Abstract: Apparatus and methods are described for enabling distribution of user-tailored pieces of a larger software program in a way that facilitates compliance with organizational policies around security, access control, and the like. The pieces, representing new or missing functionality in an existing instance of pre-installed software, are supplied as supplemental software fragments (“aspects”) that provide new or missing logic to a target application with the target application having to know of the fragment's existence. The number and quality of aspects provisioned to the user are tailored to the user's identity and/or organizational role in accordance with explicit policy governing such provisioning. In this manner, the user of the software gains functionality appropriate to his security level, title, or other qualifications, and the events surrounding the provisioning become loggable, traceable, and verifiable.

Abstract: In a computing system environment, methods and apparatus include tapping a plurality of connected computing devices and distilling small amounts of entropy from each, concentrating the entropy so collected, and performing all in a stealth or surreptitious fashion relative to the providers of the entropy. In this manner: the potential supply of entropy on a networked computing device is greatly expanded; the potential for entropy-related denial-of-service attacks in Linux systems is reduced; no significant extra processing burden on participating computing devices is required; and enlisting entropy-providing computing devices (including or not naïve applications) in entropy exchanges occurs unobtrusively. Representative particular environments include web servers, including servlet filters, and clients engaged in http sessions; Java virtual machines; network interface cards in promiscuous mode analyzing packets; and other. Computer program products for devices to realize the foregoing are also intended.

Abstract: Methods and apparatus include cooperatively encoding digital data between collaborating parties. By prior agreement, the parties take turns encoding portions of a given payload (e.g., document), until all portions have been encoded, thereby transforming the payload from a native encoding to a new, composite encoding. Choreography rules facilitate the process. Each party is free to use its own processing scheme. The use of a lookback or chaining step enables each party to impart a quality of informational entanglement to the output during its construction. By virtue of these features and attendant synergies, the resultant jointly encoded digital data enjoys certain novel cryptographic properties in addition to serving as a record of interaction between parties. To decode the data, the process is reversed. Third parties are optionally employed to mediate aspects of the process. Noise and padding, such as watermarks or copyrights, may be added variously to the encoded digital data.

Abstract: In a computing system environment, a data recipient manages entropy data supplied from an external data source despite not knowing or being certain about their trustworthiness or if such varies over time. Features relate to scoring the data and determining whether it meets or exceeds a predetermined policy score. One or more initial or updated reputation values of the data source are contemplated and used for scoring. Logging of the scoring, reputation values or other matters is provided for historical purposes and to identify possible future corrective actions. Other embodiments contemplate enhancing the score of the entropy data. In some instances, use of less than all the data by the recipient occurs to increase attack-resistance. Whether such occurs or how much occurs remains substantially unbeknownst to all parties other than the data recipient. Still other embodiments contemplate computer-readable media.

Abstract: Methods and apparatus include cooperatively encoding digital data between collaborating parties. By prior agreement, the parties take turns encoding portions of a given payload (e.g., document), until all portions have been encoded, thereby transforming the payload from a native encoding to a new, composite encoding. Choreography rules facilitate the process. Each party is free to use its own processing scheme. The use of a lookback or chaining step enables each party to impart a quality of informational entanglement to the output during its construction. By virtue of these features and attendant synergies, the resultant jointly encoded digital data enjoys certain novel cryptographic properties in addition to serving as a record of interaction between parties. To decode the data, the process is reversed. Third parties are optionally employed to mediate aspects of the process. Noise and padding, such as watermarks or copyrights, may be added variously to the encoded digital data.

Abstract: Methods and apparatus include cooperatively encoding digital data between collaborating parties. By prior agreement, the parties take turns encoding portions of a given payload (e.g., document), until all portions have been encoded, thereby transforming the payload from a native encoding to a new, composite encoding. Choreography rules facilitate the process. Each party is free to use its own processing scheme. The use of a lookback or chaining step enables each party to impart a quality of informational entanglement to the output during its construction. By virtue of these features and attendant synergies, the resultant jointly encoded digital data enjoys certain novel cryptographic properties in addition to serving as a record of interaction between parties. To decode the data, the process is reversed. Third parties are optionally employed to mediate aspects of the process. Noise and padding, such as watermarks or copyrights, may be added variously to the encoded digital data.

Abstract: Apparatus, methods and computer program products relate to icons in an address bar of a browser indicative of roles of users as they visit web sites. In this manner, users (with many roles, such as in the context of an employer's business) are visually cued to remind them of their role at the web sites, often because web sites have different functionality according to different roles. Various features include icon forms suggesting roles as employees, managers, administrators, anonymous users, etc. Upon mousing-over icons, tool tips are obtainable regarding a status of the role of the user. Menus of multiple icons are also available for the many roles of the user. Upon selection of one the icons of the menu, the selected icon appears in the address bar upon the user visiting the website in their new role. Altering the display of the icon exists to show different role status.

Abstract: Apparatus and methods are described for network content in dictionary-based (de)compression. Content for compression is parsed into discrete constructions, such as phrases, words, etc. The discrete constructions are passed to a searching engine to locate network information at one or more network locator identities, such as URI's (URL's, URNs) that correspond to the discrete constructions. Upon locating the network information, a dictionary of entries corresponding to the content is created. The content is encoded from the dictionary by indicating raw or relative offsets into the network information per each of the network locator identities. Decoding occurs anti-symmetrically to the encoding. In this manner, the vastness of network content, e.g., the world wide web, is leveraged to provide relevant dictionaries for de-/encoding. Searching for candidate dictionaries, scoring same and safeguarding against volatile dictionary content are other noteworthy features.

Abstract: Apparatus and methods are described for network content in dictionary-based (de)compression. Content for compression is parsed into discrete constructions, such as phrases, words, etc. The discrete constructions are passed to a searching engine to locate network information at one or more network locator identities, such as URI's (URL's, URNs) that correspond to the discrete constructions. Upon locating the network information, a dictionary of entries corresponding to the content is created. The content is encoded from the dictionary by indicating raw or relative offsets into the network information per each of the network locator identities. Decoding occurs anti-symmetrically to the encoding. In this manner, the vastness of network content, e.g., the world wide web, is leveraged to provide relevant dictionaries for de-/encoding. Searching for candidate dictionaries, scoring same and safeguarding against volatile dictionary content are other noteworthy features.

Abstract: Apparatus and methods are described for accessing redacted material based on user roles. An author designates portions of content as to-be-redacted. The author establishes various users roles able to access it and defines attributes or time constraints affecting the viewing/using. Upon electronically saving the content, the to-be-redacted portion is encrypted. An intermediary, such as a keytable service, mediates access between later users and the content. Upon identification of a role of a user attempting to interact with the content, and matching the role to one of the author-established roles, the encrypted redacted portion is decrypted. In this manner, users gain access to content based only on their role. The surrounding events are also loggable, traceable, and verifiable. A monitored connection between the user and the content, as well as various user interface options, are other noteworthy features. Computer program products and computing network interaction are also defined.

Abstract: In a computing environment, clients and scheduling services are arranged to coordinate time-based services. Representatively, the client and scheduler engage in an http session whereby the client creates an account (if the first usage) indicating various identities and rights of the client for use with a scheduling job. Thereafter, one or more scheduling jobs are registered including an indication of what payloads are needed, where needed and when needed. Upon appropriate timing, the payloads are delivered to the proper locations, but the scheduling of events is no longer entwined with underlying applications in need of scheduled events. Monitoring of jobs is also possible as is establishment of appropriate communication channels between the parties. Noticing, encryption, and authentication are still other aspects as are launching third party services before payload delivery. Still other embodiments contemplate publishing an API or other particulars so the service can be used in mash-up applications.

Abstract: In a computing system environment, methods and apparatus include tapping a plurality of connected computing devices and distilling small amounts of entropy from each, concentrating the entropy so collected, and performing all in a stealth or surreptitious fashion relative to the providers of the entropy. In this manner: the potential supply of entropy on a networked computing device is greatly expanded; the potential for entropy-related denial-of-service attacks in Linux systems is reduced; no significant extra processing burden on participating computing devices is required; and enlisting entropy-providing computing devices (including or not naive applications) in entropy exchanges occurs unobtrusively. Representative particular environments include web servers, including servlet filters, and clients engaged in http sessions; Java virtual machines; network interface cards in promiscuous mode analyzing packets; and other. Computer program products for devices to realize the foregoing are also intended.

Abstract: Apparatus, methods and computer program products relate to icons in an address bar of a browser indicative of roles of users as they visit web sites. In this manner, users (with many roles, such as in the context of an employer's business) are visually cued to remind them of their role at the web sites, often because web sites have different functionality according to different roles. Various features include icon forms suggesting roles as employees, managers, administrators, anonymous users, etc. Upon mousing-over icons, tool tips are obtainable regarding a status of the role of the user. Menus of multiple icons are also available for the many roles of the user. Upon selection of one the icons of the menu, the selected icon appears in the address bar upon the user visiting the website in their new role. Altering the display of the icon exists to show different role status.

Abstract: Apparatus and methods allow users of document editors to real-time translate language of text from a first to a second language. During use, users indicate a selection for translation in a typing area of the document editor. The document editor seeks translation from a remote language translation service, especially by way of internet http requests. Processing of returned translations also occurs to present users with a useable form of the translation. Other aspects include seeking translations from multiple language translation services and selecting a best translation for display, according to a predetermined criteria. Users can also select preferred languages for translation. Retrofitting existing document editors contemplates inserting executable code, in the form of plug-ins or macros, and executing them to obtain translations. Executable code is available as a computer program product in the form of a download or on a computer-readable medium.

Abstract: Apparatus and methods are described for enabling distribution of user-tailored pieces of a larger software program in a way that facilitates compliance with organizational policies around security, access control, and the like. The pieces, representing new or missing functionality in an existing instance of pre-installed software, are supplied as supplemental software fragments (known as “aspects”) that provide the new or missing logic to a target application with the target application having to know of the fragment's existence. The number and quality of aspects provisioned to the user are tailored to the user's identity and/or organizational role in accordance with explicit policy governing such provisioning. In this manner, the user of the software gains functionality appropriate to his security level, title, or other qualifications, and the events surrounding the provisioning become loggable, traceable, and verifiable.

Abstract: In a computing system environment, a data recipient manages entropy data supplied from an external data source despite not knowing or being certain about their trustworthiness or if such varies over time. Features relate to scoring the data and determining whether it meets or exceeds a predetermined policy score. One or more initial or updated reputation values of the data source are contemplated and used for scoring. Logging of the scoring, reputation values or other matters is provided for historical purposes and to identify possible future corrective actions. Other embodiments contemplate enhancing the score of the entropy data. In some instances, use of less than all the data by the recipient occurs to increase attack-resistance. Whether such occurs or how much occurs remains substantially unbeknownst to all parties other than the data recipient. Still other embodiments contemplate computer-readable media.

Abstract: Methods and apparatus include cooperatively encoding digital data between collaborating parties. By prior agreement, the parties take turns encoding portions of a given payload (e.g., document), until all portions have been encoded, thereby transforming the payload from a native encoding to a new, composite encoding. Choreography rules facilitate the process. Each party is free to use its own processing scheme. The use of a lookback or chaining step enables each party to impart a quality of informational entanglement to the output during its construction. By virtue of these features and attendant synergies, the resultant jointly encoded digital data enjoys certain novel cryptographic properties in addition to serving as a record of interaction between parties. To decode the data, the process is reversed. Third parties are optionally employed to mediate aspects of the process. Noise and padding, such as watermarks or copyrights, may be added variously to the encoded digital data.

Abstract: A system for data compression and decompression is disclosed. A series of fixed length overlapping segments, called hash strings, are formed from an input data sequence. A retrieved character is the next character in the input data sequence after a particular hash string. A hash function relates a particular hash string to a unique address in a look-up table (LUT). An associated character for the particular hash string is stored in the LUT at the address. When a particular hash string is considered, the content of the LUT address associated with the hash string is checked to determine whether the associated character matches the retrieved character following the hash string. If there is a match, a Boolean TRUE is output; if there is no match, a Boolean FALSE along with the retrieved character is output. Furthermore, if there is no match, then the LUT is updated by replacing the associated character in the LUT with the retrieved character.