to change the user password of the user account and given limited access to the user account to do so when the user password is a permanent password and a cumulative number of rejected login requests for the user account reaches a selected threshold.

Abstract: A method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account. A database includes at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator. Access is denied upon receipt of a login request when the login password fails to match the access password. Access is denied upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account.

Abstract: A method of facilitating the browsing of a plurality of result sets by a user. The method includes displaying a plurality of queries on a computer display, each query having a corresponding result set, the plurality of queries thereby constituting a set of displayed queries, and displaying the result set of a selected displayed query in response to the user selecting the query from the set of displayed queries via a user interface procedure, while continuing to display the set of displayed queries so the user can subsequently select other queries from the set of displayed queries to thereby interleave browsing the result sets of the queries in the set of displayed queries.

Abstract: An information retrieval system including a user operated computer having a display and a storage facility, a search back-end containing an index into a collection of documents, the index defining results sets of queries relative to the collection of documents, and a search application stored in the storage facility which is executable by the computer to perform a method of providing a cooperative answer to a query submitted by the user, the submitted query having an empty result set, the cooperative answer comprising subqueries of the submitted query and, for each subquery, cardinality information indicative of whether the subquery has an empty result set.

Abstract: A method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account. A database includes at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator. Access is denied upon receipt of a login request when the login password fails to match the access password. Access is denied upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account.

Abstract: A method of downloading a file from a Web application to a client computer equipped with a Web browser including: the Web browser sending an original request to download the file to a first front server, the original request being addressed to a URL comprising a hostname portion that is independent of the file, the first front server sending a redirection response to the original request, the response specifying a URL comprising a hostname portion that is dependent on the file, the Web browser sending a follow-up request to download the file to a second front server, the follow-up request being addressed to the URL specified in the redirection response, and the second front server downloading the requested file in response to the follow-up request.

Abstract: A method of controlling access to an interaction context of a multi-user application includes receiving and tracking over time login requests pertaining to one of a plurality of user accounts of a virtual application instance of the multi-user application, each login request including a login password and each user account including a user password. A login request for the user account is rejected when the login password fails to match the user password of the user account. Access to the user account is denied when a consecutive number of times a login request for the user account is rejected reaches a selected limit. The user is prompted to change the user password of the user account and given limited access to the user account to do so when the user password is a permanent password and a cumulative number of rejected login requests for the user account reaches a selected threshold.

Abstract: A public key authorization infrastructure includes a client program accessible by a user and an application program. A certificate authority issues a long-term certificate that binds a public key of the user to long-term identification information related to the user. A directory stores the issued long-term certificate and short-term authorization information related to the user. A credentials server issues a short-term certificate to the client. The short-term certificate binds the public key to the long-term identification information and to the short-term authorization information. The client presents the short-term certificate to the application program for authorization and demonstrates that the user has knowledge of a private key corresponding to the public key in the short-term certificate. The short-term certificate includes an expiration date, and is not subject to revocation.

Abstract: A public key infrastructure (PKI) includes a subject, a verifier, and certificate authority that issues a first unsigned certificate to the subject that binds a public key of the subject to long-term identification information related to the subject and maintains a certificate database of unsigned certificates in which it stores the first unsigned certificate. The verifier maintains a hash table containing cryptographic hashes of valid unsigned certificates corresponding to the unsigned certificates stored in the certificate database and including a cryptographic hash of the first unsigned certificate. The subject presents the issued first unsigned certificate to the verifier for authentication and demonstrates that the subject has knowledge of a private key corresponding to the public key in the unsigned certificate.

Abstract: A public key validation agent (PKVA) includes a registration authority which issues a first unsigned public key validation certificate (unsigned PKVC) off-line to a subject that binds a public key of the subject to a first public key serial number (PKVN). The registration authority maintains a certificate database of unsigned PKVCs in which it stores the first unsigned PKVC. A credentials server issues a disposable public key validation certificate (disposable PKVC) on-line to the subject. The disposable PKVC binds the public key of the subject from the first unsigned PKVC to the first PKVN from the first unsigned PKVC. The credentials server maintains a table that contains entries corresponding to valid unsigned PKVCs stored in the certificate database. The PKVA can be employed in a public key validation service to validate the public key of the subject before a private/public key pair of the subject is used for authentication purposes.

Abstract: A structured digital certificate is adapted to be certified by a digital signature of a certificate authority in an unprotected form, a first protected form, and a second protected form of the digital certificate. The digital certificate includes a first type field of authorization information relevant to a first recipient and being readable in the unprotected form and the first protected form of the digital certificate, and a first cryptographic folder containing a second type field of authorization information relevant to a second recipient and being readable in the unprotected form and the second protected form of the digital certificate, but not readable in the first protected form of the digital certificate. The digital certificate is configured to permit the subject to convert the structured digital certificate from the unprotected form to at least one of the first protected form and the second protected form.

Abstract: A PKI includes an off-line registration authority that issues a first unsigned certificate to a subject that binds a public key of the subject to long-term identification information related to the subject and maintains a certificate database of unsigned certificates in which it stores the first unsigned certificate An on-line credentials server issues a short-term disposable certificate to the subject that binds the public key of the subject from the first unsigned certificate to the long-term identification information related to the subject from the first unsigned certificate. The credentials server maintains a table that contains entries corresponding to valid unsigned certificates stored in the certificate database. The subject presents the short-term disposable certificate to a verifier for authentication and demonstrates that the subject has knowledge of a private key corresponding to the public key in the short-term disposable certificate.

Abstract: A public key validation agent (PKVA) includes a registration authority which issues a first unsigned public key validation certificate (unsigned PKVC) off-line to a subject that binds a public key of the subject to a first public key serial number (PKVN). The registration authority maintains a certificate database of unsigned PKVCs in which it stores the first unsigned PKVC. A credentials server issues a disposable public key validation certificate (disposable PKVC) on-line to the subject. The disposable PKVC binds the public key of the subject from the first unsigned PKVC to the first PKVN from the first unsigned PKVC. The credentials server maintains a table that contains entries corresponding to valid unsigned PKVCs stored in the certificate database. The PKVA can be employed in a public key validation service to validate the public key of the subject before a private/public key pair of the subject is used for authentication purposes.

Abstract: A bus bridge is disclosed that provides an interface between two computer buses and guarantees the proper ordering of write operations mastered from one bus relative to read operations mastered from the other bus where the presence of write posting storage in the bus bridge could cause ordering violations. The bus bridge includes a first mechanism for counting the number of write operations that are received by the bus bridge and queued in the write posting storage. In addition, the bus bridge includes a second mechanism for counting the number of write operations completed on the second bus. A mechanism for measuring the age of data held in each cache line of a coherent cache is also included as part of the bus bridge. Finally, the bus bridge includes a mechanism for delaying the completion of a read operation from the cache until all writes that were accepted by the bus bridge on the first bus before the cache data was fetched have been completed on the second bus.

Abstract: An authoring system and method create a knowledge base for an expert system that comprises communication cells for storing external data, assertion cells for storing data acquired from a user in the course of a user dialog, and interaction cells that specify (multimedia) interactions with the user, which are carried out as the cells are invoked by the run-time program. Each interaction cell has an enabling condition that must be satisfied before it can be invoked. At authoring time, the knowledge base is constructed by an expert system author who allocates the knowledge base cells on a rectangular grid similar to a spreadsheet. The author can try out various what-if scenarios by setting the values of assertion and communication cells and recalculating the knowledge base or simulating the created expert system. The grid is only an authoring tool, which is not visible or present at run time.